+1 862 207 3288 : (1) Inference in ordinary databases, (2) Inference in statistical databases, and (3) Database privacy (through encryption). Please pick one of these three topics and explain in your own words what the problem or issue is, how the issue is being addressed and some of the concerns with the solutions being proposed.
2) typical attacks in the Internet affecting confidentiality, integrity and availability at various layers: Layer 1: Physical; Layer 2: Link; Layer 3: Network; Layer 4: Transport, and Layer 5: Application. (This is IP Layering; in IP layering, roughly Session, Presentation and Application of the OSI layers are combined into a single Application layer). Pick one layer and describe typical attacks in that layer and the controls that are employed in the layer to minimize the attack or vulnerability that leads to the attack. For example, in the link layer, there is ARP spoofing and man-in-the-middle attacks. In the IP layer, there is packet sniffing. In the transport layer, there is the SYN flood attack causing Denial of Service. Be as complete as possible and cite your reference materials in your response.
Select the best answer to the questions below:
(Each question is worth 2 points)
The answers to the questions can either be found in the book or are assumed to be a part of your acquired knowledge.
T F 1. X.800 architecture was developed as an international standard and
focuses on security in the context of networks and communications.
T F 2. The purpose of the DSS algorithm is to enable two users to securely
reach agreement about a shared secret that can be used as a secret key
for subsequent symmetric encryption of messages.
T F 3. Identifiers should be assigned carefully because authenticated
identities are the basis for other security services.
T F 4. A token is the best means of authentication because it cannot be forged
or stolen by an adversary.
T F 5. Encryption can be applied to the entire database, at the record level, at the attribute level, or at the level of the individual field.
T F 6. Cís designers placed much more emphasis on space efficiency and
performance considerations than on type safety.
T F 7. The assignment of responsibilities relating to the management of IT
security and the organizational infrastructure is not addressed in a
corporate security policy.
T F 8. The implementation phase comprises not only the direct
implementation of the controls, but also the associated training and general security awareness programs for the organization.
T F 9. The IT security management process ends with the implementation of
controls and the training of personnel.
T F 10. Concerns about the extent to which personal privacy has been and
may be compromised have led to a variety of legal and technical approaches to reinforcing privacy rights.
T F 11. Packet sniffers are mostly used to retrieve sensitive information like
usernames and passwords.
T F 12. The assignment of responsibilities relating to the management of IT
security and the organizational infrastructure is not addressed in a
corporate security policy.
T F 13. The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification, which defines the features required for an RBAC system.
T F 14. Query restriction provides answers to all queries, but the answers are
approximate.
T F 15. Several of the items in the CWE/SANS Top 25 Most Dangerous
Software Errors list, Risky Resource Management category, are buffer
overflow variants.
16. A __________ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents.
A. boot sector infector B. file infector
C. macro virus D. multipartite virus
17. _________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled.
A. Stack buffers B. Guard pages
C. Compile-time defenses D. Library functions
18. Randomizing the allocation of memory on the heap makes the possibility of predicting the address of targeted buffers extremely difficult, thus thwarting the successful execution of some __________ attacks.
A. vulnerability B. heap overflow
C. MMU D. stack overflow
19. The range of logging data acquired should be determined _______.
A. during security testing
B. as a final step
C. after monitoring average data flow volume
D. during the system planning stage
20. The needs and policy relating to backup and archive should be determined ______.
A. as a final step
B. during the system planning stage
C. during security testing
D. after recording average data flow volume
21. ìAn individual (or role) may grant to another individual (or role) access to a document based on the ownerís discretion, constrained by the MAC rulesî describes the _________.
A. ss-property B. ds-property
C. *-property D. cc-property
22. The _________ Model was developed for commercial applications in which conflicts of interest can arise.
A. Biba B. Clark-Wilson Integrity
C. Bell-Lapadula D. Chinese Wall
23. The advantages of the _________ approach are that it doesnít require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems.
A. combined B. informal
C. baseline D. detailed
24. _________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities.
A. Security controls B. Risk appetite
C. Risk controls D. None of the above
25. A contingency plan for systems critical to a large organization would be _________ than that for a small business.
A. smaller, less detailed B. larger, less detailed
C. larger, more detailed D. smaller, more detailed
26. ______ is intended to permit others to perform, show, quote, copy, and otherwise distribute portions of the work for certain purposes.
A. Reverse engineering B. Personal privacy
C. Fair use D. Encryption research
27. The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.
A. security basics and literacy
B. roles and responsibilities relative to IT systems
C. education and experience
D. security awareness
28. __________ is based on the roles the users assume in a system rather than the userís identity.
A. DAC B. RBAC
C. MAC D. URAC
29. In relational database parlance, the basic building block is a __________, which is a flat table.
A. attribute B. tuple
C. primary key D. relation
30. On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack.
A. one-fourth B. half
C. two-thirds D. three-fourths
31. A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.
32. The purpose of the __________ algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.
33. The __________ step is presenting or generating authentication information that corroborates the binding between the entity and the identifier.
34. __________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric.
35. A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.
36. _________ Separation of Duty enables the definition of a set of mutually exclusive roles, such that if a user is assigned to one role in the set, the user may not be assigned to any other role in the set.
37. When using the __________ method attribute values are exchanged (swapped) between records in sufficient quantity so that nothing can be deduced from the disclosure of individual records.
38. In addition to granting and revoking access rights to a table, in a __ _________ administration the owner of the table may grant and revoke authorization rights to other users, allowing them to grant and revoke access rights to the table.
39. __________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
40. A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the userís knowledge or consent.
41. The function of the _______ was to transfer control to a user command line interpreter that gave access to any program available on the system with the privileges of the attacked program.
42. One of the restrictions on the content of shellcode is that it has to be _______, which means that it cannot contain any absolute address referring to itself.
43. ______ is a reactive control that can only inform you about bad things that have already happened.
44. ______ virtualization systems are typically seen in servers, with the goal of improving the execution efficiency of the hardware.
45. The _________ is a controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on the basis of security parameters of the subject and object.
46. The advantages of the _________ risk assessment approach are that it provides the most detailed examination of the security risks of an organizationís IT system and produces strong justification for expenditure on the controls proposed.
47. The level of risk the organization views as acceptable is the organizationís __________.
48. _________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability.
49. The group of users, sites, networks, or organizations served by the CSIRT is a _ ______.
50. A ______ handles the financial transaction for issuing the digital license to the consumer and pays royalty fees to the content provider and distribution fees to the distributor accordingly.
TAKE ADVANTAGE OF OUR PROMOTIONAL DISCOUNT DISPLAYED ON THE WEBSITE AND GET A DISCOUNT FOR YOUR PAPER NOW!
