Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Liendo.Omar.Test 4 Part 1

advertisement 
IST 462
Test 4
Part 1
1.
NAME OMAR LIENDO
Define the term “risk management.”
Risk management is a systematic approach to control the risks associated with different
threats.
2.
A risk management study consists of five tasks. Name each of these tasks and give an
explanation of what each task involves.
Asset Identification – Inventorying of assets that are to be protected
Threat Identification – Identifies all the possible threats.
Vulnerability Appraisal – Identifies how the threats may exploit a vulnerability to attack
the asset.
Cost Appraisal– Estimates how much the company would lose if that asset is attacked.
Risk Mitigation: Asks the question: “What do we do with the risk we found?”
3.
What is the purpose of an attack tree?
Provide a visual interpretation of a risk.
4.
Suppose that the goal of an attack is to cause your file server to crash. Name two items
that might appear on Level 2 of an attack tree.
5.
Explain how you can calculate the anticipated loss from an attack using the Single Loss
Expectancy (SLE) formula.
With the formula: Asset Value * Exposure Factor
6.
What is “risk mitigation?”
Risk mitigation is the step where we need to decide what we are going to do with a risk
that we have found.
7.
How does “penetration testing” evaluate the security of a computer network?
Penetration testing pretends to send malicious attacks to a system in order to test it and
find vulnerabilities.
8.
What is a “privilege audit?”
Privilege audit is the analysis of privileges given to users. It studies which users have
access to what in a determined network.
9.
In a Windows environment, if a person has READ access to a Word file, explain all the
operations that person may perform on that file.
The person may only open the file without making any modifications to it and also can
copy with file. However, the copied file will still be read only.
10.
How have we seen the principle of “inheritance” demonstrated on our file server
Blackhawk?
In our class folder. Dr. Cozart has not given us access to certain folders; therefore, we do
not have access to any subfolders and/or files that are found inside of the “parent folder”
11.
Give an example of a security application log.
Norton 360 Antivirus keeps a log of everything it does including threats found and
cleared, as well as when did system scans occurred.
12.
What does the term “usage audit” refer to?
Usage audit refers to the analysis of usage of files, folders, and resources in a network. It
allows us to see what specific objects have been accessed by who and when as well as
how often.
13.
Name and describe the three general monitoring methodologies that are used to examine
network traffic and activities.
Action based – (Uses Statistics) to create a behavior baseline and monitors new behavior.
If a behavior is way outside of the baseline, then a signal is flagged.
Signature based – Compares behaviors to predetermined signatures
Behavior based – Is the best one as it takes an active role instead of reactive
14.
Define the term “cryptography.”
Cryptography transforms some plaintext into an unintelligible format when transmitted
just so the message’s content cannot be read by attackers.
15.
Who was one of the most famous ancient cryptographers? What method of encryption
did he use?
Julius Caesar and he replaced each character of a message with the 3rd letter that follows
in the alphabet. Example: A = D or G = J.
16.
Does a hash function protect the integrity of information? Explain.
Yes. Has functions are used strictly for comparison purposes. If the hash of the
downloaded (received) file equals the hash of the sender, then, the integrity of the
information has been preserved.
17.
How do symmetric and asymmetric cryptographic algorithms differ?
Symmetric uses only one common key for encrypting and decrypting a message while
Asymmetric cryptographic algorithms uses two different keys that are mathematically
related: Public and Private.
18.
Which type of algorithm from Question 17 is more secure? What makes this type more
secure?
Asymmetric is more secure because it uses two different keys. The public key which can
be seen by whoever, even attackers, and the private key which is used to decrypt the
message. The private key is unique to each recipient.
19.
Determine the cipher-text using a transposition cipher that rearranges letters without
changing them. Use a key of: MERCERUNIV and the plaintext is: OUR EXAM IS ON
MONDAY MAY THIRD FROM TWO TIL FIVE PM
UMHOXDDLENRISAMEONTWMIMOVROITAAFFMYRIOYTP
20.
Suppose Alice wants to send an encrypted message to Bob using an asymmetric
cryptographic algorithm. Explain what key Bob uses to decode the message.
Bob uses his private key to decode the message. Also, Alice will use Bob’s public key to
encrypt the message.
Related documents
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
2014 BIO 300 writing assignment
2014 BIO 300 writing assignment
document
document
Implementation of an Enterprise-Wide Risk Management Framework
Implementation of an Enterprise-Wide Risk Management Framework
Chapter 11 – Bob Hope (Gratitude)
Chapter 11 – Bob Hope (Gratitude)
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Asset
Asset
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
BLOOM`S TAXONOMY
BLOOM`S TAXONOMY
Cryptography
Cryptography
Download
advertisement