Sis - Drugi Kolokvijum

The given answer "rw-r-xr--" represents the file permissions for the Linux OS. Each group of three characters (r, w, x) represents the permissions for the owner, group, and others respectively. In this case, the owner has read and write permissions, the group has read and execute permissions, and others have only read permissions.

A possible solution for single sign-on is a smart card. Smart cards are a secure and convenient way to authenticate users and grant them access to multiple systems and applications with just one login. They store encrypted credentials and can be easily plugged into a device or used wirelessly for authentication. By using a smart card, users can securely access various resources without the need to remember multiple usernames and passwords.

A worm is a type of malicious program that does not require a carrier or host file to spread and infect other systems. Unlike viruses, worms are standalone programs that can replicate and spread independently by exploiting vulnerabilities in computer networks or by using various communication channels. Therefore, a worm is the correct answer as it does not need a carrier to propagate itself.

A logička bomba refers to a malicious program that is embedded within a useful program and is triggered when specific conditions are met. Unlike viruses or worms, which can spread and replicate themselves, a logička bomba is designed to remain dormant until a specific event or trigger occurs. Once activated, it can cause damage to the system or data. Therefore, a logička bomba is the correct answer in this context.

The answer "je skupo i nepraktično" suggests that the lack of physical resource partitioning is expensive and impractical. This means that implementing a system without dividing resources can be costly and not efficient in terms of resource allocation. It implies that without proper resource division, there may be wastage of resources and inefficiencies in their utilization.

The correct answer is "$aide -c /etc/aide/aide.conf.autogenerated -C" because this command is used to run the AIDE (Advanced Intrusion Detection Environment) system check. It specifies the configuration file to be used (-c /etc/aide/aide.conf.autogenerated) and performs a check of the file integrity database (-C). This command helps to ensure the security and integrity of the system by comparing the current state of files with a previously generated database.

In network access control lists, packets can be filtered based on the source and destination IP addresses and ports. This means that the firewall can examine the source and destination IP addresses and the specific ports being used in order to determine whether to allow or block the packet. This is a common method of filtering traffic and controlling access to a network. MAC addresses and domains are not typically used for packet filtering in this context, and the physical layer protocol is not relevant for this type of filtering.

The correct answer is "trofaktorska" because it refers to authentication that requires three elements (something you know, something you have, and something you are). This type of authentication provides a higher level of security compared to single-factor or two-factor authentication methods.

The correct answer is "периодичност" (periodicity). This refers to the undesirable characteristic of pseudo-random number generators where the sequence of generated numbers repeats after a certain period. This can be problematic for certain applications, such as generating one-time passwords (OTP) for encryption, as it increases the likelihood of predicting future numbers in the sequence based on previous numbers.

The command "sudo -u wcoyote jed /home" is used to execute the command "jed /home" as the user "wcoyote". The "sudo" command allows the user to run commands with the privileges of another user, in this case, "wcoyote". So, the correct answer is that the user who runs the command executes "jed /home" as the user "wcoyote".

After the computer is shut down, there may still be residual charges in the RAM memory for a short period of time. These residual charges can be used to retrieve sensitive data that was stored in the RAM before the computer was turned off.

The most acceptable solution for password selection has been found to be based on phrases. This means that creating passwords using phrases or combinations of words is considered to be a good practice. This is because phrases are easier to remember compared to random combinations of characters, and they also tend to be more secure as they are longer and can include a mix of uppercase and lowercase letters, numbers, and special characters.

Biometrijska autentifikacija je najbolje vršiti pomoću otiska prsta jer otisak prsta je jedinstven za svaku osobu i teško ga je falsifikovati. Osim toga, otisak prsta je lako dostupan i jednostavan za skeniranje i upoređivanje sa bazom podataka. Karakteristike irisa takođe mogu biti korisne za biometrijsku autentifikaciju, ali skeniranje irisa zahteva posebne uređaje i može biti komplikovano za korišćenje u svakodnevnoj praksi. Geometrija dlana može biti korisna, ali nije toliko precizna kao otisak prsta.

