Computer and Information Security

Midterm Study Guide

Spring 2012

  1. What are the major Obstacles to Security?
  2. What are the Ten Steps to Building a Secure Organization
  3. The four possible ways or dealing with risk
  4. What are the meanings of violation of confidentiality, of integrity, of availability?
  5. What are Ciphers, one time pads, stream ciphers, and block ciphers? What are the advantages and disadvantages of each?
  6. What is symmetric key encryption? What are the advantages and disadvantages of this type of encryption?
  7. What is asymmetric key encryption? (Public Key Encryption) What are the advantages and disadvantages of this type of encryption?
  8. How are messages signed? Why are they signed? What is message integrity, non-repudiation, and confidentiality?
  9. What are the steps involved in sending a secure, signed message between two people using PKI technology?
  10. What are Hackers and Crackers?
  11. What are the key symptoms of intrusions?
  12. What is the purpose of risk analysis?
  13. What is the purposes and differences between packet filters, application firewalls, and stateful firewalls?
  14. What is the meaning and purpose of Authentication, Authorization, and Accounting. Whats is an ACL?
  15. What is meant by “what the user knows” and “what the user has”? Whats is a “token”, and what types are there?
  16. What are the steps of a directed attack?
  17. What are some of major types of attacks, and how do they work?
  18. What is, and what are the major types of malicious software?
  19. What are lure and pull attacks?
  20. What are the major clues to recognizing misuse?
  21. How do the Linux/Unix use the read, write and execute bits for security? What are the user categories?
  22. How does ssh work to achieve secure communication?
  23. What are the major steps to hardening a Linux and Unix system?
  24. What is Strong Authentication and how can it be achieved? What are the methods used?
  25. What are the levels of response to an attack?
  26. What is the The Dolev-Yao Adversary Model? What are Eavesdrop, Forge, Replay, Delay and rush, Reorder, Delete? How do you defend against each of these?
  27. What is Independence of Keys, and why is it important?
  28. What is the significance of limited output and key size?
  29. What are the modes of operations of encryption? What is the significance, advantages, and disadvantages of each?
  30. What is Mutual Authentication?
  31. What are the major Botnet Topologies and Protocols? What is the strength and weaknesses of each?
  32. What is the typical BOT life cycle?
  33. What are the methods for detecting bots? What are the methods for taking down a botnet?
  34. What are some of the biggest internal security risks within a company? Consider both human and hardware.
  35. How is risk evaluated and measured?
  36. Whats is a TCP SYN attack, a UPD attack.
  37. What ar ethe three levels of LAN security, and what do they mean?
  38. What is the purpose of a DMZ?
  39. What are the two levels of IDS analysis for detecting intrusions. What are the advantages and disadvantages of each?
  40. How does WEP work? What is it weakness?
  41. What are the dangers of insecure routing? How can routing be made more secure?
-- JimSkon - 2012-03-09
Topic revision: r2 - 2012-03-10 - JimSkon
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback