CS417 Exam 3

Fall 2011

Paul Krzyzanowski

    Part I – 21 points

  1. 4 points
    If Alice has Bob's digital certificate, how can she send a message securely to Bob?
  2. 4 points
    Bob needs to authenticate Alice by validating that she has the right password. Without using encryption, how can Bob authenticate Alice on an insecure network? Since the network is insecure, sending a hash of the password is insufficient since the intruder would be able to capture and reuse this data.
  3. 4 points
    Explain the fundamental difference between network file systems (e.g., NFS, SMB) and cluster file systems employing a shared disk infrastructure.
  4. 4 points
    Explain the difference between Bigtable's and Amazon Dynamo's presentation of versions to client processes.
  5. 5 points
    You have millions of files of user comments to various blog articles. Each file contains {original-article-ID, this-article-ID (ID of this response article), author-ID (the author of the response), date, and message}. You want to create a list of authors with a per-author count of the number of unique articles that the author commented on. Explain how you use Map-Reduce to compute this. Specifically, explain what the map function does, what data the reduce gets, and what the reduce function does.

    6. Part II – 69 points – 3 points each

    For each statement, select the most appropriate answer. You may omit one question. Please indicate your choice clearly.

  6. Which of the following is not a responsibility of a map worker in the MapReduce framework:
    (a) Generate (key, value) pairs.
    (b) Target (key, value) data for one of R reduce workers.
    (c) Partition original data into shards.
    (d) Discard data of no interest.
  7. Bigtable data is:
    (a) Sorted by row keys.
    (b) Sorted by column keys.
    (c) Unsorted and assigned to a node by a hash function of the row key.
    (d) Unsorted and assigned to a node by a hash function of the row and column keys.
  8. Bigtable does not use Chubby to:
    (a) Discover tablet servers.
    (b) Store Bigtable schema information.
    (c) Ensure there is only one master server running.
    (d) Forward client requests to the proper tablet server.
  9. Which of the following is not a property of Chubby?
    (a) A distributed lock service that manages leases for resources.
    (b) Uses active replication for fault tolerance.
    (c) Uses Paxos to ensure consistency among servers.
    (d) Uses load balancing across all replicas to respond to multiple client requests.
  10. Which of the following does not help with key explosion?
    (a) Public key cryptography.
    (b) Symmetric cryptography.
    (c) Diffie-Hellman algorithm.
    (d) Trusted third party.
  11. If it takes you one minute to test all combinations of a 32-bit key, approximately how long will it take you to test all combinations of a 64-bit key?
    (a) 2 minutes.
    (b) 8 minutes.
    (c) 32 minutes.
    (d) 4 billion minutes.
  12. The Diffie-Hellman algorithm is useful for:
    (a) Establishing a common key.
    (b) Encrypting data.
    (c) Signing data.
    (d) All of the above.
  13. An X.509 digital certificate stores the certificate owner's:
    (a) Public key.
    (b) Private key.
    (c) Public, private key pair.
    (d) Digital signature.
  14. What is inside a Kerberos sealed envelope (ticket)?
    (a) The session key.
    (b) A challenge message.
    (c) The requestor's digital certificate.
    (d) A handle to a Kerberos authentication structure within the Kerberos authentication server.
  15. CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) relies on:
    (a) A user answering a series of questions correctly.
    (b) A user knowing one of several shared secrets.
    (c) An inability to develop good character recognition algorithms.
    (d) Detecting varying degrees of randomness in responses to challenges.
  16. A user's OpenID Identity Provider is:
    (a) Selected explicitly by the user during the authentication process.
    (b) Located by contacting an OpenID registry.
    (c) Stored with the user's preference on each site on which the user has an account.
    (d) Identified in the user's login name.
  17. Which protocol does is not suited for authenticating a user on an insecure network?
    (a) PAP (Password Authentication Protocol).
    (b) CHAP (Challenge Handshake Authentication Protocol).
    (c) S/Key.
    (d) Public key authentication.
  18. A hybrid cryptosystem is one where:
    (a) A private key is used for key exchange and a public key is used for data encryption.
    (b) A public key algorithm is used for key exchange and a symmetric algorithm for data encryption.
    (c) Two layers of encryption are used on the data for greater security.
    (d) Data flowing from the client to the server is encrypted with a different algorithm than data from the client to the server.
  19. An OAuth request token is:
    (a) Created by the service provider to provide the consumer site with a list of services that it offers.
    (b) Created by the user in order to authenticate with the consumer (client).
    (c) Sent by a consumer site to invoke services on a remote service (provider).
    (d) Used by a consumer site to identify what access is being requested from a provider.
  20. The main design goal of Google Cluster Architecture was:
    (a) Maximize processor performance to achieve high performance computing.
    (b) Be efficient in terms of energy consumption and hardware costs.
    (c) Create virtual clusters from a set of machines dedicated to a specific set of tasks.
    (d) Maximize fault tolerance to ensure reliable service.
  21. At least how much physical redundancy is required for a system to be k-fault tolerant against Byzantine faults?
    (a) k components.
    (b) 2k components.
    (c) k+1 components.
    (d) 2k+1 components.
  22. What are the minimum screening router capabilities that are needed to disallow any access from the outside network to the FTP service on one of your machines?
    (a) Stateless inspection.
    (b) Stateful inspection.
    (c) Deep packet inspection.
    (d) Application proxy.
  23. What are the minimum screening router capabilities that are needed to ensure that HTTP requests with headers containing binary data are dropped?
    (a) Stateless inspection.
    (b) Stateful inspection.
    (c) Deep packet inspection.
    (d) Application proxy.
  24. A web server should be placed in the:
    (a) External network (Internet).
    (b) DMZ (perimeter) network.
    (c) Internal network.
    (d) Private network.
  25. A dual-homed host is a machine that:
    (a) Migrates between two locations, such as work and home.
    (b) Runs at least two virtual machines.
    (c) Has at least two user accounts.
    (d) Has two network connections and two IP addresses.
  26. TCP/IP achieves fault tolerance via:
    (a) Time redundancy.
    (b) Information redundancy.
    (c) Physical redundancy.
    (d) It does not aim to achieve fault tolerance.
  27. Cascading failover is the case when:
    (a) One failure triggers another failure.
    (b) An application can start from a checkpointed state.
    (c) A failover machine fails.
    (d) Workload on a failed machine needs to be split among several surviving nodes.
  28. A system-area network such as Myrinet or Infiniband is favored for high performance clustering because it:
    (a) Has lower latency than using IP-based protocols over Ethernet.
    (b) Is a high bandwidth interconnect.
    (c) Is designed to be highly reliable.
    (d) All of the above.
  29. Unlike regular hashing, consistent hashing is a hashing technique that:
    (a) Always generates the same value when given the same input data.
    (b) Generates a fixed-length result.
    (c) Does not cause hash values for most keys to change if the number of slots changes.
    (d) Allows one to retrieve the original data by applying an inverse hash function.

