Chat with AI
Deck 17: Protection
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/32
Play
Full screen (f)
Deck 17: Protection
1
The owner right allows ___________
A) addition of new rights only
B) addition of new rights and removal of some rights
C) removal of some rights only
D) none of the above
A) addition of new rights only
B) addition of new rights and removal of some rights
C) removal of some rights only
D) none of the above
B
2
What is the difference between mechanisms and policies?
A) Mechanisms determine what will be done, while policies decide when it will be done
B) Mechanisms determine how something will be done, while policies decide what will be done
C) Mechanisms determine how something will be done, while policies decide why something will be done
D) Mechanisms determine what will be done, while policies decide how it will be done
A) Mechanisms determine what will be done, while policies decide when it will be done
B) Mechanisms determine how something will be done, while policies decide what will be done
C) Mechanisms determine how something will be done, while policies decide why something will be done
D) Mechanisms determine what will be done, while policies decide how it will be done
B
3
How does a lock-key mechanism work?
Each object has a list of unique bit patterns called locks. Similarly, each domain has a list of unique bit patterns called keys. A process executing in a domain can access an object only if that domain has a key that matches one of the locks of the object.
4
The ability to copy an access right from one domain to another may be realized as follows
A) A right R is copied from domain A to domain B and R is removed from domain
A) The right R could be copied from domain B to another domain.
B) A right R is copied from domain A to domain B, but the right R could not be copied from domain A to another domain.
C) A right R is copied from domain A to domain B, but the right R could not be copied from domain B to another domain.
D) none of the above
A) A right R is copied from domain A to domain B and R is removed from domain
A) The right R could be copied from domain B to another domain.
B) A right R is copied from domain A to domain B, but the right R could not be copied from domain A to another domain.
C) A right R is copied from domain A to domain B, but the right R could not be copied from domain B to another domain.
D) none of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
5
What capability is not used by Linux?
A) permitted
B) mapped
C) effective
D) inherited
A) permitted
B) mapped
C) effective
D) inherited
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following is an advantage of compiler-based enforcement of access control?
A) Protection schemes are programmed as opposed to simply declared.
B) Protection requirements are dependent of the facilities provided by a particular operating system.
C) The means for enforcement needs to be provided by the designer of the subsystem.
D) Access privileges are closely related to the linguistic concept of a data type.
A) Protection schemes are programmed as opposed to simply declared.
B) Protection requirements are dependent of the facilities provided by a particular operating system.
C) The means for enforcement needs to be provided by the designer of the subsystem.
D) Access privileges are closely related to the linguistic concept of a data type.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
7
Describe the idea of SIP (System Integrity Protection).
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
8
A capability list for a domain is ____________________
A) a list of operations together with the list of processes allowed to run the operations on those objects.
B) a list of objects together with the list of processes allowed to access those objects.
C) a list of objects together with the operations allowed on those objects.
D) a list of triplet.
A) a list of operations together with the list of processes allowed to run the operations on those objects.
B) a list of objects together with the list of processes allowed to access those objects.
C) a list of objects together with the operations allowed on those objects.
D) a list of triplet
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
9
Explain a confinement problem.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
10
Describe the idea of the sandboxing.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is true of the Java programming language in relation to protection?
A) When a class is loaded, the JVM assigns the class to a protection domain that gives the permissions of that class.
B) It does not support the dynamic loading of untrusted classes over a network.
C) It does not support the execution of mutually distrusting classes within the same JVM.
D) Methods in the calling sequence are not responsible for requests to access a protected resource.
A) When a class is loaded, the JVM assigns the class to a protection domain that gives the permissions of that class.
B) It does not support the dynamic loading of untrusted classes over a network.
C) It does not support the execution of mutually distrusting classes within the same JVM.
D) Methods in the calling sequence are not responsible for requests to access a protected resource.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
12
Describe domain switching.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
13
UNIX operating system associates a protection domain with the ____.
A) task
B) tread
C) process
D) user
A) task
B) tread
C) process
D) user
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
14
A protection domain is a collection of access rights, each of which is ___________________
A) a pair
B) a pair
C) a triplet
D) a triplet
A) a pair
B) a pair
C) a triplet
D) a triplet
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
15
Object means __________
A) hardware object or software object
B) process or threat
C) software object only
D) process only
A) hardware object or software object
B) process or threat
C) software object only
D) process only
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
16
What does compartmentalization mean?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
17
What are the main reasons for implementing a protection subsystem?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
18
________________ is not a protection mechanism.
A) System Integrity Protection
B) Intrusion Prevention
C) System-Call Filtering
D) Sandboxing
A) System Integrity Protection
B) Intrusion Prevention
C) System-Call Filtering
D) Sandboxing
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
19
What are the main drawbacks of the implementation of the access matrix as a global table?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
20
Explain the need-to-known principle.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
21
Rings of protection separate functions into domains and order them hierarchically.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
22
Android cannot provide the same level of protection as UNIX, because it is not able to separate users.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
23
The default set of access rights are used if no entry in the access list is found.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
24
Apple's systems employs capability-based protection in the form of entitlements.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
25
Domains cannot share access rights
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
26
How does Linux use system-call filtering?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
27
root user can modify mandatory access control (MAC)
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
28
The kernel should not run with a higher level of privileges than user processes.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
29
In a dynamic protection system, sometimes access rights to objects shared by different users need to be revoked.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
30
Role-based access control (RBAC) increases the security risk associated with superusers.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
31
What protection mechanism is used to ensure that operating-system distributions and patches have not be changed?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
32
Describe how the access matrix is implemented in MULTISC.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
