Course : Distributed Computing Systems

UNIT VI
SECURITY IN DISTRIBUTED SYSTEMS
http://thelearningsolutions.com
Introduction to Security:
● Security Threats
● Security Policies
● Security Mechanisms
● Design Issues
● Cryptography
Security policies decide the

a. security goals of a computer system

b. Applications of computer system
c. Flaws in the security of computer system
d. Cost of security system

Answer : a
Security policy describes what actions the entities in a system are allowed to take and which
ones are prohibited.

a. True
b. false

Answer : A
Threat is a

A. possible danger that might exploit a vulnerability to breach security and thus cause
possible harm.
B. any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.
C. Both a and b
D. None of the above

Answer : A
Interception means …

A. Unauthorized user gaining access to a service or data.

B. Services or data becoming unavailable, unusable, destroyed
C. Unauthorized changing of data or service so that it no longer adheres to its original
specification
D. Additional data or activity is generated that would normally not exist

Answer : A
Fabrication means …

A. Unauthorized user gaining access to a service or data.

B. Services or data becoming unavailable, unusable, destroyed
C. Unauthorized changing of data or service so that it no longer adheres to its original
specification
D. Additional data or activity is generated that would normally not exist

Answer : D
Modification means …

A. Unauthorized user gaining access to a service or data.

B. Services or data becoming unavailable, unusable, destroyed
C. Unauthorized changing of data or service so that it no longer adheres to its original
specification
D. Additional data or activity is generated that would normally not exist

Answer : C
Interruption means …

A. Unauthorized user gaining access to a service or data.

B. Services or data becoming unavailable, unusable, destroyed
C. Unauthorized changing of data or service so that it no longer adheres to its original
specification
D. Additional data or activity is generated that would normally not exist

Answer : A
eavesdropping is also called as -

A. Modification
B. Fabrication
C. Interruption
D. Interception

Answer : D
Suppose a person (having no right) is adding entry to password file or database, this is called
as -

A. Modification
B. Fabrication
C. Interruption
D. Interception

Answer : B
Suppose a person (having no right) is intentionally corrupting certain number of files, this is
called as -

A. Modification
B. Fabrication
C. Interruption
D. Interception

Answer : C
Suppose a person (having no right) is making denial of service (DOS) attack, then this is called
as -

A. Modification
B. Fabrication
C. Interruption
D. Interception

Answer : C
Attack is a

A. possible danger that might exploit a vulnerability to breach security and thus cause
possible harm.
B. any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or
make unauthorized use of an asset.
C. Both a and b
D. None of the above

Answer : B
------------------- is used to provide a means to implement confidentiality, since it transforms the
data into some think which attacker cannot understand.

A. Encryption
B. Authentication
C. Authorization
D. Auditing

Answer : A
------------------- is used to verify whether the user, client , server ,etc. are authentic. User are
authenticated by password

A. Encryption
B. Authentication
C. Authorization
D. Auditing

Answer : B
------------------- is used to check as a weather the client is authorized to perform specific task

A. Encryption
B. Authentication
C. Authorization
D. Auditing

Answer : C
------------------- is used to trace which clients accessed what information and when they did so

A. Encryption
B. Authentication
C. Authorization
D. Auditing

Answer : D
Browsing, Inferencing, Masquerading are the examples of ___________

a. Direct Attack
b. Indirect attack
c. Passive attack
d. Active attack

Answer : C
Virus, Worm, Logic bomb are the examples of ___________

a. Direct Attack
b. Indirect attack
c. Passive attack
d. Active attack

Answer : D
Integrity attack, Authenticity attack are the examples of ___________

a. Direct Attack
b. Indirect attack
c. Passive attack
d. Active attack

Answer : D
Delay attack, Replay attack, Denial attack are the examples of ___________

a. Direct Attack
b. Indirect attack
c. Passive attack
d. Active attack

Answer : D
State TRUE or FALSE. Intruder access unauthorized information from a computer system but
not cause harm to the system.

