CSSF Which statements are correct

$$ Assuming specific attack vectors is a proper security strategy and is not considered a threat.

$$ In enclave attestation the enclave must have its own pair of keys $($the public and secret key$).$

$$ DoS attacks target availability of systems.

$$ One can use control groups to limit resource usage in Linux.

Which of the statements below are true

$$ The so$-$called gold standard for the AU's involves authentication, authorization and audit and concerns guards' role in isolated systems.

$$ Storing hashes of passwords concatenated with salt is a common technique to defend against rainbow attacks.

$$ A trampoline in the context of software isolation can be understood as a jump instruction to some chosen code path.

$$ The principle of least privilege is an approach opposite to the system's granularity and isolation.

Which following statements on computer systems security are correct

$$ Security of computer systems is increased by transforming the system in such a way to remove various threats from the system's corresponding threat model.

$$ Containing damage is one of the ways to deal with unknown attacks.

$$ Security of computer systems should not be based on so$-$called post$-$mortems.

$$ One of the defenses against the buffer overflow attack is NX $($no$-$execute$).$

Which statements are true

$$ Bugs in SQL escaping in general do not jeopardize web services.

$$ TPM or secure boot $($checking what kernel boots$)$ is a new software security approach that superseded the enclaves idea.

$$ Secure source code repository of a computer system is a very critical aspect of this computer system's security.

$$ Enclaves have a relatively weak threat model in comparison to other computer systems isolation mechanisms.

Which of the below statements are correct

$$ Known default passwords or public default permissions are examples of insecure computer systems policies.

$$ The goal of an enclave is to deal with a compromised operating system, still providing security.

$$ Bugs in non$-$critical software components do not have significant implications for computer systems security.

$$ Buffer overflows are class of software bugs that do not impact security of computer systems.

Which following statements are correct

$$ Attestation allows outside clients communicating with an enclave to get an idea what is running in the enclave and hence to be able to decide whether or not to trust this enclave with some data to be processed.

$$ SGX or software guard extensions introduced CPU support for enclaves.

$$ Computer system's security architecture in general cannot be designed in a way to be resilient to an unknown attack.

$$ The $2$FA authentication cannot be compromised without a physical access to an actual device one is using to authenticate.