NAME & R# HERE!
ISQS 3360 Exam 1 Fall 2014
Due by midnight Monday (11/10) 10 points each except for question 4
A few pointers:
a. If I can find it on google, the grade will be bad.
b. If answers on multiple tests match, the grades will be bad.
c. Not all of the questions have easy answers. Rather than simple recall questions on take home exams, I like to ask questions that require depth of knowledge and thought.
d. Some are opinion questions. I grade these not on whether you agree with me but on how well you support your answer.
1) Cloud computing and other distributed architectures are a growing phenomenon. Please discuss the security issues involved and how to fix as many of the problems as possible.
2) What Operations, Access Control, and other security measures did the NSA fail to implement which allowed Edward Snowden to accomplish his goals?
3) We are migrating to an increasingly mobile computing world (smart phones, tablets, ereaders, etc). What increased security risks does this “new” world put on businesses?
4) (20 points) Multifactor authentication as a replacement for simply using passwords has become increasingly important. Please:
a. Explain this concept along with some of the pros and cons.
b. Give some examples of implementations.
c. What are some of the problems that have arisen with its use?
5) We talked about using Attack Trees to help describe system security issues. Create an Attack Tree for a break in to one of the stories on our links, maybe Target or Dairy Queen, and discuss the threat modeling issues that it shows.
6) a. What are the two primary types of encryption, how do they differ, which is better and why?
b. Give a simple/brief example of where each would be the best choice.
7) a. Describe the layers in the tcp/ip model and tell me what each layer does. Also, why has this “communication” model lasted so long?
b. In terms of the transport layer, what are the steps in establishing a web browser, web server connection?