IST 462 Final Exam Part 1 NAME _________________________ 1. Define the term “information security.” 2. Name and briefly describe one of the major goals of information security. 3. Explain how attackers use the concept of “buffer overflow.” 4. What is the difference between a virus and a worm? 5. Describe how attackers use a web browser to illegally access a computer system. 6. Define the term “hardening the operating system.” 7. Define the term “back door” and explain how it allows for unauthorized access to a computer system. 8. Describe what the term “DNS poisoning” refers to. 9. DNS spoofing is a specific form of DNS poisoning. Explain how DNS spoofing works. 10. Suppose a company owns an IP address of 198.60.18.0/20. Through subnetting they want to create 16 equal-size subnets. A. How many bits will this take? B. Where are these bits located? 11. Describe how NAT works. What kind of addresses is involved? 12. Explain what a DMZ is and describe how it enhances network security. 13. Does FTP encrypt data in transit? 14. How do most wireless access points control access from a remote device? 15. Describe the process WEP uses to encrypt data. 16. What does the “enforce password history” policy do? 17. If “enforce password history” is set to 12 and “minimum password age” is set to 5, then how many days must elapse before a user can reuse a previous password? 18. Describe how a time-synchronized one-time password with a token device work. 19. Define the term “risk management.” 20. What is “risk mitigation?” 21. How does “penetration testing” evaluate the security of a computer network? 22. What is a “privilege audit?” 23. How do symmetric and asymmetric cryptographic algorithms differ? 24. Determine the ciphertext that results from using a transportation cipher that rearranges letters without changing them. Use a key of: FINALEXAM and use the plaintext of: GOOD LUCK ON THIS EXAM AND HAVE A GOOD SUMMER BREAK. 25. Explain how the cipher text from Problem 24 would be translated back into plaintext.