here

advertisement
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
CSCI4911 Special Topics: Systems Security Administration Certification Examination
Due Tuesday Dec 10thth 2013 by 11.55pm
INSTRUCTIONS
1. Please answer all 10 questions in this document (in the boxes provided) and email it to
Robert.owor@asurams.edu on or before Tuesday December 10th 2013, 11.55pm. Each question is worth 10 points.
Make sure you include your first and last name in the document, when you email it as an attachment.
2. In the Subject Header of the email, you should include the following: CSCI4911 Special Topics: Certification
Exam, Your Last Name, Your First Name, and Due Date. Late Exam submissions are not accepted except where
a valid excuse with evidence is provided.
3. Use Times Roman Font Size 10 in all your answers.
STUDENT DETAILS
LAST NAME:
FIRST NAME:
DO NOT WRITE ANYTHING BETWEEN THE LINES BELOW:
INSTRUCTOR’S EVALUATION
SCORE:
COMMENTS:
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q1. List 5 security risks do you envisage in a 4G Wi-Fi network? (10 points)
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q2. CNN recently reported massive hacking of 2 million Google, FaceBook, Yahoo and ADP
Account USERIDs and PASSWORDS using Keyboard Logging Software. Explain how
Keyboard Logging software works and how it could be stealthily installed on someone’s
computer. How can you guard against this?
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q3. Why is Social Engineering and social networking a danger to Electronic Security Networks? Discuss
this example with reference the Security Principles of Integrity, Confidentiality, Availability and
Authenticity. (10 Points)
3. Comment on the statement “normal flow is the best-case scenario.” What are some of the
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q4. Explain the difference between Symmetric and Asymmetric Cryptography? Which would you
choose and under what conditions? Explain why the Browser Cache, Download Folders and File
Deletion pose security risks on Computer Systems. What security precautions must one take to
protect a file on a publicly accessible computer, network or file system? Give examples of your own
experience in any computer security exercise you have done. (10 points)
4. What is the difference between an information system and information technology?
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q5. What is the brute force attack method? Discuss how brute force may be used to attack an
encryption scheme (10 Points)
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q6. What balance might you establish between the need to share information between Security
Agencies versus the risk of “too many people having access to vital information” and using it for the
wrong purpose? Explain what is meant by Semantic Encryption and how it can be broken in cases
where information must be shared among many parties? Discuss the example with respect to the
case below. (10 Points)
When Alice receives email from an attacker unknowingly, she writes it to her encrypted disk, thereby
encrypting the adversary's email using her secret key. If later the adversary steals this disc, then he can
obtains the encryption of an email that he sent Alice under Alice's secret key.
So that's an example of a chosen plain text attack, where the adversary provided Alice with a message
and she encrypted that message using her own key. And later the attacker is able to obtain the resulting
cipher text and thereby the encryption key.
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q7. Describe at least 5 physical security measures you would put in place to protect a computer
network under your care? (10 Points)
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q8. Which key areas would you look at in order to assess the vulnerability of a computer system? List
at least 10 areas. (10 Points)
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q9. What is the Key Management problem? Outline a methodology you might use to securely
distribute Private, Session and Public Keys in a distributed network. Include the solution to forgotten,
lost, stolen and compromised keys (10 points).
CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor
Q10. Briefly discuss the major loopholes in web based, and mobile systems today? What five steps
might you take to make web based and mobile systems more secure particularly with regard to open
code HTML , Scripts, Browser caches, Navigable Directories, Folders and the fact that major Search
Engines easily access information stored on different computers connected to the Internet?
Download