Examination

A0004N – Information Security

2010-10-25, 5 hours
Date
Dictionary, Calculator
Allowed aids Course book: Principles of Information
Security, Whitman, Mattord
Teachers on call:
Lars Furberg +46 9204917 30 or +46 708228789

The exam contains 5 questions with a total of 100 points.

Results of the exam will be presented in the studentportal around 22 November

General instructions:
- Always give explanatory answers (essay), well justified, as though the one reading them does
not already know. Answers with no motives will be treated as guesses and give no point.
- Check that you have received all questions, read the entire exam through.
- Write clearly. Unreadable answers will not, of course, be taken into consideration.
- Assumptions made shall be clearly stated
- The campus guard is just a guard, no interaction on the exam subjects
- The guard can whenever he/she pleases inspect aids like course book
- No talking or collaboration or transmitting of materials between students are accepted, then
you have to leave the exam.
- Cheating will lead to that the result will not be counted for
- See the following page for the Internet rules!

Good Luck

Lars
 This page is strictly for those who are taking the exam on Distance
Allowed aids
The final examination is a written test covering allot of the course. Since you will have books available at
the workplace in your ordinary work with security, we have decided that the course book is allowed dur-
ing the final exam. Use this opportunity! You are also allowed to use any dictionary in order to under-
stand the essence of the questions.

Not allowed aids

Any other help than these described above is not allowed. You cannot ask other persons or use Internet,
USB memory, telephones, SMS, pagers, other books, noted things, documents in the course book. In the
computer the only software started should be Connect pro and a wordprocessor of your choice. You are
allowed to before and after exam have the e-mail running, to receive questions and to send the answers.
If we find out that you have not followed the rules, the exam for you will be disqualified.

Have email, wordprocessor &

Adobe Connect examroom
started

Clear workplace, room,

stop phone, other “lock door”

Adjust web camera and mic.

Startup E-mail again &
send an email to me with
Ask for questions your answers attached and
by e-mail from the guard/ me bio files

When received questions,

save it on your computer &
exit the e-mail program

Start Max 5
hours later
This page is strictly for those who are taking the exam on Distance
Exam-place for students of the course __________________

Guard: Lars.Furberg@ltu.se/Sarfraz.iqbal@ltu.se

 Up to 5 hours is allowed writing time

 Have microphone attached but not on
 Have camera attached and enabled
 Allowed help course book & Dictionary
 Use private chat to guard/teacher when asking questions
 Visit to toilet are allowed after questioning
 Download the BioForensic exe file from the course room and Install it (course info folder on
Fronter)
 Start the BioForensic when you start the exam
 Email to get the question sheet from the guard with email posted
 After you have received the questions close down the email system, time starts
 Just note pad/word and Adobe Connect Pro are supportives in the computer.
 When exam is over start email program again and send the answers and the bio-files to the Guard.
 We can randomly ask you to turn on microphone for inspection during the exam
 We can randomly ask you to rotate the webcam (separate or inbuilt) for inspection during the exam
 You must keep your Passport/National ID card with you during the exam and it must be shown to
the examiner on demand.
 Your status in the Adobe Connect Pro exam room will be as Presenter.
 You will be able to Switch on Camera and mic by clicking on the icon on the upper left corner. A
small window will appear asking you to allow sharing your camera and Mic you shall press allow
button.
 You are not supposed to write public messages, use Private chat by selecting Private from the drop
down list on chat menu and the receiver must be the guard.
 You shouldn’t upload any document in the main window.
 You are supposed to share your computer screen when asked by the guard.
 When you are asking the guard for the exam questions you are also agreeing on the above terms
 Cheating is prohibited and it is important to follow the rules, in case of violation of the rules, you
can be suspended from education, examination or tutoring for a period of up to six months.
Question 1 (5 points)
True/False
Indicate whether the sentence or statement is true or false.
a) A methodology increases the probability of success.
b) A standard is a plan or course of action used to convey instructions from an organization’s
senior-most management to those who make decisions, take actions, and perform other duties.
c) On the client end, a user with Windows 2000 or XP can establish a VPN by configuring his or her
system to connect to many widely used VPN servers.
d) The use of standard job descriptions can affect the perception of professionalism in the information
security field.
e) Security managers are accountable for the day-to-day operation of the information security
program.

Question 2 (10 points)

Modified True/False
Indicate whether the sentence or statement is true or false. If false, change the underlined word or phrase
a. Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the
infected system. _________________________
b. The most common of the mitigation procedures is the disaster recovery plan.
_________________________
c. A(n) dual-homed host probably has the ability to translate between many different protocols at their
respective data link layers, including Ethernet, Token Ring, and Fiber Distributed Data Interface.
_________________________
d. In order to keep the Web server inside the internal network, direct all HTTP requests to the proxy server,
and configure the internal filtering router/firewall only to allow the proxy server to access the internal Web
server. _________________________
e. An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to
locate the connection points. _________________________
f. As DES became known as being too weak for highly classified communications, Double DES was created
to provide a level of security far beyond that of DES. _________________________
g. Internet Protocol Security is designed to protect data integrity, user confidentiality, and authenticity at the IP
packet level. _________________________
h. Secure Multipurpose Internet Mail Extensions builds on the encoding format of the Multipurpose Internet
Mail Extensions protocol by adding encryption and authentication through the use of digital signatures
based on public key cryptosystems. _________________________
i. Most information security projects require a trained project CEO. _________________________
j. GIAC stands for Global Information Architecture Certification. _________________________

Question 3 (2 points)
Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.

