FEU-East Asia College

Information Technology
ITIE533 NETWORK SECURITY
MIDTERM EXAMINATION 3TSY2012-2013
Block Score

Name
GENERAL 1. 2. 3. 4.

INSTRUCTIONS: Follow all instructions carefully. Failure to do so will warrant a substantial deduction from your final score. Write everything in non-red ink. No borrowing of pens, calculators, etc. You are not allowed to leave your seat unless you are through with the exam. If you have any questions, just raise your hand and the instructor or proctor will attend to you. Talking to or looking at your seatmate (and his/her paper) is automatically considered as cheating which is subject to very serious sanctions as stipulated in the student handbook.

GOOD LUCK ! ! !

TEST I. MULTIPLE CHOICE. Choose the letter of the BEST answer. Write your answer on the space provided. Use UPPERCASE letters only. (2 points each). STRICTLY NO ERASURES or ALTERATIONS.
1. What security mechanism that prevents unauthorized access to facilities, systems, network resources, and information a. Access control d. a & b b. Security control e. a, b & c c. Physical control f. None of the above It specifies to which users have what privileges to a resource. a. access control domain d. a & b b. Access control medium e. a, b & c c. access control list f. None of the above This includes antivirus software, encryption, transmission protocols, network architecture, passwords, intrusion detection systems and network access a. Technical controls d. a & b b. Physical controls e. a, b & c c. Administrative Controls f. None of the above An access control model that bases access decisions on who owns the data. a. Rule-based Access d. a & b b. Discretionary Access e. a, b & c c. Mandatory Access f. None of the above It is an access control model that bases access decisions on a users position and job function within an organization. a. Non-discretionary Access d. a & b b. Discretionary Access e. a, b & c c. Mandatory Access f. None of the above A type of password that requires a numerical or character sequence longer than a standard number for a password. a. brute force password d. a & b b. token e. a, b & c c. paraphrase f. None of the above Which is the correct order for the three steps that must occur for a student to login the schools network system? a. Authentication, Identification, authorization b. Authorization, authentication, identification c. Identification, authentication, authorization d. Identification, authorization, authentication e. a & b f. None of the above What alternative method of identification could be used if the system was designed around a role-based access control model? a. Student name d. a & b b. Palm scan e. Course ID c. Smart card f. None of the above 2. It refers to dividing tasks between different people to complete a business process or work function a. Data access control d. a & b b. Separation of duties e. a, b & c c. Management Guidelines f. None of the above This includes policies and procedures, security awareness training, background investigations, work habits audits, testing and supervisory structures. a. Technical controls d. a & b b. Physical controls e. a, b & c c. Administrative Controls f. None of the above This includes perimeter security, network separation, work area separation, data backups, computer controls, security guards, lock boxes, and cable protections. a. Technical controls d. a & b b. Physical controls e. a, b & c c. Administrative Controls f. None of the above It displays the access held by users to an object. a. Access Table d. a & b b. Control Matrix e. a, b & c c. Access Control Matrix f. None of the above A security standard that prevents unauthorized access to the information associated with user account. a. encryption d. a & b b. decryption e. a, b, & c c. password f. None of the above These authenticate a used based on actual physical characteristics. a. smart cards d. a & b b. paraphrase password e. a, b & c c. biometrics f. None of the above What information might serve as an effective method of identification? a. Student name d. a & b b. Palm scan e. Course ID c. Smart card f. None of the above

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

What method of authentication would serve best for a network system? a. b. c. d. e. f. Last four-digit of the social security number Email address Student ID number Digital signature a&b None of the above

3TSY2012-2013

SECUNET

Page 1 of 2

17.

19.

What safeguards could you employ on the system to prevent future unauthorized use of a system? a. Password aging b. Limit the number and frequency of logons c. Limit the number of unsuccessful logon attempts d. Allow only static passwords e. a & b f. None of the above An electronic record of who has accessed the computer system and what operation were performed. a. b. c. Log book Audit book Audit trail d. Audit logon book e. a, b & c f. None of the above

18.

20.

A security tool that monitors system activity ad records these events to an audit log a. auditing b. accounting c. information system monitoring d. Authenticating e. Authorizing f. None of the above It is a security measure that exposes a networks vulnerabilities by performing simulated attack on a network. a. Simulation Testing d. a & b b. Simulated attack e. a, b & c c. Penetration testing f. None of the above

21.

23.

27.

29.

Upon reviewing the data, you find that the information contains rules and laws for your industry. What is the purpose of the policy? a. Legal d. Regulatory b. Informative e. a, b & c c. Advisory f. None of the above It is the foundation for the creation and implementation of security programs. a. Security Goals d. a & b b. Security Policy e. a, b & c c. Security Objectives f. None of the above A type of Denial of Service attack that causes severe congestion of the victims network resources. a. Buffer overflow d. Teardrop attack b. Smurf attack e. a, b & c c. SYN Flood attack f. None of the above It contains integrated circuit chips with memory and processing capabilities to store personal information about a user. a. Biometrics d. a & b b. PIN card e. a, b & c c. Smart card f. None of the above

22.

It is the security management process for addressing any risk to an organization. a. Risk Assessment d. a & b b. Risk Analysis e. a, b & c c. Risk Management f. None of the above Which of the following will you examine first for organizational security? a. Risks d. New Products b. Threats e. Worker safety c. Vulnerabilities f. None of the above An access control attack who masquerade themselves as trusted user, network resources, or file. a. Smurfing d. Snooping b. Eavesdropping e. a, b & c c. Spoofing f. None of the above The act of validating an established identity. a. b. c. Authorization Authentication Identification d. a & b e. a , b & c f. None of the above

24.

28.

30.

TEST II. ACRONYMS. Give the meaning the following acronyms. Write all your answers IN UPPER-CASES only. STRICTLY NO ERASURES or ALTERATIONS. (2 points each)

1. ICMP 2. FTP 3. DoS 4. ARP 5. IDS/IPS 6. NAT 7. CIA 8. AAA 9. MD5 10. ACL

___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________ ___________________________________________________

TEST III. ENUMERATION. Write your answers at the back of this page. Use UPPER-CASES letters only and STRICTLY NO ERASURES. 14 Four types of Access Control 57 Three Principle of Security Control and Management 8 12 Five example of Denial of Service Attack 13 17 Five different methods of Countermeasure of threat attacks 18 20 Three examples of access control classical model ***** END OF TEST ******

3TSY2012-2013

SECUNET

Page 2 of 2