ITSY 2430 Intrusion Detection Chapter Quiz 02 Name: __________________

advertisement
Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796
Chapter 2, Page 74
Prof. Michael P. Harris
ITSY 2430 Intrusion Detection
Name: __________________
Chapter Review Questions,
Chapter Quiz 02
Date: ________
Security Policy Design: Risk Analysis
1. Which of the following should be done before formulating a
security policy?
2. Personnel records fit into which category of assets?
3. Survivable Network Analysis begins with what assumption?
4. Survivable Network Analysis looks for which of the following in a
network?
5. What is an escalation procedure? (Choose all that apply.)
6. Name three factors that can increase the cost (beyond the actual
sticker price) of replacing a piece of hardware that has been
damaged or stolen.
7. List and describe the four steps of a Survivable Network Analysis
in the order in which they should occur.
Page 1 of 3
Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796
Chapter 2, Page 74
Prof. Michael P. Harris
8. The hardware and software you need to protect can be valued
more easily by following what approach?
9. If an organization doesn’t have a full-fledged security staff on
duty, what should it do? (Choose all that apply.)
10. When should an organization conduct a new round of risk analysis?
11. A risk analysis report should call attention to ___________.
12. __________________ is the term for the process of identifying,
choosing, and setting up countermeasures justified by the risks
you identify.
13. The ultimate goal of formulating a security policy is which of the
following?
14. What are the hardware, software, and informational resources
you need to protect called?
15. Equipment and buildings in the organization are called
__________ assets.
Page 2 of 3
Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796
Chapter 2, Page 74
Prof. Michael P. Harris
16. Which of the following risk factors are events and conditions that
haven’t occurred but could happen?
17. Documents on network computers, e-mail messages, log files
compiled by firewalls and IDSs, and confidential information on
personnel, customers, and finances are considered what type of
asset?
18. Ensuring that databases and other stores of information remain
accessible if primary systems go offline is known as ___________.
19. The presence of one or more factors that increase threat
probabilities increase your _____________.
20. The routers, cables, servers, and firewall hardware and software
that enable employees to communicate with one another and
other computers on the Internet are considered _______ assets.
Page 3 of 3
Download