a. TRUE
b. FALSE

Answer : A
When intruders here attempt to read stored files, traverse message packet on the network,
access other process memory, etc, then it is called as ----------

a. Browsing
b. Inferencing
c. Masquerading
d. None of the above

Answer : a
When an intruder behaves as an authorized user or a program to gain access to unauthorized
data or resource then it is called as ----------

a. Browsing
b. Inferencing
c. Masquerading
d. None of the above

Answer : C
When an intruder records and analyzes past activities and access methods and uses this
information to draw some conclusions then it is called as ----------

a. Browsing
b. Inferencing
c. Masquerading
d. None of the above

Answer : B
______________ is a small computer program that needs to be executed by either running it or
having it loaded from boot sector of a disk

a. Virus
b. Worm
c. Logic bomb
d. Spy

Answer : a
______________ is a piece of code intentionally inserted into a software system that will set off
a malicious function when specified conditions are met

a. Virus
b. Worm
c. Logic bomb
d. Spy

Answer : c
______________ is a small piece of software the uses computer network and security holes to
replicate it self

a. Virus
b. Worm
c. Logic bomb
d. Spy

Answer : b
When an intruder can change the message while it is traveling in the communication channel
and the receiver may interpret it as original message, it is the type of active attack and is called
as _____________________

a. Integrity attack
b. Authenticity attack
c. Delay attack
d. Replay attack

Answer : a
When an intruder retransmit an old message that is accepted as new message by the receiver,
it is the type of active attack and is called as _____________________

a. Integrity attack
b. Authenticity attack
c. Delay attack
d. Replay attack

Answer : d
When an intruder can delay the message delivery that can make it useless to receive if it is
received late, it is the type of active attack and is called as _____________________

a. Integrity attack
b. Authenticity attack
c. Delay attack
d. Replay attack

Answer : c
When an intruder can illegally connect to computer network , impersonate and insert bogus
message with valid address in the system also these will then be delivered as genuine
message, it is the type of active attack and is called as _____________________

a. Integrity attack
b. Authenticity attack
c. Delay attack
d. Replay attack

Answer : b
When an intruder might partly or completely block communication path between two processes,
it is the type of active attack and is called as _____________________

a. Integrity attack
b. Authenticity attack
c. Delay attack
d. Denial attack

Answer : d
Which types of channels can be used by a program to leak information?

a. Legitimate channel
b. Storage channel
c. Covert channel
d. All of the above

Answer : d
Which is/are approaches that can be followed to protect a distributed application?

a. Protection against invalid operations on secure data

b. Protection against unauthorized invocations
c. Protection against unauthorized users
d. All of the above

Answer : d
Message must be encrypted at sender site and decrypted at the

A.Sender Site.

B.Site.

C.Receiver site.

D.Conferencing.

Answer C
Encryption and decryption provide secrecy, or confidentiality, but not

A.Authentication.

B.Integrity.

C.Keys.

D.Frames.

Answer B
In asymmetric key cryptography, the private key is kept by __________

a) sender

b) receiver

c) sender and receiver

d) all the connected devices to the network

Answer: b

Explanation: The private key is kept only by the receiver of the message. Its aim is to make sure that only the
intended receiver can decipher the message.
In cryptography, what is cipher?

a) algorithm for performing encryption and decryption

b) encrypted message

c) both algorithm for performing encryption and decryption and encrypted message

d) decrypted message

Answer: a

Explanation: Cipher is a method to implement encryption and decryption of messages travelling in a network. It’s
used to increase the confidentiality of the messages.
What is the preferred way of encryption?

a) pre shared secret key

b) using key distribution center (KDC)

c) public key-encryption

d) symmetric key

Answer: c

Explanation: Pre Shared key can be compromised and either party can be suspected. Likewise KDC or symmetric
key can have breach which are undesirable. Public and private key encryption is a known industry standard.
What is not a role of encryption?

a) It is used to protect data from unauthorized access during transmission

b) It is used to ensure user authentication

c) It is used to ensure data integrity

d) It is used to ensure data corruption doesn’t happens

Answer: d

Explanation: Encryption doesn’t have error correction or detection facility thus cannot be used to safeguard from
data corruption.
A session symmetric key between two parties is used

A.only once.

