حل اسئلة ضمان وأمن المعلومات قسم الحاسوب الجامعة المستنصرية نموذج رقم 1
Q1. Multiple Choice Questions (15 points):
1. Encryption Strength is based on:
a. Strength of algorithms b. Secrecy of key.
c. Length of key d. All of the above answers.
e. None of the above answers.
2. Which type of malware is a self-contained program that replicates and sends copies of itself to
other computers, generally across a network?
a. Virus b. Worms
c. Trojan. d. Rootkit.
e. None of the answers
3. For discovering the OS running on the target system, the scanning has a specific term. What is
it?
a. Footprinting. b. 3D Printing.
c. Fingerprinting. d. screen-printing.
e. None of the above answers.
4. In Cryptography, original message, before being transformed, is called:
a. Simple text. b. Empty text.
c. Plain text d. Filled text.
e. None of the above answers.
5. Which of the following solutions are used for authenticating a user to gain access to systems,
applications, and data?
a. Passwords and PINs. b. Smart cards and tokens..
c. Biometric devices. d. Biometric devices.
e. All of the above.
6. The NIST SP800-30 standard is a ---------- management framework standard:
a. Risk. b. Vulnerability.
c. Threat. d. Security.
e. None of the above answers.
7. ---------- of information refers to protecting information from being modified by unauthorized
parties.
a. Confidentiality. b. Integrity.
c. Availability. d. Threats.
e. None of the above answers.
8. Consider a program on a network that accesses a customer database and creates records for
customer orders that do not exist. What type of threat is this?
a. Interception. b. Modification.
c. Fabrication. d. Interruption.
e. None of the above answers.
9. Ideally, what characters should you use in a password to make it strong?
a. Letters. b. Upper and Lower Characters.
c. Numbers. d. Special Characters.
e. all of the above answers.
10. ---------- is the action of recording the keys struck on a keyboard, typically covertly, so that the
person using the keyboard is unaware that their actions are being monitored.
a. Denial of service. b. Exploits.
c. Scams. d. Keylogging.
e. Spamming.
11. The ---------- defines the actions that are and are not allowed with respect to the use of
organization-owned IT assets.
a. Acceptable use policy. b. Security awareness policy.
c. Guidelines. d. Procedures.
e. None of the above answers.
12. One commonly used public-key cryptography method is the ---------- algorithm.
a. DES. b. RSA.
c. RAA. d. Vigenère.
e. None of the above answers.
13. Which of the following issues are considered in IoT?
a. Security Issue. b. Reliablity Issue.
c. Standard Issue. d. Connected devices.
e. All of the above answers.
14. A digital signature needs a(n) ---------- system.
a. Symmetric key. b. Asymmetric key.
c. Stream cipher. d. Block cipher.
e. None of the above answers.
15. Which of the following is a type of social engineering attack?
a. Shoulder surfing. b. User identification.
c. System monitoring. d. Face-to-face communication.
e. None of the above answers.
Q2. Define the Terms (answer 5): (15 points)
Integrity, Risk Management, Firewalls, Transposition cipher, Trojan horse’s malware, the
internet of things (IOT), Threats.
Sol//
1. Integrity: Integrity refers to the accuracy, consistency, and reliability of data over its entire lifecycle. It ensures that data remains unchanged and has not been tampered with or altered in an unauthorized manner.
1. النزاهة: تشير النزاهة إلى دقة البيانات واتساقها وموثوقيتها طوال دورة حياتها بأكملها. ويضمن بقاء البيانات دون تغيير وعدم العبث بها أو تغييرها بطريقة غير مصرح بها.
2. Risk Management: Risk management is the process of identifying, assessing, and prioritizing risks to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. It involves analyzing potential risks, determining their potential impact, and implementing strategies to mitigate or manage them effectively.
2. إدارة المخاطر: إدارة المخاطر هي عملية تحديد المخاطر وتقييمها وترتيب أولوياتها لتقليل ومراقبة والتحكم في احتمالية أو تأثير الأحداث المؤسفة أو لتعظيم تحقيق الفرص. ويتضمن تحليل المخاطر المحتملة، وتحديد تأثيرها المحتمل، وتنفيذ استراتيجيات للتخفيف منها أو إدارتها بشكل فعال.
