Hw assignment | Computer Science homework help

Homework Assignment

T  F         Deep packet inspection firewalls protect networks by blocking packets based on the packets’ header information at the network (IP) layer. Answer: _
T  F         Employers have the right (and in some cases the obligation) to see any information stored, transmitted, or communicated within the employer’s environment. This legal right is the basis for monitoring (or at least explicitly stating the right to monitor) email, network traffic, voice, wireless, and other communications.Answer: _____
T  F         Intrusion Detection Systems (IDS) provide no protection from internal threats. Answer: _
T  F         A Denial-of-Service attack does not require the attacker to penetrate the target’s security defenses.   Answer: _____

 

T  F         Security awareness, training, and education programs are key components of organizational risk management strategies.

Answer: 
 
 
Part 2: Multiple Choice Questions. Print the correct answer in the blank following the question .(20 questions at 2 points each, 40 points in all)
 
1.       Match the following (and select the one (among the a., b., c., and d. choices below that has the right set of matches): 
A. Network Layer is            1. Responsible for coordinating communication between applications.
B. Physical Layer  is      2. Responsible for supporting useful functions over the transport layer such identity/location of applications.C. Application Layer   is      3. Responsible for moving information between hosts that are not directly connected.D. Transport Layer   is         4. Responsible for moving bits between the nodes in the network.
 
a.       A—>3; B—>4; C—>2; D—>1
b.      A—>2; B—>4; C—>1; D—>4
c.       A—>2; B—>3; C—>4; D—>1
d.      A—>3; B—>4; C—>1; D—>2
 
Answer: _____________
 
2.       Protection of a software program that uses a unique, novel algorithm could legally be protected by:
a.       A patent
b.      A copyright
c.       A trademark
d.      Ethical standards
 
Answer: _____
 
3.       Security threats include which of the following:
a.       Unlocked doors
b.      Disgruntled employees
c.       Hurricanes
d.      Un-patched software programs
e.      All of the above
 
Answer: _____
 
4.       Denial of service attacks include:
a.       Buffer overflow attack
b.      Smurf attack
c.       Ping flood attack
d.      SYN flood attack
e.      All of the above
 
Answer: _____
 
5.       A disgruntled employee creates a utility for purging old emails from the server. Inside the utility is code that that will erase the server’s hard drive contents on January 1, 2015. This is an example of which of the following attacks?
 
a.       Virus
b.      Logic Bomb
c.       Spoofing
d.      Trojan horse
 
Answer: _____
 
6.       Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left to keep the formula secret. They would like to protect this formula for as long as possible. What type of intellectual property protection best suits their needs?
 
a.       Copyright
b.      Trademark
c.       Patent
d.      Trade Secret
 
Answer:  _______
 
7.       You should clear cookies in your browser periodically because:
 
a.       They (Cookies) can be used to track your web browsing behavior and thus can invade your privacy.
b.      They  can facilitate impersonation attacks.
c.       They can be used to spread viruses
d.      a.& b.
e.      b. & c.
f.        a., b. & c.
 
Answer:  _________
 
8.        A TCP/IP session hijacking can be best described as:
 

a.

Providing false identity information to gain unauthorized access

b.

An established connection without specifying a username or password

c.

An attacker takes control of a session between the server and a client

d.

Flooding the connection with too many requests

 
Answer: _________
 
9.       Tracker attacks in databases get around:
a.       Anonymization
b.      Data transformation
c.       Query size restriction
d.      Data partitioning
Answer: _________
10.  A race condition attack can result in:
a.       A symbolic link
b.      Object orientation
c.       A deadlock
d.      Access to low address memory locations
Answer: __________
 
11.  __________ is when the data in the SDB can be modified so as to produce statistics that cannot be used to infer values for individual record resource.
a.       Data perturbation
b.      Database access control
c.       Inference channeling
d.      Output perturbation
Answer: _________
12.  With __________ the records in the database are clustered into a number of mutually exclusive groups and the user may only query the statistical properties of each group as a whole.
a.       compromise
b.      inference
c.       partitioning
d.      query restriction
Answer:________
13.  A web session (i.e., a session between a web browser and a web server) can be protected against the risk of eavesdropping in an economical and convenient manner through the use of which of the following?
a.       IPSec
b.      Hypertext transfer protocol over secure socket layer
c.       Link encryption
d.      Microsoft Encrypting File System (EFS)
Answer:  ______
               
14.  While reviewing the security logs for your server, you notice that a user on the Internet has attempted to access one of your internal application servers. Although it appears that the user’s attempts were unsuccessful, you are still very concerned about the possibility that your systems may be compromised. Which of the following solutions are you most likely to implement?
 
a.       A firewall system at the connection point to the Internet
b.      An improved RBAC-based access control system for the application servers
c.       File-level encryption
d.      Kerberos authentication
 
Answer: _______
 
15.   What specific policy might most likely recommend removing a server from the network and re-installing all software and data?
 

a.

A privacy policy

b.

An authentication policy

c.

An incident response policy

d.

Wireless network access policy

                        Answer: ________
 
16.   The security risk of allowing dynamic content ( to execute) on a target machine is:
a.       The time delay from when it is downloaded and executed could make  the browser experience not very satisfying.
b.      Malware may be included in the downloaded code and infect the target machine.
c.       The mobile code author may never be known.
d.      None of the above.
Answer: _______                     
 
17.   Encrypting a message with a private key (of the sender) in an asymmetric system provides:
a.       Proof of receipt
b.      Confidentiality
c.       Proof of origin
d.      Message availability
Answer:_______
 
18.   The upper layers of the OSI model are in correct order in the following:.
 
a.       Session, application, presentation
b.      Session, presentation, application
c.       Session, application, presentation, physical
d.      Application, presentation, session, physical
 
Answer: _______
 
19.   In relational database parlance, the basic building block is a __________, which is a flat table.
 
a.       attribute                                                     
b.      tuple                            
c.       primary key                                               
d.      relation
 
Answer: _____
 
20.   Routers operate at the _____________ of the OSI stack?
a.       Transport
b.      Application
c.       Session
d.      Network
Answer: _____