B.twice.

C.multiple times.

D.depends on situation.

Answer A
Message confidentiality is using

A.Cipher Text.

B.Cipher.

C.Symmetric-Key.

D.Asymmetric-Key.

Answer D
A(n) _____ is a trusted third party that assigns a symmetric key to two parties.

A) KDC

B) CA

C) KDD

D) none of the above

Answer: Option A
Data Encryption Standard (DES) was designed by

A.Microsoft.

B.Apple.

C.IBM.

D.None.

Answer C
What is data encryption standard (DES)?

a) block cipher

b) stream cipher

c) bit cipher

d) byte cipher

Answer: a

Explanation: DES is a symmetric key block cipher in which the block size is 64 bits and the key size is 64 bits. It is
vulnerable to some attacks and is hence not that popularly used.
What is the role of Key Distribution Center?

a) It is used to distribute keys to everyone in world

b) It intended to reduce the risks inherent in exchanging keys

c) All of the mentioned

d) None of the mentioned

Answer: b
Communication between end systems is encrypted using a key, often known as

a) temporary key

b) section key

c) line key

d) session key

Answer: d

Explanation: The key is referred to as session key.

A session symmetric key between two parties is used

A. Only once
B. Twice
C. Multiple times
D. Conditions dependant

Answer: (a).Only once

The DES Algorithm Cipher System consists of ____________rounds (iterations) each with a round key

a) 12

b) 18

c) 9

d) 16

Answer: d

Explanation: The DES Algorithm Cipher System consists of 16 rounds (iterations) each with a round key.
The DES algorithm has a key length of

a) 128 Bits

b) 32 Bits

c) 64 Bits

d) 16 Bits

Answer: c

Explanation: DES encrypts blocks of 64 bits using a 64 bit key.

 In the DES algorithm, although the key size is 64 bits only 48bits are used for the encryption procedure, the rest are
parity bits.

a) True

b) False

Answer: b

Explanation: 56 bits are used, the rest 8 bits are parity bits.
In the DES algorithm the round key is __________ bit and the Round Input is ____________bits.

a) 48, 32

b) 64,32

c) 56, 24

d) 32, 32

Answer: a

Explanation: The round key is 48 bits. The input is 32 bits.

In the RSA public key cryptosystem, which one of the following numbers will always be largest?

A. e

B. n

C. p

D. q

The Correct Answer is B.

Explanation: The number n is generated as the product of the two large prime numbers p and q. Therefore, n must
always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is
smaller than n. Therefore, in RSA cryptography n is always the largest of the four variables shown in the options to this
question.
An asymmetric key/public key uses…

a. 1 key
b. 2 key
c. 3 key
d. 4 key

Answer : B
Challenge-response authentication can be done using ________.

A) symmetric-key ciphers

B) asymmetric-key ciphers

C) keyed-hash functions

D) all of the above

Answer: Option D
In ________ authentication, the claimant proves that she knows a secret without actually sending it.

A) password-based

B) challenge-response

C) either (a) or (b)

D) neither (a) nor (b)

Answer: Option B
Hashing
Message digest needs to be

A.public.

B.private.

C.kept secret.

D.None.

Answer C
In Message Integrity, message digest needs to be kept

A.Secret.

B.Low.

C.High.

D.Down.

Answer A
A hash function guarantees integrity of a message. It guarantees that message has not be

A.Replaced.

B.Over view.

C.Changed.

D.Left.

Answer C
To check integrity of a message, or document, receiver creates the

A.Tag.

B.Hash Tag.

C.Hyper Text.

D.Finger Print.

Answer B
A(n) _________ can be used to preserve the integrity of a document or a message.

A) message digest

B) message summary

C) encrypted message

D) none of the above

Answer: Option A
A(n) ________function creates a message digest out of a message.