In order to set up an anomaly-based IDS (Intrusion Detection System), it is necessary to first define the "normal" behavior of the system being protected. This involves understanding the typical patterns and activities that occur within the system under normal circumstances. By establishing this baseline, the IDS can then effectively identify any deviations or anomalies that may indicate potential attacks or security breaches. Defining priorities for protection and establishing a database of known attacks are also important steps in setting up an IDS, but they are not specifically related to the initial definition of normal behavior.

In the configuration file aide.conf, the phrase "da se naredba posle nje ne proverava" means that the command following it will not be checked. This suggests that the configuration file has a specific rule or setting that allows certain commands to be skipped or ignored during the checking process.

The random value (salt) that is associated with passwords is public. This means that it is not kept secret and can be known by anyone.

The content of a SMART card can be read either through direct contact or via radio waves. This means that the information stored on the card can be accessed by physically connecting a card reader to the card's contacts or by using radio frequency identification (RFID) technology to wirelessly communicate with the card.

Buffer overflow može da se zloupotrebi ubacivanjem zlonamernog koda. Buffer overflow je sigurnosna ranjivost koja se javlja kada se prekorači ograničena memorija bafera i podaci se preplave u susedne memorijske lokacije. Ovo omogućava napadaču da ubaci zlonamerni kod u preplavljeni bafer i izvrši ga. Ova ranjivost nije ograničena na određeni operativni sistem ili dostupnost izvornog koda softvera, već može biti iskorišćena na različitim platformama i aplikacijama.

The correct answer states that voltage levels can be reconstructed without direct contact with the cable by measuring electromagnetic radiation. This suggests that it is possible to determine the voltage levels of a conductor without physically touching or connecting to it, by using the electromagnetic signals emitted by the cable.

The correct answer is "trapdoor (backdoor)". Trapdoor or backdoor programs are malicious software that allow unauthorized access to a system. These programs are designed to bypass normal authentication and security measures, giving attackers a secret entry point into the system. They can be used to steal sensitive information, control the system remotely, or launch further attacks.

Maskiranje koda je tehnika koja se koristi kako bi se kod učinio teško razumljivim. Ovo se može postići korišćenjem različitih tehnika kao što su enkripcija, obfuscation ili kompilacija u mašinski jezik. Cilj maskiranja koda je otežavanje razumevanja i analize koda od strane neovlašćenih osoba, što može pomoći u zaštiti intelektualne svojine ili otežavanju pronalaženja sigurnosnih propusta.

Segmentation of memory allows for different levels of protection for different segments. This means that different segments can have different levels of access control and security measures in place. This can be beneficial in scenarios where different parts of the memory need different levels of protection based on their importance or sensitivity. It provides flexibility in implementing security measures and allows for a more tailored approach to memory protection. This advantage of segmentation does not require tracking changes in segment size, does not require significant involvement from the operating system, and does not require changing the location of the segment.

The correct answer is "pozicioniranje, prikazivanje dugog listinga i pretraživanje". This means that having "pravo x nad direktorijumom" in Linux OS allows the user to navigate to and view the contents of the directory, display a long listing of the directory's contents, and search for specific files or directories within it.

After executing the given code, the file "a.txt" does not change in size.

A smaller number of lines of code reduces the possibility of errors and makes it easier to solve problems and vulnerabilities.

The correct answer suggests that software is developed quickly to be presented to customers as soon as possible, and any mistakes or errors are fixed later. This approach allows companies to reduce costs by minimizing investment in post-release bug fixes.

The correct answer is "test za restrikciju pristupa za automatizovane sisteme" which translates to "a test for restricting access for automated systems." This suggests that CAPTCHA is a method used to verify that the user accessing a system is not a robot or automated program. It presents challenges or puzzles that are difficult for automated systems to solve but can be easily completed by humans. By successfully completing the CAPTCHA, the user proves that they are a human and not a malicious software or automated program trying to gain unauthorized access.

The chattr -i command in Linux is used to remove the immutable attribute from a file, which means it allows modifications to be made to the file. In this case, the command chattr -i /etc/passwd would allow users with the appropriate permissions to modify the contents of the /etc/passwd file.

