hw

This homework is graded based on 50 pts.

Choose the best answer (one) and give reason in a few sentences for your choice or not choosing others. Please give a reference. To get the full credit, the reason should be in your own words, not a copy from a reference/internet source. Such a copy will be considered plagiarizing. Remember I have the same access to the Internet. I may not catch every time but if I catch you may get 0 for the entire assignment. Without a reason, and/or reference as noted you will not get the full credit. Remember to have your name on each page

Q1. (4 pts) Which of the following is an example of a comprehensive security strategy? ______

A. We already use encryption, so we are safe.

B. We can detect intrusions with our intrusion detection software and have a firewall. These are supplemented by our use of cryptography.

C. We have security software and hardware, an information security officer, a security budget, employee training, and a disaster recovery system in place.

Reason: -

Q2. (4 pts) Businesses are motivated to use cryptography to protect information because

A. information is the asset which is not easy to protect

B. information is the easiest thing to protect

C. organizations depend on information to operate

D. networks and systems are difficult to protect adequately

Reason: -

Q3. (4 pts) What is the basis of the modern cryptography? _________________

A. manipulation of data

B. mathematical principles

C. creating disguises for information

D. none of the above

Reason:

Q4. (4 pts) The Man in the Middle attack be thwarted by

A. By using email

B. Sending message in two parts

C. By encrypting the message

D. By making it boring

Reason and reference: -

Q5 (4 pts) Buffer overflow can lead to___________

A. Lead to unauthorized access

B. Trojan horses

C. -Password cracking

What are the consequences?

Q6. (4 pts) Which of the following are properties of information?

A. It has evolved from data and is processed data.

B. It has identity.

C. It can be mathematically manipulated

D. A and B

E. A and C

F. A, B and C

No Reason required

Q7 (4 pts) The denial of service is considered as

A. Intrusion threat

B. Session hijacking threat

C. Network threat

D. Operating system threat

Reason: -

Q8 (4 pts) The best trust model for e commerce is _______

A. Public Key Certificates and Certificate Authorities

B. Kerberos

C. PGP Web of Trust

D. A, B, and C

E. None.

Reason and reference:

- Q9 (4 pts) Which of the following choices is not part of a suggested information security plan?

A. protection of the information itself at the core

B. hardening of our resources (systems and networks)

C. authentication of those accessing the information

D. Sharing strong passwords

Reason: -

Q10(4 pts) Hardening of DES cannot be accomplished

A. By encrypting twice by two different keys

B. By encrypting three times with a key

C. By encrypting three times by two different keys

Reason:

Q11 (5 pts) (APA format, Time New Roman 12 pts type double spaced, 200-250 words)

Compare each elements of CAIN with CIA. Could you suggest any improvement in them?

Q12 (5 pts) (APA format, Time New Roman 12 pts type double spaced, [50-100 words]

Justify your answer.

It is necessary to keep cryptographic algorithms private. True or False