Q#1: The main goal of protection in OS is to:
(A) Control access to system resources
(B) Speed up CPU
(C) Allocate memory only
(D) Backup files
Answer: (A) Control access to system resources
Q#2: A subject in OS protection refers to:
(A) Active entity requesting resources
(B) Disk block
(C) File
(D) CPU instruction
Answer: (A) Active entity requesting resources
Q#3: An object in OS protection refers to:
(A) Resource being accessed
(B) CPU core
(C) Thread
(D) Register
Answer: (A) Resource being accessed
Q#4: Access rights define:
(A) Operations a subject can perform on an object
(B) Disk block size
(C) CPU priority
(D) Thread scheduling
Answer: (A) Operations a subject can perform on an object
Q#5: Which is NOT a typical access right?
(A) Read, Write, Execute
(B) Delete
(C) Copy
(D) Encrypt
Answer: (D) Encrypt
Q#6: An access control matrix is used to:
(A) Define rights of subjects over objects
(B) Schedule CPU
(C) Allocate memory
(D) Format disks
Answer: (A) Define rights of subjects over objects
Q#7: In access control lists (ACLs), permissions are:
(A) Stored per object
(B) Stored per subject
(C) Randomly allocated
(D) Stored per CPU core
Answer: (A) Stored per object
Q#8: In capability lists, permissions are:
(A) Stored per subject
(B) Stored per object
(C) Stored in memory only
(D) Stored in disk only
Answer: (A) Stored per subject
Q#9: The principle of least privilege means:
(A) Grant subjects only necessary access rights
(B) Grant all rights to users
(C) Encrypt files
(D) Backup data
Answer: (A) Grant subjects only necessary access rights
Q#10: Domain of protection defines:
(A) Set of objects a subject can access
(B) CPU registers
(C) Disk allocation
(D) Thread context
Answer: (A) Set of objects a subject can access
Q#11: Domain switching occurs when:
(A) Subject changes its access domain
(B) CPU context switches
(C) Memory is allocated
(D) Disk is formatted
Answer: (A) Subject changes its access domain
Q#12: Ring-based protection is used in:
(A) Multi-level privilege architectures
(B) Disk allocation
(C) Memory fragmentation
(D) File copying
Answer: (A) Multi-level privilege architectures
Q#13: In a ring structure, Ring 0 usually represents:
(A) Kernel or most privileged mode
(B) User mode
(C) Disk
(D) CPU cache
Answer: (A) Kernel or most privileged mode
Q#14: In a ring structure, Ring 3 usually represents:
(A) User applications
(B) Kernel
(C) Device drivers
(D) Disk partitions
Answer: (A) User applications
Q#15: Which of the following is a protection mechanism?
(A) Access control lists
(B) Scheduling algorithms
(C) Paging
(D) Disk formatting
Answer: (A) Access control lists
Q#16: Memory protection prevents:
(A) Unauthorized access to memory segments
(B) Disk corruption
(C) CPU overheating
(D) Thread deadlocks
Answer: (A) Unauthorized access to memory segments
Q#17: Segmentation can be used for:
(A) Memory protection
(B) Disk storage only
(C) CPU scheduling
(D) File compression
Answer: (A) Memory protection
Q#18: Paging provides protection by:
(A) Isolating process memory spaces
(B) Encrypting data
(C) Managing threads
(D) Allocating disks
Answer: (A) Isolating process memory spaces
Q#19: Capabilities are:
(A) Unforgeable tokens representing access rights
(B) CPU instructions
(C) File extensions
(D) Memory blocks
Answer: (A) Unforgeable tokens representing access rights
Q#20: A confused deputy problem arises when:
(A) A program misuses its authority on behalf of another
(B) CPU is overloaded
(C) Disk is fragmented
(D) File is corrupted
Answer: (A) A program misuses its authority on behalf of another
Q#21: Reference monitor concept ensures:
(A) All access requests are checked against security policy
(B) CPU speed is maximized
(C) Memory fragmentation is reduced
(D) Disk is defragmented
Answer: (A) All access requests are checked against security policy
Q#22: The reference monitor must be:
(A) Tamper-proof, always invoked, small and simple
(B) Large and complex
(C) Only in memory
(D) Only in disk
Answer: (A) Tamper-proof, always invoked, small and simple
Q#23: Authentication is a prerequisite for:
(A) Access control
(B) Paging
(C) Disk formatting
(D) Scheduling
Answer: (A) Access control
Q#24: Mandatory Access Control (MAC) is enforced by:
(A) System policy, not user choice
(B) User discretion
(C) CPU scheduler
(D) Disk blocks
Answer: (A) System policy, not user choice
Q#25: Discretionary Access Control (DAC) allows:
(A) Owners to control access to their resources
(B) Central authority only
(C) CPU scheduling
(D) Disk management
Answer: (A) Owners to control access to their resources
Q#26: Reference monitor implementation is usually part of:
(A) Operating system kernel
