QUESTION 1 Suppose Alice wants to communicate confidentially with Bob using asymmetric cryptography. Alice should encrypt the message to Bob using which of the following keys? Bob's private key Alice's public key Bob's public key Alice's private key QUESTION 2 Suppose the script test.sh has the following p What happens when user student executes test.sh? tmoore@debian:S 1s la test.sh -rwsr-xr-x 1 tm re tas 539 Mar 2 21:09 test.3h The script runs as use tmoore O The script runs as user tas The script runs as root. The script runs as user student QUESTION 3 The primary objective of cryptanalysis is to extract the secret key in order to decrypt ciphertext. O True O False QUESTION 4 In symmetric key cryptography, each user is assigned a public and private key pair O True O False QUESTION 5 Which of the following is NOT a reason to load a virus at the boot sector? The boot sector is often the easiest place in memory for an attacker to access. Files in the boot sector are typically hidden by the OS in order to avoid accidental deletion Boot sector viruses are hard to detect because they are hidden from the OS Boot sector viruses gain control of a system before detection tools are running QUESTION 6 Suppose that Alice and Bob wish to share a secret using Diffie-Hellman key exchange. The generator g is 7 and the prime p is 17, Suppose Alice selects the a secret value 5 and Bob selects the secret value 9 Alice should send Bob the public value Bob should send Alice the public value The shared secret between Alice and Bob is QUESTION 7 The Heartbleed vulnerability is caused by race conditi incomplete mediation in the OpenSSL implementation. incorrect bounds checking on a time-of-check to time-of-use vulnerability. ons on memory accesses in the webserver memory buffers that should be read. QUESTION 8 Suppose the script test2.sh has the following permissions. What happens when user student executeS test2sh? tmoore@debians 1s -la test2.sh rwxr-sr-x 1 tmoore tas 539 Mar 2 21:23 test2.sh O The script runs as user tmoore. O The script runs as root OThe script runs with the group tas, but only if student belongs to that group OThe script runs with the group tas, regardless of whether or not student is in that group. QUESTION 9 Viruses are difficult to detect because virus writers can make trivial changes to their code without changing what the code actually does. True O False QUESTION 10 Suppose Alice wants to digitally sign a message she sends to Bob using asymmetric cryptography. Alice should encrypt the message to Bob using which of the following keys? Alice's public key Bob's public key Bob's private key Alice's private key QUESTION 11 The best strategy for eradicating vulnerabilities from software is to devote budget to identifying and eliminating known vulnerabilities True O False QUESTION 12 Cybercrime costs are dominated by O the revenue made directly by miscreants O indirect and defense costs. O the cost imposed by infrastructure operated by miscreants O direct costs to victims QUESTION 13 The "Going Dark" problem refers to Othe difficulty of using asymmetric key encryption on resource-constrained devices O the difficulty law enforcement has in viewing lawfully intercepted communications due to the use of encryption O the exploitation of software vulnerabilities in communications platforms to gain read-access to communications O the lack of sunlight during the winter which is exacerbated by the ending of Daylight Savings time QUESTION 14 What does the following comma nd do chmod g+w,o-w file1 Add group write permissions and remove write permissions for everyone else for file1 Add group write permissions and remove write permissions for everyone besides the group and file owner for file1 O Change ownership of file1 to the group, which also gets write permissions Add write permissions to the file owner and remove write permissions for everyone else for file1 QUESTION 15 Buffer overflows are made possible when user inputs are allowed to exceed the specified input buffer size O True False QUESTION 16 A vulnerability in which there is a delay between when an operating system checks a file's write permissions and when a user writes to the file is referred to Oinput validation O incomplete mediation time-of-check to time-of-use O race condition QUESTION 17 Which of the following is true of the principle of least privilege? Oa The principle can safely be ignored during initial deployment D. Adhering to the principle means that a program should only be given the permissions it needs to execute properly and nothing more. Adhering to the principle helps make programs more adaptable to new and unexpected applications d Adhering to the principle means that software developers from the most disadvantaged backgrounds receive priority in placing ther apps near the top of the search results of marketplaces such as the Google Play and Apple App Store. QUESTION 18 Consider a ransomware attack on a school, in which all student transcripts are encrypted and lost forever because the school elects not to pay the ransom. The harm imposed on students unable to obtain their transcripts is an example of which kind of cost? defense costs O direct costs [excluding criminal revenue] O criminal revenue indirect costs QUESTION 19 Suppose a directory has the following permissions set drwx--x-- Which of the following statements is true? Users in the directory's group can access known files inside the directory. The directory owner can access known files inside the directory Users other than the directory's owner and group can access known files inside the directory The directory owner can add new files inside the directory Users other than the directory's owner and group can add new files inside the directony Users in the directory's group can add new files inside the directory