Philadelphia University
Faculty Of Administrative & Financial Sciences
Business Networking and Systems Management Department
Network Security & Firewalls Fundamentals
0371410
Sample Final Exam - First Semester 2010/2011
Student Name:
Student Number:
Section:
Pages:
Course instructors
Course coordinator
Internal Examiner
6/6
Ahmad Al-Ghoul
Student information:
1- This exam contains 3 major questions.
2- The student must have all his instruments required for this exam.
3- Each question mark written beside the question
Q.1. Answer with True or False
1-Integrity mean assets can be modified only by authorized parties or only in authorized
ways._______
2-Confidentiality mean assets are accessible to unauthorized parties._________
3-Interception: means –an unauthorized party not only accesses but tampers with an asset.
________
4-Fabrication: authorized party fabricates counterfeit objects on a computing system.
_____________
5-virus: a specific type of Trojan horse that can be used to spread infection from one computer
to anther._______
6-operating system controls: limitations enforced by the user to protect each user from all other
users.__________
7–development controls: quality standards under which a program is designed, coded, tested,
and maintained.________
8-enciphering: the process of translating entire words or phrases to other words or
phrases.________
9-encryption: the group term that covers both encoding and enciphering.___________
10- Digital signature is a sort of protocol that provides authenticity
and identification of the user _________
11- Different operating systems have different ACL terms ________
12- Cryptanalysis Means code making. __________
)1(
13- Security depends on the secrecy of the algorithm, not the secrecy of the key. _________
14- Key Size: smaller key size means greater security. _________
15-Hash Functions A hash function is a one way function that maps values from a large
domain into a comparatively small range known as a digest. ___________
16- Symmetric Cryptosystem: KE = KD. __________
17- Authentication being able to determine and allow the user only those resources the user has
ability to utilize. _________
18- Authorization : To prove positively that the user is what he/she claims to be.
19 –Confidentiality – the assets of a computing system are accessible only by authorized
parties. ___________
20- Masquerade – one entity pretends to be a different entity. ______
21- Denial of service: Means passive capture of information and its retransmission.
__________
22- In a two- computer communication, both computers must follow the same protocol in order
for either to participate. ___________
23–protocols separate the process of accomplishing a task from the mechanism by which it is
done. _________
24- A protocol specifies only the rules of behavior . ____________
25-In Protocol we cant change the implementation without affecting the design. _______
26- Adjudicated causes a time delay in communication because a third party must receive, act
on, and then forward every transaction. __________
27- Key Size: larger key size means greater security. ___________
28- Secrecy becomes vulnerable, because the arbiter has access to much sensitive information.
___________
29- Adjudicated protocols detect a failure to cooperate after the failure has occurred. ________
30- The less cipher text the cryptanalyst has to work with, the greater the likelihood of a
success. _________________
31- Public key certificate is the digital signature on the identities and its public key by CA.
_______________
32- Theoretically, it is impossible to devise unbreakable cryptosystems. _______
)2(
33 –Speed of Encryption block symmetric > stream symmetric > asymmetric. ________
34- Number of rounds: multiple rounds offer dcreasing security. __________________
35 –A protocol is an orderly sequence of steps two or more parties take to accomplish some
task. ________
36- One-way encryption, allows for the encryption of some plain text, but does not provide a
way in which to convert the cipher text back to its original form. _________
37-Resident viruses - Locates itself in CPU so that it can remain active even after its attached
program ends. ________
38- Logic Bomb - A class of malicious code that detonates when a specified condition occurs
_______
39- Integrated Viruses : Virus code runs the original program but has control before and after
its execution. ___________
40-Boot Sector Viruses gains control very early in the boot process before most detection tools
are active. ______________
41- Virus signatures are used by virus scanners to detect the virus ___________
42- Viruses can’t infect hardware. _________
43- Password authentication assumes that anyone who knows the password is the user to whom
the password belongs. ________
Q.2. Circle the correct answer for each problem:
1-Interruption affects
A- availability
B- integrity
C- authenticity
D- none of the above
2-Error detection and correction is one of the aspects of
A- availability
B- integrity
C- authenticity
D- none of the above
3-Trojan horse is.
A- a program that has a secret entry point.
B- program that does one thing while covertly doing anther.
C- A Hardware.
D- All of the above.
)3(
4-
the above graph represent the.