Ideal biometrics does not require the mandatory use of passwords because biometric authentication relies on unique physical or behavioral characteristics of an individual, such as fingerprints or facial recognition, to verify their identity. The use of passwords is an additional layer of security that is not necessary in an ideal biometric system.

Updating a signature-based IDS is necessary because signatures are used to identify known patterns of malicious activity. Without regular updates, the IDS would not be able to detect new and emerging threats, leaving the system vulnerable. Regular updates ensure that the IDS has the latest signatures to effectively identify and block potential attacks, making it an essential practice for maintaining the security of the system.

Kerberos is a security protocol that is based on the concept of trusting a third party. It provides authentication and secure communication between clients and servers in a network. Kerberos uses a ticket-based system where clients request tickets from a trusted authentication server to access services on a network. These tickets are then presented to the desired server for authentication. By using this trusted third party, Kerberos ensures secure and reliable communication between entities in a network.

In the given security model with multiple levels, each object is assigned a degree of confidentiality. This means that every object in the system is given a specific level of importance or sensitivity, regardless of its type. This ensures that every object is protected and classified according to its level of confidentiality, allowing for proper access control and security measures to be implemented.

In the challenge-response authentication, Boban sends Ana a random value. This random value is used to verify Ana's identity. By sending a random value, Boban ensures that the authentication process is secure and cannot be easily replicated by an attacker. The random value adds an additional layer of security to the authentication process, making it more difficult for unauthorized individuals to gain access.

Logičke bombe su posebna vrsta trojanskog konja. Trojanski konj je zlonamjerni softver koji se maskira kao legitimni program kako bi prevario korisnike i omogućio napadačima pristup njihovim računalima ili podacima. Logičke bombe su programi koji se aktiviraju u određenim uvjetima ili događajima, često uzrokujući štetu ili blokiranje sustava. Stoga, odgovor "trojanskog konja" je točan jer logičke bombe spadaju u tu kategoriju zlonamjernog softvera.

The correct answer is "administrator sistema". The question is asking who determines the access rights to an object, and the most logical answer is the system administrator. The system administrator is responsible for managing user accounts, setting permissions, and controlling access to various resources and objects within the system. They have the authority to grant or revoke access privileges based on the user's role and responsibilities.

The given answer states that strong cryptography cannot provide security for user data in the case of poor software. This is because even if the encryption is strong, if the software itself has vulnerabilities or flaws, it can still be exploited by attackers to gain access to the encrypted data. Therefore, the security of user data relies not only on strong cryptography but also on the overall quality and security of the software implementation.

The correct answer is "autentifikacije koja se zasniva na nečemu što jeste." This refers to authentication based on something you are, such as biometric data like fingerprints or facial recognition.

The advantage of the method for detecting malicious programs based on monitoring changes is that it can detect previously unknown malicious programs. This means that even if a malicious program has not been identified or added to a database of known threats, this method can still identify and detect it. This is a valuable feature as it allows for proactive detection and protection against emerging threats. Additionally, this method does not require the involvement of the user, making it a convenient and efficient way to detect and mitigate the risks posed by malicious programs.

A stateless packet filter does not keep track of the connection state. It examines each packet individually based on predetermined rules, such as source and destination IP addresses, ports, and protocols. It does not maintain any information about previous packets or connections. This makes it less resource-intensive and faster than stateful packet filters, which keep track of the connection state and can make decisions based on the entire communication session. Proxi server and NAT, on the other hand, can both keep track of connection states.

The correct answer is "sprečavanje prekoračenja bafera" (prevention of buffer overflow). This is because a network barrier, such as a firewall or proxy server, is not responsible for preventing buffer overflow. Buffer overflow is a programming vulnerability that occurs when a program writes data outside the bounds of a buffer, potentially leading to security breaches or crashes. It is the responsibility of the software developers to implement measures to prevent buffer overflow, not the network barrier.

The correct answer is "simetrični ključ samo za jednu komunikaciju" because a sesijski ključ refers to a symmetric key that is used only for one communication session. This means that the key is generated for a specific session and is not used for any other communication.

