1Which of the following is NOT a necessary condition for a deadlock to occur?
A.Preemption
B.Hold and Wait
C.Circular Wait
D.Mutual Exclusion
Correct Answer: Preemption
Explanation:
The four necessary conditions for deadlock are Mutual Exclusion, Hold and Wait, No Preemption, and Circular Wait. If Preemption is possible, a deadlock can be broken.
Incorrect! Try again.
2Which deadlock handling strategy involves ensuring that at least one of the necessary conditions for deadlock cannot hold?
A.Deadlock Detection
B.Deadlock Prevention
C.Deadlock Recovery
D.Deadlock Avoidance
Correct Answer: Deadlock Prevention
Explanation:
Deadlock prevention ensures that at least one of the necessary conditions (Mutual Exclusion, Hold and Wait, No Preemption, Circular Wait) is never satisfied.
Incorrect! Try again.
3The Banker’s Algorithm is used for which purpose in an Operating System?
A.Deadlock Detection
B.Deadlock Avoidance
C.Deadlock Prevention
D.Deadlock Recovery
Correct Answer: Deadlock Avoidance
Explanation:
The Banker’s Algorithm is a deadlock avoidance algorithm that checks if granting a request will leave the system in a safe state.
Incorrect! Try again.
4A system is in a 'safe state' if:
A.All resources are currently free.
B.No process is waiting for resources.
C.There is no deadlock.
D.There exists a safe sequence of all processes.
Correct Answer: There exists a safe sequence of all processes.
Explanation:
A system is in a safe state only if there exists a safe sequence where resources can be allocated to processes in some order such that all processes can complete execution.
Incorrect! Try again.
5In a Resource Allocation Graph, if the graph contains no cycles, then:
A.A deadlock may exist.
B.The system is in an unsafe state.
C.A deadlock exists.
D.No deadlock exists.
Correct Answer: No deadlock exists.
Explanation:
If a Resource Allocation Graph contains no cycles, then no deadlock exists. A cycle is a necessary condition for deadlock in this graph model.
Incorrect! Try again.
6Which technique addresses the 'Circular Wait' condition to prevent deadlock?
A.Spooling resources
B.Requesting all resources at the start
C.Allowing preemption
D.Imposing a total ordering of all resource types
Correct Answer: Imposing a total ordering of all resource types
Explanation:
Circular wait can be prevented by assigning a unique number to each resource type and requiring processes to request resources in increasing order of enumeration.
Incorrect! Try again.
7What is the primary difference between a Virus and a Worm?
A.A virus spreads via network only; a worm spreads via disk.
B.A virus requires a host program to spread; a worm can replicate independently.
C.A worm infects hardware; a virus infects software.
D.A virus is harmless; a worm is malicious.
Correct Answer: A virus requires a host program to spread; a worm can replicate independently.
Explanation:
A virus attaches itself to another program (host) to execute and spread, whereas a worm is a standalone program that replicates itself to spread to other computers.
Incorrect! Try again.
8Which of the following describes 'Starvation'?
A.A security breach in the kernel.
B.Two processes waiting indefinitely for each other.
C.The system crashing due to memory overload.
D.A process waiting indefinitely because other processes are constantly favored.
Correct Answer: A process waiting indefinitely because other processes are constantly favored.
Explanation:
Starvation (or indefinite blocking) occurs when a process is ready to execute but waits indefinitely because the scheduler or resource allocator consistently gives preference to other processes.
Incorrect! Try again.
9A 'Trapdoor' (or Backdoor) in a system is:
A.A hardware failure.
B.A protocol for secure file transfer.
C.A mechanism to bypass security controls.
D.A type of antivirus software.
Correct Answer: A mechanism to bypass security controls.
Explanation:
A trapdoor or backdoor is a method (often left by developers) to bypass normal authentication or security procedures to gain access to a system.
Incorrect! Try again.
10Which attack involves overwriting a memory area to corrupt data or execute malicious code?
