All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Questions and Answers of
Systems Analysis And Design
(a) What is identity management? (b) What are the benefits of identity management? (c) What is SSO? (d) Why is full SSO generally impossible? (e) What is reduced sign-on? (f) What is an identity? (g)
(a) In identity management, what are provisioning, reprovisioning, and deprovisioning? (b) Why is decentralized management desirable? (c) Why are self-service functions desirable? (d) What changes
(a) In what sense is identity management really just another form of risk management? (b) How can identity management reduce risk? (c) How much should companies spend on identity management?
(a) What is siting? (b) Distinguish between UPSs and electrical generators. (c) If wiring cannot be run through walls, what should be done to protect the wiring? (d) What should be done to protect
(a) What special controls are required by terrorism threats? (b) Why is it necessary to prevent piggybacking? (c) What advice would you give a company about CCTV? (d) What is DumpsterTM diving?
(a) What are reusable passwords? (b) Why is password cracking over a network difficult to do? (c) In what two ways can password-cracking programs be used? (d) Which is safer for the cracker? Why?
(a) Why is it a problem to use the same password at multiple sites? (b) Why is it difficult to enforce a policy of using a different password at each site? (c) Why are password duration policies
(a) What is the book's recommended password policy for length and complexity? (b) How can password-cracking programs be used to enforce password strength policy? (c) Before you run a
What is the likely future of passwords?
List at least six identities for yourself that require different authentication and authorizations.
(a)Your company installs a face recognition system for door access. a) Its FRR is much worse than the vendor's claims. What might be causing this? (b) The system's FRR increases over time. What might
Someone says that they wish to protect their desktop PC from a walk-up attacker with a password or passwords. Give them advice and reasons for your advice. This is not very short answer.
(a) Give two situations in which the risk of deception is high. (b) Give two situations in which the risk of deception is low.
Your friend wants to secure his or her desktop PC with fingerprint scanning or password access protection. Give your friend the information that he or she should know to make the decision. Consider
What do FRRs mean when fingerprint scanning is used to secure a PC against walk-up attacks? What might produce high FRRs? Can you think of a way that this problem could be reduced in fingerprint
Some airports are installing face recognition systems to identify terrorists and criminals. About one in a million people passing through the airport is a terrorist. Suppose the FAR is about 1
Centralizing authentication and authorization reduces cost, improves consistency, and permits rapid provisioning and changes. List the technologies on the way toward greater centralization, beginning
Suppose that the probability of a false acceptance is 0.0001 per match attempt. Suppose that there are 1,000 templates in the database. What is the probability of a false acceptance in the case of
Do you use the same password for multiple accounts? Why would this be a security risk?
Can you use foreign language wordlists?
Why do special characters (e.g., @ # $% ^ &*) make passwords difficult to crack?
Why does a change of case help make a stronger password?
How can cross-pollination of user credentials be harmful to users and businesses?
Why should businesses shift their focus from protecting their containers to protecting their data?
How can businesses mitigate the negative effects of cross-pollination between organizations?
How might the weak security practices in one organization harm other organizations?
How would two-factor authentication improve the security of user accounts?
What are some new risks facing "hyper-extended" organizations?
How could a business proactively embrace new technology in a secure manner?
a) What is a pass/deny decision? b) What type of packet does a firewall drop and log? c) What does the firewall do about packets that it suspects (but cannot prove) are attack packets? d) Why does
Redo the ACL in Figure 6-10 to add rules for the following conditions. After Rule 1, create a rule that permits all connections to internal DNS servers. After the original Rule 2, create rules that
a) Why are stateful packet inspection firewalls inexpensive? b) In practice, are they fairly safe? c) Are SPI firewalls limited to SPI filtering? d) What firewall inspection mechanism do nearly all
a) When NAT is used, why can sniffers not learn anything about the internal IP addresses of internal hosts? b) Why does NAT stop scanning probes? c) Why is NAT traversal necessary? d) Is a NAT
a) What distinguishes an application proxy firewall from static packet filtering firewalls and SPI firewalls? b) Distinguish between proxy programs and application proxy firewalls. c) If you will
a) Do stateful packet inspection firewalls automatically do application content filtering? Explain. b) Do they have the slow speed of relay operation? c) What three advantages do application proxy
a) What filtering actions were listed to protect clients from malicious webservers? b) What filtering action was mentioned to prevent internal client misbehavior in HTTP? c) What two filtering
a) Distinguish between firewalls and IDSs. b) Why are IDS alarms often a problem? c) What is a false positive? d) What two types of filtering do IDSs use? e) Why is deep packet inspection
a) Distinguish between IDSs and IPSs. b) Why is the attack identification confidence spectrum important in deciding whether to allow IPSs to stop specific attacks?