The correct answer is "загарантовано право" (guaranteed right). This means that the secrecy of communication is a right that is ensured or guaranteed.

Open source code and closed source code provide equal solutions in terms of overall security.

The correct answer is "prvo u bazu aide.db.new ali se potom mora ručno iskopirati u aide.db". This means that the changes in the AIDE system storage are first made in the aide.db.new database, but then they need to be manually copied into the aide.db database. This suggests that the changes are not automatically reflected in the main database and require a manual step for them to take effect.

The correct answer is that it is not desirable for a security protocol to be as complicated and computationally complex as possible. This is because overly complex protocols can be more difficult to implement correctly and can introduce more opportunities for vulnerabilities and errors. It is generally preferred for security protocols to be simple and efficient, while still providing the necessary level of security.

The correct answer is "brzo i jednostavno otkrivanje već poznatih napada." This is because IDS (Intrusion Detection System) based on signatures is designed to quickly and easily detect known attacks. It does this by comparing network traffic or system activity against a database of known attack signatures. When a match is found, the IDS raises an alert to notify the administrator. This approach is efficient for detecting known attacks but may not be effective in detecting unknown or novel attacks.

When the access control matrix is divided into columns, it results in access control lists (ACLs). ACLs are used to specify the permissions and restrictions for different users or groups on a system or network resource. Each column in the matrix represents a specific resource or object, and the rows represent different users or groups. By dividing the matrix into columns, it allows for easier management and assignment of access rights to specific resources.

The correct answer states that NGSCB supports the hardware technology of TCG members. This means that NGSCB is designed to work with the hardware technology provided by the Trusted Computing Group (TCG). It does not specify that NGSCB is implemented in Linux OS, uses symmetric cryptography, or is intended only for closed systems.

Biometric authentication is best performed using iris characteristics because the iris is a unique and stable feature of an individual's eye. Iris recognition technology analyzes the patterns in the colored part of the eye to create a biometric template that can be used for identification purposes. Unlike fingerprints or palm geometry, the iris remains unchanged throughout a person's lifetime, making it a reliable and secure method of authentication.

PGP (Pretty Good Privacy) koristi simetrične algoritme za brzu i efikasnu enkripciju podataka. Također koristi asimetrične algoritme za sigurnu razmjenu ključeva između pošiljaoca i primatelja. Kompresija se također koristi kako bi se smanjila veličina podataka i poboljšala brzina prijenosa. Kombinacija ovih tehnika pruža visoku razinu sigurnosti i učinkovitosti u zaštiti privatnosti podataka.

An application proxy is a type of network barrier that can prevent the spread of malicious software. It acts as an intermediary between a client and a server, inspecting and filtering network traffic at the application layer. By analyzing the content and behavior of the traffic, an application proxy can detect and block any malicious software attempting to enter the network. Unlike a packet filter or a stateful packet filter, an application proxy offers more advanced security features and can provide better protection against sophisticated threats.

Metamorphic software is used to complicate the BOBE (break once, break everywhere) attack. Metamorphic software is capable of automatically changing its code structure and behavior while maintaining its original functionality. This makes it difficult for attackers to analyze and understand the software, as it constantly evolves and adapts. By using metamorphic software, the effectiveness of the BOBE attack is reduced, as it becomes harder for attackers to find and exploit vulnerabilities in the software.

Data security on smart cards is achieved through encryption. Encryption is the process of converting data into a form that cannot be easily understood by unauthorized individuals. By encrypting the data on smart cards, it becomes unreadable to anyone who does not have the necessary decryption key. This ensures that the data remains secure and protected from unauthorized access or tampering.

Segmentation of memory as a protection method can lead to memory fragmentation. Memory fragmentation occurs when memory is divided into small, non-contiguous segments, leading to inefficient memory utilization. This can result in wasted memory space and reduced performance.

The correct answer is "prava korisnika koji pristupa sistemu." Authorization is the process of determining the privileges or rights that a user has when accessing a system. It involves verifying and granting access based on the user's identity and the permissions they have been assigned. This ensures that users only have access to the resources and actions that they are authorized to use, protecting the system from unauthorized access or misuse.

