INFA 610- Final Exam

INFA 610- Final Exam
INFA 610
Foundations of Information Security and Assurance
Final Exam
Part 1: Short discussion, determine if each of the following questions is true or false and defend your position in a brief discussion if you think it is necessary. Write your answer, T or F, to each question in the following Answer Table. (10 questions at 1.5 points each, 15 points totally)
T F Deleting the browsing history and cookies in a computer system can be the way to completely delete the recently visited sites.
T F A Denial-of-Service attack does not require the attacker to penetrate the target’s security defenses.
T F The biggest advantage of public-key cryptography over secret-key cryptography is in the area of key management/key distribution.
T F When it comes to the ethics of a particular situation, there is only one right answer.
T F A one-time pad is a safe house used only once by an undercover agent.
T F In terms of privacy laws, companies have advantage over the government in terms of the types of data that a company can collect.
T F Consider data that is stored over time in a mandatory access control based system. The contents of files containing highly classified (“top secret”) information are not necessarily more trustworthy than material stored in files marked unclassified
T F A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.
T F 3DES (Triple DES) requires the use of three independent keys.
10. T F Intrusion Detection Systems (IDS) provide no protection from internal threats.
Part 2: Multiple Choice Questions. In some cases you may need to select more than one of the options. If you select “None of the above” you need to list the correct answer. (Do not simply select either all of the above or none of the above). (Scored as 3 points for each question, no guarantee of partial credit for partially correct answers.) Write your answers in the following Answer Table. (10 questions at 3 points each, 30 points totally)
1. Broad categories of payloads that malware may carry include which of the following:
Corruption of system or data files;
Theft of service in order to make the system a zombie agent of attack as part of a botnet;
Theft of information from the system, especially of logins, passwords or other personal details by keylogging or spyware programs;
Stealthing where the malware hides it presence on the system from attempts to detect and block it;
All of the above.
2. Denial of service attacks include:
DNS spoofing
Smurf attack
Ping of death
SYN flood
All of the above.
3. If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:
A’s private key
A’s public key
B’s private key
B’s public key
None of the keys listed above.
4. The basic step(s) should be used to secure an operating system:
Harden and configure the operating system to adequately address the identified security needs of the system.
Install and register the operating system.
Installing and configure additional security controls, such as anti-virus, host-based firewalls, and intrusion detection systems (IDS), if needed.
Test the security of the basic operating system to ensure that the steps taken adequately address its security needs.
All of the above.
5. Choose the right statement(s):
On change-controlled system, you should run automatic updates to prevent security patches from introducing instability.
A malicious driver can potentially bypass many security controls to install malware.
It is critical that the operating system be kept as up to date as possible, with all critical security related patched installed.
The operating system planning process should consider the categories of users on the system, and the privileges they have.
All of the above.
6. Countermeasures against subdomain DNS cache poisoning include which of the following:
SPR
DNSSEC uses RRSIG and DNSKEY records
Firewalls
DNSSEC employing a chain of trust
All of the above.
7. SELinux implements different types of MAC: ________________________.
Role Based Access Controls and Type Enforcement,
Multi Level Security,
Multi Task Level Security,
User Based Access Controls and Format Enforcement
None of the above.
8. Protection of a software program that uses a unique, novel algorithm could be legally protected by:
A patent
A copyright
A notary
Ethical standards
All of the above.
9. Security threats include which of the following:
Hurricanes
Disgruntled employees
Unlocked doors
Un-patched software programs
All of the above.
10. Methods to avoid SQL injection include which of the following:
Providing functions to escape special characters
Techniques for the automatic detection of database language in legacy code.
Built-in functions that strip input of dangerous characters.
Techniques for the automatic detection of SQL language in legacy code.
All of the above.
Part 3: Short Answer Questions. (5 questions, 5 points each, 25 points totally)
1. You discover that your computing system has been infected by a piece of malicious code. You have no idea when the infection occurred. You do have backups performed every week since the system was put into operation but, of course, there have been numerous changes to the system over time. How could you use the backups to construct a “clean” version of your system? (5 points)
2. What are the server-side attacks? What are the techniques a developer can employ to minimize these attacks?
3. What are some of the individual rights associated with information privacy? Do expectations of privacy change depending on the individual’s environment? If so, how? (5 points)
4. The table below shows the authentication protocol, wherein pwd is Albert’s password and K is a key derived from pwd. Can an attacker that can eavesdrop messages (but not intercept or spoof messages) obtain pwd by off-line password guessing? If you answer no, explain briefly. If you answer yes, describe the attack. (5 points)
5. Why is a firewall a good place to implement a VPN? Why not implement it at the actual server(s) being accessed? (5 points)
Part 4: Essay Questions.
1. (15.0 points) One hundred years ago, Louis Brandeis and Samuel Warren warned us that, “Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the housetops.’” Cryptography is an enabling technology for self-help privacy. Conversely, cryptography can be used to conceal criminal conspiracies and activities, including espionage.
(a) How does cryptography help or hinder protection of privacy and public safety?
(b) What policies are needed and appropriate in a networked world regarding the use of cryptography?
(c) What new threats do computer systems and networks pose to personal privacy? In other words, what threats are enabled or enhanced by computer systems and networks? Note: Your total answer to all three questions (a-c) should be restricted to two (2) pages (double spaced, font size=12). In addition to the answer, you must cite all sources of information if any.
2. (15 points) Rick is a very talented programmer who has developed a revolutionary method for a new intrusion detection system (IDS). It is an elegant new algorithm that will flawlessly detect intrusion attacks and respond almost instantly. He understands that if it works it could be worth a great deal of money. Steven is a friend of his whom he enjoys discussing his ideas with. Steven is a successful entrepreneur, and Rick is concerned that he may lose any intellectual rights if Steven was to develop his idea without including him. Please discuss the legal and ethical issues in such a relationship. What should each of these individuals do to ensure ethical barriers are not broken? Maximum length: two (2) pages (double spaced, font size=12). In addition to the answer, you must cite all sources of information if any.

