SEC571 2019 January Week 8 Final Exam Latest

SEC571 Principles of Information Security and Privacy
Week 8 Final Exam
Question 1
(TCO A) You have designed a database. During testing you discover that if, during the normal entry and modification of data, there is a power outage, when the system is recovered, records may contain some of the new data that were being entered but that some old data that should have been modified, were left untouched. Explain how you could modify your database design to eliminate this type of compromise of data integrity.
Question 2
(TCO B) Compare and contrast Intrusion Detection System (IDS) versus Intrusion Prevention System (IPS). Are they mutually exclusive? Explain.
Question 3
(TCO C) Why is a firewall usually a good place to terminate a Virtual Private Network (VPN) connection from a remote user? Why not terminate the VPN connection at the actual servers being accessed? Under what circumstances would VPN termination at the server be a good idea?
Question 4
(TCO D) A computer programmer has been arraigned for a computer crime. She is suspected of having accessed system files on a public Web server. The programmer’s attorney argues that his client was only trying to determine if the website was secure and that no harm was done to the Web server or its system files. The programmer’s attorney also argues that it is possible that the log files that show that his client accessed system files were tampered with. The attorney claims that the Web server was made accessible to the public anyway so that there was no violation of the law and that the arraignment against her client should be thrown out. You’re the judge. What is your analysis of these arguments?
Question 5
(TCO E) List five controls that could be used to maintain data availability in a networked environment.
Question 6
(TCO F) In the U.S., laws are enforced by police agencies and the courts. What are ethics and who enforces them?
Question 7
(TCO G) Which of the following statements is true?
                From a legal point of view, it is easier to return software to a store because it doesn’t meet your needs than it is to do so because the software is of poor quality.
                If a programmer is, i) supervised in his work, ii) subject to being fired by his employer, iii) directed in his work by his employer, and iv) under contract for the work he is doing, it is most likely true that the programmer is considered the author of the work he has produced.
                A civil judge cannot find that a plaintiff has been harmed and hold a defendant liable if the defendant has violated no written law.
                It is easier to prove guilt in a criminal case than it is in a civil case.
                A company is not required to protect trade secrets in order to maintain legal protection of the proprietary information.
Question 8
(TCO H) The CIO at your organization wants you to assess a plan to replace the current username/password authentication methods with fingerprint biometric authentication approach that requires users to use their fingerprints to access any computing system. Assess three downsides to this approach.