INFA 620 - NETWORK AND INTERNET SECURITY

This is an open-book individual exam. You may use any resources in addition to the textbook, but you should do it individually without collaborating with others. Questions should be answered in your own words. Use quotation marks if not using your own words, and do not forget to cite full reference when necessary. Unless specified otherwise all multiple choice questions have only one correct answer.
Other Guidelines:

• You should submit your exam to your assignment folder in LEO as an HTML, MS-Word or plain text. When using HTML or plain text, you can either use the window available to paste your work, or attach your file.

• Repeat the text of the questions you have answered.

• Be the clearest and objective you can in all questions and be sure you are answering what is asked.

• Put your name in the exam.

PROBLEM 1 - General questions (20 points) ?(5 pts each)

a) Which of the following is considered the first line of defense against human behavior? Explain.

A) Policies

B) Cryptography

C) Physical security

D) Business continuity planning

b) Select from the following the best definition of security risk analysis:?A) Risk analysis looks at the probability that a vulnerability exists in your system.

B) Risk analysis looks at the probability that your security measures won't stop a hacker breaking in to your system.

C) Risk analysis looks at the probability that a hacker may break in to your system.

D) Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.

E) Risk analysis looks at the consequences of being connected to the Internet.

c) Which answer governs how a network might be configured and operated as well as how people are expected to behave on it?

Explain.?A) Network documentation?B) Regulations?C) Procedures?D) Policies

d) Which answer is one that contains actions to be taken in a certain situation like how long before users must change passwords, actions to take if an infiltration takes place or a users steals corporate date? Explain.

A) Policies

B) Documentation

C) Regulations

D) Procedures

PROBLEM 2 - Networking Fundamentals (20 points)?(5 pts each)
a) While using which type of networking device would each host 'see' all other traffic on the network? Explain.?A) Network Switch?B) Network Router?C) Network Hub?D) Token Ring Network

b) Which type of network device divides broadcast domains? Explain.?A) Switches?B) Hubs?C) Routers?D) Bridges

c) What destination MAC Address would be added to a packet on the route to a remote computer? Explain.

A) MAC Address of the far side of the default gateway

B) MAC Address of your computer

C) Exterior MAC Address of the remote Server

D) Interior MAC address of default gateway

d) You have two network segments separated by a router. A host on one segment does an ARP request for a certain IP Address. Would that request cross the router? Explain.

A) Yes, because routers forward broadcasts

B) Yes, if there is a hub between segments

C) Only if you have a Caching Engine

D) No, routers do not forward broadcasts
PROBLEM 3 - Cryptography Fundamentals (20 points)
(5 pts each)

a) Users in your organization sign their emails with digital signatures. What provides integrity for these certificates? Explain.

A) Hashing

B) Encryption

C) Non-repudiation

D) Private key

b) Bob wants to send a secure email to Alice so he decides to encrypt it. Bob wants to ensure that Alice can verify that he sent it. Which of the following does Alice need to verify the certificate that Bob used in this process is valid? Explain.

A) Alice's public key

B) Alice's private key

C) Bob's private key

D) Bob's public key

E) The CA's private key

F) The CA's public key

c) Which cryptographic system provides both data security and non-repudiation? Explain.

A) 3DES - Triple Data Encryption Standard

B) PKI - Public Key Infrastructure

C) DES - Data Encryption Standard

D) AES - Advanced Encryption Standard

d) When a user needs to provide message integrity, what options may be the best?

A) Send a digital signature of the message to the recipient

B) Encrypt the message with a symmetric algorithm and send it

C) Create a checksum, append it to the message, encrypt the message, then send it to the recipient

D) Encrypt the message with a private key so the recipient can decrypt with the corresponding public key?
PROBLEM 4 - Network Vulnerabilities, Attacks and Countermeasures (20 points)
(5 pts each)

a) Which of the following is not to be considered a cyber attack? Explain.?A) A nuclear electromagnetic pulse (EMP) that knocks out all electronic devices.

B) Trust exploitation.

C) Access control.

D) Port redirection.

E) Man-in-the-middle.

b) Which denial of service attack involves sending crafted ICMP packets which have a source address of the victim and all responses go to the victim?

A) Macro Virus

B) SYN Flood

C) Smurf Attack

D) Buffer Overflow

c) Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What best describes this activity?

A) Targeted attack

B) Sniffing

C) Spear phishing

D) Advanced persistent threat

d) Which component of an effective penetration test involves contacting users and asking questions about the corporate network in an attempt to gather intelligence? Explain.

A) Man-in-the-Middle Attack

B) Phishing

C) Spear Phishing

D) Social Engineering
PROBLEM 5 - Authentication and Authorization Controls (20 points)
(5 pts each)
a) Consider the following protocol that involves both RSA public-key operations and DES. Suppose that A has an RSA private key prv(A) and an RSA public key pub(A). Suppose that B has an RSA private key prv(B) and an RSA public key pub(B). Assume both A and B knows each other's public key. A wants to send B some message M. A selects random DES key K and send B the following two messages:
-- Epub(B)( K, Sigprv(A)(K))
-- EK(M)
"E" means encryption and "Sig" means digital signature. Which of the following statement(s) is true? Briefly explain why or why not.

(A) Only B can decipher the contents of the message M

(B) B is certain that the message M is from A

(C) B can prove to a third party that the message M arrived from A.

b) The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement? Explain.

A) Fingerprint scan and retina scan

B) Password and PIN

C) Hardware token and PIN

D) Smart card

c) Apart from having strong passwords, what can mitigate brute force logon attempts? Explain.

A) Automatic Account Lockouts

B) Renaming Administrator Accounts

C) Disable the Administrator Account

D) Security Audits

d) A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server? Explain.

A) Access control

B) Authentication

C) Authorization

D) Identification