Arab Academy for Science, Technology and Maritime Transportation
College Of Computing and Information Technology
Instructor: Dr. Ayman Taha
Course Title: Information System Security
Course No.: IS703
Date: 27/05 /2021
Time: 60 Minutes
Question 1
Which of the following is true, which is false, correct the false statements:
1. Security architecture address security service and security attacks only
(
)
2. Security services include integrity, availability and confidentiality
(
)
3. Delaying message is kind of Passive attacks
(
)
4. Logic bomb is a piece of code embedded in legitimate program which activated
when specified conditions met
(
)
5. Performing risk analysis is last step of security policy
(
)
6. Honey pots is decoy system filled with correct information
(
)
7. Polymorphic virus change its signature every infection while metamorphic virus has no
fixed signature
( )
8. Virus structure contains infection mechanism and trigger only.
(
)
9. Reactive check password is online password check while proactive checking is
offline checking
(
)
10. Application based IDS is subset of network based IDS
(
)
Question 2
a) Computer network consists of four sub networks, each sub-network has a server and 3PCs, and
each network has its own database application, suggest suitable kinds and quantity of IDSs to
protect the entire network.
b) Explain briefly with drawing The Risk Management Framework.
c) What is meant by Role Based Access Control, why we use it compared with Access Control list.
Question 3
a) What is meant by: vulnerability, Risk, Network Security, User Authentication, and Security
Policy?
b) What is the difference between
- System mode and user mode.
- One time password and password salt.
c) State with clear examples the difference between IDS accuracy and IDS completeness,
Best Wishes,
Ayman Taha