Will be submitted to Turnitin. Wiki reference(s) will not be accepted and please do not use any wiki references in your midterm.
All questions answers have to be explained even the fill in the blanks.
Proper APA format
Answer the following questions.
1. You have two (2) data centers shown below. You are the information security design engineer for Bonner Corporation. You have been asked to develop three (3) requirements for the data centers that address CIA. Please identify the requirements you are addressing and describe it in detail. (9 Points)
2. To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol. (5 points)
A. eavesdropping C. Trojan horse
B. challenge-response
D. denial-of-service
3. The _______ is a hardware module that is at the heart of a hardware/software approach to trusted computing.(5 points)
A. BLP B. TC
C. CC D. TPM
4. You are an investigator for Bonner Corporation and your new assignment is to understand how information is being leaked out of a top secret place. As part of this new assignment you have been asked to give a short brief to the customer and address the following areas:
a. Sketch the Hierarchy of Sensitivities. (Hint: Must include Top Secret, Secret, Confidential, Restricted, and Unclassified). Label on your sketch the most sensitive, and least sensitive. (6 points)
b. Discuss clearances (2 points)
c. Covert Channels and is that a potential issue for this investigation? (2 points).2
5. _________ is sharing responsibility for the risk with a third party. (5 POINTS)
6. Not proceeding with the activity or system that creates the risk is _________.(5 POINTS)
7. The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________. (5 POINTS)
A. SHA B. RSA
C. AES D. DSS
8. Professor Bonner has a classified phone. Fill in the blanks based on two-factor authentication. (6 points)
Something_____________
Something_____________
9. The advantages of the _________ approach are that it doesn’t require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems.(5 points)
A. combined B. informal
C. baseline D. detailed
10. Maintaining and improving the information security risk management process in response to incidents is part of the _________ step. (5 points)
A. act B. plan
C. check D. do
11. __________ controls access based on comparing security labels with security clearances. (5 points)
A. MAC B. DAC
C. RBAC D. MBAC
12. A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.(5 points)
A. digital signature B. keystream
C. one way hash function D. secret key
13. Digital signatures and key management are the two most important applications of __________ encryption.(5 points)
A. private-key B. public-key
C. preimage resistant D. advanced
14. Answer the following Problems:
Company | Type |
Bonner | Bank |
Bird | Airline |
Ravens | Airline |
Lemon | Soap Company |
Orioles | Airline |
SHORTY | Bank |
Turtle | Soap Company |
BIG BOB | Bank |
Security Policy: Chinese Wall
(a) Suppose you read from a file on Bonner, then request for access to Bird followed by the subsequent request for access to Lemon.
Do you think the requests will be granted based on the Chinese Wall Security Policy? Why? (5 points)
(b) Suppose you read from a file on “BIG BOB”, then request for access to “SHORTY” followed by the subsequent request for access to Bonner. Do you think the requests will be granted based on the Chinese Wall Security Policy? Why? (5 points)
15. An IT security ________ helps to reduce risks.(5 points)
A. control B. safeguard
C. countermeasure D. all of the above
DC2
DC1
1
1