The given answer states that high-frequency electromagnetic radiation from computers can carry enough information to compromise a system. This means that even though it may be considered as "white noise" and not carry useful information, it still has the potential to be used maliciously to gain unauthorized access or compromise the security of a system. It suggests that careful software design is necessary to control and mitigate the risks associated with this type of radiation.

Antivirus programs that detect malicious software based on signatures have the advantage of easily and quickly detecting known malicious code with minimal user involvement. They are sensitive to suspicious actions of programs and can identify malware based on a set of rules. Additionally, they require a small signature database that covers a large number of malicious code, making them fast. They can also easily detect variations and new versions of malicious code based on known signatures.

The timestamp is used in security protocols to prevent a replay attack, where an attacker intercepts and retransmits a previously valid message. By including a timestamp in the message, the recipient can verify that the message is not a replayed one, as the timestamp will be different. This helps ensure the integrity and authenticity of the communication, as any attempt to resend a message will be detected and rejected.

The correct answer states that one of the prerequisites for the existence of a secret channel is that the receiver and transmitter share some common resources. This means that in order for the secret channel to function properly, both the receiver and transmitter need to have access to and utilize the same resources. These shared resources could include hardware, software, or any other components necessary for the communication between the two parties. By sharing these resources, the receiver and transmitter can establish and maintain the secret channel effectively.

The correct answer is "ima sposobnost da menja svoju izvršnu verziju nakon svakog izvršavanja". This means that self-modifying code has the ability to change its executable version after each execution. This characteristic allows the code to adapt and evolve based on its own behavior and the environment in which it is running. By modifying its executable version, the code can improve its performance, fix bugs, or add new features dynamically.

The correct answer is "vlasnik objekta" (owner of the object). In the context of discretionary access control, the owner of an object has the authority to determine the access rights for that object. This means that the owner has the power to grant or deny access to other users or entities. The owner's decisions regarding access rights are independent of the operating system, system administrator, or any other external factors.

The packet with the address 192.168.1.10 will be forwarded because it matches the rule 10 which allows access from that specific IP address.

The correct answer is "menja svoj oblik ali zadržava funkcionalnost pre nego što inficira novi sistem". This means that a metamorphic malware changes its shape but retains its functionality before infecting a new system. This type of malware is capable of modifying its code and structure, making it difficult to detect and analyze by antivirus software. By changing its form, the malware can evade detection and continue to spread to other systems while maintaining its harmful capabilities.

When the access control matrix is divided into types, it allows for the creation of lists of shared rights (CL). This means that by dividing the matrix into types, a list of shared rights can be obtained.

The correct answer is "u nekim slučajevima koristi neetičke rootkit alate" which translates to "in some cases, it uses unethical rootkit tools." This suggests that DRM (Digital Rights Management) may employ certain methods that are considered unethical, such as using rootkit tools. Rootkit tools are often associated with malicious intent, as they allow unauthorized access and control over a computer system. Therefore, the use of these tools in DRM can be seen as a questionable practice.

The correct answer states that rules should be arranged from more specific to more general. This is because the network barrier checks the items in the access control list in the order they are listed. By starting with more specific rules, it ensures that those rules are evaluated first and take precedence over more general rules.

The correct answer is "složena i spora za izvršenje" which translates to "complex and slow to execute" in English. This suggests that the direct application of Lampson's matrix in large systems is complicated and time-consuming.

When disassembling binary code, the result obtained is an imprecise assembly code. Disassembling involves converting machine code back into assembly code, but the process is not perfect and can result in some loss of information or accuracy. Therefore, the correct answer is "neprecizan asemblerski kod" which translates to "imprecise assembly code" in English.

SSL (Secure Sockets Layer) is a protocol that provides secure communication over the internet. It operates at the socket level, which means it is implemented as part of the user space. This allows applications to use SSL to establish secure connections between client and server. By operating at the socket level, SSL can encrypt the data transmitted between the two endpoints, ensuring confidentiality and integrity. Therefore, the statement "SSL postoji na socket nivou (deo je korisničkog prostora)" is correct.

