Information Assurance
EXAM INSTRUCTIONS
There are FOUR (4) questions on this exam; the point value of each is noted adjacent to the Question number AND IS 25 POINTS each. The total point value of this exam is 100 points and it is worth a total of 25% of this course as per the Course Syllabus.
1. Attempt all four (4) of these questions. I do give partial credit.
2. Each question must be answered in your own words. However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations. Also be sure to cite references right there using APA style when you paraphrase the words of others.
3. You may use any resources including any textbooks, notes from this course including other written resources, conference papers and articles, as well as material you may find by searching the Web. Be careful when using blogs, because they are often not peer reviewed and as such often are merely the personal opinions of the blogger. To adequately respond to these exam questions requires research beyond the lecture notes and discussion forums.
Adequate answers for the entire examination should run approximately 12 double-spaced pages, not much more, with one-inch margins and 12-point font. This examination will be graded electronically, meaning comments will be appended directly onto your exam text. This only works properly for Microsoft Word Files. Hence only submit Microsoft Word File. No PDF files.
4. You must provide a separate bibliography (list of reference material) for each question following APA style recommendations. The bibliography for each question is outside the scope of the 12 double-spaced pages and should be placed at the end of each question.
5. Answers will be evaluated according to the following criteria:
Key content, logical flow, clarity, spelling, grammar, and proper citations bibliography.
Your responses to the exam questions below should be framed in a manner which addresses security, privacy and trusted systems. That is in the context of secure, private and trusted systems.
Question 1 (25 points)
Choose three (3) software testing techniques. Discuss, Describe and Compare the purpose and capabilities of each, being sure to explain their relative differences, similarities, shortcomings, and the degree to which they complement one another. How would or could you measure their market acceptance AS WELL AS how well are they perceived to perform in the commercial marketplace?
Describe the forces that will shape the future development of these techniques. With these forces in mind, what are the likely future features and functionality for each of the three (3) techniques you chose? Will any one (1) or two (2) techniques become more dominant relative to the others? Why or why not?
Question 2 (25 points)
Cloud computing and virtualization are two relatively new technologies which have re-emerged and which are both making an indelible and in the view of many experts, an irreversible impact on the way computing services are delivered and in the ways software is developed.
Review the literature and analyze the strengths and weaknesses of both virtualization and cloud computing in providing secure and trusted systems.
In what ways do the experts foresee the use of each of these technologies evolving in the future?
In the context of security and trust, what specific challenges will these evolutions present across the software lifecycle?
Based on your analysis make recommendations for the secure use of virtualization technology and cloud computing.
Question 3 (25 points)
This question is about auditing a cloud computing deployment which uses the public model.
1. Explain the role auditing plays in the context of achieving trustworthy systems.
2. Describe, compare and contrast the complexities of auditing a cloud computing deployment which uses the public model?
3. Analyze the degree to which auditing tools and procedures used in cloud computing (especially with respect to the public model) produce trustworthy audits?
4. What recommendations have experts made to improve these public cloud auditing tools and procedures? You may or may not be an expert in this particular domain. However; do you see how this model could be modified to make it better?
5. Name 3 commercially available Cloud Computing offerings?
6. Briefly compare and contrast these offerings?
Question 4 (25 points)
Google is a firm which has experienced meteoric rises in popularity, product range and market place penetration along with associated customer base expansion as well as significant ICT (Information Communications Technology) industry influence.
This question requires you to select a web services application provided by Google for example Google Calendar or Google Docs. Then analyze and critique their approach to providing users a secure trusted environment in which youre chosen web service application operates in.
Recent Comments