a) What two actions can IPSs take when they identify an attack? b) Which can be the most effective? c) Which can do the most damage?
a) What does a firewall do if it cannot keep up with the traffic volume? b) Why is this action good? c) Why is this action bad? d) Why can a firewall keep up with traffic in general but fail to do
a) How do firewalls and antivirus servers work together? b) Are antivirus servers limited to looking for viruses? Explain. c) What may the antivirus server do after it performs filtering? d) What
a) Why are screening routers used in a firewall architecture? b) Why are internal firewalls desirable? c) Why is it easier to create appropriate ACL rules for server host firewalls than for border
a) What is a multihomed router? b) What is a DMZ? c) Why do companies use DMZs? d) What three types of hosts are placed in the DMZ? e) Why do companies put public servers in the DMZ? f) Why do
a) Distinguish between firewall policies and ACL rules. b) Why is creating firewall policies desirable compared to just creating a list of ACL rules? c) Create three firewall policies not listed in
a) Compare firewall hardening needs for firewall appliances, vendor-provided systems, and firewalls built on general-purpose computers. b) List what centralized firewall management systems do. c)
a) What packets are usually logged in log files? b) What are the fields in the log file shown in Figure 6-25? c) In the examples given, by what field was the log file sorted? d) From the log file,
a) How can attackers avoid the border firewall? b) How has the perimeter extended outside the site? c) How can firms react to this decline in the effectiveness of border firewall filtering?
a) Distinguish between signature detection and anomaly detection. b) What is a zero-day attack? c) Why are zero-day attacks impossible to stop with attack signatures? d) What is the promise of
a) Is there only one firewall filtering mechanism? b) What filtering mechanisms do almost all main border firewalls use? c) Do SPI firewalls only do stateful packet inspection?
a) What are the two limitations of static packet filtering? Explain why each limitation is bad. b) For what two reasons do companies not use static packet filtering as the main filtering mechanism in
a) What is a state? b) Are most packets part of the connection-opening state or the ongoing communication state? c) Why is the answer to Question 5b important for stateful packet inspection's
a) Give the simple stateful packet inspection firewall rule for packets that do not attempt to open connections? b) UDP is connectionless. How is it possible for an SPI firewall to handle UDP
a) For stateful packet inspection firewalls, what do ingress ACLs permit in general? b) What do egress ACLs disallow in general in SPI firewalls? c) What do well-known port numbers designate? d)
Given the ACL in Figure 6-10, what would the firewall do with an incoming ICMP echo message? (This will require some thought. Think about how ICMP messages are encapsulated and what field in the IP
Modify the ACL in Figure 6-10 to permit externally initiated connections to an SNMP network management server, 60.47.3.103, and to allow both regular and SSL/TLS connections to the internal webserver
A stateful packet inspection border firewall contains a rule that permits external connections to an internal public webserver. However, the firewall does not permit access to this server. Come up
The ACL in Figure 6-10 is in effect. A packet containing a TCP SYN segment reaches a stateful packet inspection firewall from the outside. What actions will the SPI firewall take?
The ACL in Figure 6-10 is in effect. A packet containing a TCP ACK segment reaches a stateful packet inspection firewall from the outside. What actions will the SPI firewall take? Explain.
Contrast what sniffers can learn if a company being attacked uses NAT or an application proxy server?
Most IP addresses are public, in the sense that they can appear on the public Internet. However, a few IP addresses have been designated as private IP addresses. One private IP address range is
a) Describe Policy 5 in the firewall policy database shown in Figure 6-24. b) Repeat for Policy 6. c) Repeat for Policy 7. d) Repeat for Policy 8. e) Repeat for Policy 9.
Sort the log file in Figure 6-25 by source IP address. What do you conclude from the analysis? This is not a trivial question.
