Instructions
The exam is intended to assess your understanding of key concepts in the course. Wherever possible, make sure answers are stated in your own words, and where applicable provide your own examples. When composing your answers, be thorough. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers.
While composing your answers, be VERY careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references.
Exam Questions
Question 1: Short Essay Answer. Please answer in your own words when possible and cite all sources of information. Respond to the following questions considering all the material we have studied in this class for the past 6 weeks. Be specific and fully explain and give reasons for your answer.
There has been reports from the news about a few fatal accidents where software bugs or vulnerabilities were the main source of the problem. For example, in the case of Boeing 737 MAX and 737 NG airplane Maneuvering Characteristics Augmentation System (MCASE) software. In this question we dive into software development lifecycle models and how software bugs can affect the security of the product if not followed properly.
Explain in detail all the software development lifecycle models (SDLC) we discussed in Session 1 and in addition for each of the models discuss the following:
A) What are the advantages and disadvantages from a security perspective?
B) What are the strengths and weaknesses of each model from a security perspective?
C) Provide an example scenario of where each one is used from a security perspective.
D) At what stage in the software development lifecycle is security implemented?
Question 2: Short Essay Answer. Please answer in your own words when possible and cite all sources of information. Respond to the following questions considering all the material we have studied in this class for the past 6 weeks. Be specific and fully explain and give reasons for your answer.
Defense Contractor Company X is hiring CyberSecurity experts to help with various security issues regarding their software and hardware teams. You apply to the Principal Cybersecurity position and get called for an in-person interview. The Director of operations schedules a meeting with his existing 30-person team and yourself. Half of the team is on the Contracts and Sustainment teams and half is on the Engineering team and they want to see what you can bring to the table. It is expected that the meeting will turn into a technical discussion and you are expected to brief both teams as expected because you are the Cybersecurity SME (Subject Matter Expert). Their software development team is using the Agile process and they want to add security to this process. The end goal is to reach maturity level 3.
From all the material we covered so far from Session 1 to 5, please provide a detailed answer and full explanation to these questions with enough supporting evidence that can justify full points credit.
A) What security methodology framework should they use to enforce security throughout the software development process?
B) What would you recommend for system network boundary protection from Cyberattacks?
C) What would you recommend for detection of vulnerabilities such as buffer overflows?
D) What would you recommend for C programming language static/dynamic analysis?
E) What would you recommend for wiping out a company mobile device if it gets lost or stolen?
Their hardware team is also trying to certify their Crypto hardware module to EAL 7 and the software team mentioned above is part of this effort as well. The Crypto module uses FIPS-140-2 type encryption algorithm and takes input from an unclassified system and sends the information to a classified system. They need an ATO (Approval to operate) and are in desperate need of a Cybersecurity expert that knows the RMF framework, this is where your expertise comes in. From all the material we covered so far from Session 1 to 5, please provide a detailed answer and full explanation to these questions with enough supporting evidence that can justify full points credit.
F) The Company Director asks – “Explain the RMF framework in detail”?
G) What are the 3 main documents that are required for an RMF evidence package, explain in detail?
H) He also asks, “How do we certify our Crypto module with concurrent certifications, I mean we have the Government ATO – C&A (now A&A) and the EAL 7 certification within almost the same time frame? Explain in detail.
I) Explain the EAL7 certification process in detail?
J) Explain in detail the Vulnerability assessment and analysis methodology you will conduct if we hire you?
Question 3: Short Essay Answer. Please answer in your own words when possible and cite all sources of information. Respond to the following, considering all the material we have studied in this class for the past 6 weeks. Be specific and fully explain and give reasons for your answer.
This is continuation from Question 2 above.
You think you did excellent after a good grilling the first day, but the Director was not quite convinced so he decides to bring you in for a second day to cover some more details on how you can help his other teams. This time, a red team of ethical hackers and pen testers gathered in the conference room. Some of them had a few sheets of paper with a lot of questions to choose from just waiting to ask you, but you are confident enough since you have all the experience required for the Principal Cybersecurity position, they are interviewing you for. The Director has a contract with DHS (Department of Homeland Security) and the FBI (Federal Bureau of Investigations) but some of the folks in his team do not have the higher-level clearances DHS and FBI needs but you do.
Please provide a detailed answer and full explanation to these questions with enough supporting evidence that can justify full points credit.
A) What details can you provide us regarding Chinese Malicious Cyber Activity?
Especially, Operation code name Cloud Hopper –
B) What details can you provide us regarding – North Korean Malicious Cyber Activity code name HIDDEN COBRA? Especially
North Korean Tunneling Tool ELECTRICFISH –
North Korean Trojan KEYMARBLE –
North Korean Trojan SHARPKNOT –
North Korean Trojan BANKSHOT –
North Korean Trojan BADCALL –
C) What details can you provide us regarding Russian Malicious Cyber Activity code name GRIZZLY STEPPE?
1