أخر الاخبار

حل اسئلة ضمان وأمن المعلومات قسم الحاسوب الجامعة المستنصرية نموذج رقم 1

حل اسئلة ضمان وأمن المعلومات قسم الحاسوب الجامعة  المستنصرية نموذج رقم 1

حل اسئلة ضمان وأمن المعلومات قسم الحاسوب الجامعة  المستنصرية نموذج رقم 1



 Q1. Multiple Choice Questions (15 points):

1. Encryption Strength is based on:

a. Strength of algorithms b. Secrecy of key.

c. Length of key d. All of the above answers.

e. None of the above answers.

2. Which type of malware is a self-contained program that replicates and sends copies of itself to

other computers, generally across a network?

a. Virus b. Worms

c. Trojan. d. Rootkit.

e. None of the answers

3. For discovering the OS running on the target system, the scanning has a specific term. What is

it?

a. Footprinting. b. 3D Printing.

c. Fingerprinting. d. screen-printing.

e. None of the above answers.

4. In Cryptography, original message, before being transformed, is called:

a. Simple text. b. Empty text.

c. Plain text d. Filled text.

e. None of the above answers.

5. Which of the following solutions are used for authenticating a user to gain access to systems,

applications, and data?

a. Passwords and PINs. b. Smart cards and tokens..

c. Biometric devices. d. Biometric devices.

e. All of the above.

6. The NIST SP800-30 standard is a ---------- management framework standard:

a. Risk. b. Vulnerability.

c. Threat. d. Security.

e. None of the above answers.

7. ---------- of information refers to protecting information from being modified by unauthorized

parties.

a. Confidentiality. b. Integrity.

c. Availability. d. Threats.

e. None of the above answers.

8. Consider a program on a network that accesses a customer database and creates records for

customer orders that do not exist. What type of threat is this?

a. Interception. b. Modification.

c. Fabrication. d. Interruption.

e. None of the above answers.

9. Ideally, what characters should you use in a password to make it strong?

a. Letters. b. Upper and Lower Characters.

c. Numbers. d. Special Characters.

e. all of the above answers.

10. ---------- is the action of recording the keys struck on a keyboard, typically covertly, so that the

person using the keyboard is unaware that their actions are being monitored.

a. Denial of service. b. Exploits.

c. Scams. d. Keylogging.

e. Spamming.

11. The ---------- defines the actions that are and are not allowed with respect to the use of

organization-owned IT assets.

a. Acceptable use policy. b. Security awareness policy.

c. Guidelines. d. Procedures.

e. None of the above answers.

12. One commonly used public-key cryptography method is the ---------- algorithm.

a. DES. b. RSA.

c. RAA. d. Vigenère.

e. None of the above answers.

13. Which of the following issues are considered in IoT?

a. Security Issue. b. Reliablity Issue.

c. Standard Issue. d. Connected devices.

e. All of the above answers.

14. A digital signature needs a(n) ---------- system.

a. Symmetric key. b. Asymmetric key.

c. Stream cipher. d. Block cipher.

e. None of the above answers.

15. Which of the following is a type of social engineering attack?

a. Shoulder surfing. b. User identification.

c. System monitoring. d. Face-to-face communication.

e. None of the above answers.


Q2. Define the Terms (answer 5): (15 points)

Integrity, Risk Management, Firewalls, Transposition cipher, Trojan horse’s malware, the

internet of things (IOT), Threats.

Sol//

1. Integrity: Integrity refers to the accuracy, consistency, and reliability of data over its entire lifecycle. It ensures that data remains unchanged and has not been tampered with or altered in an unauthorized manner.

1. النزاهة: تشير النزاهة إلى دقة البيانات واتساقها وموثوقيتها طوال دورة حياتها بأكملها. ويضمن بقاء البيانات دون تغيير وعدم العبث بها أو تغييرها بطريقة غير مصرح بها.


2. Risk Management: Risk management is the process of identifying, assessing, and prioritizing risks to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities. It involves analyzing potential risks, determining their potential impact, and implementing strategies to mitigate or manage them effectively.