A) encryption

B) decryption

C) hash

D) none of the above

Answer: Option C
What is a Hash Function?

a) It creates a small flexible block of data

b) It creates a small,fixed block of data

c) It creates a encrypted block of data

d) None of the mentioned

Answer: b
MD5 produces __________ bits hash data.

a) 128

b) 150

c) 160

d) 112

Answer: a
When a hash function is used to provide message authentication, the hash function value is
called to as:

a. Message Field
b. Message Digest
c. Message Score
d. Message Leap

Answer: b. Message Digest

Explanation:

We know that the hash function providing message authentication is referred to as massage digest in
cryptography.
Secure Channels:
● Authentication
● Message Integrity
● Confidentiality
● Secure Group Communication
Message _______ means that the receiver is ensured that the message is coming from the intended sender, not an
imposter.

A) confidentiality

B) integrity

C) authentication

D) none of the above

Answer: Option C
Message_____ means that the data must arrive at the receiver exactly as sent.

A) confidentiality

B) integrity

C) authentication

D) none of the above

Answer: Option B
Message ________ means that the sender and the receiver expect privacy.

A) confidentiality

B) integrity

C) authentication

D) none of the above

Answer: Option A
_________ means that a sender must not be able to deny sending a message that he sent.

A) Confidentiality

B) Integrity

C) Authentication

D) Nonrepudiation

Answer: Option D
In Message Confidentiality, transmitted message must make sense to only intended

A.Receiver.

B.Sender.

C.Third Party.

D.Translator.

Answer A
A sender must not be able to deny sending a message that he or she, in fact, did send, is
known as

A.Message Nonrepudiation.

B.Message Integrity.

C.Message Confidentiality.

D.Message Sending.

Answer A
When data must arrive at receiver exactly as they were sent, its called

A.Message Confidentiality.

B.Message Integrity.

C.Message Splashing.

D.Message Sending.

Answer B
Which figure implements confidentiality and authentication?

Answer: a

Explanation: Figure implements both confidentiality and authentication.

Which figure implements confidentiality, authentication and signature?

Answer: d

Explanation: Figure a implements confidentiality, authentication, and signature.

The above figure implements authentication and signature only?

a) True

b) False

Answer: a
Explanation: The system does not implement confidentiality.
Access Control:
● General Issues in Access Control
● Firewalls
● Secure Mobile Code
● Denial of Service (DOS)
What explains term subject best with respect to ACL ?

a. can best be thought of as being processes acting on behalf of users, but can also be objects that need the
services of other objects in order to carry out their work.
b. can be hardware objects ( e.g. CPU, memory segment and printers ) or software objects (e.g. file and
program ).
c. records which subject may do what, and decides whether a subject is allowed to have a specific operation
carried out
d. None of the above

Answer : a
What explains term objects best with respect to ACL ?

a. can best be thought of as being processes acting on behalf of users, but can also be objects that need the
services of other objects in order to carry out their work.
b. can be hardware objects ( e.g. CPU, memory segment and printers ) or software objects (e.g. file and
program ).
c. records which subject may do what, and decides whether a subject is allowed to have a specific operation
carried out
d. None of the above

Answer : b
What explains term reference monitor best with respect to ACL ?

a. can best be thought of as being processes acting on behalf of users, but can also be objects that need the
services of other objects in order to carry out their work.
b. can be hardware objects ( e.g. CPU, memory segment and printers ) or software objects (e.g. file and
program ).
c. records which subject may do what, and decides whether a subject is allowed to have a specific operation
carried out
d. None of the above

Answer : c
In the access control matrix, row entries denotes _______________

a. subjects
b. Objects
c. Reference monitors
d. None of the above

Answer : a
In the access control matrix, column entries denotes _______________

a. subjects
b. Objects
c. Reference monitors
d. None of the above

Answer : b
Firewalls can be of _______ kinds.

a) 1

b) 2

c) 3

d) 4

Answer: c

Explanation: Firewalls are of three kinds – one is the hardware firewalls, another is software firewalls and the
other is a combination of both hardware and software.
_________________ is the kind of firewall is connected between the device and the network connecting to internet.

