《信息系统安全》课程期末考试试卷
考试试卷:√ A卷、B卷
考试形式:闭、√ 开卷,允许带___任何纸张__入场
考试日期: 年 月 日,考试时间:120分钟
诚信考试,沉着应考,杜绝违纪。
考生姓名:
学号:
所属院系:
_
总 分
评卷人
Instructions: each question has exactly one correct answer. Plea fill in your answers in
the table below. GRADING IS BASED ON THE TABLE, not what you write on the
questions.
1
2
3
C
4
5
B
6
7
8
9
10
C
C
A
A
B
D
B
B
11
A
12
A
13
B
14
A
15
C
16
D
17
A
18
D
19
C
20
D
21
B
22
C
23
B
24
B
25
D
26
B
27
B
28
B
29
B
30
C
31
B
32
A
33
A
34
B
35
B
36
D
37
C
38
A
39
A
40
A
41
C
42
D
43
B
44
C
45
C
46
A
47
D
48
A
49
C
50
A
1. Buffer overflow attack works by exploiting which attack surface?
A. Network attack surface
B. Human attack surface
C. Software attack surface
D. All of the above
什么鱼红烧最好吃
ANS: ________________
员工处罚通告范文
C
2. DoS attack by flooding ping command works by exploiting which attack surface?
A. Network attack surface
B. Human attack surface
C. Software attack surface
D. All of the above
ANS: ________________
A
3. Which of the following is NOT a symmetric encryption algorithm?
A. DES
B. Triple DES
C. SHA-1
D. AES
ANS: ________________
C
4. Which of the following is NOT a public-key cryptography algorithm?
A. MD5
B. RSA
C. Diffe-Hellman
D. Elliptic Curve Cryptography
ANS: ________________
A
5. In the following figure for biometric authentication, what is the effect of moving the
decision threshold more to the left side?
A. There will be 事开头成语more fal positives, i.e., genuine urs will be more likely to be identified
as imposters.
B. There will be more fal negatives, i.e., imposters will be more likely to be identified as
genuine urs.
C. It has no effect on the fal positive or fal negative rates.
D. None of the above
ANS: ________________
B
6. Which of the following is NOT one of the purpos of salt in the UNIX password file?
A. increa difficulty of offline dictionary attacks
B. improve performance of the authentication process at runtime
C. prevents duplicate passwords from being visible in the password file
D. makes it difficult to find out whether a person with passwords on two or more systems
has ud the same password on all of them
ANS: ________________
B
7. Consider the graph of cascaded granting of access rights below, where Ann grants the
access right to Bob at time t = 10 and to Chris at time t = 20, and so on. If sometime later,
Chris revokes access rights from David, what will happen to the access rights granted by
David湖南话怎么说 to Ellen, and access rights granted by David to Frank?
A. Access rights granted by David to Ellen should be revoked, and access rights granted by
David to Frank should stay valid
B. Access rights granted by David to Ellen should stay valid, and access rights granted by
David to Frank should be revoked
C. Both should be revoked
D. Both should stay valid
ANS: ________________
D
8. Scanning traffic is characteristic of which type of malware?
A. Trojans
B. Worms
C. Virus
D. Spam
E. Clickjacking
ANS: ________________
B
9. Displaying a fake QQ or Alipay login screen to collect ur login credentials and nd
them to the attacker is a form of
A. DoS attack
B. Phishing attack
C. Worm
D. Polymorphic virus
E. Metamorphic virus
ANS: ________________
B
10. What is a DNS amplification attack?
A. Launch a flooding attack against a DNS rver, to render it 七人八只眼unavailable to provide调档委托书 DNS
rvice to DNS clients.
B. Change the DNS rver configuration and redirect traffic from correct to the wrong sites
in order to perform phishing attacks
C. U a DNS rver as the reflector intermediary to launch a flooding attack on some ot
her
target machines.
D. None of the above
ANS: ________________
C
11. Consider the three-way handshake protocol for TCP connection tup shown below. What
is the target of the TCP SYN spoofing attack?
A. Server
B. Client
C. Host at the spoofed source address
D. Random host on the internet
ANS: ________________
A
12.韩曲 What is the target of the TCP SYN flood attack?
A. Server
B. Client
C. Host at桃花娇艳 the spoofed source address
D. Random host on the internet
ANS: ________________
A
13. True or fal: in TCP SYN spoofing attack, the attacker’s network must have higher
bandwidth than the victim’s network in order to carry out the attack successfully.
A. True
B. Fal
ANS: ________________
B
14. True or fal: in TCP SYN flood attack, the attacker’s network must have higher
