The midterm exam consists of questions on the material covered thus far in the course, requiring short essay answers. The student should fully answer each question in order to demonstrate a solid understanding of the course content. There is no requirement on length of this assignment, as long as the questions are thoroughly answered. The exam must be completed and submitted for grading by Sunday at 11:59pm EST. Use of the course text, content and discussions are allowed. There is no time limit on the exam as long as it is submitted by the deadline.
1. What are the three states of data that DLP typically examines?
2. Describe the two types of privilege escalation.
3. How does a SYN flood attack work?
4. Describe the RIPEMD hash.
5. Why is the speed of attacks making the challenge of keeping computers secure more difficult?
6. Describe the security principle of simplicity.
7. How does ARP poisoning take advantage of the use of ARP?
8. How does a cross-site scripting (XSS) attack work?
9. List and describe three of the characteristics of information that must be protected by information security?
10. Discuss the three areas of protection that are provided by IPsec.
11. Describe how a DLP can be configured.
12. Discuss how HMAC works.
13. Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
14. How can steganography be used to hide information in something other than images?
15. Explain the difference between key revocation versus key suspension.
