CSE 4471 Midterm Exam with Complete Solutions
threat Correct Ans-an object, person, or other entity which represents a danger to assets
threat agent Correct Ans-a person or system who uses exploits to instantiate threats
vulnerability Correct Ans-a system weakness or fault which decreases security
C-2 Security Correct Ans-discretionary access control
individual authentication
object reuse
audit trails
resource isolation
private files
discretionary access control Correct Ans-must be possible to grant/deny access to specific
resources to named users or groups of users
individual authentication Correct Ans-user must identify themselves in a unique manner
object reuse Correct Ans-memory and disk must not be readable after delete
, CSE 4471 Midterm Exam with Complete Solutions
audit trails Correct Ans-audit-able actions must associate with user, access to audit data
must be limited to admins
resource isolation Correct Ans-systems protected from external modification of running
operating system or stored system files
private files Correct Ans-security-related events accessible only by systems admin but sys
admin cannot read other users files
Security Development Life-cycle (SDLC) Correct Ans-evolution->analyze->design-
>implementation->testing
Evolution Correct Ans-(Investigation)
Determine goals of security project
scope and define project
determine organizational feasibility
Analyze Correct Ans-enumerate specific threat impacts
analyze potential legal issues
risk evaluation and management
Design Correct Ans-business continuity plan
, CSE 4471 Midterm Exam with Complete Solutions
incident response plan
disaster recovery plan
implementation plan
component selection
success criteria
Implementation Correct Ans-build/buy components
integrate
educate user community
Testing Correct Ans-evaluate daily-use tools
feed-back from users
simulated business disruption
simulated natural disaster
measure results vs success criteria
Needs of the business Correct Ans-protect organization's ability to function
protect data and information assets
enable safe application operation
safeguard other technology assets
threat Correct Ans-an object, person, or other entity which represents a danger to assets
threat agent Correct Ans-a person or system who uses exploits to instantiate threats
vulnerability Correct Ans-a system weakness or fault which decreases security
C-2 Security Correct Ans-discretionary access control
individual authentication
object reuse
audit trails
resource isolation
private files
discretionary access control Correct Ans-must be possible to grant/deny access to specific
resources to named users or groups of users
individual authentication Correct Ans-user must identify themselves in a unique manner
object reuse Correct Ans-memory and disk must not be readable after delete
, CSE 4471 Midterm Exam with Complete Solutions
audit trails Correct Ans-audit-able actions must associate with user, access to audit data
must be limited to admins
resource isolation Correct Ans-systems protected from external modification of running
operating system or stored system files
private files Correct Ans-security-related events accessible only by systems admin but sys
admin cannot read other users files
Security Development Life-cycle (SDLC) Correct Ans-evolution->analyze->design-
>implementation->testing
Evolution Correct Ans-(Investigation)
Determine goals of security project
scope and define project
determine organizational feasibility
Analyze Correct Ans-enumerate specific threat impacts
analyze potential legal issues
risk evaluation and management
Design Correct Ans-business continuity plan
, CSE 4471 Midterm Exam with Complete Solutions
incident response plan
disaster recovery plan
implementation plan
component selection
success criteria
Implementation Correct Ans-build/buy components
integrate
educate user community
Testing Correct Ans-evaluate daily-use tools
feed-back from users
simulated business disruption
simulated natural disaster
measure results vs success criteria
Needs of the business Correct Ans-protect organization's ability to function
protect data and information assets
enable safe application operation
safeguard other technology assets
