CSCI 4911 Certification Examination
Answer all Questions in the space provided.
Email the exam to
before the due date.
(An anonymous UseriD for posting grades on course website)
Manning’s job was to make sure that other intelligence analysts in his group had access to everythi
ng that they were entitled to see.
That included incoming intelligence streams from across the world on something called the Joint Worldwide Intelligence
Communications System (JWICS), the Department of Defense's computer network for Top Secret information
. Manning also had
access to another information stream dubbed the Secure Internet Protocol Router Network (SIPRNet), the Pentagon’s server for
information classified as Secret. (Secret and Top Secret are differing levels of classifications for materials.)
Using keyword searches and a knowledge of routing nomenclature, any intelligence analyst
even if he's sitting in a shack in Iraq
can access pretty much any piece of data classified at the level of access he has. Analysts are given updated documents
of every military operating unit and its e
mail designator. The lists can be accessed through an unsecure and
unpublicized Joint Chiefs of Staff file transfer network. Another document lists every single mail routing address by
location, even for
unacknowledged locations like the Air Force test site in “Area 51” near Las Vegas.
Information and intelligence at the Top Secret level can’t be transferred off of those computers easily. To transfer informat
the SIPRNet to uncla
ssified networks, analysts like Manning use proprietary computers called SNAP. About 1,500 are deployed in
Iraq and Afghanistan, according to TeleCommunications Systems, the company that builds them.
, which stands for SIPR
Access Point, “allows you to bring stuff from the low side to the high side and vice versa, securely,” one current user of th
said. The user asked to remain anonymous in order to share sensitive but unclassif
ied insights into how analysts perform their work.
Information on an unclassified computer can be transferred to a stick drive, burned onto a CD or simply e
The important thing to know is that diplomatic cables are no longer transmitted over w
ires to clattering teletype machines. They’re
sent via e
mail over secured networks, and they are also stored on servers until they’re erased. Cables and incident reports from the
field are stored on servers in the form of PST files
PS stands for "perso
mail archives that Microsoft’s Outlook
program uses to compress and store data.
So how did Manning allegedly manage to get access to the diplomatic cables? They’re transmitted via e
mail in PDF form on a State
Department network called Cl
assNet, but they’re stored in PST form on servers and are searchable. If Manning’s unit needed to know
whether Iranian proxies had acquired some new weapon, the information might be contained within a diplomatic cable. All any
analyst has to do is to downl
oad a PST file with the cables, unpack them, SNAP them up or down to a computer that is capable of
interacting with a thumb drive or a burnable CD, and then erase the server logs that would have provided investigators with a
map of the analyst's activ
ities. But analysts routinely download and access large files, so such behavior would not have been seen as
Manning is alleged to have started to provide
with the information in the fall of 2009. His access to computer systems was
f in late May of 2010. The Army’s charging document accuses him of downloading “more than” 50 classified State Department
cables to his personal computer.”
In terms of Integrity, Confidentiality, Non
, discuss how
ed key security principles in his conducting his work. What steps might
the Government take to minimize the occurrence of such an incident in the future?
: What security risks do you
envisage in a 4G
ion 3: Why is Social Engineering and Social Networking a danger to Electronic
Discuss this example with reference to the Wiki
Question 4: Explain the difference between Symmetric and Asymmetric
Which would you choose and under what conditions?
Question 5: What is the brute force attack method? Discuss how brute force may be used
to attack an encryption scheme
stion 6: What balance might you establish
between the need to share information
between Security Agencies versus the risk of “too many people having access to vital
information” and using it for the wrong purpose?
Question 7: Supposing you were asked to prepare a Contingency/Disast
er Recovery Plan,
Outline the steps you would take.
Question 8: Describe at least 5 physical security measures you would put in place to
protect a computer network under your care?
Question 9: Which key areas would you look at in
order to assess the vulnerability of a
Question 10: What is the Key Management problem? Outline a methodology you might
use to securely distribute Private, Session and Public Keys in a distributed network.
What is confidentiality? What is the difference between confidentiality, privacy and
Q12. Briefly discuss the major loopholes in web based systems today? What three steps
might you take to make web based systems more secure?
Q13. Should Governments trust Commercial Off the Shelf
Q14. What is “non
repudiation” and what is its significance?
Q15. Using a real life scenario, outline how encryption can be used to authenticate
Q16. Explain 5 five points of concern you take into account when
Q17. In which of the following layers (Application, Services, Operating System, OS
Kernel, and Hardware) of the system should security
modules be loaded? Why?
Q18. Using three real life examples, explain how an attacker might compromise each of
Userid and Password page on the web
A Blog or Bulletin Board Forum
A For or While loop in an executable file using buffer ov
Q19. According to your own assessment, do you think more people in key government
positions need cyber security training
Is Awareness training necessary for the general
public? Discuss your answer.
Q20. What is the role
of packet filtering in firewall security? Outline at least 3 packet
filtering strategies you would recommend to meet your security goals.
Q21. List 6 major ways in which an Identity thief can compromise one’s identity. What
are some of the steps
one might take to protect one’s identity.
Q22. Discuss how a buffer overflow attack compromises systems security.
Q23. Supposing you were asked to protect an information system for an organization.
Outline the key steps you would take
to achieve this.
Q24. What is Social Engineering? Describe how Social Engineering might be used to
gain access to confidential information.
Q25. What was the most significant thing you learned in this course? Has the course
become more security conscious at a personal level?