Download CSCI 4417/5417: Final Quiz - Security Questions and Feedback and more Exams Computer Science in PDF only on Docsity! CSCI 4417/5417: Final Quiz Due at start of Final Exam April 27, 2005 Overview This quiz is optional, and your grade on it will replace your lowest quiz grade. Overall, the main goal of this assignment is to get your suggestions on how to improve the course. There are also a set of quiz questions on Security, to help you practice for the final. There are 39 questions for a total of 41 points. You should submit your solutions to this quiz at the start of the final exam. Even though many of these questions are open-ended, you should take this seriously: mediocre and vague feedback will receive only partial credit. 1 Security 1. (1 point) What is the purpose of nmap? 2. (1 point) What is the purpose of John the Ripper? 3. (1 point) True/False: iptables is stateful. 4. (1 point) What is the difference in functionality and overhead between stateful and stateless firewalls? 5. (1 point) True/False: a SOCKS server is a type of proxy server 6. (1 point) True/False: an HTTP proxy server is a type of SOCKS server 7. (1 point) What is the purpose of tripwire? 8. (1 point) What type of scalability problem might you encounter if you use tripwire to watch files in the /tmp directory? 1 9. (1 point) Explain the difference between how rpm -Va works versus how TripWire works. 10. (1 point) If a fellow student hands you a copy of einstein’s /etc/passwd file, what should you do? 11. (1 point) Discuss how tripwire could be used to solve the problem of uninstalling software that was built and installed from source. 12. (1 point) True/False: if you have a personal firewall, then you don’t need to also have a separate, standalone firewall. 13. (1 point) True/False: if you have a separate, standalone firewall, then you don’t need to also have a personal firewall. 14. (1 point) How does blocking an incoming, initial SYN on a firewall increase security slightly? 15. (1 point) Assume that you are working for a company as a system administrator, and your boss asks you to run l0phtcrack on your domain controller. In a sentence or two, explain your response. 16. (1 point) True/False: using a foreign language word for a password is a good idea. 17. (1 point) Explain the difference between a brute force attack and a dictionary attack on passwords. 18. (1 point) Explain blacklisting with respect to firewalls. 19. (1 point) Explain whitelisting with respect to firewalls. Page 2