Arvutiteaduse instituut
  1. Kursused
  2. 2024/25 sügis
  3. Infoturve (MTAT.07.028)
EN
Logi sisse

Infoturve 2024/25 sügis

  • Home
  • Lectures & labs
  • Homework & course rules
  • Terminology
  • Exam
  • Links

An example of an exam

I part

I part The first part of the exam consists of 20 questions, with each correct answer giving one point. Thus, it is possible to collect up to 20 points from the first part of the exam. The questions may have more than one correct answer. To pass the exam, the student must collect at least 5 points from the first part of the exam and at least 5 points from the second part.

Note. In the first part of the exam the questions are in test format, being similar to the Moodle test questions. However, the test is on paper, so you will have to mark checkboxes with a pen. You can review the Moodle test questions as they are similar to the exam questions.

II part

The second part of the exam consists of four questions, where each question gives 5 points. Therefore, it is possible to collect up to 20 points from the second part. In order to answer these questions, it is necessary to understand the underlying problem as the answer has to contain reasoning. The answer should combine logical thinking and knowledge gathered during the course.

  • Question 1 (5p) - What is shown in the Figure? What is denoted by SK? Who are the users? What is the meaning of the arrows and what is the underlying cryptographic operation? Why is the topmost node special?
  • Question 2 (5p) - How would it be possible to attack two-factor authentication? There are multiple ways to answer this question. Choose and describe one attack scenario in detail. List the assumptions that must hold for the attack to succeed. You can also briefly describe a second attack scenario. What kind of two-factor authentication is the most secure in your opinion? Provide reasoning for the choice.
  • Question 3 (5p) - How are digital certificates (X.509) used in Estonia? List a few use cases. In which situations should the certificate be revoked? The certificates for ID-cards are signed by SK ID Solutions AS. Does this give SK ID Solutions AS the possibility to authenticate as any cardowner and issue signatures in their name? Provide reasoning.
  • Question 4 (5p) - Which security properties are required from an i-voting system? Why are the two main requirements controversial? Describe the controversy. How is this issue solved in the Estonian e-voting system? What are the strengths and weaknesses of that approach (the way how balance is found between the security requirements in the Estonian i-voting system)?

---

Other questions to test your understanding of different topics (just an example, not part of the exam)

  1. Explain the concept of availability? Give an example of a system where availability is important.
  2. How do the block ciphers and stream ciphers differ? Name one symmetric encryption algorithm.
  3. Briefly describe two different types of cookies.
  4. What is a VPN? Give two different use cases for it.
  5. What is jailbreaking? Why does jailbreaking of a smart device make the device less secure?
  6. How do the policies BYOD and COPE differ? Which one provides better security for the company?
  7. What is currently the standard key length in public key cryptography? Name one public key encryption algorithm.
  8. How is public key cryptography used for encryption and transportation of large amounts of data? Name a system or a protocol where this approach is used.
  9. What is a certificate? How is the browser able to verify the validity of certificates used by websites?
  10. How is the integrity of data maintained in HTTPS protocol? Which cryptographic method is used for that?
  11. Why is email protocol insecure? Which cryptographic idea helps to secure the exchange of emails?
  12. Which security properties are the basis for the security of Estonian ID-card?
  13. Which parties are involved when Smart-ID is used?
  14. How does the two envelope system work in Estonian i-voting? You will have to specify which encryption keys are used in the two envelope system.
  15. What is the most significant problem related with the password based authentication? How it can be solved?
  16. Lets say that passwords could be saved into a database by using either bcrypt, PBDKF2, MD5 or SHA256. What is the advantage of bcrypt & PBKDF2 when compared with MD5 and SHA256? Name one security property of a cryptographic hash function.
  17. Which techniques are used in phishing attacks to lure the target into clicking a link. Describe two different techniques that could be used for that.
  18. How do XSS and CSRF differ?
  19. Why was Stuxnet significant compared to other cyber attacks? You will have to give at least two reasons.
  20. Should the SSID of router be unique? Can it affect the security of the wifi network?
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused