Describe how a Cross-Site Request Forgery (XSRF) attack works, using the bank BillPay example or Gmail contact list example. Explain why cookies alone are not sufficient for authentication.

IPSec can secure communication in which situations?

Explain the key differences between authentication and authorization, and why confusing the two can lead to security vulnerabilities. Provide one concrete example.

True or False: Packet-filtering firewalls require detailed knowledge of TCP/UDP port usage on operating systems.

Explain the difference between Transport mode and Tunnel mode in IPSec. Include a diagram description of packet formats in each mode and a typical use case (e.g., VPN) for each.

In access control terminology, a “subject” is

Bell-LaPadula enforces

True or False: Extended ACLs in filesystems provide more granular control than the traditional owner/group/other model.

Capabilities are stored with

Bell-LaPadula is a classic example of which model?