Part 1: True/False – Multiple Choice answers (2 points each).

• Choose the seven layers of the OSI model ordered from 1 (lowest) to 7 (highest):
• What is a common network connectivity problem that can be identified by starting at the physical layer?

• User Application, Media Access, Presentation, Network, Data, Transport, Physical
• Physical, Data, Network, Transport, Session, User, User Application
• Physical, Session, Transport, Network, Presentation, Data Link, Application
• Data, Synchronization, TCP, LAN, Wire, Presentation, User Application
• Physical, Data Link, Network, Transport, Session, Presentation, Application

Answer: ____

Answer: ____

3.What services does the presentation layer offer?

Answer: ____

4.Why is the presentation layer a better place than lower layers to use encryption? (Choose all that apply)

• The transport layer is not secure because it is an Internet protocol.
• Using the physical layer would not encrypt the application content.
• Only the application content is being encrypted.
• The data is still together as an application entity.

Answer: _____

• What layer of the OSI model coordinates communication between software applications?
• What do transport layer protocols do?
• What is created when a TCP/IP address is combined with an established port number?
  • A data offset
• What kind of information does the network layer handle?
  • Bits
  • Packets
  • Frames
  • Segments
• What is a distinct advantage of SCTP over TCP?
  • Support of TLS
  • Error-free packet delivery
  • Multi-homing
  • None of the above
• True or False
• True of False
• Data can be labeled at several levels, which of these levels is not correct:
  • At the field level
  • At the access level
  • At the record level
  • At the file level
• True or False
• All modern operating systems implement access control.What kind of access control does an Android smartphone or Iphone have right out of the box?
  • MAC
  • DAC
  • RBAC
  • ABAC
• Advanced malware typically comes via distribution channels.All of these are potential distribution channels except:
  • Drive-by download
  • Unsolicited email
  • Social media
  • Self propagation
  • Physical media
• You try to log into your free personal email account, but you are asked to change your password for security purposes, they also send a text message to your cellphone with a number to enter on the website for verification purposes.What kind of authentication process is this?
  • Password reset authentication
  • Identity protection identification
  • Multi-Factor authentication
  • Fingerprint access authentication
• True or False
• Continuing from question 17 above.You are also tasked with encrypting all website traffic in other words going from HTTP to HTTPS.What will be needed in terms of securing the website. Choose one of the following:
  • Digital Certificate
  • ACL list
  • Multi-Factor authentication
  • Biometrics
• Continuing from question 17 above.You are also tasked with some of the database work for the company.Which one of the following key types is used to enforce referential integrity between database tables?
  • Session key
  • Foreign key
  • Primary key
  • Public key
• Continuing from question 17 above.You have a Top Secret clearance, but you are briefed into a “Secret” project because you have a need to know in order to access the data. What model is used in this example.
  • BIBA
  • Bell-La-Padula
  • Clark Wilson
  • SABSA
• Continuing from question 17 above.You joined the C&A team that oversees the certification and accreditation of one of your government customer’s system.Your job is to make sure the documentation and processes are being followed according to which proper guidance?
  • RMF
  • ISO/IEC 27000
  • ISO/IEC 27001
  • ISO/IEC 27002
• Continuing from question 17 above.You are also part of the business continuity committee for the company.Which business continuity planning technique can help you prepare the business unit prioritization task of disaster recovery planning?
  • Risk management
  • Vulnerability analysis
  • Business impact assessment
  • Continuity planning
• True or False
• Employers generally can monitor your activity on a workplace computer or workstation. There are several types of monitoring, which of these is not allowed.
  • Employee’s computer software to see what is on your screen or stored in the employees’ computer terminals and hard disks.
  • Employers can keep track of the amount of time an employee spends away from the computer or idle time at the terminal.
  • Employers can read data from your personal cell phone that is connected to the computer’s USB cable.
  • Keystroke monitoring tell an employer how many keystrokes per hour each employee is performing.
• True or False

Answer: _____

Answer: _____

Answer: _____

Answer: _____

Answer: _____

Copyright law protects the tangible or fixed expression of an idea, not the idea itself.

Answer: _____

Software can both be patented and copyrighted.One problem with the copyrighting software is that the code must be published. If the code is published, someone can re-implement the algorithm or the technique embodied in the code.

Answer: _____

Answer: _____

At a high level, database security boils down to answering four questions: Who is it? (Authentication), Who can do it? (Authorization), Who can see it? (Encryption), Who did it? (Audit)

Answer: _____

Answer: _____

Answer: _____

Answer: _____

You are the security/software engineer at XYZ company, you are tasked to write some code to encrypt messages.You don’t want to use the usual encryption algorithms, so you use Diffie-Hellman algorithm which is a great algorithm that is directly used to encrypt messages. Is this true or false?

Answer: _____

Answer: _____

Answer: _____

Answer: _____

Answer: _____

Answer: _____

Information Assurance (IA) is the practice of protecting and defending information systems by ensuring non-availability, disclosure and integrity.

Answer: _____

Answer: _____

The Foreign Intelligence Surveillance Act (FISA) 1978. Increased the surveillance and investigative powers of law enforcement agencies in the United States to monitor private communications and access personal information for the purpose of locating terrorists and preventing terrorist acts.

Answer: _____

Part 2: Short Answers (15 points each). Be specific and fully explain and give reasons for your answer. Cite pertinent sources used.

1. Explain clearly and in your own words and cite all resources of information.Compare and contrast Patents, Copyrights and Trademarks. Justify your answers and provide an example of where each one is used.

1. Explain clearly and in your own words and cite all resources of information. Compare and contrast 2 distinctions between legal and ethical issues relating to computer security.Justify your answer and provide examples of the issues.

Part 3: Short Essay (20 points). Please restrict your answer to 2 pages (double spaced) or less.

There are numerous laws and regulations that address privacy in the United States. The Federal Trade Commission (FTC) hit Facebook with a $5 Billion fine regarding the tech company’s privacy violations where 87 Million people’s personal information was exposed a few years back. Again, this year, more than 540 million records about Facebook users were publicly exposed on Amazon’s cloud computing service.

Respond to the following, considering all the material we have studied in this course regarding security and Information Assurance. Cite pertinent sources used in your answer. Be specific and fully explain and give reasons for your answer.

1. Since past privacy incidents have caused Facebook a lot of money, they decided to fire all their security people and bring in the best and brightest in security and Information Assurance and you were selected as a new member of their Security team.You are given this privacy problem to solve.What are the steps you would take in order to prevent another $5 billion fine from the FTC?