I have 3 question in information security, and these are the questions..
Q1 Desgin a scheme by which a credit card user can authenticate to a credit card processing company so that a merchant could be confident the user was the rightful owner of the credit card. Your scheme should have three aspects :first, for face-to-face transaction,for example, a purchase in a store; second , for voice transaction , for example, a purchase by telephone ; third, for a electronic transaction , for example, a purchase on the internet. Describe the difficulty for the user, for example,your scheme might require the user to carry a token that might be inconvenient to carry. Describe the delay factor, if any, in the merchant ‘s seeking authentication. This question is focused on providing assurance to merchant. Does it also protect the user or the credit card processor?why or why not.
Q2 Penetration testing is based on Clark Weissman’s flaw Hypothesis Methodology in which the tester hypothesize a flaw, designs a test to confirm the flaw’s existence, applies the test , and uses the result of the test to refine the hypothesis by expanding on a demonstrated flaw or choosing a different potential weakness. How would you apply the Flaw Hypothesis Methodology to search for failures in the Mars probe example?
Q3 it is possible to identify all the plug and play components ever connected to your system. Using a Windows system follow the steps and try to identify what devices were plugged in. If using the registry is cumbersome, I strongly recommend:
USBDeview: http://www.nirsoft.net/utils/usb_devices_view.html
To show you are able to track the devices connected to your system, provide a summary list of all devices you found and the last connection date. Please obscure any information that you believe should not be disclosed. Please keep this list as compact as possible (maybe one line per each device).
0 comments