A.Buffer Overflow
B.Denial of Service
C.Sniffing
D.Phishing
Correct Answer: Buffer Overflow
Explanation:
A Buffer Overflow occurs when a program writes more data to a buffer than it can hold, overwriting adjacent memory which can be exploited to run malicious code.
Incorrect! Try again.
11Which component of the Access Matrix model represents the protection domain?
A.The column
B.The file system
C.The intersection cell
D.The row
Correct Answer: The row
Explanation:
In an Access Matrix, rows represent domains (or subjects/processes), and columns represent objects (resources). The entries determine the access rights.
Incorrect! Try again.
12Implementing an Access Matrix by storing list of objects and rights with each domain is known as:
A.Access Control List (ACL)
B.Capability List
C.Global Table
D.Lock-key mechanism
Correct Answer: Capability List
Explanation:
A Capability List is associated with a domain (row-based) and lists all objects that the domain can access along with the specific rights.
Incorrect! Try again.
13The 'Principle of Least Privilege' states that:
A.Programs and users should be given just enough privileges to perform their task.
B.Security should be handled only by the OS kernel.
C.All users should have the same privilege level.
D.Users should have maximum access to ensure efficiency.
Correct Answer: Programs and users should be given just enough privileges to perform their task.
Explanation:
This principle dictates that a subject should be given only those privileges that are necessary to complete its assigned task to minimize potential damage.
Incorrect! Try again.
14Which of the following is a method for Deadlock Recovery?
A.Banker's Algorithm
B.Ordering Resources
C.Wait-for Graph
D.Process Termination
Correct Answer: Process Termination
Explanation:
Deadlock recovery involves breaking the deadlock cycle, often by aborting (terminating) one or all of the deadlocked processes or preempting resources.
Incorrect! Try again.
15What is 'Cache Poisoning'?
A.Encrypting the cache so the CPU cannot read it.
B.Physically damaging the cache memory.
C.Introducing false information into a DNS or ARP cache.
D.Filling the cache so no valid data can be stored.
Correct Answer: Introducing false information into a DNS or ARP cache.
Explanation:
Cache poisoning (e.g., DNS spoofing) involves entering corrupt data into a cache database, causing the server to return an incorrect IP address and diverting traffic.
Incorrect! Try again.
16In the context of Deadlock Detection with single instances of each resource type, which structure is used?
A.Access Control List
B.Gantt Chart
C.Wait-for Graph
D.Banker's Matrix
Correct Answer: Wait-for Graph
Explanation:
For single instances of resources, a Wait-for Graph (a variation of the Resource Allocation Graph) is used. A cycle in the Wait-for Graph indicates a deadlock.
Incorrect! Try again.
17Which of the following is an example of a 'Program Threat'?
A.Shoulder surfing
B.Trojan Horse
C.Dumpster diving
D.Phishing email
Correct Answer: Trojan Horse
Explanation:
A Trojan Horse is a program threat; it appears to be a useful software but performs malicious actions (like stealing data) in the background.
Incorrect! Try again.
18The practice of adding a random string to a password before hashing it is called:
A.Phishing
B.Salting
C.Snooping
D.Spoofing
Correct Answer: Salting
Explanation:
Salting involves adding random data (salt) to a password before hashing to protect against dictionary attacks and rainbow table attacks.
Incorrect! Try again.
19Which recovery method involves rolling back a process to a safe checkpoint?
A.Mutual Exclusion
B.Resource Preemption
C.Starvation
D.Process Termination
Correct Answer: Resource Preemption
Explanation:
When preempting a resource to recover from deadlock, the process holding the resource is often rolled back to a safe checkpoint to restart later.
Incorrect! Try again.
20A 'Logic Bomb' is:
A.A hardware malfunction.
B.A type of firewall.
C.A virus that spreads via email.
D.Code embedded in a legitimate program that executes when specific conditions are met.
Correct Answer: Code embedded in a legitimate program that executes when specific conditions are met.
Explanation:
A logic bomb is malicious code inserted into a program that lies dormant until a specific condition (like a date or a missing database entry) triggers it.
Incorrect! Try again.
