Put your name on the file name and below Student's name: _________________________________________ Q1: Compare the two security models: Lollipop...

Q1:   Compare the two security models: Lollipop Model and Onion Model. Describe how they works, the strengths (or advantages), and the weakness (or disadvantages). The answer should be about 1 page. [Hint: Chapter 2] (10%)

A1:

Q2:   Describe the process that X.509 certificate is used in conjunction with Public Keying Method. There are two ways to use X.509 certificate. Explain both ways.[Hint: Chapter 3, Dr. Scoggins’ “Basic_Security” slide deck with expansion discussed in the class] (10%)

A2:  

Q3:   Describe how to perform vulnerability assessment. Hints: penetration test, risk assessment, compliance assessment, produce evaluation. The answer should be about 1-2 pages. [Hint: Chapters 2,4 & 5, Dr. Scoggins’ slides on Security Risk Assessment and Test](10%)

A3:  

Q4:   Assume that you are designing a security keying method for DoD. DoD needs to communicate among internal staff, other government agencies, and contractors. There are several possibly CA architectures, such as (a) star, (b) hiarchical, (c) meshed, (d) distributed CA systems. How are Certipath and Federal ridge used? What are the advantages and disadvantages of each architecture listed above? Your answer should include the drawing, description, advantages and disadvantages of each architecture. Then select one architecture as your recommendation and justifyyour choice. [Hint: Dr. Scoggins’ Wk3 lecture] (20%)