    30. Part III – 10 points – 1 point each

    For each statement, select whether the statement is True or False. You may omit one question.

  30. A hash function is a form of a one-way function.
    [True] [False]
  31. For Alice to log in using S/Key authentication, she needs to be able to compute a one-way function to generate the next valid password.
    [True] [False]
  32. The OpenID protocol designates the use of public key cryptography for user authentication.
    [True] [False]
  33. The goal of OAuth is to allow users to grant web sites restricted access to other web services.
    [True] [False]
  34. A weakness in CHAP authentication is that if an intruder sees both the challenge and the response, it is easy to figure out the shared secret.
    [True] [False]
  35. RSA's SecurID is a challenge-response authentication system.
    [True] [False]
  36. Bigtable uses a coordinator; Dynamo does not.
    [True] [False]
  37. Bigtable replicas are eventually consistent; Dynamo replicas are strictly consistent.
    [True] [False]
  38. OAuth does everything OpenID does and more.
    [True] [False]
  39. A heartbeat network is useful for distinguishing failed machines versus failed networks.
    [True] [False]
  40. A shared-nothing cluster architecture does not need a distributed lock manager (DLM).
    [True] [False]
Last modified March 24, 2020.

© Paul Krzyzanowski. All rights reserved.

For questions or comments about this site, contact Paul Krzyzanowski, gro.kp@ofnibew

recycled pixels

The entire contents of this site are protected by copyright under national and international law. No part of this site may be copied, reproduced, stored in a retrieval system, or transmitted, in any form, or by any means whether electronic, mechanical or otherwise without the prior written consent of the copyright holder. If there is something on this page that you want to use, please let me know. Any opinions expressed on this page do not necessarily reflect the opinions of my employers and may not even reflect my own.

Page design derived from: HTML5 UP.