A) Mechanisms determine what will be done, while policies decide when it will be done
B) Mechanisms determine how something will be done, while policies decide what will be done
C) Mechanisms determine how something will be done, while policies decide why something will be done
D) Mechanisms determine what will be done, while policies decide how it will be done
F) B) and C)
Correct Answer
verified
Correct Answer
verified
Correct Answer
verified
A code can be added to the kernel to perform an inspection at the system-call gate, restricting a caller to a subset of system calls deemed safe or required for that caller's function. Specific system-call profiles can be constructed for individual processes. The Linux mechanism SECCOMP-BPF uses the Berkeley Packet Filter language to load a custom profile through Linux's proprietary prctl system call. This filtering can be effectively enforced if called from within a run-time library when it initializes or from within the loader itself before it transfers control to the program's entry point.
Correct Answer
verified
B) False
Correct Answer
verified
Correct Answer
verified
A) When a class is loaded, the JVM assigns the class to a protection domain that gives the permissions of that class.
B) It does not support the dynamic loading of untrusted classes over a network.
C) It does not support the execution of mutually distrusting classes within the same JVM.
D) Methods in the calling sequence are not responsible for requests to access a protected resource.
F) A) and C)
Correct Answer
verified
Correct Answer
verified
A) a pair <object-name, list-of-users>
B) a pair <object-name, rights-set>
C) a triplet <object-name, user, rights-set>
D) a triplet <object-name, process_id, rights-set>
F) B) and C)
Correct Answer
verified
Correct Answer
verified
A) System Integrity Protection
B) Intrusion Prevention
C) System-Call Filtering
D) Sandboxing
F) A) and B)
Correct Answer
verified
Correct Answer
verified
Correct Answer
verified
The association between proces...View Answer
Correct Answer
verified
View Answer
B) False
Correct Answer
verified
Correct Answer
verified
B) False
Correct Answer
verified
Correct Answer
verified
Correct Answer
verified
Sandboxing involves running processes in...View Answer
Correct Answer
verified
View Answer
Correct Answer
verified
The confinement problem is a problem of ...View Answer
Correct Answer
verified
View Answer
Correct Answer
verified
It is code signing, which is the digital...View Answer
Correct Answer
verified
View Answer
A) A right R is copied from domain A to domain B and R is removed from domain A. The right R could be copied from domain B to another domain.
B) A right R is copied from domain A to domain B, but the right R could not be copied from domain A to another domain.
C) A right R is copied from domain A to domain B, but the right R could not be copied from domain B to another domain.
D) none of the above
F) All of the above
Correct Answer
verified
Correct Answer
verified
Correct Answer
verified
SIP restricts access to system files and...View Answer
Correct Answer
verified
View Answer
A) a list of operations together with the list of processes allowed to run the operations on those objects.
B) a list of objects together with the list of processes allowed to access those objects.
C) a list of objects together with the operations allowed on those objects.
D) a list of triplet <object, process, rights>.
F) A) and D)
Correct Answer
verified
C
Correct Answer
verified
Correct Answer
verified
The need-to-know principle means that at any time, a process should be able to access only those objects that it currently requires to complete its task. This rule is useful in limiting the amount of damage a faulty process or an attacker can cause in the system.
Correct Answer
verified
Correct Answer
verified
Compartmentalization is the pr...View Answer
Correct Answer
verified
View Answer
A) hardware object or software object
B) process or threat
C) software object only
D) process only
F) A) and D)
Correct Answer
verified
Correct Answer
verified
A) Protection schemes are programmed as opposed to simply declared.
B) Protection requirements are dependent of the facilities provided by a particular operating system.
C) The means for enforcement needs to be provided by the designer of the subsystem.
D) Access privileges are closely related to the linguistic concept of a data type.
F) A) and D)
Correct Answer
verified
Correct Answer
verified
A) permitted
B) mapped
C) effective
D) inherited
F) None of the above
Correct Answer
verified
Correct Answer
verified
Showing 1 - 20 of 32
Related Exams