(B) User programs
(C) Disk utilities
(D) CPU cache
Answer: (A) Operating system kernel
Q#27: File permissions in UNIX are an example of:
(A) DAC
(B) MAC
(C) Ring model
(D) CPU scheduling
Answer: (A) DAC
Q#28: SELinux provides:
(A) Mandatory Access Control
(B) Discretionary Access Control
(C) Disk partitioning
(D) Thread scheduling
Answer: (A) Mandatory Access Control
Q#29: Access matrix entries can be implemented as:
(A) ACLs, capability lists, or access control tables
(B) CPU registers
(C) Disk blocks
(D) File system
Answer: (A) ACLs, capability lists, or access control tables
Q#30: User authentication can include:
(A) Passwords, tokens, biometrics
(B) Disk allocation
(C) Memory allocation
(D) CPU scheduling
Answer: (A) Passwords, tokens, biometrics
Q#31: Segmentation faults occur when:
(A) A process accesses memory without permission
(B) CPU is overloaded
(C) Disk is full
(D) File is locked
Answer: (A) A process accesses memory without permission
Q#32: Sandboxing provides protection by:
(A) Isolating processes in a restricted environment
(B) Encrypting files
(C) Defragmenting disk
(D) Scheduling CPU
Answer: (A) Isolating processes in a restricted environment
Q#33: The principle of separation of duties helps to:
(A) Reduce risk of misuse of privileges
(B) Allocate CPU faster
(C) Backup files
(D) Optimize memory
Answer: (A) Reduce risk of misuse of privileges
Q#34: Hardware protection mechanisms include:
(A) Memory protection, CPU modes
(B) Disk defragmentation
(C) Thread scheduling
(D) File copying
Answer: (A) Memory protection, CPU modes
Q#35: CPU modes for protection include:
(A) User mode and kernel mode
(B) Real mode only
(C) Virtual mode only
(D) Protected mode only
Answer: (A) User mode and kernel mode
Q#36: Trap instructions are used for:
(A) Controlled transfer from user mode to kernel mode
(B) Disk formatting
(C) Memory allocation
(D) File copying
Answer: (A) Controlled transfer from user mode to kernel mode
Q#37: Paging with protection bits helps:
(A) Prevent unauthorized memory access
(B) Encrypt files
(C) Schedule CPU
(D) Backup files
Answer: (A) Prevent unauthorized memory access
Q#38: A capability token must be:
(A) Unforgeable to prevent misuse
(B) Large in size
(C) Stored on disk only
(D) Stored in CPU only
Answer: (A) Unforgeable to prevent misuse
Q#39: Protection faults occur when:
(A) Access violation happens
(B) Disk is full
(C) CPU overheats
(D) Memory is fragmented
Answer: (A) Access violation happens
Q#40: In Windows OS, Access Tokens are used for:
(A) Controlling user access to resources
(B) CPU scheduling
(C) Disk formatting
(D) Memory management
Answer: (A) Controlling user access to resources
Q#41: Key-based access control is used in:
(A) Cryptographic systems for protection
(B) Disk formatting
(C) CPU scheduling
(D) Memory paging
Answer: (A) Cryptographic systems for protection
Q#42: Protection domains can be implemented using:
(A) Rings, capabilities, or access matrices
(B) CPU cores
(C) Disk sectors
(D) File descriptors
Answer: (A) Rings, capabilities, or access matrices
Q#43: Access control enforcement must be:
(A) Complete, correct, and tamper-proof
(B) Partial only
(C) Optional
(D) Disk-based
Answer: (A) Complete, correct, and tamper-proof
Q#44: OS uses user IDs (UIDs) and group IDs (GIDs) to:
(A) Enforce access control
(B) Manage CPU cores
(C) Allocate disk
(D) Encrypt files
Answer: (A) Enforce access control
Q#45: Protected objects include:
(A) Memory, files, devices, CPU
(B) Only files
(C) Only memory
(D) Only devices
Answer: (A) Memory, files, devices, CPU
Q#46: Password file protection ensures:
(A) Only authorized users can access authentication data
(B) CPU runs faster
(C) Disk is allocated
(D) Memory is cleared
Answer: (A) Only authorized users can access authentication data
Q#47: Reference monitor concept is the foundation of:
(A) Trusted computing
(B) CPU scheduling
(C) Disk management
(D) File systems
Answer: (A) Trusted computing
Q#48: Kernel enforcement of protection requires:
(A) All accesses to objects pass through kernel checks
(B) Direct user access
(C) Disk only
(D) CPU only
Answer: (A) All accesses to objects pass through kernel checks
Q#49: Protection mechanism should be:
(A) Simple, complete, and always invoked
(B) Complex and optional
(C) Disk-based only
(D) Memory-based only
Answer: (A) Simple, complete, and always invoked
Q#50: Separation of mechanism and policy means:
(A) Mechanism implements protection, policy decides rights
(B) Policy implements CPU scheduling
(C) Mechanism implements disk allocation
(D) Policy implements thread scheduling
Answer: (A) Mechanism implements protection, policy decides rights