TEST 1
Name:
Answer
the following questions. Be brief and
precise! You have 75 minutes to finish the exam.
I.
(30 points) Multiple choice (similar to textbook materials)
II.
Short Questions (40 points) (4 questions)
- Explain the main components of computer security
risk management.
- Explain and give
examples of security objectives.
- What is the difference
between security policy and mechanism?
- What are
the security trade-offs?
- Describe the process you use for security risk
management for your computer system.
- Briefly explain why
layering helps understanding computer network communications.
- Describe active/passive
threats.
- Give an example of
security enforcement.
- What are the
advantages/disadvantages of enforcing security at different layers of
TCP/IP protocol?
- What is internet
fraud?
- What are the risks
associated with web browsers?
- What is the difference
between illegal and unethical online activities?
- Social Networks, such
as Facebook and Myspace, are popular
applications. Explain the privacy
risk represented by these applications.
- Who might want to attack the program and why?
What are the risks?
III. Exercises
(30 points) (2 exercises)
- Describe your operating
system and how you support identification in your system. Recommend improvement of the current
method.
- Develop a personal
security policy to reduce the risk of falling victim to internet fraud.
- Create measurement of
your computing resources.
- Your boss wants to
implement low cost communication security. What layer of TCP/IP would you recommend. Why?
- Preserving confidentiality, integrity,
and availability is a restatement of the concern over interruption,
interception, modification, and fabrication. How do the first three
concepts relate to the last four?