information technology 167

Exam Questions

Part 1: True/False – Multiple Choice answers (2 Points Each)

You want to encrypt and transmit the message and send to your friend so he/she can read it. You are using asymmetric encryption.Which key would you use to encrypt the message?

Answer: ____

Answer: ____

3. True or False

You have the hash of your password stored in your computer system. You can take that hash and decrypt it to find the password.

Answer: ____

4. True or False

Discretionary Access Control (DAC) policy is vulnerable to Trojan horse attacks.

Answer: _____

Answer: _____

You are asked to design and implement a secure computer system for your company.One of the requirements is to use access controls using a defense-in-depth strategy. One layer of defense should satisfy this requirement to keep intruders or attackers from reaching the system.

Answer: _____

An old federal system architecture is being replaced with a new one. You are asked to implement new security controls for the new architecture. FIPS 200 and NIST 800-53 are used as a guidance that will ensure requirements and security controls are selected properly.

Answer: _____

Answer: _____

Answer: _____

Biometrics are based on something you are, smartcards are based on something you have, passwords are based on something you know.

Answer: _____

Part 2: Short Answers (10 points each). Please answer briefly and completely and cite all sources of information. Please restrict your answer for each question to three fourth (3/4) of a page (double spaced) or less.

  1. Explain the details of each of the access control models (MAC, DAC, Role-BAC, Rule-BAC, ABAC) and provide an example of how each of them is used.
  1. Define the difference between need to know and the principle of least privilege.
  1. Compare and contrast a security plan and security policy. Give an example of how each of these are used?
  1. What is the difference between Symmetric Key Cryptography and Asymmetric Key Cryptography? Provide an example of when each is best used.
  1. Define the CIA Triad security principles. Provide a use example of each of the principles.

Part 3: Short Essay (30 points). Please restrict your answer to 3 pages (double spaced) or less.

A company has been the victim of a series of security breaches. You are hired as the security consultant and your job is to help reduce the risk from future attacks. You check the web server log for possible clues as to what happened. Also, you check the database and some of the data is missing or corrupted.

Respond to each of the following, considering all the material we have studied in this course so far. Cite these and other pertinent sources used in your answer. Be specific but fully explain and give reasons for your answers.

  1. What are the steps you would take in order to identify the vulnerabilities that lead to the security breaches?
  1. What would your recommendation be to the management team to help them reduce the risk from future attacks?
  1. Write a security policy for this company.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.