A- Asymmetric Cryptosystem
B- symmetric Cryptosystem
C- Hash function
D- Web Access with SSL
5- the most important resource security try to protect is.
A- Equipment.
B- –Systems
C- Data and Information
D- All of the above
6- Threat Means
A- measure of the possibility of security breaches and severity of the damage
B- potential occurrence that can have an undesired effect on the system
C- action of malicious intruder that exploits vulnerabilities of the system to
cause a
threat to occur
D- None of the above
7- Modification: Means.
A- unauthorized party fabricate counterfeit objects on a computing system
B- An asset of the system becomes lost, unavailable, or unusable.
C- an unauthorized party not only accesses but tampers with an asset
D- Some unauthorized party has gained access to an asset
8-In a computer protocol arbiter is a trustworthy third party who ensures
A- Fairness.
B- Truth.
C- Data.
D- People.
9- To prevent reusable in symmetric key digital signature you can use .
A-chain cipher.
B- format cipher
B- time stamp.
C- Post stamp.
10- Practical cryptosystems almost always are breakable given adequate
A- Time.
B- Computing power.
C- bounded waiting time.
D- A & B
)4(
11- Low error propagation is one of the advantages of.
A- asymmetric
B- Block Ciphers
C- Stream Ciphers
D- none of the above.
12- in Substitution ciphers.
A- The order of plaintext letters is rearranged during encryption
B- Letters of the plaintext messages are replaced with other letters during the encryption
C- none of the above
D- A & B
13- Confusion means.
A- Ciphertext size should not be larger than plaintext
B- Change in the plaintext should affect many parts of the ciphertext
C- The change in ciphertext triggered by an alteration in the plaintext should be unpredictable
D- A & B
14- If the one-way encrypted passwords somehow fall into the hands of a third-party
A- it can decrypt the password by reversing back the one way encryption to obtain the
passwords
B- it can get the passwords from the file they have
C- The change in ciphertext triggered by an alteration in the plaintext should be unpredictable
D- it isn't going to do much good because they can never be converted back to plain text.
15- Substitution ciphers.
A- The order of plaintext letters is rearranged during encryption.
B- Letters of the plaintext messages are replaced with other letters during the encryption.
C- A & B.
D- None of the above.
16- Transient Viruses
A- Locates itself in memory so that it can remain active even after its attached program ends
B- –Runs when its attached program executes and terminates when its attached program ends
C- A & B
D- none of the above
17- Virus attaches itself to memory resident code.
A- Virus gains control very early in the boot process before most detection tools are active.
B- Virus is activated many times while the machine is running
C- Virus embeds itself in data files
D- None of the above.
Q.3. for each of the following problems, discuss each briefly.
)5(
1)suppose one party, say Allice want to send a message to second party say Bob write the
steps needs to encrypt this massage and sign it with Allice digital signature using public key
Cryptographic System and hash function.
2) Distinguish between Threat, Risk, Attack
3) There are four factors that affect the effectiveness of controls. write them and discuss how
they affect the control.
4) Discuss the three software security tools attempt to prevent exploitation of the
vulnerabilities of computing system.
5) Describe the threats to Software
6) write down the steps for a protocol to solve the problem of exchanging key with
Symmetric Key with Server.
7) Discuss the four Characteristics for a good Protocol.
8) Discuss the three kinds of Protocols, the main points to discuss are
- the way they use
- advantages
- disadvantages
9) write down the steps for a protocol to solve the problem of exchanging key with
Asymmetric Key with Server.
10) Discuss the four primary and desirable conditions for a digital signature .
11) write down the steps for a protocol to solve the problem of digital signature for
symmetric key without encryption.
12) discus the advantages and disadvantages of Arbitrated Protocols
13) Distinguish between, Worm, Trojan Horse, Trapdoor and Logic bomb.
14) Discuss the four methods viruses applied to attach.
15) Write down the stepes to Prevent Virus Infection in your system.
16) Discuss the process CHAP used to authenticate the user.( 5 marks )
17) PAP provides a simple method for the peer to establish its identity using a 2-way
handshake. describe the 2 way handshake for PAP.( 3 marks )
18) RADIUS can be implement in two scenario discuss the two scenarios and the differences
between them ( 3 marks)
19) IPsec has two types discuss the differences between those two types. (3 marks)
)6(
With all my best wishes
)7(