a) Hardware Firewall

b) Software Firewall

c) Stateful Inspection Firewall

d) Microsoft Firewall

Answer: a

Explanation: Hardware firewalls are those firewalls that need to be connected as additional hardware between the
device through which the internet is coming to the system and the network used for connecting to the internet.
_________ is software that is installed using an internet connection or they come by-default with operating systems.

a) Hardware Firewall

b) Software Firewall

c) Stateful Inspection Firewall

d) Microsoft Firewall

Answer: b

Explanation: Software firewalls are those kinds of firewalls that are installed in the system using internet
connection as we install normal applications and update them. Some operating system vendors provide default
firewalls with their operating systems.
Firewall examines each ____________ that are entering or leaving the internal network.

a) emails users

b) updates

c) connections

d) data packets

Answer: d

Explanation: Firewalls examines each data packets that are entering or leaving the internal network which
ultimately prevents unauthorized access.
A firewall protects which of the following attacks?

a) Phishing

b) Dumpster diving

c) Denial of Service (DoS)

d) Shoulder surfing

Answer: c

Explanation: Firewalls are used to protect the computer network and restricts illicit traffic. Denial of Service (DoS)
attack is one such automated attack which a firewall with proper settings and the updated version can resist and
stop from getting executed.
Network layer firewall works as a __________

a) Frame filter

b) Packet filter

c) Content filter

d) Virus filter

Answer: b

Explanation: As you know, firewalls are available as hardware appliances, as software-only, or a combination of the
two. In every case, the purpose of a firewall is to isolate your trusted internal network (or your personal PC) from the
dangers of unknown resources on the Internet and other network connections that may be harmful. The firewall
prevents unauthorized access to your internal, trusted network from outside threats.
Which of the following is / are the types of firewall?

a) Packet Filtering Firewall

b) Dual Homed Gateway Firewall

c) Screen Host Firewall

d) Dual Host Firewall

Answer: a

Explanation: A firewall can be a PC, a midrange, a mainframe, a UNIX workstation, a router, or combination of
these. Depending on the requirements, a firewall can consist of one or more of the following functional
components: Packet-filtering router
Packet filtering firewalls are deployed on ________

a) routers

b) switches

c) hubs

d) repeaters

Answer: a

Explanation: Packet filtering firewalls are deployed on routers that help in connecting internal network worldwide
via the internet.
The __________ defines the packet filtering firewall rules.

a) Access Control List

b) Protocols

c) Policies

d) Ports

Answer: a

Explanation: The Access Control List is a table containing rules that instruct the firewall system to provide the right
access. It checks all the packets and scans them against the defined rule set by Network administrator in the
packet filtering firewall.
ACL stands for _____________

a) Access Condition List

b) Anti-Control List

c) Access Control Logs

d) Access Control List

Answer: d

Explanation: The Access Control List is a table containing to check all the packets and scans them against the
defined rule set by Network administrator in any particular system or firewall.
When a packet does not fulfil the ACL criteria, the packet is _________

a) resend

b) dropped

c) destroyed

d) acknowledged as received

Answer: b

Explanation: In the packet filtering firewall, when the rules defined by the Access Control List is not meet by any
data packet, the packet is dropped & logs are updated in the firewall.
A proxy firewall filters at _________

a) Physical layer

b) Data link layer

c) Network layer

d) Application layer

Answer: d

Explanation: The application firewall is typically built to control all network traffic on any layer up to the application
layer. It is able to control applications or services specifically, unlike a stateful network firewall, which is – without
additional software – unable to control network traffic regarding a specific application. There are two primary
categories of application firewalls, network-based application firewalls and host-based application firewalls.
A packet filter firewall filters at __________

a) Physical layer

b) Data link layer

c) Network layer or Transport layer

d) Application layer

Answer: c

Explanation: In computing, a firewall is a network security system that monitors and controls the incoming and
outgoing network traffic based on predetermined security rules.[1] A firewall typically establishes a barrier between
a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be
secure or trusted.[2] Firewalls are often categorized as either network firewalls or host-based firewalls.
One advantage of Packet Filtering firewall is __________

a) more efficient

b) less complex

c) less costly

d) very fast

Answer: c

Explanation: Packet filtering firewalls are more advantageous because they are less costly and they use fewer
resources and are used effectively in small networks.
Packet filtering firewalls work effectively in _________ networks.