Struggling to find relevant content or pressed for time? – Don’t worry, we have a team of professionals to help you on
INFA 610- Final Exam
Get a 15% Discount on this Paper
Order Now
Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
Sign up, place your order, and leave the rest to our professional paper writers in less than 2 minutes.
step 1
Upload assignment instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
s
Get personalized services with MyCoursebay
One writer for all your papers
You can select one writer for all your papers. This option enhances the consistency in the quality of your assignments. Select your preferred writer from the list of writers who have handledf your previous assignments
Same paper from different writers
Are you ordering the same assignment for a friend? You can get the same paper from different writers. The goal is to produce 100% unique and original papers
Copy of sources used
Our homework writers will provide you with copies of sources used on your request. Just add the option when plaing your order
What our partners say about us
We appreciate every review and are always looking for ways to grow. See what other students think about our do my paper service.
Human Resources Management (HRM)
Excellent Thank you so much
Customer 452813, September 18th, 2024
Nursing
Thank you for the great job and timely delivery.
Customer 452457, December 18th, 2020
Business and administrative studies
GREAT
Customer 452813, June 30th, 2022
Human Resources Management (HRM)
You did an awesome job with this paper. Thanks for the prompt delivery.
Customer 452701, October 24th, 2023
Philosophy
The paper is great. Will definitely use again.
Customer 452773, May 24th, 2022
Other
GREAT
Customer 452813, September 20th, 2022
Human Resources Management (HRM)
Thanks for the prompt delvery.
Customer 452701, January 20th, 2023
Human Resources Management (HRM)
You are greatly appreciated.
Customer 452701, October 17th, 2023
Career Development
Beautiful job
Customer 452901, April 16th, 2024
Social Work and Human Services
Excellent! Done earlier than needed and with more sources than needed! Great work!
Customer 452485, August 22nd, 2021
Other
GOOD
Customer 452813, July 5th, 2022
Education
Great
Customer 452813, June 29th, 2023
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat

Good News ! We now help with PROCTORED EXAM. Chat with a support agent for more information

NEW

Thank you for choosing MyCoursebay. Your presence is a motivation to us. All papers are written from scratch. Plagiarism is not tolerated. Order now for a 15% discount

Order Now