15.1. Short Answer – Security Properties (2 points) Identify…
15.1. Short Answer – Security Properties (2 points) Identify two security mechanisms in this scenario that maintain confidentiality or integrity, and explain what threat each mitigates. 15.2. Multiple Choice (1 point) Why is DNS amplification effective for DDoS? a) Uses DNSSEC keys to overload CPU b) Small queries → large responses → bandwidth exhaustion c) Requires insider access to DNS servers d) Hijacks routing tables to redirect traffic. 15.3. True/False: Give reasoning for your answer. (1 point) “In IPsec tunnel mode, the entire original IP packet is encrypted, including the original header. 15.4. Scenario – Threat Analysis (2 points) If the employee clicks the phishing link, what two attacks become possible even though TLS is still used securely? 15.5. True/False: Give reasoning for your answer. (1 point) “Stealing an SSH private key alone guarantees unauthorized access. 15.6 Scenario for Questions 15.7- 15.9 (DFD + Trust Boundaries + Threat Modeling) A Data Flow Diagram (DFD) shows: Mobile App → Web Server → Internal DB. Authentication happens at Web Server. Sensitive data crosses the Internet. 15.7. Scenario-Based (2 points) Identify one trust boundary in the system and explain why this boundary increases attack surface exposure. 15.8. Multiple Choice (1 point) Crossing a trust boundary typically implies: a) Same security assumptions on both sides b) Privilege, authentication, or trust level changes c) Traffic is automatically encrypted d) No need for logging or monitoring 15.9. True/False: Give reasoning for your answer. (1 point) “If TLS is implemented correctly, a Man-in-the-Middle on the network cannot read or modify data in transit.