1) ___ was the first and only operating system created with security as its primary goal.
a. UNIX c. MULTICS
b. DOS d. ARPANET

2) The ____ is a methodology for the design and implementation of an information system in an organization.
a. DSLC c. LCSD
b. SDLC d. CLSD

3) The Security Area Working Group acts as an advisory board for the protocols and areas developed and
promoted by the Internet Society and the ____.
a. IETF c. ISOC
b. ISO/IEC d. IRTF

4) In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively
short period of time.
a. fixed temperature c. fixed rate
b. permanent temperature d. rate-of-rise

5) ____ are often involved in national security and cyber-security tasks and move from those environments into the
more business-oriented world of information security.
a. Marketing managers c. Business analysts
b. Military personnel d. Lawyers

Question 4 (9 points)
Completion
Complete each sentence or statement.
a) The ____________________ project is the origin of today’s Internet.
b) The expert hacker sometimes is called ____________________ hacker.
c) Attempting to reverse-calculate a password is called ____________________.
d) The ____________________ attempts to prevent trade secrets from being illegally shared.
e) ____________________ is the process of seeking out and studying the practices used in other organizations
that produce results you would like to duplicate in your organization.
f) ____________________ firewalls combine the elements of other types of firewalls — that is, the elements
of packet filtering and proxy services, or of packet filtering and circuit gateways.
g) ____________________ (terminal emulation) access to all internal servers from the public networks should
be blocked.
h) The U.S. government has developed a program, named _________________________ to reduce the risk of
EMR monitoring.
i) Tasks or action steps that come after the task at hand are called ____________________.
j) As new employees are introduced into the organization’s culture and workflow, they should receive as part
of their ____________________ an extensive information security briefing.
Question 5 (74 points)
Essay/Case
Answer the questions with your own words

A well-known University in Stockholm, Sweden has a large datacenter for employees and students in Campus. The University
has a large number of distance students also. The employees of the Datacenter are around 25, male and females. They have a
manager that are educated in Economics and have worked as a ICT Manager in 5 years and have a lot practice on ICT .

One day he was suddenly missing from his work and the work staff become worried. A long time later they found out that he
has escaped from his wife and two kids with a blond secretary. In a later revision on the economics on the University they find
out that he had manipulated the salary system and invented a couple of new employees and their salaries where put on his
account.

A previously done revision by an external consultant on the datacenter department showed a number of problems:

On the weekly meeting very few staff members where present even if they were told to be there to get informed about
the present situation and what things to do on regular basis. The regular backups where not properly marked and they
have not been tested so that the backup where working in an disastrous situation. An employee had big gaming debts
because of online poker. He also regularly asked for a salary in advance because of that. During an unintended power
failure it showed that the employees had troubles restarting critical applications on the servers. During a company
party an employee was bragging about successful cracking of the encryption codes for the company’s employee health
records. A weekend a group of teenagers in the neighborhood has climbed up on the roof via the fire escape ladder and
broken the glass roof and thrown snowballs down at the servers, and no alarm went off. The accident was discovered
on Monday morning. The employees don’t follow the instructions on how to create proper backups, add new user
accounts and updating applications, they were blaming an incompetent manager. In the Data center you often see
visitors like children play freeware and online games on the employee’s computer in their office, when waiting for
their parents. The three employees that work with backups think their work sucks so they play cards instead of making
backups so the tapes that were supposed to be backups were actually blank. In one office department they were still
using outdated Novell network equipment despite that the technicians had warned about it, but the manager thought it
was okay. When one of the computer database administrators was on a business trip the SQL-server application was
experiencing an SQL-injection attack. None of the other computer database administrators were able to solve the
problem. The consequences were that a critical application was left hanging for three days and many students were
furious. An outside cleaning company are cleaning the offices and it turned out that a male Swedish maid gave two of
his cousins the highest scores on an advanced master program through information that were left at the desks. On the
university’s official website an employee had entertained herself through writing demeaning comments about the
University leaders. She had also revealed on Facebook that she was planning shooting the prime minister and all that
she’s missing is the ammunition to the rifle, which she’s trying hard to find it. A famous professor on the university
accidentally left his laptop with important undiscovered research information in his car and the car was stolen. It
turned out that the university doesn’t have a policy to handle research findings and laptops.

Answer the questions with your own words, consider extensive texts. Approx. two pages on each below.

a) Identify and describe in detail at least 10 critical assets in this company case (10p)
b) Investigate and describe in detail 5 different threats and suggest three different countermeasures that works in
different dimensions (Procedure, People, Hardware, Software, Data/Information).(30p)
c) What suggestion/questions should be put to the IT/IS manager as the 5 top priorities about the Datacenter, your
suggestions should cover different dimensions and considering security aspects.(15p)
d) How can you as new manager recreate the confidence for the department among the top management at the
University? Suggestions should focus on the raise of confidence, relation between IS/IT management and Top
management at least 5 suggestions. (15p)
e) Give a short encouraging text to the employees of the department that will give the employees new hopes (4p)