2. إدارة المخاطر: إدارة المخاطر هي عملية تحديد المخاطر وتقييمها وترتيب أولوياتها لتقليل ومراقبة والتحكم في احتمالية أو تأثير الأحداث المؤسفة أو لتعظيم تحقيق الفرص. ويتضمن تحليل المخاطر المحتملة، وتحديد تأثيرها المحتمل، وتنفيذ استراتيجيات للتخفيف منها أو إدارتها بشكل فعال.


3. Firewalls: Firewalls are network security devices or software applications that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between a trusted internal network and untrusted external networks (such as the internet), preventing unauthorized access while allowing legitimate communication to pass through.

3. جدران الحماية: جدران الحماية هي أجهزة أمان الشبكة أو تطبيقات البرامج التي تراقب وتتحكم في حركة مرور الشبكة الواردة والصادرة بناءً على قواعد أمان محددة مسبقًا. وهي تعمل كحاجز بين شبكة داخلية موثوقة وشبكات خارجية غير موثوقة (مثل الإنترنت)، مما يمنع الوصول غير المصرح به بينما يسمح بمرور الاتصالات المشروعة.


4. Transposition cipher: A transposition cipher is a method of encryption where the positions of characters in the plaintext are rearranged according to a specific system to produce the ciphertext. Unlike substitution ciphers where characters are replaced, transposition ciphers shuffle the order of characters.

4. تشفير التحويل: تشفير التحويل هو طريقة للتشفير حيث يتم إعادة ترتيب مواضع الأحرف في النص العادي وفقًا لنظام معين لإنتاج النص المشفر. على عكس الأصفار البديلة حيث يتم استبدال الأحرف، تقوم الأصفار التبديلية بتعديل ترتيب الأحرف عشوائيًا.


5. Trojan horse's malware: A Trojan horse is a type of malware disguised as legitimate software to trick users into downloading and installing it on their systems. Once installed, Trojan horse malware can perform various malicious actions, such as stealing sensitive information, gaining unauthorized access to the system, or causing damage to data or files.

5. برامج حصان طروادة الضارة: حصان طروادة هو نوع من البرامج الضارة المتخفية في هيئة برامج شرعية لخداع المستخدمين لتنزيلها وتثبيتها على أنظمتهم. بمجرد التثبيت، يمكن لبرامج حصان طروادة الضارة تنفيذ العديد من الإجراءات الضارة، مثل سرقة المعلومات الحساسة، أو الوصول غير المصرح به إلى النظام، أو التسبب في تلف البيانات أو الملفات.


6. Internet of Things (IoT): The Internet of Things refers to the network of interconnected devices embedded with sensors, software, and other technologies that enable them to collect and exchange data over the internet. These devices can range from everyday objects like household appliances and wearable devices to industrial machines and vehicles, all connected to the internet to facilitate communication and data exchange.

6. إنترنت الأشياء (IoT): يشير إنترنت الأشياء إلى شبكة من الأجهزة المترابطة المضمنة بأجهزة استشعار وبرامج وتقنيات أخرى تمكنها من جمع البيانات وتبادلها عبر الإنترنت. يمكن أن تتراوح هذه الأجهزة من الأشياء اليومية مثل الأجهزة المنزلية والأجهزة القابلة للارتداء إلى الآلات الصناعية والمركبات، وكلها متصلة بالإنترنت لتسهيل الاتصال وتبادل البيانات.


7. Threats: Threats refer to potential dangers or harmful events that can exploit vulnerabilities in a system or network, leading to adverse consequences such as data breaches, system downtime, or financial loss. Threats can come in various forms, including malware, hackers, natural disasters, human error, and technical failures.

7. التهديدات: تشير التهديدات إلى المخاطر المحتملة أو الأحداث الضارة التي يمكنها استغلال نقاط الضعف في النظام أو الشبكة، مما يؤدي إلى عواقب سلبية مثل اختراق البيانات أو تعطل النظام أو الخسارة المالية. يمكن أن تأتي التهديدات بأشكال مختلفة، بما في ذلك البرامج الضارة والمتسللين والكوارث الطبيعية والأخطاء البشرية والأعطال الفنية.


Q3. What are the main differences between (answer two): (15 points)

a.Hiding programs and infecting programs.

b.Acceptable use policy (AUP) and Security awareness policy.

c. Hash Functions and Digital Signatures.

