CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor CSCI4911 Special Topics: Systems Security Administration Certification Examination Due Tuesday Dec 10thth 2013 by 11.55pm INSTRUCTIONS 1. Please answer all 10 questions in this document (in the boxes provided) and email it to Robert.owor@asurams.edu on or before Tuesday December 10th 2013, 11.55pm. Each question is worth 10 points. Make sure you include your first and last name in the document, when you email it as an attachment. 2. In the Subject Header of the email, you should include the following: CSCI4911 Special Topics: Certification Exam, Your Last Name, Your First Name, and Due Date. Late Exam submissions are not accepted except where a valid excuse with evidence is provided. 3. Use Times Roman Font Size 10 in all your answers. STUDENT DETAILS LAST NAME: FIRST NAME: DO NOT WRITE ANYTHING BETWEEN THE LINES BELOW: INSTRUCTOR’S EVALUATION SCORE: COMMENTS: CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q1. List 5 security risks do you envisage in a 4G Wi-Fi network? (10 points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q2. CNN recently reported massive hacking of 2 million Google, FaceBook, Yahoo and ADP Account USERIDs and PASSWORDS using Keyboard Logging Software. Explain how Keyboard Logging software works and how it could be stealthily installed on someone’s computer. How can you guard against this? CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q3. Why is Social Engineering and social networking a danger to Electronic Security Networks? Discuss this example with reference the Security Principles of Integrity, Confidentiality, Availability and Authenticity. (10 Points) 3. Comment on the statement “normal flow is the best-case scenario.” What are some of the CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q4. Explain the difference between Symmetric and Asymmetric Cryptography? Which would you choose and under what conditions? Explain why the Browser Cache, Download Folders and File Deletion pose security risks on Computer Systems. What security precautions must one take to protect a file on a publicly accessible computer, network or file system? Give examples of your own experience in any computer security exercise you have done. (10 points) 4. What is the difference between an information system and information technology? CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q5. What is the brute force attack method? Discuss how brute force may be used to attack an encryption scheme (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q6. What balance might you establish between the need to share information between Security Agencies versus the risk of “too many people having access to vital information” and using it for the wrong purpose? Explain what is meant by Semantic Encryption and how it can be broken in cases where information must be shared among many parties? Discuss the example with respect to the case below. (10 Points) When Alice receives email from an attacker unknowingly, she writes it to her encrypted disk, thereby encrypting the adversary's email using her secret key. If later the adversary steals this disc, then he can obtains the encryption of an email that he sent Alice under Alice's secret key. So that's an example of a chosen plain text attack, where the adversary provided Alice with a message and she encrypted that message using her own key. And later the attacker is able to obtain the resulting cipher text and thereby the encryption key. CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q7. Describe at least 5 physical security measures you would put in place to protect a computer network under your care? (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q8. Which key areas would you look at in order to assess the vulnerability of a computer system? List at least 10 areas. (10 Points) CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q9. What is the Key Management problem? Outline a methodology you might use to securely distribute Private, Session and Public Keys in a distributed network. Include the solution to forgotten, lost, stolen and compromised keys (10 points). CSCI4911 Systems Security Administration Certification Examination– Dr. Robert Owor Q10. Briefly discuss the major loopholes in web based, and mobile systems today? What five steps might you take to make web based and mobile systems more secure particularly with regard to open code HTML , Scripts, Browser caches, Navigable Directories, Folders and the fact that major Search Engines easily access information stored on different computers connected to the Internet?