1.

A ______ may at any time be idle, or have one or more _______

executing on its behalf.

subject, principals

principal, subjects

subject, objects

principal, objects

2.Which of the following is correct with respect to objects?

An object is anything on which a subject can perform operations (mediated by rights)

Objects are usually passive

Both A and B

Only A

3. Subjects can also be objects with ______ operation(s)

Kill

Suspend and Resume

Resume and Kill

Kill, Suspend and Resume

4. The read bit allows one to show file names in the directory.

True

False

5. When a process is created by fork:

It inherits three user IDs from its parent process

It keeps its three user IDs unless the set-user-ID bit of the file is set, in which case the effective
uid and the saved uid are assigned to the user ID of the owner of the file

Both A and B

None of the above

6.

Which of the following is a way to escape jail as root?

Reboot system

Send signals to chrooted process

Create devices that lets you access raw disk

A and C
7. Chroot jail is ______ partitioning and FreeBSD jail is _______ partitioning

Weak, Strong

Strong, Weak

Weak, Weak

Strong,Strong

8. Which of the following is incorrect with respect to FreeBSD jail?

It can only bind to sockets with specified IP address and authorized ports

It can communicate with processes inside and outside of jail

Root is limited (example: cannot load kernel modules)

None of the above

9. Identify the correct statement for paravirtualization.

Paravirtualization is where software is used to simulate hardware for guest operating system to
run in.

Paravirtualization is where a type-2 hypervisor is used to partially allow access to the hardware
and partially to simulate hardware in order to allow you to load full operating system.

Both A and B

Paravirtualization is where the guest operating system runs on the hypervisor, allowing for
higher performance and efficiency.

10. Which of the following is incorrect for System call interposition?

 It tracks all the system service requests of processes.

Each system request can be modified or denied.

It is impossible to implement tools to trace, monitor, or virtualize processes.

None of the above.

11.ptrace is a system call found in _____ and several ______like operating

systems.

Mac

Unix

Windows

None of the above

12.Which of the following is a computer security utility which limits an

application's access to the system by enforcing access policies for system
calls?

systrace

NetBSD

ptrace

None of the above

13.Which of the following uses a call back mechanism in the kernel module to
redirect system calls?
 systrace

ptrace

ostia

NetBSD

14. NaCl stands for -

Narrow Cluster

Native Cluster

Narrow Client

Native Client