CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor CSCI4911 Special Topics: Systems Security Administration Certification Examination Due Tuesday Dec 7thth 2015 by 11.55pm INSTRUCTIONS 1. Please answer all 10 questions in this document (in the boxes provided) and email it to Robert.owor@asurams.edu on or before Tuesday December 7th 2015, 11.55pm. Each question is worth 10 points. Make sure you include your first and last name in the document, when you email it as an attachment. 2. In the Subject Header of the email, you should include the following: CSCI4911 Special Topics: Certification Exam, Your Last Name, Your First Name, and Due Date. Late Exam submissions are not accepted except where a valid excuse with evidence is provided. 3. Use Times Roman Font Size 10 in all your answers. STUDENT DETAILS LAST NAME: FIRST NAME: DO NOT WRITE ANYTHING BETWEEN THE LINES BELOW: INSTRUCTOR’S EVALUATION SCORE: COMMENTS: CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q1. List 5 security risks do you envisage in a 4G Wi-Fi network? In 7 steps explain how a WPA encryption can be broken in a WIFI network. (10 points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q2. CNN this year, reported massive hacking of iPhone and iPad APPS using Xcode. Discuss how this problem arose, how it affected Apple and the users of apple products. Illustrate the steps Apple took to solve the problem CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q3. Explain the difference between block ciphers and stream ciphers. Give an example of each. Write two Programs: one for a block cipher and the other for stream cipher. Show the input and output of the program (10 Points) 3. Comment on the statement “normal flow is the best-case scenario.” What are some of the CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q4. Explain the difference between Symmetric and Asymmetric Cryptography? Which would you choose and under what conditions? Explain why the Browser Cache, Download Folders and File Deletion pose security risks on Computer Systems. What security precautions must one take to protect a file on a publicly accessible computer, network or file system? Give examples of your own experience in any computer security exercise you have done. (10 points) 4. What is the difference between an information system and information technology? CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q5. How is the brute force attack method used in a password dictionary attack? Explain how this works using Known password cracking software such as John the Ripper (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q6 When Alice receives email from an attacker unknowingly, she writes it to her encrypted disk, thereby encrypting the adversary's email using her secret key. If later the adversary steals this disc, then he can obtains the encryption of an email that he sent Alice under Alice's secret key. So that's an example of a chosen plain text attack, where the adversary provided Alice with a message and she encrypted that message using her own key. And later the attacker is able to obtain the resulting cipher text and thereby the encryption key. Devise a solution to this problem using a two factor decipher method. Explain your solution. (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q7. Describe at least 7 physical security measures you would put in place to protect a computer network under your care? (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q8. Which key areas would you look at in order to assess the vulnerability of a computer system? What tools would you use to assess the vulnerability? List at least 10 areas. (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q9. What is the Key Management problem? Outline a methodology you might use to securely distribute Private, Session and Public Keys in a distributed network. Include the solution to forgotten, lost, stolen and compromised keys. Explain the Key Management Problem in Linux (10 points). CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q10. Briefly discuss the major loopholes in web based, and mobile systems today? What five steps might you take to make web based and mobile systems more secure particularly with regard to open code HTML , Scripts, Browser caches, Navigable Directories, Folders and the fact that major Search Engines easily access information stored on different computers connected to the Internet?