a) very simple

b) smaller

c) large

d) very large complex

Answer: b

Explanation: Packet Filtering Firewalls are applied within routers which connect the internal Network system with
the outside network using the internet. It works effectively if the internal network is smaller in size.
Packet filtering firewalls are also called ____________

a) first generation firewalls

b) second generation firewalls

c) third generation firewalls

d) fourth generation firewalls

Answer: a

Explanation: Packet filtering firewalls are also called the first generation firewalls. It came into the picture around
the 1980s. Packet filtering technique cannot support the complex models of rules and is spoofing attack-prone in
some cases as well.
_____________ gateway firewalls are deployed in application-layer of OSI model.

a) Packet Filtering Firewalls

b) Circuit Level Gateway Firewalls

c) Application-level Gateway Firewalls

d) Stateful Multilayer Inspection Firewalls

Answer: c

Explanation: Application level Gateway Firewalls are deployed in the application-layer of OSI model for protecting
the network for different protocols of the application layer.
Application level gateway firewalls protect the network for specific _____________

a) application layer protocol

b) session layer protocol

c) botnet attacks

d) network layer protocol

Answer: a

Explanation: Some specific application layer protocols need protection from attacks which is done by the
application level gateway firewall in the application layer of the OSI model.
Application layer firewalls are also called ____________

a) first generation firewalls

b) second generation firewalls

c) third generation firewalls

d) fourth generation firewalls

Answer: c

Explanation: Application layer firewalls are also called third generation firewalls. They came into the picture in
around 1995-1998. Application level gateway firewalls are helped in making the network performance smooth for
logging traffic.
DoS is abbreviated as _____________________

a) Denial of Service

b) Distribution of Server

c) Distribution of Service

d) Denial of Server

Answer: a

Explanation: A Denial of Service attack targets its victim by flooding the URL of the victim with unlimited requests.
The intent of this attack is to overkill the targeted server’s bandwidth and other resources of the target website.
A ______________ tries to formulate a web resource occupied or busy its users by flooding the URL of the victim
with unlimited requests than the server can handle.

a) Phishing attack

b) DoS attack

c) Website attack

d) MiTM attack

Answer: b

Explanation: A DoS attack tries to formulate a web resource occupied or busy to its users by flooding the URL of the
victim with unlimited requests than the server can handle.
During a DoS attack, the regular traffic on the target _____________ will be either dawdling down or entirely
interrupted.

a) network

b) system

c) website

d) router

Answer: c

Explanation: Using of DoS attack put together web resource by flooding its users with unlimited requests. During a
DoS attack, the regular traffic on the target website will be either dawdling down or entirely interrupted.
The intent of a ______________ is to overkill the targeted server’s bandwidth and other resources of the target
website.

a) Phishing attack

b) DoS attack

c) Website attack

d) MiTM attack

Answer: b

Explanation: Web resource gets occupied or busy as it floods its users performing DoS attack. The intent of this
attack is to overkill the targeted server’s bandwidth and other resources of the target website.
There are ______ types of DoS attack.

a) 2

b) 3

c) 4

d) 5

Answer: a

Explanation: With the help of DoS attack attackers try to busy its users by flooding the URL of the victim with
limitless requests. There are two types of DoS attack. These are Application Layer Attacks and Network Layer DoS
attacks.
Application layer DoS attack is also known as _______________

a) Layer4 DoS attack

b) Layer5 DoS attack

c) Layer6 DoS attack

d) Layer7 DoS attack

Answer: d

Explanation: A DoS attack is a very dangerous threat for users who have their services running via the internet. The
Application Layer DoS is also known as Layer-7 DoS attack.
___________ is a type of DoS threats to overload a server as it sends a large number of requests requiring
resources for handling & processing.