3. Firewalls: Firewalls are network security devices or software applications that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between a trusted internal network and untrusted external networks (such as the internet), preventing unauthorized access while allowing legitimate communication to pass through.
3. جدران الحماية: جدران الحماية هي أجهزة أمان الشبكة أو تطبيقات البرامج التي تراقب وتتحكم في حركة مرور الشبكة الواردة والصادرة بناءً على قواعد أمان محددة مسبقًا. وهي تعمل كحاجز بين شبكة داخلية موثوقة وشبكات خارجية غير موثوقة (مثل الإنترنت)، مما يمنع الوصول غير المصرح به بينما يسمح بمرور الاتصالات المشروعة.
4. Transposition cipher: A transposition cipher is a method of encryption where the positions of characters in the plaintext are rearranged according to a specific system to produce the ciphertext. Unlike substitution ciphers where characters are replaced, transposition ciphers shuffle the order of characters.
4. تشفير التحويل: تشفير التحويل هو طريقة للتشفير حيث يتم إعادة ترتيب مواضع الأحرف في النص العادي وفقًا لنظام معين لإنتاج النص المشفر. على عكس الأصفار البديلة حيث يتم استبدال الأحرف، تقوم الأصفار التبديلية بتعديل ترتيب الأحرف عشوائيًا.
5. Trojan horse's malware: A Trojan horse is a type of malware disguised as legitimate software to trick users into downloading and installing it on their systems. Once installed, Trojan horse malware can perform various malicious actions, such as stealing sensitive information, gaining unauthorized access to the system, or causing damage to data or files.
5. برامج حصان طروادة الضارة: حصان طروادة هو نوع من البرامج الضارة المتخفية في هيئة برامج شرعية لخداع المستخدمين لتنزيلها وتثبيتها على أنظمتهم. بمجرد التثبيت، يمكن لبرامج حصان طروادة الضارة تنفيذ العديد من الإجراءات الضارة، مثل سرقة المعلومات الحساسة، أو الوصول غير المصرح به إلى النظام، أو التسبب في تلف البيانات أو الملفات.
6. Internet of Things (IoT): The Internet of Things refers to the network of interconnected devices embedded with sensors, software, and other technologies that enable them to collect and exchange data over the internet. These devices can range from everyday objects like household appliances and wearable devices to industrial machines and vehicles, all connected to the internet to facilitate communication and data exchange.
6. إنترنت الأشياء (IoT): يشير إنترنت الأشياء إلى شبكة من الأجهزة المترابطة المضمنة بأجهزة استشعار وبرامج وتقنيات أخرى تمكنها من جمع البيانات وتبادلها عبر الإنترنت. يمكن أن تتراوح هذه الأجهزة من الأشياء اليومية مثل الأجهزة المنزلية والأجهزة القابلة للارتداء إلى الآلات الصناعية والمركبات، وكلها متصلة بالإنترنت لتسهيل الاتصال وتبادل البيانات.
7. Threats: Threats refer to potential dangers or harmful events that can exploit vulnerabilities in a system or network, leading to adverse consequences such as data breaches, system downtime, or financial loss. Threats can come in various forms, including malware, hackers, natural disasters, human error, and technical failures.
7. التهديدات: تشير التهديدات إلى المخاطر المحتملة أو الأحداث الضارة التي يمكنها استغلال نقاط الضعف في النظام أو الشبكة، مما يؤدي إلى عواقب سلبية مثل اختراق البيانات أو تعطل النظام أو الخسارة المالية. يمكن أن تأتي التهديدات بأشكال مختلفة، بما في ذلك البرامج الضارة والمتسللين والكوارث الطبيعية والأخطاء البشرية والأعطال الفنية.
Q3. What are the main differences between (answer two): (15 points)
a.Hiding programs and infecting programs.
b.Acceptable use policy (AUP) and Security awareness policy.
c. Hash Functions and Digital Signatures.
