3tsy2012-2013 secunet midterm exam_answkey

7/28/2019 3tsy2012-2013 Secunet Midterm Exam_answkey

1/2

3TSY2012-2013 SECUNET Page 1 of 2

FEU-East Asia CollegeInformation Technology

ITIE533 NETWORK SECURITY

MIDTERM EXAMINATION 3TSY2012-2013

Name Block Score

GENERAL INSTRUCTIONS:1. Follow all instructions carefully. Failure to do so will warrant a substantial deduction from your final score.2. Write everything in non-red ink. No borrowing of pens, calculators, etc.3. You are not allowed to leave your seat unless you are through with the exam. If you have any questions, just raise your hand and the

instructor or proctor will attend to you.4. Talking to or looking at your seatmate (and his/her paper) is automatically considered as cheating which is subject to very serious sanctions as

stipulated in the student handbook.

GOOD LUCK ! ! !

TEST I. MULTIPLE CHOICE. Choose the letter of the BEST answer. Write your answer on the space provided. Use

UPPERCASE letters only. (2 points each). STRICTLY NO ERASURES or ALTERATIONS.1. What security mechanism that prevents unauthorized

access to facilities, systems, network resources, andinformation

2. It refers to dividing tasks between different people to

complete a business process or work function

a. Access control d. a & bb. Security control e. a, b & cc. Physical control f. None of the above

a. Data access control d. a & bb. Separation of duties e. a, b & cc. Management Guidelines f. None of the above

3. It specifies to which users have what privileges to aresource.

4. This includes policies and procedures, security awarenesstraining, background investigations, work habits audits,testing and supervisory structures.

a. access control domain d. a & bb. Access control medium e. a, b & cc. access control list f. None of the above

a. Technical controls d. a & bb. Physical controls e. a, b & cc. Administrative Controls f. None of the above

5. This includes antivirus software, encryption, transmissionprotocols, network architecture, passwords, intrusiondetection systems and network access

6. This includes perimeter security, network separation,work area separation, data backups, computer controls,security guards, lock boxes, and cable protections.



7. An access control model that bases access decisions onwho owns the data.

8. It displays the access held by users to an object.

a. Rule-based Access d. a & bb. Discretionary Access e. a, b & cc. Mandatory Access f. None of the above

a. Access Table d. a & bb. Control Matrix e. a, b & cc. Access Control Matrix f. None of the above

9. It is an access control model that bases access decisionson a users position and job function within anorganization.

10. A security standard that prevents unauthorized access tothe information associated with user account.

a. Non-discretionary Access d. a & bb. Discretionary Access e. a, b & cc. Mandatory Access f. None of the above

a. encryption d. a & bb. decryption e. a, b, & cc. password f. None of the above

11. A type of password that requires a numerical or charactersequence longer than a standard number for a password.

12. These authenticate a used based on actual physicalcharacteristics.

a. brute force password d. a & bb. token e. a, b & cc. paraphrase f. None of the above

a. smart cards d. a & bb. paraphrase password e. a, b & cc. biometrics f. None of the above

13. Which is the correct order for the three steps that mustoccur for a student to login the schools network system?

14. What information might serve as an effective method ofidentification?

a. Authentication, Identification, authorizationb. Authorization, authentication, identificationc. Identification, authentication, authorizationd. Identification, authorization, authenticatione. a & bf. None of the above

a. Student name d. a & bb. Palm scan e. Course IDc. Smart card f. None of the above

15. What alternative method of identification could be used if

the system was designed around a role-based accesscontrol model?

16. What method of authentication would serve best for a

network system?

a. Student name d. a & bb. Palm scan e. Course IDc. Smart card f. None of the above

a. Last four-digit of the social security numberb. Email addressc. Student ID numberd. Digital signaturee. a & bf. None of the above

7/28/2019 3tsy2012-2013 Secunet Midterm Exam_answkey

2/2

3TSY2012-2013 SECUNET Page 2 of 2

17. What safeguards could you employ on the system toprevent future unauthorized use of a system?

18. A security tool that monitors system activity ad recordsthese events to an audit log

a. Password agingb. Limit the number and frequency of logonsc. Limit the number of unsuccessful logon attemptsd. Allow only static passwordse. a & bf. None of the above

a. auditingb. accountingc. information system monitoringd. Authenticatinge. Authorizingf. None of the above

19. An electronic record of who has accessed the computersystem and what operation were performed.

20. It is a security measure that exposes a networksvulnerabilities by performing simulated attack on anetwork.

a. Log book d. Audit logon bookb. Audit book e. a, b & cc. Audit trail f. None of the above

a. Simulation Testing d. a & bb. Simulated attack e. a, b & cc. Penetration testing f. None of the above

21. Upon reviewing the data, you find that the informationcontains rules and laws for your industry. What is thepurpose of the policy?

22. It is the security management process for addressing anyrisk to an organization.

a.

Legal d. Regulatoryb. Informative e. a, b & cc. Advisory f. None of the above

a.

Risk Assessment d. a & bb. Risk Analysis e. a, b & cc. Risk Management f. None of the above

23. It is the foundation for the creation and implementation ofsecurity programs.

24. Which of the following will you examine first fororganizational security?

a. Security Goals d. a & bb. Security Policy e. a, b & cc. Security Objectives f. None of the above

a. Risks d. New Productsb. Threats e. Worker safetyc. Vulnerabilities f. None of the above

27. A type of Denial of Service attack that causes severecongestion of the victims network resources.

28. An access control attack who masquerade themselves astrusted user, network resources, or file.

a. Buffer overflow d. Teardrop attackb. Smurf attack e. a, b & cc. SYN Flood attack f. None of the above

a. Smurfing d. Snoopingb. Eavesdropping e. a, b & cc. Spoofing f. None of the above

29. It contains integrated circuit chips with memory and

processing capabilities to store personal information abouta user.

30. The act of validating an established identity.

a. Biometrics d. a & bb. PIN card e. a, b & cc. Smart card f. None of the above

a. Authorization d. a & bb. Authentication e. a , b & cc. Identification f. None of the above

TEST II. ACRONYMS. Give the meaning the following acronyms. Write all your answers IN UPPER-CASES only. STRICTLY NOERASURES or ALTERATIONS. (2 points each)

1. ICMP ___________________________________________________2. FTP ___________________________________________________3. DoS ___________________________________________________4. ARP ___________________________________________________5. IDS/IPS ___________________________________________________6. NAT ___________________________________________________7. CIA ___________________________________________________8. AAA ___________________________________________________9. MD5 ___________________________________________________10.ACL ___________________________________________________TEST III. ENUMERATION. Write your answers at the back of this page. Use UPPER-CASES letters only and STRICTLY NOERASURES.1 4 Four types of Access Control5 7 Three Principle of Security Control and Management8 12 Five example of Denial of Service Attack13 17 Five different methods of Countermeasure of threat attacks18 20 Three examples of access control classical model

***** END OF TEST ******

3tsy2012-2013 secunet midterm exam_answkey

Documents