CIS 2000 Problem Solving using Visual Basic



|MIS 4850 Systems Security |

|Quiz 1 |

|Monday, February 9, 2015 |

Student name: ____________________________________________

1. Which of the following is not among the main goals of information systems’ security seen in class?

a) Authorization

b) Availability

c) Confidentiality

d) Authenticity

e) Integrity

2. Today, having the best IT tools like firewalls, antivirus programs, intrusion detection systems, etc. is not enough to make an information security system effective and reliable. Based on one of the models/frameworks seen in class, besides IT tools, what are the two other elements that participate in determining the effectiveness of the security of information systems?

a) Routers

b) People

c) Corrective countermeasures

d) Policies

3. Which of the following statements would NOT be true about good auditing practices?

a) Log files should be read regularly.

b) External auditing should be conducted periodically.

c) Automatic alerts should be established.

d) None of the above

4. Your password policy is that: (a) the password must be 10-character long; and (b) it should include only decimal digits and alphabetic characters (lower case only). What is the maximum number of passwords the attacker would have to try in order to crack a password in your system? If you don’t have the calculator, show how you get to the answer. The Appendix (see last page) may help.

Answer: _____________________________________________________________________________

_____________________________________________________________________________________

5. Along with technology, people are among the key elements that participate in securing information systems. In a typical corporation, what may the People element represent? You should name all the possible entities (or group of people) that can be considered part of the People element.

Answer: _____________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

_____________________________________________________________________________________

********************* SEE BACK ********************

|6. |On EIU campus, when wireless users enter their credentials (username and password) for access control, the authentication takes |T |F |

| |place at the Access Point level. | | |

|7. |You can’t implement IP address access control with 2-layer Access Points. |T |F |

8. What does a router do with an IP packet when it decrements its TTL value to zero?

a) It forward the packet to the next router

b) It passes the packet to another router

c) It discards the packet

d) None of the above

9. Which of the following defines a SYN/ACK attack?

a) A kind of attack that exploits the closing of TCP/IP connections

b) A kind of eavesdropping attack

c) A kind of denial of service attack

d) A kind of attack that exploits the opening of TCP/IP connections

10. A host sends a TCP segment with source port number 21 and destination port number 40562.

Which of the following is true?

a) The source host is a client computer

b) The source host is an email server

c) The destination host is a server computer

d) The source host is a server computer

Appendix

-----------------------

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download