Antivirus software that detects malicious programs based on signatures cannot detect new and variable malware programs. This is because the signature database can become large, which slows down the system.

The correct answer is "upotreba IP adrese za autentifikaciju ima ozbiljne sigurnosne nedostatke" (the use of IP address for authentication has serious security vulnerabilities). This is because IP addresses can be easily spoofed or manipulated, making it unreliable for authenticating users or devices. Attackers can impersonate legitimate IP addresses, bypassing any authentication measures based on IP addresses. Therefore, using IP addresses for authentication can compromise the security of the system.

The correct answer is "Koje propušta odredišni port web servisa 80". This rule allows the network barrier administrator to allow access to the web service for clients by allowing traffic on the destination port 80, which is the default port for HTTP communication. This rule specifically targets the destination port of the web service, ensuring that any incoming traffic on port 80 is allowed.

The correct answer is "zaštitu memorije". The given question is in Croatian and it asks for the explanation of the correct answer. The phrase "zaštitu memorije" translates to "memory protection" in English. In computer systems, the memory protection model is used to ensure that processes or programs do not interfere with each other's memory space, preventing unauthorized access or modification of memory locations. This helps in maintaining the stability and security of the system.

Kerberos is the correct answer because Ticket Granting Ticket (TGT) is a concept associated with the Kerberos protocol. Kerberos is a network authentication protocol that uses tickets to authenticate users and provide secure communication over a non-secure network. The TGT is obtained by the client after successfully authenticating to the Key Distribution Center (KDC) and is used to request service tickets for accessing different resources within the network. Therefore, the TGT is specific to the Kerberos protocol and not related to TCP, IPSec, or SSL.

The packet with the address 192.168.1.12 will be forwarded according to rule 20, which allows traffic from the subnet 192.168.1.0/24.

The packet with the address 192.168.2.10 will be discarded because of rule 30, which denies all packets.

IKE (Internet Key Exchange) and ESP/AH (Encapsulating Security Payload/Authentication Header) are two components of the IPsec (Internet Protocol Security) protocol. IPsec is a suite of protocols used to secure internet communications at the network layer. IKE is responsible for establishing secure communication channels and negotiating encryption keys between two parties. ESP/AH are used for providing data integrity, authentication, and confidentiality of IP packets. Therefore, the correct answer is IPsec protocol.

An IDS (Intrusion Detection System) is designed to detect and respond to potential security breaches or unauthorized access to a computer network. However, one drawback of IDS is that it can generate too many false alarms. This means that the system may mistakenly identify normal network activities as suspicious or malicious, leading to unnecessary alerts and potentially overwhelming the security team. This can be problematic as it may cause the team to overlook genuine threats or waste time and resources investigating false positives. Therefore, the excessive generation of false alarms is a limitation of IDS for anomaly detection.

The correct answer is "straničenje deli memoriju na segmente fiksne veličine a segmentacija na segmente promenljive veličine." This statement correctly explains that paging divides memory into fixed-size segments, while segmentation divides memory into variable-size segments.

The correct answer is "ne usporava saobraćaj (efikasnost)". This means that the advantage of a packet filter network barrier is that it does not slow down traffic, thus maintaining efficiency.

The goal of perfect forward secrecy (PFS) is to prevent unauthorized individuals from decrypting previously exchanged messages, even if they later obtain the secret key. This means that even if an attacker gains access to the secret key, they will not be able to decrypt past communications. PFS provides an additional layer of security by ensuring that past messages remain confidential, even in the event of a compromised key.

The given command "iptables -A FORWARD -d 172.16.32.2 --dport http -j DROP" is used to block the passage of packets from the address 172.16.32.2 to port 80 on the server they are intended for. This means that any HTTP traffic from the specified address to the specified port on the destination server will be denied or blocked.

