1. The primary goal of computer security is to ensure:
Correct Answer: b) Confidentiality, Integrity, and Availability (CIA triad)
Explanation: The CIA triad represents the three core principles of security: Confidentiality (preventing unauthorized access), Integrity (ensuring data accuracy), and Availability (ensuring systems are accessible when needed).
2. Which of the following is NOT a security threat?
Correct Answer: c) Correct program execution
Explanation: Correct program execution is the desired behavior, not a threat. Security threats include unauthorized access (confidentiality breach), data modification (integrity breach), and DoS (availability breach).
3. Security mechanisms are designed to prevent:
Correct Answer: a) Unauthorized access and data breaches
Explanation: Security mechanisms like encryption, authentication, and access controls primarily aim to prevent unauthorized access and protect against data breaches, not to optimize system performance.
4. Which principle ensures that data is accessible only to authorized users?
Correct Answer: b) Confidentiality
Explanation: Confidentiality ensures that sensitive information is accessed only by authorized individuals and remains protected from unauthorized disclosure.
5. A buffer overflow attack exploits:
Correct Answer: a) Improper input validation in a program
Explanation: Buffer overflow occurs when a program writes more data to a buffer than it can hold, typically due to insufficient bounds checking, allowing attackers to overwrite adjacent memory.
6. Which vulnerability allows an attacker to execute arbitrary code by overwriting memory?
Correct Answer: a) Buffer Overflow
Explanation: Buffer overflow vulnerabilities enable attackers to overwrite critical memory areas (like return addresses) to redirect program execution to malicious code.
7. A trapdoor (or backdoor) in a system is:
Correct Answer: b) A hidden entry point bypassing normal authentication
Explanation: A trapdoor is a secret method to bypass normal authentication, often left by developers for debugging but dangerous if discovered by attackers.
8. Which attack involves poisoning the DNS cache to redirect users to malicious sites?
Correct Answer: a) Cache Poisoning (DNS Spoofing)
Explanation: DNS cache poisoning tricks DNS servers into caching false IP mappings, redirecting users to attacker-controlled sites when they try to access legitimate domains.
9. A stack-based buffer overflow occurs when:
Correct Answer: a) Data exceeds the buffer's allocated stack memory
Explanation: Stack-based overflows occur when writing beyond a buffer's bounds in the stack memory, potentially overwriting return addresses and compromising program flow.
10. Which security measure prevents buffer overflow attacks?
Correct Answer: a) Stack Canaries (Canary Values)
Explanation: Stack canaries are values placed between buffers and control data on the stack. If altered during overflow, they trigger termination before malicious code executes.
11. A heap overflow attack targets:
Correct Answer: a) Dynamically allocated memory (heap)
Explanation: Heap overflows exploit memory allocated dynamically (via malloc/new), corrupting heap management structures to achieve arbitrary code execution.
12. Which programming language is most vulnerable to buffer overflows?
Correct Answer: a) C (due to lack of bounds checking)
Explanation: C is particularly vulnerable because it: (1) Allows direct memory access, (2) Doesn't perform automatic bounds checking, and (3) Uses unsafe functions like strcpy().