IT 263 John Kristoff Final Exam Guide June 8, 2007 NOTE: The final is cumulative. See midterm-guide.txt on our class web page for the relevant topics on the first half of the course. Exam Format The final exam will consist of multiple choice, fill in the blank and short essay questions. The exam will take you about 1 to 2 hours to complete, but you have as much time as you need. If you are having an unreasonably difficult time with the exam, chances are others are as well. Do the questions you know best first and go back to the hard ones later. There is a grading curve for the final grade to correct any problems in the exam or my instruction that led up to the exam. The exam is open book, open notes. No calculators, computers or electronic devices are allowed. Only basic math skills are necessary for the exam. You will have enough paper as necessary, but if you need more you can ask the proctor for additional sheets. A final word of caution, DO NOT CHEAT! Topics Covered The book, required reading and lecture materials should be used as reference material to study from. However, class lectures and class discussions are equally as important references for the exam. You may want to review prior class material using course online. Below is a list of concepts and technologies you should be comfortable with in order to do well on the exam. VI. Internet Security Threats A. The underground economy B. Malware C. Denial of service D. Data leaks E. Spoofing VII. Internet Security Operations A. Internet architecture trade-offs B. Black lists C. Encryption D. Firewalls E. VPNs G. Honeypots and darknets H. Intrusion detection systems VIII. Internet Applications A. World wide web B. Email C. File transfer D. VoIP E. Instant messaging F. File sharing H. Quality of service I. Tor J. NTP Sample Exam Questions 1. What is the difference between HTTP and HTTPS? 2. Construct an argument for TFTP as a more secure means of file transfer than FTP might be. 3. In your own words, constrast the Internet architecture to the Telephone network architecture. 4. Can you think of a case when the default deny approach to security might not work? 5. What sorts of problems can occur with the use of black lists? 6. Why is address spoofing possible? 7. Describe the difference between shared key crypto and public key crypto. 8. How do you use NAT to share one public IP address between multiple hosts? 9. What is the difference between a stateful inspectsion firewall and a simple per-packet filtering firewall? 10. List two potential problems for those running a Tor exit node? 11. What is the differene between a packet capture using Wireshark, NetFlow and syslog? 12. PGP uses public key crypto. True or false? 13. Why might a real-time application such as VoIP prefer to use UDP rather than TCP? Can you think of any cases where TCP would work better? 14. Describe the TCP 3-way handshake. What information is exchanged between TCP endpoints during this handshake process? 15. There are two ways a UDP/TCP port are used, active and passive. What is the difference?