User Account

All Pages

Describe the data encryption standard

Assignment Help Management Information Sys
Reference no: EM131304433

INFA 620 - NETWORK AND INTERNET SECURITY

This is an open-book individual exam. You may use any resources in addition to the textbook, but you should do it individually without collaborating with others. Questions should be answered in your own words. Use quotation marks if not using your own words, and do not forget to cite full reference when necessary. Unless specified otherwise all multiple choice questions have only one correct answer.
Other Guidelines:

• You should submit your exam to your assignment folder in LEO as an HTML, MS-Word or plain text. When using HTML or plain text, you can either use the window available to paste your work, or attach your file.

• Repeat the text of the questions you have answered.

• Be the clearest and objective you can in all questions and be sure you are answering what is asked.

• Put your name in the exam.

PROBLEM 1 - General questions (20 points) ?(5 pts each)

a) Which of the following is considered the first line of defense against human behavior? Explain.

A) Policies

B) Cryptography

C) Physical security

D) Business continuity planning

b) Select from the following the best definition of security risk analysis:?A) Risk analysis looks at the probability that a vulnerability exists in your system.

B) Risk analysis looks at the probability that your security measures won't stop a hacker breaking in to your system.

C) Risk analysis looks at the probability that a hacker may break in to your system.

D) Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.

E) Risk analysis looks at the consequences of being connected to the Internet.

c) Which answer governs how a network might be configured and operated as well as how people are expected to behave on it?

Explain.?A) Network documentation?B) Regulations?C) Procedures?D) Policies

d) Which answer is one that contains actions to be taken in a certain situation like how long before users must change passwords, actions to take if an infiltration takes place or a users steals corporate date? Explain.

A) Policies

B) Documentation

C) Regulations

D) Procedures

PROBLEM 2 - Networking Fundamentals (20 points)?(5 pts each)
a) While using which type of networking device would each host 'see' all other traffic on the network? Explain.?A) Network Switch?B) Network Router?C) Network Hub?D) Token Ring Network

b) Which type of network device divides broadcast domains? Explain.?A) Switches?B) Hubs?C) Routers?D) Bridges

c) What destination MAC Address would be added to a packet on the route to a remote computer? Explain.

A) MAC Address of the far side of the default gateway

B) MAC Address of your computer

C) Exterior MAC Address of the remote Server

D) Interior MAC address of default gateway

d) You have two network segments separated by a router. A host on one segment does an ARP request for a certain IP Address. Would that request cross the router? Explain.

A) Yes, because routers forward broadcasts

B) Yes, if there is a hub between segments

C) Only if you have a Caching Engine

D) No, routers do not forward broadcasts
PROBLEM 3 - Cryptography Fundamentals (20 points)
(5 pts each)

a) Users in your organization sign their emails with digital signatures. What provides integrity for these certificates? Explain.

A) Hashing

B) Encryption

C) Non-repudiation

D) Private key

b) Bob wants to send a secure email to Alice so he decides to encrypt it. Bob wants to ensure that Alice can verify that he sent it. Which of the following does Alice need to verify the certificate that Bob used in this process is valid? Explain.

A) Alice's public key

B) Alice's private key

C) Bob's private key

D) Bob's public key

E) The CA's private key

F) The CA's public key

c) Which cryptographic system provides both data security and non-repudiation? Explain.

A) 3DES - Triple Data Encryption Standard

B) PKI - Public Key Infrastructure

C) DES - Data Encryption Standard

D) AES - Advanced Encryption Standard

d) When a user needs to provide message integrity, what options may be the best?

A) Send a digital signature of the message to the recipient

B) Encrypt the message with a symmetric algorithm and send it

C) Create a checksum, append it to the message, encrypt the message, then send it to the recipient

D) Encrypt the message with a private key so the recipient can decrypt with the corresponding public key?
PROBLEM 4 - Network Vulnerabilities, Attacks and Countermeasures (20 points)
(5 pts each)

a) Which of the following is not to be considered a cyber attack? Explain.?A) A nuclear electromagnetic pulse (EMP) that knocks out all electronic devices.

B) Trust exploitation.

C) Access control.

D) Port redirection.

E) Man-in-the-middle.

b) Which denial of service attack involves sending crafted ICMP packets which have a source address of the victim and all responses go to the victim?

A) Macro Virus

B) SYN Flood

C) Smurf Attack

D) Buffer Overflow

c) Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What best describes this activity?

A) Targeted attack

B) Sniffing

C) Spear phishing

D) Advanced persistent threat

d) Which component of an effective penetration test involves contacting users and asking questions about the corporate network in an attempt to gather intelligence? Explain.

