Final Exam | Complete Solution

1. Which of the following is NOT one of Shannon's Characteristics of Good Ciphers? (Points : 0.5)

       The amount of secrecy needed should determine the amount of labor appropriate for the encryption and decryption
       The size of the enciphered text should be much larger than the text of the original message to provide the greatest amount of confusion
       The set of keys and the enciphering algorithm should be free from complexity
       The implementation of the process should be as simple as possible
       Errors in ciphering should not propagate and cause corruption of further information in the message
 

Question 2.2. Name the three principle kinds of PROGRAMMING controls used to protect security of data and explain what each of them does: (Points : 0.5)

Question 3.3. The eGovernment Act of 2002 requires private companies and corporations to post privacy policy notices on their web sites (Points : 0.5)

       True 
       False 
 

Question 4.4. Your computer is going to transmit the letter “N” using ASCII encoding.  The seven bit ASCII code for the letter N is 1001110. Your computer will add an eighth bit, and it is using even parity.  Will it add a “1” or a “0”? (Points : 0.5)

Question 5.5. Access control lists are seldom used on routers because of their potential to degrade router performance (Points : 0.5)

       True 
       False 
 

Question 6.6. Which of the following statements is correct (select all that apply)? (Points : 0.5)

        Packet Filtering Firewalls block packets from addresses known to be suspect or dangerous  and may block certain protocols, such as FTP. 
        Stateful Inspection Firewalls keep track of information across multiple packets and shut down multi-packet penetration attempts 
        Application Proxies simulate the effect of packets addressed to various applications before actually passing the packets to the application layer 
 

Question 7.7.

What is the definition of privacy, as we discussed it in class

(Points : 0.5)

Question 8.8. A properly implemented firewall can keep all attacks out of a network (Points : 0.5)

       True 
       False 
 

Question 9.9. The purpose of an Intrusion Detection System (IDS) is to cope with attacks that are already in progress (Points : 0.5)

       True 
       False 
 

Question 10.10. According to the textbook, 87% of the population of the USA can likely be identified by linking which three attributes (select the correct 3 attributes) (Points : 0.5)

        Gender 
        Color of Eyes 
        Date of Birth 
        5-digit Zip code 
        Color of hair 
        Race 
 

Question 11.11.

What is the data inference problem?  Name two kinds of controls you would implement to protect against data inference, and under what circumstances would you use each one?

(Points : 0.5)

Question 12.12. Name the seven different network security controls discussed in class and explain what each of them protects or enforces (Points : 0.5)

Question 13.13. Name and explain the two different types of Intrusion Detection Systems: (Points : 0.5)

Question 14.14. Which of the following in NOT a function of an Intrusion Detection System?

(Points : 0.5)

       Monitors users and system activity
       
Protects the perimeter of a network
       Recognizes known attack patterns
       Installs and operates traps to record information about intruders
 

Question 15.15. Commercially available Intrusion Detection Systems are fairly good at detecting attacks (Points : 0.5)

       True 
       False 
 

Question 16.16. One advantage of commercial Intrusion Detection Systems is that they run well with no human intervention (Points : 0.5)

       True 
       False 
 

Question 17.17. The ISOC standard for secure e-mail enables the sending of security-enhanced messages through the existing Internet as ordinary messages.  (Points : 0.5)

       True 
       False 
 

Question 18.18. Who should decide whether private information is sensitive? (Points : 0.5)

       Subject
       Holder
       
Both subject and holder

 

Question 19.19. Explain the difference between the secure email requirements of sender authentication and non-repudiation (Points : 0.5)

Question 20.20. The government agency that may sue if a company posts false statements about privacy protection is the _____________   ___________   ______________ (Points : 0.5)

Question 21.21. Many users (select one best answer): (Points : 0.5)

       Do not realize they must assume a significant amount of responsibility for security
       Realize that personal computers have a great deal of power
       Are aware of security risks, but choose to ignore them
       All of the above
 

Question 22.22. The Security Requirements section is the heart of a security plan.  It states what is to be accomplished, and how it is to be done (Points : 0.5)

       True 
       False 
 

Question 23.23. Updates to a security plan should be triggered by: (Points : 0.5)

       Time (e.g. annually, every two years, …)
       An event (e.g. a new kind of attack)
       

Either time or an event

Question 24.24.

List and explain three ways to maintain privacy, as defined in class.