a) Network Layer DoS

b) Physical Layer DoS

c) Transport Layer DoS

d) Application Layer DoS

Answer: d

Explanation: DoS attacks are of two types. These are Application Layer Attacks and Network Layer DoS attacks.
Application Layer DoS is a type of DoS threats to overload a server as it sends a large number of requests requiring
resources for handling & processing.
Network layer attack is also known as ________________

a) Layer3-4 DoS attack

b) Layer5 DoS attack

c) Layer6-7 DoS attack

d) Layer2 DoS attack

Answer: a

Explanation: Denial of Service attack becomes dangerous because it floods the target service over the internet.
There are two types of DoS attack. The Network Layer DoS is also known as the Layer 3-4 DoS attack.
Which of the following do not comes under network layer DoS flooding?

a) UDP flooding

b) HTTP Flooding

c) SYN flooding

d) NTP Amplification

Answer: b

Explanation: Network layer DoS attack is set up to congest the “pipelines” that are connecting user’s network. This
includes attacks such as NTP amplification, SYN flooding, UDP flooding and DNS amplification.
DDoS stands for _________________

a) Direct Distribution of Server

b) Distributed Denial of Service

c) Direct Distribution of Service

d) Distributed Denial of Server

Answer: b

Explanation: When a DoS attack comes from a large number of IP addresses, this makes it hard to manually filter or
crash the traffic from such sources and the attack is known as a Distributed Denial of Service (DDoS) attack.
A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the traffic from
such sources is known as a _____________

a) GoS attack

b) PDoS attack

c) DoS attack

d) DDoS attack

Answer: d

Explanation: A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the
traffic from such sources is known as a Distributed Denial of Service (DDoS) attack.
Instead of implementing single computer & its internet bandwidth, a ____________ utilizes various systems & their
connections for flooding the targeted website.

a) GoS attack

b) PoS attack

c) DDoS attack

d) DoS attack

Answer: c

Explanation: DDoS is another leading attack type. Instead of implementing single computer & its internet bandwidth,
a DDoS utilizes various systems & their connections for flooding the targeted website.
Software code that has the ability to travel (able to transport itself) from one place(host ) to another to do the work
assigned to it is called as _________

a) antivirus

b) spyware

c) malware

d) mobile agent

Answer: d
Mobile agent performs following tasks.

a) Data collection from many place

b) Monitoring

c) Parallel processing

d) all of the above

Answer: d
______________ is a technique by which a downloaded program is executed in such a way that each of its
instructions can be fully controlled.

a) playground

b) package

c) archive

d) sandbox

Answer: d
Following is/are the component/s of java sandbox model .

a) Class loader

b) Byte code verifier

c) Security manager

d) all of the above

Answer: d
Key Management
● Kerberos
Man in middle attack can endanger security of Diffie-Helman algorithm if two parties are not

a. Authenticated
b. Joined
c. Submitted
d. Separate

Answer : a
Digital signature provides ________.

A) authentication

B) nonrepudiation

C) both (a) and (b)

D) neither (a) nor (b)

Answer: Option C
Digital signature cannot provide ________ for the message.

A) integrity

B) confidentiality

C) nonrepudiation

D) authentication

Answer: Option B
A digital signature needs a(n)_________ system.

A) symmetric-key

B) asymmetric-key

C) either (a) or (b)

D) neither (a) nor (b)

Answer: Option B
A digital signature needs a

A.private-key system.

B.shared-key system.

C.public-key system.

D.All of them.

Answer C
A(n) ________is a federal or state organization that binds a public key to an entity and issues a certificate.

A) KDC

B) Kerberos

C) CA

D) none of the above

Answer: Option C
A(n) ______ is a hierarchical system that answers queries about key certification.

A) KDC

B) PKI

C) CA

D) none of the above

Answer: Option C
What is the major disadvantage of using certificate revocation lists?

