Interview Questions & Answers on System Protection & System Security

System Protection

1. Goals of Protection
Q: What are the primary goals of system protection?

A: The primary goals are:

 - Confidentiality: Prevent unauthorized access to data.

 - Integrity: Ensure data is not modified by unauthorized users.
 - Availability: Ensure resources are accessible to authorized users when needed.

Q: Why is user authentication an essential part of system protection?

A: Authentication verifies the identity of users before granting access, ensuring that only
authorized users can access protected resources.

2. Principles and Domain of Protection

Q: Explain the principle of least privilege. Why is it important?

A: The principle of least privilege states that users and programs should be given only the
minimum level of access required to perform their tasks. It reduces the risk of accidental or
malicious damage.

Q: What is a protection domain? How does it work?

A: A protection domain defines a set of permissions for a user or process. It determines

what operations a user/process can perform on system resources.

3. Access Matrix
Q: What is an access matrix? How is it used for system protection?

A: An access matrix is a security model that defines the access rights of subjects
(users/processes) to objects (files/devices). It provides a structured way to control
permissions.

4. Access Control
Q: Explain the difference between DAC, MAC, and RBAC.

A:

 - Discretionary Access Control (DAC): Users can control their own permissions (e.g., file
permissions in Windows).
 - Mandatory Access Control (MAC): System-enforced security based on labels (e.g.,
military security levels).
 - Role-Based Access Control (RBAC): Permissions are assigned based on user roles (e.g.,
admin, user, guest).

5. Revocation of Access Rights

Q: What are the different ways access rights can be revoked?

A:

 - Immediate revocation (removing access instantly).

 - Delayed revocation (effective after a certain period).
 - Owner-controlled revocation (file owner removes permissions).

System Security

1. Introduction to System Security

Q: Explain the CIA triad.

A: The CIA Triad is a fundamental security model:

 - Confidentiality: Protecting data from unauthorized access.

 - Integrity: Ensuring data accuracy and preventing unauthorized changes.
 - Availability: Ensuring resources are accessible when needed.

2. Program Threats
Q: What is a buffer overflow attack? How can it be prevented?

A: A buffer overflow occurs when a program writes more data into a buffer than it can hold,
leading to memory corruption and potential exploits. Prevention methods include:

 - Using bounds checking.

 - Implementing stack canaries.
 - Using languages like Java or Python that prevent buffer overflow.

3. System and Network Threats

Q: Explain Denial-of-Service (DoS) attacks.

A: A DoS attack floods a system with excessive requests, making it unavailable to legitimate
users. Prevention:

 - Use rate limiting.

 - Deploy firewalls and intrusion detection systems.
 - Use CDNs (Content Delivery Networks) to absorb traffic.

4. Cryptography for Security

Q: What is the difference between symmetric and asymmetric encryption?

A:
 - Symmetric encryption: Uses the same key for encryption and decryption (e.g., AES,
DES).
 - Asymmetric encryption: Uses a public key for encryption and a private key for
decryption (e.g., RSA, ECC).

5. User Authentication
Q: What are different authentication methods used in security?

A:

 - Password-based authentication (e.g., username/password).

 - Biometric authentication (e.g., fingerprint, facial recognition).
 - Multi-factor authentication (MFA) (e.g., combining passwords and OTPs).