Here are some sample exam questions from old exams.

Q 1. Matching
[The real question might have 20 parts and 50 answer choices, so you won't
have time to try all answers in all parts.  You should read the part, think
of the correct answer and find it in the alphabetical list of answer choices.]

Write the number of the best answer to each part from the following list.

a. _____ This is a method, tool, or procedure for enforcing a security policy.

b. _____ This is useful when an attack cannot be prevented, and it can also
         indicate the effectiveness of preventative measures.

c. _____ The form of user authentication may be something the user knows,
         has or this.

d. _____ This type of virus infects a boot sector.

e. _____ Trying to guess a password by repeated trial and error is called this.

	LIST OF ANSWERS CHOICES FOR QUESTION 1.

	1. boot-sector virus
	2. classification
	3. detection
	4. exact
	5. exhaustive search
	6. is
	7. security mechanism
	8. security policy
	9. tiger team


Q 2.

List four techniques that may be used to thwart an attack on a system from
outside by trying to guess the password of a particular user.  (Just give
the names of the four techniques.)

Q 3.

What is "temporary acquired permission?"  Give an example of it.

Q 4.  Multiple choice

Which of the following statements about one-time passwords is true?
(There is exactly one correct answer.)

a. They require users to change their passwords every time they log in.
b. They are a type of challenge-response system.
c. Their effectiveness is limited because once an attacker has captured a
   one-time password sent over the Internet, the attacker can use it to log
   in successfully, provided she uses it before the user logs in once more.
d. None of the above.

Q 5.

a. What do the rows of an access control matrix represent?
b. What do the columns of an access control matrix represent?
c. Why is it more efficient to store an access control matrix by
   columns than by rows?