Your Perfect Assignment is Just a Click Away
We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!


INFA 610 Final Exam

INFA 610 Final Exam

INFA 610 Final Exam

(Click on “BUY NOW” to Complete Purchase & Download Answers Immediately)

(4 Points Each)

  1. List and briefly define the fundamental security design principles.
  2. Describe the risk analysis approach and the steps in a detailed or formal risk analysis.
  3. Describe the basic principles utilized in mandatory access control. How do these basic principles help MAC control the dissemination of information?
  4. What is a message authentication code?
  5. What is the security of a virtualization solution dependent upon? What are some recommendations to address these dependencies?
  6. List the items that should be included in an IT security implementation plan.
  7. Describe the inference problem in databases. What are some techniques to overcome the problem of inference?
  8. Assume you have found a USB memory stick in the parking lot at work. What threats might this pose to your work computer should you just plug the memory stick in and examine its contents? What steps could you take to mitigate those threats and safely determine the contents of the memory stick?
  9. Explain why input validation mitigates the risks of SQL injection attacks.
  10. What are the benefits and risks of server-side scripting?
  11. What is the difference between persistent and non-persistent cross-site scripting attacks?
  12. Briefly describe how Unix-like systems, including Linux, use filesystem quotas and process resource limits. What type of attacks are these mechanisms useful in preventing?
  13. Why are pharming and phishing attacks often used in concert with each other?
  14. Describe the Windows 10 security feature, Control Flow Guard, and the type of attack it helps to prevent. Who is responsible for implementing Control Flow Guard—the system administrator or application developer?
  15. Define three types of intellectual property.
  16. Give an example of a computer crime. What are some unique issues associated with such crimes?
  17. Briefly summarize one federal law or regulation that addresses confidentiality, privacy, or security. Give an example of how the law is applied to ensure confidentiality, privacy, or security.
  18. List and briefly describe three cloud service models.
  19. What are the disadvantages to database encryption?
  20. What are three broad mechanisms that malware can use to propagate?
  21. What are the typical phases of operation for a virus or worm ?
  22. Imagine you are the database administrator for a military transportation system. There is a table named cargo in the database that contains information on the various cargo holds available on each outbound airplane. Each row in the table represents a single shipment and lists the contents of that shipment and the flight identification number. Only one shipment per hold is allowed. The flight identification number may be cross-referenced with other tables to determine the origin, destination, flight time, and similar data. The cargo table appears as follows: Flight ID Cargo Hold Contents Classification 1254 A Boots Unclassified 1254 B Guns Unclassified 1254 C Atomic Bomb Top Secret 1254 D Butter Unclassified

There are two roles defined: Role 1 has full access rights to the cargo table. Role 2 has full access rights only to rows of the table in which the Classification field has the value Unclassified. Describe a scenario in which a user assigned to Role 2 uses one or more queries to determine there is a classified shipment on board the aircraft.

  1. As part of a formal risk assessment on the use of laptops by employees of a large government department, you have identified the asset “confidentiality of personnel information in a copy of a database stored unencrypted on the laptop” and the threat “theft of personal information, and its subsequent use in identity theft caused by the theft of the laptop.” Suggest reasonable values for the items in the risk register for this asset and threat, and provide justifications for your choices.
  2. Consider a popular Digital Rights Management (DRM) system like Apple’s FairPlay, which is used to protect audio tracks purchased from the iTunes music store. If a person purchases a track from the iTunes store by an artist managed by a record company such as EMI, identify which company or person fulfils each of the DRM component roles (Content Provider, Clearinghouse, Consumer, and Distributor).
  3. Assume you receive an e-mail which appears to come from your bank, includes your bank logo on it, and with the following contents:

“Dear Customer, Our records show that your Internet banking access has been blocked due to too many login attempts with invalid information such as incorrect access number, password, or security number. We urge you to restore your account access immediately, and avoid permanent closure of your account, by clicking on this link to restore your account. Thank you from your customer service team.” What form of attack is this e-mail attempting? What is the most likely mechanism used to distribute this e-mail? How should you respond to such e-mails?

Course: INFA 610 Foundations of Information Security and Assurance
School: University System of Maryland

  • : 12/08/2017
  • : 50

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Sight Writers only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Sight Writers are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Sight Writers is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Sight Writers, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.