SEC 571 Final Exam questions and answers

1. (TCO A) List and assess at least three kinds of damage a company could suffer when

the integrity of a program or company data are compromised. (A description of damage, not a
definition of data integrity, is required.) (Points : 40)
2. (TCO B) Suppose you have a high capacity network connection coming into your home, and you
also have a wireless network access point. Also, suppose you do not use the full capacity of your
network connection. List and assess four reasons why you might still want to prevent an outsider
obtaining free network access by intruding into your wireless network. (Points : 40)

3.

- Exposure of your personal information such as bank account information,

passwords that are saved onto the computer and any credit card information that
may be saved on the computer.
- Potential for modification of your data. If someone hacks into your network, then
they could place viruses and other malware onto it.
- Potential flooding you your network limiting your own access. If a person gets onto
your network and uses your server that would lag on your end while being online at
the same time as the person who hacked into your system.
- Potential for illegal activities being attributed to your account. For example, if
another person hacks into your network and uses this for illegal activities, child
pornographic material, stealing others information, all of which may hold the person
liable where the IP address originates.
3. (TCO C) Wkh dqvzhu wr wklv txhvwlrq lv hdvb. What is the plaintext? What cipher was

used? Assess whether this would be good for today's security programs. If not, what would be
good to use and why? (Points : 40)
4. (TCO D) You have been asked to give a presentation to a law school class on digital crime. After
the presentation, a student asks why so few people are actually prosecuted for computer crime
when these crimes seem to be happening all the time. Give a five-point outline of your response
to this question. Assess the impact on preventing crimes from your perspective given these
issues. (Points : 40)

The four authentication policies are Encryption, Firewalls, HostBased Authentication, and Constrained User Interfaces. The four
authentication policies that cannot be controlled by technology are
fingerprint, iris, voice pattern, and face. These four are strictly
based off the physical person.

Technical Controls - Computer Security Resource Center. (n.d.).

Technical Controls - Computer Security Resource Center.,
http://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=
0CD4QFjAC&url=http%3A%2F%2Fcsrc.nist.gov%2Fgroups%2FSMA
%2Ffasp%2Fdocuments%2Fpolicy_procedure%2Ftechnical-controlspolicy.doc&ei=n41JVM72F63LsASOq4C4DQ&usg=AFQjCNEasUaSjwGd
z
5. (TCO E) Name four authentication policies that can be enforced using technology and four
authentication policies that cannot be enforced using technology. Discuss the reasons why
the second four policies can't be enforced using technology and how managers could attempt to
assure compliance.(Points : 40)

6. (TCO F) In the U.S., laws are enforced by police agencies and the courts. What are ethics and
who enforces them? (Points : 40)

"An ethic is an objectively defined standard of right and wrong.

Ethical standards are often idealistic principles because they focus
on one objective."
Where laws are written documents that are used by the judicial
system, and used by everyone, ethics are how people determine
things and how morally they should act upon situations. So there
really is no one person As opposed to laws that are described by
formal written documents, and interpreted and enforced by police
agencies and courts and which are universally applicable to
everyone, ethics are described by unwritten principles of what is the
good and fair thing to do, and can be interpreted and enforced by
each individual person. Hence there is no system that enforces
ethics, but just principles that guide people, who would apply and
enforce it on their own to do what is expected from a fair thinking
individual.
7. (TCO G) Which of the following statements is true? (Points : 20)

1.

Hardware is best protected by copyright.

Web content is best protected by a patent.

Uniform resource locators are best protected by a trademark.

Firmware code is best protected by copyright.

Operating systems are best protected by a patent.

8.(TCO H) Some IT department policies are designed to prevent behaviors by IT staff. While some
depend upon the employee voluntarily complying with the policy (for example: do not reveal technical
information to outside parties), others are enforced technically (for example, authentication required
for system access). What is an example of a policy that technically enforces ethical behavior by IT
staff? Provide policy wording for your example. (Points : 40)

Employees are expected to use the internet and/or e-mail for official
purposes only. Any employee that doesn't adhere to these policies set,
appropriate action will be taken to include possible termination."