21In an Access Control List (ACL) implementation, the permissions are associated with:
A.The Network
B.The Object (File/Resource)
C.The Domain (User)
D.The Operating System
Correct Answer: The Object (File/Resource)
Explanation:
An ACL corresponds to a column in the Access Matrix. It is stored with the object and lists which domains can access that object and how.
Incorrect! Try again.
22Which of the following is a goal of Protection in an OS?
A.To maximize memory fragmentation.
B.To ensure that resources are used only by those processes that have proper authorization.
C.To prevent the user from installing applications.
D.To increase CPU speed.
Correct Answer: To ensure that resources are used only by those processes that have proper authorization.
Explanation:
The main goal of protection is to provide a mechanism to control the access of programs, processes, or users to system resources.
Incorrect! Try again.
23What is the 'Ostrich Algorithm' in the context of deadlocks?
A.Preventing the deadlock strictly.
B.Ignoring the deadlock problem altogether.
C.Detecting the deadlock and recovering.
D.Avoiding the deadlock using probabilities.
Correct Answer: Ignoring the deadlock problem altogether.
Explanation:
The Ostrich Algorithm refers to the strategy of ignoring potential deadlocks on the assumption that they occur very rarely and the cost of prevention is too high.
Incorrect! Try again.
24Which attack attempts to guess a password by trying every possible combination of characters?
A.Trojan Horse
B.Brute Force Attack
C.Dictionary Attack
D.Phishing
Correct Answer: Brute Force Attack
Explanation:
A Brute Force attack involves systematically checking all possible keys or passwords until the correct one is found.
Incorrect! Try again.
25What is a 'Denial of Service' (DoS) attack?
A.Injecting a virus into the boot sector.
B.Stealing user passwords.
C.Encrypting user data for ransom.
D.Preventing legitimate users from accessing a system or network.
Correct Answer: Preventing legitimate users from accessing a system or network.
Explanation:
A DoS attack aims to make a machine or network resource unavailable to its intended users, often by flooding it with superfluous requests.
Incorrect! Try again.
26The 'Need-to-Know' principle suggests:
A.A process should only have access to resources currently required for its task.
B.Security is not necessary for internal networks.
C.Users must know everything about the system.
D.All files should be readable by everyone.
Correct Answer: A process should only have access to resources currently required for its task.
Explanation:
Need-to-know limits a process's access rights to only those resources it strictly requires to perform its current function.
Incorrect! Try again.
27Which of the following is NOT a standard method for user authentication?
A.Something the user knows (Password)
B.Something the user wants (Desire)
C.Something the user has (Smart card)
D.Something the user is (Biometrics)
Correct Answer: Something the user wants (Desire)
Explanation:
Authentication is based on: what you know (passwords), what you have (tokens/cards), or what you are (biometrics). 'What you want' is not a factor.
Incorrect! Try again.
28In the context of protection, a 'Domain' implies:
A.A set of access rights/privileges.
B.A physical location of the server.
C.The type of operating system used.
D.A website address.
Correct Answer: A set of access rights/privileges.
Explanation:
In protection systems, a domain is a set of objects and the operations that may be invoked on those objects (access rights).
Incorrect! Try again.
29Which deadlock prevention strategy denies the 'Hold and Wait' condition?
A.Using the Banker's Algorithm.
B.Requiring a process to request all resources before execution begins.
C.Ordering resources numerically.
D.Preempting resources from a process.
Correct Answer: Requiring a process to request all resources before execution begins.
Explanation:
Hold and Wait is prevented by requiring processes to request and be allocated all necessary resources at once before starting execution.
Incorrect! Try again.
30What is 'Stack Smashing'?
A.A form of buffer overflow attack targeting the stack.
B.Compressing the stack to save memory.
C.Physical damage to the CPU stack.
D.Deleting the stack pointer.
Correct Answer: A form of buffer overflow attack targeting the stack.
Explanation:
Stack smashing is a specific type of buffer overflow where the attacker overwrites the return address in the stack frame to redirect execution to malicious code.
Incorrect! Try again.
31A 'Polymorphic Virus' is one that:
A.Cannot be removed.
