1. Which of the following is not a subject in an access control scenario?
b. Information
2. Which of the following are the elements of a well-defined access control system?
d. Policy, procedure, and tool
3. Which of the following statements best define the purpose of access control?
a. Regulating interaction between a subject and an object
4. Which of the following components can be used to measure the confidence in any authentication system?
d. Type of correlation and the number of authentication factors
5. Which of the following holds true while hardening an organizational network through security controls?
b. 100 percent access control threats cannot be eliminated.
6. Which of the following should be considered while implementing a
…show more content…
d. Operational efficiency
16. Which of the following is a key requirement of HIPAA for health organizations?
b. Encryption of private health information on public networks
17. In which of the following forms may FERPA data appear?
a. 3, 2, 1, 4
18. What does an IT security policy framework consist of?
d. Policies, guidelines, standards, and procedures
19. Which of the following is a purely damaging attack, meant to render a system unusable?
c. DoS attacks
20. What do Federal and State laws concerning unauthorized access serve as?
b. Deterrents to data theft
21. Which of the following holds true for DMCA?
b. Disallows unauthorized disclosure of data by circumventing an organization’s technology
22. Which of the following features should not be there in an access control system?
c. Allow customers to amend and update the account of their family members
23. To which of the following do the aspects of compartmentalization and dual conditions belong to?
b. Separation of responsibilities
24. Which of the following defines how employees may use IT infrastructure supplied by an organization?
b. AUP
25. Which of the following is not a typical social engineering strategy?
d. Communication
26. Separation of duties, periodic vacation, and job rotation are the ways to reduce human risk factors within an organizational structure.
a. True
27. Which of the following manages ACLs in a MS Windows environment?
d. Active Directory
28. Which of the following is
* Check existing security scan reports, from WireShark and NetWitness Investigator, and see if we can identify data leakage, and setup new policies and procedures for monitoring web servers and applications.
Improper ethical decisions may be the cause of the failure, and as relate to my three behaviors for personal "code of ethics".
ID Name of asset Owner Description of Asset Asset Type Data Type Retention Risks / impact Key asset 01 Personal Computers Staffs Each particular employee used their own PC for their works. Hardware Personal 1.5 year Availability Yes 02 Laptops Head of IT The device could be handled by many peoples Hardware Personal 1.5year Availability
internal and external users to whom access to the organization’s network, data or other sensitive
Cisco. (n.d.). (Cicso) Retrieved 10 26, 2014, from Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html
Which of the following has the ultimate and final responsibility for network security in an organization?
|a |3.2 |Security Strategies in Windows Platforms and Applications, Page 68 | |13. |b |3.3 |Security Strategies in Windows Platforms and Applications, Page 80 | |14. |c |3.4 |Security Strategies in Windows Platforms and Applications, Page 83 | |15. |d |3.5 |Security Strategies in Windows Platforms and Applications, Page 83 | |16. |b |4.1 |Security Strategies in Windows Platforms and Applications, Page 90 | |17.
6. Describe (in plain English) at least one type of rule set you would want to add to a high level security network and why?
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
6. Describe (in plain English) at least one type of ruleset you would want to add to a high level security network and why?
1. (TCO A) The relationship between speed of innovation and product obsolescence is (Points : 5)
2. With the possibility of three business computers in his home, and all of his business records possibly vulnerable, this would be a good time to advise Bill on how to set up a routine plan to protect and defend his new network. Provide a list of the five most important concerns for safety and security of the network and the computers in the network. For each concern, specify the action to be taken, and if applicable, what software you recommend be added to the system. Justify each of your recommendations.
ANSWER THE 4 QUESTIONS ON THE FOLLOWING PAGES. BEFORE REVIEWING THE QUESTIONS, PLEASE BE AWARE OF THE FOLLOWING ISSUES--
In general, there are four areas that need to be considered for the end-user of this
Security controls for the network system involves the creation of access and use for each user or user group. The control is used to "restrict a list of possible actions down to the allowed actions. For example, encryption can be used to restrict access to data, application controls to restrict processing via authentication, and DRM storage to prevent unauthorized accesses." (Securosis, 2012) The necessary controls are determined by "first listing out