ID: Name: Multiple Choice Questions. Choose one answer. Each
MIS430 Second Mid Term 15 Marks Salman Bin Abdul-Aziz University College of Business Administration Department of Management Information Systems ID:______________________________ Name: ____________________________________ Multiple Choice Questions. Choose one answer. Each answer is worth ½ marks for a total of 3 marks 1. Witch plan typically focuses on restoring systems after disasters occur? a. Incident Response Plan. b. Disaster Recovery Plan. c. Business Continuity Plan. d. Risk Management Plan. 2. What do we call the process of seeking out and studying practices in other organizations that one’s own organization desires to duplicate? a. Baselining b. Benchmarking c. Best practices d. Due diligence 3. In information security, what is the name of the entity that seeks a resource? a. A client b. A hacker c. An intruder d. A supplicant. 4. Which firewall generation are called dynamic packet filtering firewalls because they allow only packets with particular source, destination, and port addresses to enter? a. First generation b. Third generation c. Fourth generation d. Fifth generation 5. What allows a firewall to react to emergent event and update or create rules to deal with event? a. Dynamic filtering b. Static filtering c. Statefull inspection d. First generation filtering 6. What is the name of the mechanism whereby an unverified entity that seeks access to a resource proposes a label by which they are known to the system? a. Authentication b. Authorization c. Identification d. Nonrepudiation MIS430 Second Mid Term 15 Marks T/F Questions. Each question is ½ mark for a total of 2 marks a. When configuring fire walls, Internet Control Message Protocol (ICMP) data is denied (T) b. Circuit Gateways are designed to operate at the media access control layer of OSI network model (F) c. Content filters are sets of scripts or programs restricting user access to certain networking protocols/Internet locations (T) d. Discretionary access controls (DACs): implemented at the discretion or option of the data user. (T) Short answer questions 10 marks a. b. c. d. Explain the difference between a firewall and a proxy server. 2 marks What is packet filtering? 1 mark State two means used to accomplish accountability? 2 marks There are three general ways in which authentication is carried out. What are these ways. Explain with an example each way. 3 marks e. When do we need a Business Continuity Plan? Explain. 2 marks Answers a. A firewall is an application running on a networking device. Its goal is to prevent specific types of information from moving between the outside world (untrusted network) and the inside world (trusted network). Whereas a proxy server is an application program that runs on a firewall system between two networks. The proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall. b. Packet filtering is the process of examining header information of data packets to decide whether to allow or deny the packet access to the network. c. System logs and database journals. d. The three general ways in which authentication is carried out are: 1. Something a supplicant knows: Example password 2. Something a supplicant has: Example ID card 3. Something a supplicant is: Example finger prints. e. A business continuity plan BCP occurs concurrently with DRP when damage is major or long term, requiring more than simple restoration of information and information resources. Bonus Question: a. Is the incident response plan reactive or proactive? Explain b. What is the role of a virtual private network (VPN)? 2 marks 1 mark 1 mark Answer a. The IRP is reactive in that it is designed to identify, classify, and respond to an incident. It is not designed to react to incidents. b. The VPN allows individuals to connect to organization’s network using the internet or any dial-up public network.
© Copyright 2024