TEST 1

Name:

 

Answer the following questions.  Be brief and precise! You have 75 minutes to finish the exam.

I. (30 points) Multiple choice (similar to textbook materials)

 

 

 

II. Short Questions (40 points) (4  questions)

 

 

1. Explain the main components of computer security risk management.
2. Explain and give examples of security objectives.
3. What is the difference between security policy and mechanism?
4. What are the security trade-offs?
5. Describe the process you use for security risk management for your computer system.
6. Briefly explain why layering helps understanding computer network communications.
7. Describe active/passive threats.
8. Give an example of security enforcement.
9. What are the advantages/disadvantages of enforcing security at different layers of TCP/IP protocol?
10. What is internet fraud? 
11. What are the risks associated with web browsers?
12. What is the difference between illegal and unethical online activities?
13. Social Networks, such as Facebook and Myspace, are popular applications.  Explain the privacy risk represented by these applications.   
14. Who might want to attack the program and why? What are the risks?

 

 

 

 

 

 III. Exercises (30 points) (2 exercises)

1. Describe your operating system and how you support identification in your system.  Recommend improvement of the current method.
2. Develop a personal security policy to reduce the risk of falling victim to internet fraud.
3. Create measurement of your computing resources.
4. Your boss wants to implement low cost communication security. What layer of TCP/IP would you recommend. Why?
5. Preserving confidentiality, integrity, and availability is a restatement of the concern over interruption, interception, modification, and fabrication. How do the first three concepts relate to the last four?