Question 1: Authorization [30%]
Consider the parts department of a plumbing contractor. The department maintains an inventory database that includes parts information (part number, description, color, size, number in stock, etc.) and information on vendors from whom parts are obtained (name, address, pending purchase orders, closed purchase orders, etc.). In an RBAC system, suppose that roles are defined for ‘accounts payable clerk’, ‘installation foreman’, and ‘receiving clerk’. For each role, indicate which items should be accessible for read-only and read-write access.
Some notes to help with interpretation (terms you may not have encountered before):
Purchase orders are a request to purchase an item. They are opened once the vendor has been given a request for the item. They are closed once the item has been delivered AND it has been paid for.
An accounts payable clerk is a person responsible for paying out money from an organization, such as when an organization buys an item from a vendor.
A receiving clerk is responsible for accepting and processing the delivery of items from vendors.
Question 2: Malware [70%]
Choose two of the following major historical malware:
2. ILOVEYOU (No, the description was not hacked; this was the actual name of a major malware)
For each of the malware you’ve chosen, answer the following questions:
1. How did it spread? (i.e. what was its propagation mechanism)
2. What was the payload? (i.e. what did it do, other than spread)
3. What was the trigger for its payload (when did it do its action? Did it start doing it from the start, or did it trigger on a given condition?)
4. What was the estimated total damage caused by this malware, in dollars?
5. Identify two strategies which could have stopped, or reduced the spreading of the malware?
6. In terms of recovery, would removing the virus be sufficient (e.g. by running an antivirus program), or should the whole system be reinstalled and restored from backup?
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
Creating roles (RBAC approach) makes the administration tasks easier at database level because the permissions (e.g. on tables) won’t be granted individually (e.g. per user), but only once at role’s level (and they propagate for all users who were assigned to the same role). A potential assignation of access modes for the provided example (based on the provided description) can be like below:
- Installation foreman role – this requires read-only access for part information;...
This is only a preview of the solution. Please use the purchase button to see the entire solution