CSSF Which of the below statements on computer systems security are correct

$$ Implementing numerous security checks in a computer systems architecture without careful design and management can increase the complexity and risk of misconfigurations or errors, potentially leading to the ineffective enforcement of security policies.

$$ According to many studies on average there is circa $1$ software bug per $1000$ lines of code, but this value $($defect density$)$ depends on particular software projects and methodologies.

$$ DoS attacks mitigation should not rely on authentication.

$$ Cgroups cannot be used to isolate processes in Linux.

Which of the below statements are true

$$ A good security policy practice is to limit assumptions.

$$ Capabilities in Linux can be Effective, Permitted and Initiated.

$$ Security of computer systems is not concerned with security policy.

$$ Retrofit bounds checks involve arithmetic operations and pointer dereferencing.

Which of the following statements on computer systems security are correct

$$ Authorization should not rely on Access Control Lists.

$$ The most popular password proven by the $32$ millions Twitter users passwords leak is $12345.$

$$ User authentication system should include registration, authentication check and recovery.

$$ One of the main challenges in user authentication is managing intermediate principals.

Which of the following statements on computer systems security are true

$$ Isolation is an important aspect of computer systems security architecture and can be designed and implemented on many levels of abstraction$.$

$$ To complete the attestation process of the enclave, the client must independently generate and use a random hash value unrelated to the enclave's actual hash function outcome.

$$ The operating system kernel will keep isolated processes apart by addressing separate physical memory ranges with a single page table.

$$ Insecure defaults are not an issue of computer systems security policy.

Which below statements are true

$$ High level system services in Linux, such as ssh$,$ syslog, ntpd must run as root.

$$ Bugs in security policy implementation significantly impact computer systems security.

$$ The main challenge for passwords as means for user authentication is the human factor.

$$ An enclave cannot isolate a database system.

Which below statements are correct

$$ Scaling up a secure threat model does not negatively impact its security.

$$ A container in UNIX grants full access to the entire main file system without any restrictions or need for explicit configuration.

$$ Security of computer systems is about reaching defined security goals despite adversaries.

$$ Security policy issues are related only to rare and exceptional use cases of computer systems, with no relevance to common use cases.

Which of the following statements are correct

$$ Enclaves in both SGX $($hardware implementation$)$ and the Komodo system will introduce a monitor, which does not have to be trusted to provide security.

$$ Software bugs are irrelevant to formalization of computer systems security.

$$ Pseudorandomness is an important loophole in encryption and in computer systems security.

$$ The buffer overflow attack can be always mitigated with a stack canary.