Final Exam, CSCI 277, Spring 2022
- The weight for each question is given.
- Use as much paper as you wish, but make your answers are legible.
- Please label your answers with the question number.
- Please answer each question thoughtfully and carefully. Your answers should reflect participation in this class.
- SQL Injection
- [3 points] Describe the environment when a SQL injection can occur.
- [2 points] Describe how a SQL injection attack can be mitigated.
- Fake Email/SPAM
- [2 points] What principle makes spam email effective?
- [3 points] Name three different purposes for sending fake email.
- [2 points] Why is it not reasonable to rely on email header information?
- [3 points] What is phishing and spear phishing?
- OS Basics
- [2 points] What is an operating system?
- [3 points] Name or describe three distinct tasks an operating system performs.
- OS Security
- [3 points] Name/Describe three different layers in a operating system.
- [2 points] Describe how authentication spans multiple levels of the operating system.
- [5 points] Describe the particular security challenges introduced by device drivers. This discussion should involve material presented in class or chapter 5 of the book.
- Virtualization
- [2 points] What is virtualization?
- [3 points] How can virtualization make a system more stable?
- [2 points] What is a honeypot?
- [3 points] How can a honeypot be employed in cybersecurity?
- For me, at least, a recurring theme throughout the course has been "Keep up to date".
- [2 points] Name two distinct "things" that a computing professional should keep up to date to enhance cybersecurity.
- [3 points] Why is it important that the computing professional keep these "things" up to date?
- [5 points] Is cybersecurity a problem that will ever be solved? Why or why not?