A. Key management

B. Latency

C. Record keeping

D. Vulnerability to brute force attacks

The Correct Answer is B.

Explanation: Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to
the time lag between CRL distributions.
Suppose that two parties A and B wish to setup a common secret key (D-H key) between themselves using the
Diffie-Hellman key exchange technique. They agree on 7 as the modulus and 3 as the primitive root. Party A chooses 2
and party B chooses 5 as their respective secrets. Their D-H key is

(A) 3 (B) 4 (C) 5 (D) 6

Answer: (B)

Explanation:

Primitive root = g = 3 Modulus = p = 7 Xa = 2 and Xb = 5

Ya = 32 mod 7 = 2 Yb = 35 mod 7 = 5

We assume D-H key to be K.

K = YaXb mod 7 K = 25mod 7 = 4

Or

K = YbXa mod 7 K = 52 mod 7 = 4

__________ is a popular session key creator protocol that requires an authentication server and a ticket-granting server.

A) KDC

B) Kerberos

C) CA

D) none of the above

Answer: Option B
The secret key between members needs to be created as a ______ key when two members contact KDC.

A) public

B) session

C) complimentary

D) none of the above

Answer: Option B
What is the objective of Diffie-Hellman key exchange?

A. To protect encrypted data from man-in-the-middle attack

B. To perform mutual authentication on both sides

C. To prove to another party that one holds a secret key without revealing it

D. To establish a shared secret key on both sides

What security service CANNOT be provided by a digital signature?

A. Availability

B. Integrity

C. Non-repudiation

D. Authentication
SOA
Which of the following describes a message-passing taxonomy for a component-based architecture that provides services to
clients upon demand ?

a.
SOA

b.
EBS

c.
GEC

d.
All of the mentioned
Service Oriented Architecture (SOA) is

a) Strongly Coupled

b) Loosely Coupled

c) Strongly Cohesive

d) Loosely Cohesive

Answer: b

Explanation: SOA is the architectural style that supports loosely coupled services to enable business flexibility.
Web Services is not a realization of SOA ?

a) True

b) False

Answer: b

Explanation: Web services is one realization of the SOA.

Point out the correct statement.

a) Service Oriented Architecture (SOA) describes a standard method for requesting services from distributed
components and managing the results

b) SOA provides the translation and management layer in an architecture that removes the barrier for a client
obtaining desired services

c) With SOA, clients and components can be written in different languages and can use multiple messaging
protocols

d) All of the mentioned

Answer: d

Explanation: You don’t need SOA if you are creating a monolithic cloud application that performs a specific
function such as backup, e-mail, Web page access, or instant messaging.
Arrange the following activities in order to build a SOA.i. Virtualization through mediation.

ii. Track services with registries.

iii. Govern, secure and manage the services.

iv. Design for interoperability through the adoption of standards.

a) i, ii, iii, iv

b) iii, ii, i, iv

c) ii, iii, i, iv

d) ii, iii, iv, i

Answer: c

Explanation: The order mentioned is appropriate to build a SOA

How is SOA different from OO Architecture ?

a) Strong coupling among objects

b) Communications are prescriptive rather than being descriptive

c) Data is separated from a service or behavior

d) Data and methods are integrated into a single object

Answer: c

Explanation: A service-oriented architecture is essentially a collection of services which communicate with each
other.
Which architecture will be built on top of a SOA ?

a) The Application Architecture

b) The Service Architecture

c) The Component Architecture

d) None of the mentioned

Answer: a
Grid Computing
What is grid computing?

A.) It is parallel and distributed computing where computer infrastructure is offered as a service.

B.) It is parallel computing where autonomous computers act together to perform very large tasks.

C.) It is distributed computing where autonomous computers perform independent tasks.

D.) It is interconnected computing where a computing platform is delivered to consumers.

In the grid computing model, servers or personal computers run

A. Dependently

B. Independently

C. Concurrently

D. Horizontally
HTC stands for

A. High-turning computing

B. High-tabulation computing

C. High-technology computing

D. High-throughput computing