A firm has the following firewall policy: Employee access to Internet servers should be unrestricted and external clients should only be able to access the firm's public webserver. The firm also has
Why does your computer send so many packets? Why not send just one big packet?
Could malware rename itself in order to get through a firewall? Why would this work?
Why is cyber espionage so attractive?
Why is cyber espionage difficult to prevent?
Why would nation states sponsor cyber espionage?
Why is state-sponsored espionage more concerning than traditional corporate espionage?
How could a nation protect its own corporations from cyber espionage by foreign governments?
Why are the industries mentioned in the NCIX report targets of foreign espionage?
How could outsourcing IT security functions reduce costs?
How might outsourcing IT Security functions improve security?
If you were in an industry listed as a primary target for cyber espionage, what additional steps would you take to improve the security of your company?
a) What is our definition of a host? b) Why is host hardening necessary? c) What major categories of hosts did this section mention? d) List the elements of host hardening. e) Why is it important
a) What Windows snap-in is used to manage users and groups? b) On which MMC is this snap-in available? c) In this snap-in, if the administrator clicks on an account, what may he or she do? d) How
a) What privileges does the super user account have? b) What is the super user account in Windows? c) What is the super user account in UNIX? d) What is hacking root, and why is it desirable to
a) How are permissions applied to a directory in Windows? b) List each standard Windows privilege and explain it briefly. c) To how many accounts and groups can different permissions be applied in
a) What are the three UNIX permissions? b) Briefly characterize each? c) Compare the number of UNIX directory and file permissions with that of Windows? d) To which three individual accounts or
a) What is brute-force password guessing? b) Why is it important to not simply use all lowercase letters in passwords? c) What are complex passwords? d) Why is password length important? e) What is
a) What are rainbow tables? b) How would rainbow tables reduce the time needed to crack a password? c) Would it be possible to create rainbow tables for all possible passwords with 1-20 characters?
a) Can you create a truly random password? Will it be used? b) Should passwords be tested by systems administrators? Why?
a) What do Trojan horse password capture programs do? b) Can antivirus software detect keystroke capture software? c) How would you detect a physical keylogger? d) What is shoulder surfing? e) Does
a) Why is vulnerability testing desirable? b) What two things does vulnerability testing software do? c) Why is it important to get approval in writing before conducting a vulnerability test? d)
What different baselines does a company need for its client PCs?
a) What is cloud computing? b) How do cloud computing and mainframe architectures differ? c) How do cloud computing and client-server architectures differ? d) What are the advantages of cloud
a) How can you quickly assess the security posture of your Windows PC? b) What provides a quick summary of security components needed to harden a client PC? c) Why are multiple types of protection
a) What SPI firewall has come with client version of Windows since Windows XP SP2? b) What improvements come with Windows Firewall with Advanced Security?
What can go wrong with antivirus protection?
a) Why is it important to implement security policy? b) What are the advantages of implementing password policies? c) What are the advantages of implementing account policies? d) What are the
a) What are the three dangers created by notebook computer loss or theft? b) When should backup be done for mobile computers? c) What four policies are necessary to protect sensitive information?
a) Why is central PC security management desirable? b) Why are standard configurations attractive? c) What does NAC do when a computer attempts to connect to the network? d) If a PC fails its
a) What is the name of Microsoft's server operating system? b) What security protections do recent versions of this operating system offer? c) Why is Microsoft Windows Server easy to learn? d)
a) Why is UNIX systems security difficult to describe generally? b) Distinguish between UNIX and Linux. c) What is the LINUX kernel? d) What is a LINUX distribution? e) Comment on the cost of
a) What is a vulnerability? b) What is an exploit? c) What is a zero-day attack? d) Why is the quick application of critical fixes important?
a) List the four types of fixes for vulnerabilities. b) Distinguish between work-arounds and patches. c) What is a service pack in Microsoft Windows? d) Why is upgrading to a new version of an
a) In Windows Server 2003 and 2008, how automatic can patching be? b) What patch downloading method is commonly used in Linux?
a) Why do firms have a difficult time applying patches? b) Why do many firms prioritize patches? c) How do patch management servers help? d) What two risks does patching raise?
Give two reasons why assigning security measures to groups is better than assigning security measures to individuals within groups?
Why do you think companies often fail to harden their servers adequately?
Showing 2900 - 3000
of 3387
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34