Sol//

Here's a table outlining the main differences between the concepts you requested:

Concept 1Concept 2Description
Hiding ProgramsInfecting ProgramsGoal
Conceal its presenceSpread and replicate itself
Methods
Steganography, rootkitsViruses, worms
Impact
May reduce system performanceCan cause significant damage (data loss, system crashes)
Detection
May be difficult to detectUsually easier to detect due to suspicious behavior
Concept 1Concept 2Description
Acceptable Use Policy (AUP)Security Awareness PolicyFocus
Defines permitted and prohibited actions for IT assetsEducates users about security practices
Content
Specifies allowed software, online activities, data usageExplains threats, password hygiene, phishing scams
Enforcement
May lead to disciplinary actionHelps users identify and avoid security risks
Concept 1Concept 2Description
Hash FunctionsDigital SignaturesPurpose
Creates a unique, fixed-length string from dataCreates a verifiable message digest to ensure data integrity and origin
Algorithm
MD5, SHA-256RSA, DSA
Verification
Anyone can calculate the hash from the dataRequires the public key of the signer to verify the signature
Use Cases
Data integrity checks (file downloads)Secure document signing, software updates


Practical: Answer one (15 points)

a) Write C# program to cipher the text "SECURITY" using shift 4 letters algorithm.

Sol//

using System;

public class CaesarCipher
{
    public static void Main(string[] args)
    {
        string plainText = "SECURITY";
        int shift = 4;

        string cipherText = Encrypt(plainText, shift);
        Console.WriteLine("Plain Text: {0}", plainText);
        Console.WriteLine("Cipher Text: {0}", cipherText);
    }

    public static string Encrypt(string text, int shift)
    {
        string cipherText = "";

        foreach (char c in text)
        {
            if (char.IsLetter(c))
            {
                char shiftedChar = ShiftChar(c, shift);
                cipherText += shiftedChar;
            }
            else
            {
                cipherText += c; // Keep non-letters as they are
            }
        }

        return cipherText;
    }

    private static char ShiftChar(char c, int shift)
    {
        int newCharAscii;

        if (char.IsUpper(c))
        {
            newCharAscii = (int)c + shift;
            if (newCharAscii > 'Z')
            {
                newCharAscii = newCharAscii - 'Z' + 'A' - 1;
            }
        }
        else
        {
            newCharAscii = (int)c + shift;
            if (newCharAscii > 'z')
            {
                newCharAscii = newCharAscii - 'z' + 'a' - 1;
            }
        }

        return (char)newCharAscii;
    }
}


Running the program will output:
Plain Text: SECURITY
Cipher Text: WGLIWVMK


b) Write C# program to cipher the text " INFORMATION SECURITY" using transposition

technique with the following notes:

Declare array with suitable size.

Fill the array starting from the last column to first column.

Read the array from the first row to the last row

Sol//

using System;

public class TranspositionCipher
{
    public static void Main(string[] args)
    {
        string plainText = " INFORMATION SECURITY";
        plainText = plainText.Replace(" ", ""); // Remove spaces for transposition

        int keyLength = 5; // Adjust key length as needed
        char[,] cipherArray = new char[keyLength, plainText.Length / keyLength + 1];

        FillCipherArray(plainText, cipherArray);
        string cipherText = ReadCipherArray(cipherArray);

        Console.WriteLine("Plain Text: {0}", plainText);
        Console.WriteLine("Cipher Text: {0}", cipherText);
    }

    private static void FillCipherArray(string plainText, char[,] cipherArray)
    {
        int index = 0;

        for (int col = cipherArray.GetLength(1) - 1; col >= 0; col--)
        {
            for (int row = 0; row < cipherArray.GetLength(0); row++)
            {
                if (index < plainText.Length)
                {
                    cipherArray[row, col] = plainText[index];
                    index++;
                }
                else
                {
                    cipherArray[row, col] = '\0'; // Fill remaining cells with null characters
                }
            }
        }
    }

    private static string ReadCipherArray(char[,] cipherArray)
    {
        string cipherText = "";

        for (int row = 0; row < cipherArray.GetLength(0); row++)
        {
            for (int col = 0; col < cipherArray.GetLength(1); col++)
            {
                if (cipherArray[row, col] != '\0') // Include only non-null characters
                {
                    cipherText += cipherArray[row, col];
                }
            }
        }

        return cipherText;
    }
}



تعليقات



حجم الخط
+
16
-
تباعد السطور
+
2
-