(Points : 0.5)

Question 25.25. Explain the difference between a Business Continuity Plan and an Incident Response Plan (Points : 0.5)

Question 26.26. Effective security planning requires risk analysis (Points : 0.5)

       True 
       False 
 

Question 27.27. Name the three issues addressed by the Security Policy section of the Security Plan: (Points : 0.5)

Question 28.28. Good physical security should be concerned with (select all that apply): (Points : 0.5)

        
Malicious acts such as sabotage 
        
Natural disasters such as floods, fire, and earthquakes 
        
Power loss and major power fluctuations 
 

Question 29.29. Under patent law, an algorithm can be legitimately classed as an invention (Points : 0.5)

       True 
       False 
 

Question 30.30. Match the time period of protection with the legal method in the following:
(Points : 0.5) 

Potential Matches:

1 : Indefinite

2 : 70 years or 95 years

3 : 20 years

    Answer

     : Copyright

     : Patent

     : Trade Secret

Question 31.31. Computer crime has been difficult to prosecute because of (Points : 0.5)

       Legal rules regarding tangible property
       Rules of evidence
       Chain of custody rules

       All of above
 

Question 32.32. Match the statute with the correct description or effect:
(Points : 0.5) 

Potential Matches:

1 : Prohibits unauthorized access to national defense data, banking/financial information, accessing a protected computer without permission, and more.

2 : Protects privacy of personal data collected by US Government

3 : Strengthens 1984 Fraud & Abuse Act

4 : Outlaws espionage by computer

5 : Prohibits electronic wiretapping

    Answer

     : Computer Fraud & Abuse Act (1984)

     : Economic Espionage Act (1996)

     : Privacy Act (1974)

     : Electronic Communications Privacy Act (1986)

     : Patriot Act (2001)

Question 33.33. A user or company may become subject to the laws of another country, even if his/her/its data only passes through an intermediate Internet node, on its way to the receiver of the data (Points : 0.5)

       True 
       False 
 

Question 34.34. US laws forbid companies to collect data on individuals that the US Government is prohibited from collecting (Points : 0.5)

       True 
       False 
 

Question 35.35. Existing US privacy laws provide stronger data protection than 
European Union Directive 95/46/EC (Points : 0.5)

       True 
       False 
 

Question 36.36. If two ethical principles conflict, the priority is determined by a (an): (Points : 0.5)

       Court
       Philosopher
       Body of peers
       Individual
 

Question 37.37. Describe two kinds of content integrity controls for network security (Points : 0.5)

Question 38.38. Penetration testing can be used to guarantee that a trusted system is fault-free (Points : 0.5)

       True 
       False 
 

Question 39.39. Name three different things that can be authenticated.  Which is the most difficult to authenticate? (Points : 0.5)

Question 40.40.

In analyzing your company’s risk to a set of vulnerabilities, you determine that your risk exposure could be reduced from $35 million to $19 million.  The cost of applying appropriate controls to achieve this reduction in risk exposure would be $4 million. 
What is the associated Risk Leverage? 

(Points : 0.5)

Question 41.41. Match the statement with the correct kind of Intrusion Detection System (IDS)
(Points : 0.5) 

Potential Matches:

1 : Signature Based IDS

2 : Heuristic IDS

3 : Signature Based IDS

4 : Heuristic IDS

    Answer

     : Perform simple pattern matching and report matches

     : Limited by the amount of information the system has seen

     : First Time attack cannot be detected

     : Looks for behavior that is "out of the ordinary"

Question 42.42. Explain the two phases of the two-phase update process for maintaining data base integrity (Points : 0.5)

Question 43.43.

After reading that second-hand smoke causes lung cancer in other people, Raj has decided that he will never smoke.  Please circle which ethical theory he is following.  In the following essay question, explain why you think he is following the ethical theory you have chosen

(Points : 0.5)

       Universal Deontology
       Rule Deontology
       Teleology - Egoism
       Teleology - Utilitarianism
 

Question 44.44. Explain your choice in the previous question.  (Points : 0.5)

Question 45.45.

Estimate how long you need to make a password to make it secure from a brute force attack for one year  using only upper case letters plus the numbers 0 through 9 plus the following nine special characters: !#$%^&*)(.  Assume an attacker has a system that operates at 4 billion instructions per second, and that it takes 12 instructions to test each password?  To simplify your calculation, assume the attacker only has to test the exact length password you estimate, but not all smaller lengths as well.  You must show your calculations.

(Points : 1)

Question 46.46. The following ciphertext has been derived from a simple substitution cipher of the form Ci = Pi + N.  Find the value of N that decrypts the ciphertext, decrypt it, and write the plaintext below.  The numbers and letters below the ciphertext are there to make your task easier.  You do not need to write down the value of N in your answer. Enter your answer using only upper case letters.

UNC CQN KJUUXXWB UXXBN BXXW

A B C D E F G H I J  K L M N O P Q R S T  U V W X Y Z
1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 20 1 2 3 4 5 6
(Points : 1)

Question 47.47.

Encrypt  the phrase, "TELEOLOGICAL THEORY FOCUSES ON CONSEQUENCES", using a simple transposition cipher with eight rows and five columns.  Type the resulting ciphertext in upper case letters only.  Your result should contain 7 groups of five letters each and a final group of four letters and there should be a space between each group of letters in the ciphertext.  Ignore the quote marks and ignore all spaces in the plaintext phrase.

(Points : 1)