A) Man-in-the-Middle Attack

B) Phishing

C) Spear Phishing

D) Social Engineering
PROBLEM 5 - Authentication and Authorization Controls (20 points)
(5 pts each)
a) Consider the following protocol that involves both RSA public-key operations and DES. Suppose that A has an RSA private key prv(A) and an RSA public key pub(A). Suppose that B has an RSA private key prv(B) and an RSA public key pub(B). Assume both A and B knows each other's public key. A wants to send B some message M. A selects random DES key K and send B the following two messages:
-- Epub(B)( K, Sigprv(A)(K))
-- EK(M)
"E" means encryption and "Sig" means digital signature. Which of the following statement(s) is true? Briefly explain why or why not.

(A) Only B can decipher the contents of the message M

(B) B is certain that the message M is from A

(C) B can prove to a third party that the message M arrived from A.

b) The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement? Explain.

A) Fingerprint scan and retina scan

B) Password and PIN

C) Hardware token and PIN

D) Smart card

c) Apart from having strong passwords, what can mitigate brute force logon attempts? Explain.

A) Automatic Account Lockouts

B) Renaming Administrator Accounts

C) Disable the Administrator Account

D) Security Audits

d) A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server? Explain.

A) Access control

B) Authentication

C) Authorization

D) Identification

Reference no: EM131304433

Questions Cloud

Macroeconomic assignment : Many people find the current unemployment figures for Australia a bit unbelievable. Why is this? Why might the official statistics be inaccurate?
Calculate the macaulay duration and the modified duration : The derivative of the price function of the bond with respect to the yield to maturity is -$7,443.81 when evaluated at the current annual yield, which is 7%. Calculate the Macaulay duration D(.07, infinity) and the modified duration D(.07, 1) of t..
What are some of the unwritten boundaries that exist : What life lessons have you learned through these people? What are some of the unwritten boundaries that exist in your family? Did one person establish the rules in your family, if so, who?
Find this futures contract useful in hedging : What type of investor would find this futures contract useful in speculating? Briefly explain how these investors would use it to speculate.
Describe the data encryption standard : Describe the Data Encryption Standard,Public Key Infrastructure,Advanced Encryption Standard, Triple Data Encryption Standard etc.
How oil prices tend to rise during the spring observe : If you wanted to use the futures market for oil to speculate that oil prices were going to increase, how would you do it?
Why southwest airlines would want to hedge fuel costs : Briefly explain why Southwest Airlines would want to hedge fuel costs and how it would do so. Your answer should include a definition of hedging.
Whether banking and supervisory structures at eu level : Please write an essay of approximately 500 words on the topic Whether banking and supervisory structures at EU level proved adequate in responding to the debt crisis.
How do people use futures market for oil to buy protection : An article in the Wall Street Journal quotes a participant in the futures market for oil as saying, "We've seen less activity of people buying protection."

Reviews

Write a Review

Management Information Sys Questions & Answers

  Structured wiringexplain the rationale for structured

structured wiringexplain the rationale for structured wiring.explain the differences and similarities between a loop

  Different software development methods

Compare and contrast at least three (3) different software development methods. Explain why the testing of software products is of great importance

  Which software-development methodology would be best

Which software-development methodology would be best if an organization needed to develop a software tool for a small group of users in the marketing department? Why? Which implementation methodology should they use? Why? Give an example of a comp..

  What data is being collected when a product is scanned

In a supermarket scanner system, what data is being collected when a product is scanned

  Discuss issues and concerns about use of portable devices

Security and Mobile Devices: Discuss issues and concerns about the use of portable devices such as tablets, smart phones and laptops

  How does a dictionary attack work? just an illustration

How does a dictionary attack work? just an illustration, short and precise

  Adding value factors to evaluate a decision to add new

adding value factors to evaluate a decision to add new technologywhat types of factors must be evaluated in order for a

  How do you think backemel should obtain innovative ideas

How do you think Backemel should obtain innovative/creative ideas to solve the problem of obtaining fresh water from a living animal?  Consider the employees at Backemelas well as outside industry

  Discusss those that have not had sufficient controls

Find an article online that discusses a breach or violation of a regulation, such as HIPAA, or of a standard such as PCI-DSS, GLBA, or FERPA. You can also look at Federal Agencies and discusss those that have not had sufficient controls in place (..

  Demonstrate knowledge of information systems types

Students will demonstrate their knowledge of information systems types while using this document to communicate the required information.

  Draw a process model for the existing process

Draw a process model for the existing process using correct Business Process Modelling Notation - what changes could be made to make this process more efficient?

  Evaluate the two major information delivery methods

Evaluate the two major information delivery methods in mobile commerce - data security of information transmitted in the wireless network

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd