Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

mandatory access control (MAC) and non-discretionary (role-based) access control (Non-DAC). REVIEW QUESTIONS 1. With examples, discuss three primary vulnerabilities and their solutions to be taken

mandatory access control (MAC) and non-discretionary (role-based) access control (Non-DAC). REVIEW QUESTIONS 1. With examples, discuss three primary vulnerabilities and their solutions to be taken in order to secure any organization. 2. A large key space by itself is no quarantee for a secure cipher. The cipher might still be vulnerable against attacks. Explain 3. Differentiate between random number generators (RNG) and pseudo random number generators (PRNG) 4. With examples explain stream ciphers 5. With examples explain block ciphers 6. Why we need to use PGP or GPG in sending and receiving emails. And how it works. 7. One-time pad is the only provable secure symmetric algorithm, explain. 8. According to Shannon, two primitive operations for encryption is confusion and diffusion, discuss. 9. Combining confusion and diffusion is a common practice for obtaining a secure scheme. DES is a good example, explain. 10. Explain how DES works without forgetting Feistel Network. 11.Discuss five causes of vulnerabilities in a software system that is connected to the Internet. 12.Software vulnerability continues to be a challenging cybersecurity risk. Discuss the patch management process, security patches and dangers of not patching in relation to software vulnerabilities. 13.Building a secure organization in terms of information and any other resources is one among the concerns of information security and 1 cryptography field. As an expert, advise the Management how to keep the organization secured, using seven points. 14. Discuss a zero day vulnerability and three ways to be used to protect your company against it. 15. Explain briefly why the Cryptosystem designed by following the Kirchhoffs principle is likely to be stronger than one designed by someone who does not. 16. Access control is the most important aspect of information security. It can be implemented at various layers of an organization, network and individual systems. As a security expert of the organization discuss how are you going to implement access control in terms of the following: i. Administrative ii. Technical (or Logical) iii. Physical 17. The accounting branch of a large organization needs an application to process expense vouchers. Each voucher must be input by one of many accounting officer, verified by a supervisor then reconciled by an auditor before the reimbursement check is produced. The security expert chose role-based access control technique to meet the information protection needs. Why role-based? Explain. 18. Choose and briefly describe two major applications of asymmetric key cryptography. 19. Discuss collision-resistant and non-invertible in relation to hash functions. 20. How hash functions can be used in digital cerificates and in downloading application from untrusted sources. 21.Explain briefly four properties of digital signature. 2 22. AES does not have a feistel structure. Feistel networks do not encrypt an entire block per iteration. AES uses three different types of layers, each layer operates on all 128 bits block. Explain three layers in AES. 23. With the help of a diagram, describe the concept of public key cryptography. 24. RSA is the most widely used public-key cryptosystems and mainly used for key transport (i.e encryption of keys) and digital signatures. With the help of equations, briefly explain the RSA algorithm. 25. RSA algorithm can be attacked by different ways. Discuss five ways attacker can use. 26. It is not suggested to develop your own cryptography algorithm. Explain why. 27. Message authentication code (MAC) provides two security services: message integrity and message authentication using symmetric techniques. Explain 28. Explain why encryption alone does not provide integrity of information. 29. Briefly explain the main drawback of the one time pad cryptosystem. 30. Differentiate between substitution cipher and transposition cipher 31. As a security expert discuss discretionary access control (DAC), mandatory access control (MAC) and non-discretionary (role-based) access control (Non-DAC). 32. Access control administration can be centralized, decentralized or hybird. Explain your choice and why? 33. When you log into a system that uses Kerberos authentication: 3 i. What does your computer send to and receive from the key distribution centre (KDC)? ii. What is the purpose of a ticket-granting ticket? iii. Where are Kerberos tickets stored? iv. What are the drawbacks of Kerberos? 34. You are developing a multi-user computer game and wish to make it harder for players to cheat. Discuss the possible benefits of using: i. Encryption and authentication ii. Virus detection techniques 35. What can you say about OpenSSL? 36.Decrypt the cipher text to plain text with the key = 7 in A-Z (0-25) cipher text = YVTL PZ AOL NYLHALZA LTWPYL 37. Most modern protocols are hybrid protocols which use symmetric as well as public-key algorithms. Explain 38. Encrypt the plain text into cipher text by using substitution technique: plain text = I will be in town next week Note: Choose a key in A-Z (1-26) Space = 00, key = 3 4

Attachments:

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Recommended Textbook for

Project Management in Practice

Authors: Samuel J. Mantel Jr., Jack R. Meredith, Sco

4th edition

470533013, 978-0470533017

More Books

Students also viewed these General Management questions

Question

Define failure. (p. 273)

Answered: 1 week ago