Stanford Advanced Computer Security
Software Security Foundations Certificate (XACS101)
Prerequisite Questions
Software Security Foundations consists of 3 modules and is highly recommended for those who are not comfortable with fundamental security concepts, or if you are unable to easily answer the following types of questions:
1. A fail-safe stance means:
A program will fail when an adversary attempts to attack it.
A program will default to a secure mode when it fails.
A program is safe from failure in all cases, and is therefore secure.
A program is safe against failure in most cases.
2. Which of the following statements is true?
RC4 can be used in either CBC or ECB mode.
The design of 3DES takes advantage of modular arithmetic.
The design of the AES algorithm was kept secret, whereas 3DES was designed by a committee.
A 128-bit AES key can be used to encrypt a 1024-bit RSA key.
3. Which of the following should programmers do to prevent their software from being vulnerable to attacks?
Wrap all calls to string manipulation functions to check for string lengths.
Pass the length of input to functions such as strcpy() and strcmp().
Do not use variables that are allocated on the stack.
Use buffers as large as possible to prevent buffer overruns.
Stanford Center for Professional Development
496 Lomita Mall, Durand Building 3rd Floor, Stanford, CA 94305
(Phone) 650 204-3984 | scpd-customerservice@stanford.edu