B.Infects multiple operating systems.
C.Only attacks graphics files.
D.Changes its signature or code every time it replicates to avoid detection.
Correct Answer: Changes its signature or code every time it replicates to avoid detection.
Explanation:
Polymorphic viruses change their code (often via encryption) with every infection, making signature-based detection difficult.
Incorrect! Try again.
32What does 'Mutual Exclusion' mean in the context of deadlock?
A.Processes must share all resources.
B.At least one resource must be held in a non-sharable mode.
C.Processes wait in a circle.
D.Resources can be preempted.
Correct Answer: At least one resource must be held in a non-sharable mode.
Explanation:
Mutual exclusion means that only one process can use a resource at a time. If another process requests it, it must wait.
Incorrect! Try again.
33Which of the following best describes 'Phishing'?
A.Guessing passwords using a dictionary.
B.Social engineering via email/web to steal credentials.
C.Flooding a network with traffic.
D.Intercepting Wi-Fi signals.
Correct Answer: Social engineering via email/web to steal credentials.
Explanation:
Phishing is a fraudulent attempt to obtain sensitive information like usernames and passwords by disguising as a trustworthy entity in electronic communication.
Incorrect! Try again.
34In the Lock-Key mechanism for access control:
A.Every user has a physical key.
B.It is identical to an Access Control List.
C.Each object has a list of unique bit patterns (locks) and domains have patterns (keys).
D.The OS uses a master password.
Correct Answer: Each object has a list of unique bit patterns (locks) and domains have patterns (keys).
Explanation:
In this hybrid scheme, a domain has a list of keys, and an object has a list of locks. Access is granted only if a key matches one of the locks.
Incorrect! Try again.
35One-Time Passwords (OTP) are used to primarily prevent:
A.Replay attacks.
B.Virus infections.
C.Buffer overflows.
D.Deadlocks.
Correct Answer: Replay attacks.
Explanation:
Since an OTP is valid for only one session or transaction, an attacker who intercepts (sniffs) the password cannot use it again, preventing replay attacks.
Incorrect! Try again.
36Which of the following is a 'System Threat' rather than a 'Program Threat'?
A.Worm
B.Trapdoor
C.Virus
D.Trojan Horse
Correct Answer: Worm
Explanation:
While viruses and Trojans are program threats (requiring a host program), a Worm is often classified as a system threat because it uses system mechanisms (network) to spawn copies of itself independently.
Incorrect! Try again.
37If a process P1 is holding Resource R1 and waiting for R2, and P2 is holding R2 and waiting for R1, this is an example of:
A.Starvation
B.Safe State
C.Preemption
D.Circular Wait
Correct Answer: Circular Wait
Explanation:
This describes a circular chain of processes where each is waiting for a resource held by the next member in the chain, a necessary condition for deadlock.
Incorrect! Try again.
38Secure communication over a network often relies on:
A.Faster routers.
B.Short passwords.
C.Open access points.
D.Encryption and Cryptography.
Correct Answer: Encryption and Cryptography.
Explanation:
Encryption ensures confidentiality and integrity of data transmitted over insecure networks.
Incorrect! Try again.
39Man-in-the-middle (MitM) attack involves:
A.An attacker locking the database.
B.An attacker secretly relaying and possibly altering communication between two parties.
C.An attacker destroying the server hardware.
D.An attacker guessing the password.
Correct Answer: An attacker secretly relaying and possibly altering communication between two parties.
Explanation:
In MitM, the attacker sits between two communicating parties, impersonating each to the other to intercept or modify data.
Incorrect! Try again.
40A 'Stealth Virus' attempts to:
A.Hide its presence from the OS and antivirus software.
B.Make the screen go black.
C.Delete the boot sector immediately.
D.Encrypt the hard drive.
Correct Answer: Hide its presence from the OS and antivirus software.
Explanation:
Stealth viruses use techniques to hide, such as intercepting system calls to return original file data instead of the infected data when scanned.
Incorrect! Try again.
41Which of the following is a weakness of the Global Table implementation of the Access Matrix?
A.It allows everyone to access everything.