IPSec postoji na mrežnom nivou (deo je operativnog sistema) znači da IPSec funkcioniše na nivou operativnog sistema, što znači da je deo same infrastrukture mreže. To omogućava da IPSec obezbedi sigurnu komunikaciju na mrežnom nivou, štiteći podatke koji se prenose između različitih uređaja. Ova opcija je tačna jer IPSec zaista postoji na mrežnom nivou i integrisan je u operativni sistem.

It is recommended that activities and mechanisms related to security in general-purpose operating systems should be implemented in a single layer in order to simplify and expedite analysis and correction. This approach allows for easier identification and resolution of security vulnerabilities, as well as faster response to potential threats. By consolidating security measures into a single layer, it also reduces complexity and potential conflicts between different security mechanisms.

The smart card provides triple authentication, meaning it requires three forms of verification to grant access or authentication. This level of security helps ensure that only authorized individuals can access the system or information protected by the smart card.

The given correct answer states that a timestamp is a piece of data that represents the current time and is used in security protocols. This means that a timestamp is used to record and track the timing of events in order to ensure the security and integrity of communication. It is an important component in security protocols as it helps in preventing replay attacks and maintaining synchronization between different systems.

The correct answer states that "Hardware-based debugging (HardICE)" is a debugger whose activities are difficult to detect. This means that HardICE is a type of debugger that operates at the hardware level and makes it challenging for other programs or systems to identify its presence or activities.

In biometric systems, there are two phases of authentication (verification). This means that during the process of verifying someone's identity using biometric data, there are two distinct stages or steps involved. The question does not provide any information about the specific phases or what they entail, but it states that there are two phases in total.

If the IDS (Intrusion Detection System) has detected an attack correctly, it means that it has correctly identified the occurrence of an actual attack. This is referred to as a True Positive (TP) in the context of IDS. True Positive means that the system has correctly identified the presence of a positive condition, in this case, the detection of an attack.

The given answer states that AIDE will register the change without specifying and providing information about mtime. This suggests that AIDE will detect and record the modification made to the file "primer" in the configuration file "aide.conf", but it will not include details about the modification time (mtime).

Reverzni inženjering se koristi za analizu exe fajlova. Ova tehnika omogućava da se prouči izvršni fajl i razume njegova struktura, funkcionalnost i algoritmi koje koristi. Analiza exe fajlova može biti korisna za otkrivanje sigurnosnih propusta, pronalaženje grešaka ili optimizaciju performansi. Kroz reverzni inženjering, istraživači mogu dobiti dublji uvid u rad programa i identifikovati njegove karakteristike i funkcionalnosti.

The packet with the address 192.168.2.20 will be discarded because of the rule 30, which denies all access.

The given correct answer is "privremena". This answer is correct because it accurately describes the situation where only one user/process can use a resource at a time. This type of resource allocation is temporary and allows exclusive access to the resource for the user/process currently using it.

The correct answer is "једно идејно решење блоковске шифре" which translates to "an conceptual solution for a block cipher". This means that the Feistel cipher (network) represents a conceptual solution for a block cipher, indicating that it is a specific approach or design for implementing a block cipher algorithm.

TCB (Trusted Computing Base) refers to a set of protective mechanisms implemented in an operating system that are believed to provide security requirements. These mechanisms are designed to ensure the security and integrity of the system, protecting it from unauthorized access and malicious activities. The TCB is responsible for maintaining the security of critical operations and is considered a trusted component within the operating system. It includes various security measures, such as access control, authentication, encryption, and auditing, that work together to provide a secure computing environment.

The packet with the address 192.168.0.10 will be discarded because of rule 10, which denies access from the IP range 192.168.0.0/24.

The correct answer states that access control lists for network barriers are used to filter packets by sequentially checking rules and searching for the first match with the packet parameters, after which the rest of the list is ignored. This means that the firewall or network device will stop evaluating the rules once it finds a match, improving efficiency and performance.

When it comes to public key authentication, it is not secure to encrypt and then sign using a random value. This is because an attacker could potentially intercept the message, modify the encrypted part, and then re-sign it using the same random value. On the other hand, encrypting and then signing using a timestamp provides a higher level of security. This ensures that the message remains intact and unmodified during transit, as the timestamp can be verified to ensure the message was not tampered with.