Part 1: Q1: choose best one, Please provide reason of your choice in a few sentences, in your own wordsand/or reasons not choosing the other choices. A mere mention of the textbook or reproduction of the textbook statements would not serves as the reason. Restating the problem in your own words also does not constitute as the reason. Sometimes defining the terms may give you a clue to the reason.
1. What piece of legislation allows computer records documenting criminal activity to be used in court?
a. Federal Rules of Evidence 803(6)
b. Federal Computer Documents Rule 703(a)
c. Digital Signature Bill
d. National Infrastructure Protection Act
___
Reason:
2. How should you NOT report computer crime?
a. e-mail
b. telephone
c. tell management in person
d. tell the IT department in person
___
Reason:
3. What is most often overlooked when planning for information security?
a. firewalls
b. education
c. virus scans
d. electronic surveillance
___
Reason:
4. Which of the following is NOT a reason for the difficulties in prosecutions of computer-related crimes?
a. The area of litigation is extremely technical and difficult to understand.
b. The laws themselves are relatively new and untested.
c. Most of the crimes do not fall under any of the current laws
d. The technology is very dynamic and the tactics of the perpetrators are constantly changing.
___
Reason:
5. What is authentication?
a. the act of binding an entity to a representation of identity
b. the act of ensuring that information is being sent securely
c. the act of ensuring that the receiver of information actually received it
d. the act of binding a computer system to a network
___
Reason
6. What is not considered the misuse of information?
a. the deletion of information from a system
b. the untimely release of secret information
c. the illegal sale of information to rival companies
d. the misrepresentation of information
___
Reason:
7. How does a client machine find the web address associated with a particular URL?
e. It uses translation software in the interpreter.
a. It sends a message to the nearest domain name server.
b. It uses hashing to translate the address.
c. It sends a message to the URL server.
___
Reason:
8. What does the first field of a cookie contain?
a. chocolate chips
b. encryption algorithm
c. public key for the site
d. name of the issuing site
___
Reason:
9. Which security solution is best for protecting the information system connected to the Internet?
a. virus scanning software
b. encryption
c. biometric authentication
d. firewalls
___
Reason:
10. A(n) ___________ accomplishes many of the same goals as a firewall, but is more limited in scope.
a. proxy server
b. screening router
c. IDS
d. ICQ
___
Reason:
Q2
QII.1 For a public-key encryption system, list reasons,
1) in favor of
2) and against
for using the same key pair for the encryption and the digital signature
QII.2 Describe "inference controls"
Give reasons why theyare needed.
And give specific examples(at least 3), and
Describe how the inference controlsare implemented; how they serve the purpose(effective) in a database.
QII.3 Describe the "crypto dilemma."
Suggest 3 waysto address the "crypto dilemma."
State the pros and cons of each way.
Part 3:
An enterprising group of entrepreneurs is starting a new data storage and retrieval business, SecureStore, Inc. For a fee, the new company will accept digitalized data (text and images, multimedia), and store it on hard drives until needed by the customer. Customer data will be transmitted to and from SecureStore over the Internet. SecureStore guarantees that the confidentiality and integrity of the datawill be maintained.
SecureStore also envisions certain information assurance requirements for their internal operations. Company employees will need to exchange confidential email, and will need a mechanism for verifying the integrity and originator of some email messages. Also, SecureStore intends a daily backup of all customer data to a remote facility via a leased line. They wish to do so as economically as possible, while ensuring the data's confidentiality and integrity.
SecureStore is interviewing candidates for the position of Chief Information Officer (CIO). They are asking candidates to describe briefly how they would satisfy SecureStore's requirements as stated above. How would a successful candidate respond?
First, distill the requirements from the above statements; once you have them then please address each requirement in a separate paragraph. Keep in mind that this business will be operating in the real world, which means please pay attention to economics. If you are unsure about the requirements, send them to me, I will comment on it.