B.It does not support file permissions.
C.It is too secure.
D.The table can become extremely large and cannot be kept in main memory.
Correct Answer: The table can become extremely large and cannot be kept in main memory.
Explanation:
A global table stores a triple (domain, object, rights) for every permission. In a large system, this table becomes massive and inefficient to search.
Incorrect! Try again.
42When a system recovers from deadlock by rolling back a process, what issue must be addressed to prevent the same process from being picked repeatedly?
A.Mutual Exclusion
B.Latency
C.Starvation
D.Throughput
Correct Answer: Starvation
Explanation:
If the victim selection algorithm is based solely on cost, the same process might always be picked as the victim, causing starvation. The number of rollbacks should be included in the cost factor.
Incorrect! Try again.
43What is the main disadvantage of Deadlock Detection compared to Deadlock Prevention?
A.It requires runtime overhead to run the detection algorithm.
B.It never finds deadlocks.
C.It requires user intervention.
D.It restricts resource usage.
Correct Answer: It requires runtime overhead to run the detection algorithm.
Explanation:
Deadlock detection allows deadlocks to occur and then finds them. This requires CPU time to run the algorithm and maintain the resource graph, adding system overhead.
Incorrect! Try again.
44In protection systems, switching from one domain to another (Domain Switching) typically happens when:
A.A file is deleted.
B.A user logs out.
C.The computer is restarted.
D.A process calls a system call or changes privilege level.
Correct Answer: A process calls a system call or changes privilege level.
Explanation:
Domain switching occurs, for example, when a user process executes a system call (switching from user domain to kernel domain) or when a process gains new privileges.
Incorrect! Try again.
45The 'Confidentiality' aspect of security ensures that:
A.Assets are accessible only to authorized parties.
B.Assets are accessible to authorized parties.
C.The system is always running.
D.Assets can only be modified by authorized parties.
Correct Answer: Assets are accessible only to authorized parties.
Explanation:
Confidentiality (or Secrecy) ensures that information is not disclosed to unauthorized individuals, entities, or processes.
Incorrect! Try again.
46Which of the following is an example of a 'Day Zero' or 'Zero-Day' attack?
A.An attack that happens at midnight.
B.An attack exploiting a vulnerability before the developer knows about it or has a fix.
C.An attack that deletes 0 bytes.
D.An attack using 0s and 1s.
Correct Answer: An attack exploiting a vulnerability before the developer knows about it or has a fix.
Explanation:
A Zero-Day attack exploits a software vulnerability on the same day (or before) the vendor becomes aware of it, meaning no patch exists yet.
Incorrect! Try again.
47Password 'Salting' makes which specific type of attack much more difficult?
A.Social Engineering
B.Brute Force
C.Dictionary Attack using Rainbow Tables
D.Phishing
Correct Answer: Dictionary Attack using Rainbow Tables
Explanation:
Salting ensures that the same passwords have different hashes. This renders pre-computed hash tables (Rainbow Tables) ineffective.
Incorrect! Try again.
48In the context of Application Security, 'Input Validation' helps prevent:
A.Deadlock
B.Starvation
C.Buffer Overflow and SQL Injection
D.Packet Sniffing
Correct Answer: Buffer Overflow and SQL Injection
Explanation:
Validating input ensures that the data received by an application is well-formed, preventing malicious scripts or excessive data (overflows) from being processed.
Incorrect! Try again.
49What is 'Network Sniffing'?
A.Speeding up the network connection.
B.Cleaning the network cables.
C.Smelling the hardware for burning components.
D.Monitoring and capturing data packets passing through a network.
Correct Answer: Monitoring and capturing data packets passing through a network.
Explanation:
Sniffing involves using software or hardware to intercept and log traffic passing over a digital network.
Incorrect! Try again.
50Which concept ensures that a modification to a system asset is done only in an authorized manner?
A.Confidentiality
B.Integrity
C.Availability
D.Authentication
Correct Answer: Integrity
Explanation:
Integrity ensures that data or system resources are not modified, altered, or corrupted by unauthorized users.