Sol//
Here's a table outlining the main differences between the concepts you requested:
| Concept 1 | Concept 2 | Description |
|---|---|---|
| Hiding Programs | Infecting Programs | Goal |
| Conceal its presence | Spread and replicate itself | |
| Methods | ||
| Steganography, rootkits | Viruses, worms | |
| Impact | ||
| May reduce system performance | Can cause significant damage (data loss, system crashes) | |
| Detection | ||
| May be difficult to detect | Usually easier to detect due to suspicious behavior |
| Concept 1 | Concept 2 | Description |
|---|---|---|
| Acceptable Use Policy (AUP) | Security Awareness Policy | Focus |
| Defines permitted and prohibited actions for IT assets | Educates users about security practices | |
| Content | ||
| Specifies allowed software, online activities, data usage | Explains threats, password hygiene, phishing scams | |
| Enforcement | ||
| May lead to disciplinary action | Helps users identify and avoid security risks |
| Concept 1 | Concept 2 | Description |
|---|---|---|
| Hash Functions | Digital Signatures | Purpose |
| Creates a unique, fixed-length string from data | Creates a verifiable message digest to ensure data integrity and origin | |
| Algorithm | ||
| MD5, SHA-256 | RSA, DSA | |
| Verification | ||
| Anyone can calculate the hash from the data | Requires the public key of the signer to verify the signature | |
| Use Cases | ||
| Data integrity checks (file downloads) | Secure document signing, software updates |
Practical: Answer one (15 points)
a) Write C# program to cipher the text "SECURITY" using shift 4 letters algorithm.
Sol//
using System;
public class CaesarCipher
{
public static void Main(string[] args)
{
string plainText = "SECURITY";
int shift = 4;
string cipherText = Encrypt(plainText, shift);
Console.WriteLine("Plain Text: {0}", plainText);
Console.WriteLine("Cipher Text: {0}", cipherText);
}
public static string Encrypt(string text, int shift)
{
string cipherText = "";
foreach (char c in text)
{
if (char.IsLetter(c))
{
char shiftedChar = ShiftChar(c, shift);
cipherText += shiftedChar;
}
else
{
cipherText += c; // Keep non-letters as they are
}
}
return cipherText;
}
private static char ShiftChar(char c, int shift)
{
int newCharAscii;
if (char.IsUpper(c))
{
newCharAscii = (int)c + shift;
if (newCharAscii > 'Z')
{
newCharAscii = newCharAscii - 'Z' + 'A' - 1;
}
}
else
{
newCharAscii = (int)c + shift;
if (newCharAscii > 'z')
{
newCharAscii = newCharAscii - 'z' + 'a' - 1;
}
}
return (char)newCharAscii;
}
}
Plain Text: SECURITY
Cipher Text: WGLIWVMK
b) Write C# program to cipher the text " INFORMATION SECURITY" using transposition
technique with the following notes:
Declare array with suitable size.
Fill the array starting from the last column to first column.
Read the array from the first row to the last row
Sol//
using System;
public class TranspositionCipher
{
public static void Main(string[] args)
{
string plainText = " INFORMATION SECURITY";
plainText = plainText.Replace(" ", ""); // Remove spaces for transposition
int keyLength = 5; // Adjust key length as needed
char[,] cipherArray = new char[keyLength, plainText.Length / keyLength + 1];
FillCipherArray(plainText, cipherArray);
string cipherText = ReadCipherArray(cipherArray);
Console.WriteLine("Plain Text: {0}", plainText);
Console.WriteLine("Cipher Text: {0}", cipherText);
}
private static void FillCipherArray(string plainText, char[,] cipherArray)
{
int index = 0;
for (int col = cipherArray.GetLength(1) - 1; col >= 0; col--)
{
for (int row = 0; row < cipherArray.GetLength(0); row++)
{
if (index < plainText.Length)
{
cipherArray[row, col] = plainText[index];
index++;
}
else
{
cipherArray[row, col] = '\0'; // Fill remaining cells with null characters
}
}
}
}
private static string ReadCipherArray(char[,] cipherArray)
{
string cipherText = "";
for (int row = 0; row < cipherArray.GetLength(0); row++)
{
for (int col = 0; col < cipherArray.GetLength(1); col++)
{
if (cipherArray[row, col] != '\0') // Include only non-null characters
{
cipherText += cipherArray[row, col];
}
}
}
return cipherText;
}
}