All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Questions and Answers of
Systems Analysis And Design
Why do you think companies often fail to harden their clients adequately?
a) How is the diversity of Linux/UNIX offerings bad? b) How is it good?
Why do you think UNIX has such a limited ability to assign permissions compared with Windows?
a) Directory DunLaoghaire has several subdirectories. Each of these subdirectories has very sensitive information that should only be accessible to a single user. What permissions would you give in
In their purest form, netbooks are PCs designed to have little or no software stored on them. Instead, they are designed to use cloud computing, in which the software and data are both stored on
What password-cracking method would be used for each of the following passwords? a) Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?
Critique the safety of each of the following passwords, giving your specific reasoning. a) Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?
Can you use the longest hash possible? How long is good enough?
How could new IP-enabled devices pose a security risk for a corporation?
How could corporations guard against threats from new IP-enabled devices?
Could a ban on all IP-enabled devices from outside the corporation be a workable policy? Why or why not?
Why is data mobility a security threat to businesses?
How will diverse computing platforms affect IT security?
How must IT security evolve to address the development of new devices?
Would IT security policies need to be adjusted for corporate offices in different countries? Why or why not?
a) What software must be patched on an e-commerce server? b) What three other webserver protections were mentioned in the text? c) Where is an application proxy firewall placed relative to the
a) In staged development, what three servers do companies use? b) What permissions does the developer have on the development server? c) On the testing server? d) On the production server? e) On
a) Why do hackers attack browsers? b) What is mobile code? c) Why is it called mobile code? d) What is a client-side script? e) What is a Java applet? f) Why is Active-X dangerous? g) How do
a) Why is it bad to go to a malicious website? b) How can social engineering be used to trick a victim to go to a malicious website? c) Why do attackers want to get domain names such as
a) What can users do to enhance browser security? b) Under Internet Options in IE, what can the user do on the Security tab? d) In which tab are cookies controlled?
a) Why are HTML bodies in e-mail messages dangerous? b) What is spam? c) What three problems does spam create? d) Why is spam filtering dangerous? e) For what legal reason should companies filter
a) Is encryption widely used in e-mail? b) What part of the e-mail process does SSL/TLS usually secure? c) Is this end-to-end security? Explain. d) What standards provide end-to-end security? e)
a) What is VoIP? b) Distinguish between IP telephones and soft phones. c) A soft phone is a computer with hardware and software for VoIP. d) What does RTP add to compensate for the limitations of
a) Distinguish between transport and signaling? b) In Figure 8-25, is the packet shown a transport packet or a signaling packet? c) What are the two main signaling standards in VoIP? d) What does
a) What is eavesdropping? b) Why can DoS attacks be successful even if they only increase latency slightly? c) Why is caller impersonation especially dangerous in VoIP? d) Why are hacking and
a) What is a buffer? b) What is a buffer overflow attack? c) What impacts can buffer overflows have? d) In a stack overflow, what is overwritten by the overflow? e) To where does the overwritten
a) What authentication mechanisms are common on IP telephones? b) What does SIP Identity ensure? c) How can eavesdropping be thwarted? d) What sound quality problem may encryption create? e) Why
a) What is Skype? b) Why is Skype's use of proprietary software problematic? c) What problem is there with Skype's encryption for confidentiality? d) Does Skype control who can register a
a) In IM, what does a presence server do? b) What does a relay server do? c) For corporate IM, what are the advantages of using a relay server instead of only a presence server?
a) What is the Danvers Doctrine? b) Distinguish between security in SNMP V1 and security in SNMP V2. c) Distinguish between security in SNMP V2 and security in SNMP V3. d) What still needs to be
a) Why must you know a server's role to know how to protect it? b) Why is it important to minimize both main applications and subsidiary applications? c) Why are security baselines needed for
a) How does a SQL injection attack work? b) What is SQL? c) What is error-based inference? d) What is the difference between in-band and out-of-band SQL injection? e) What is blind SQL injection? f)
a) What is a login screen bypass attack? b) What is a cross-site scripting (XSS) attack? c) What is an SQL injection attack? d) What attitude should programmers have about user input? e) What
a) Distinguish between WWW service and e-commerce service. b) What kinds of external access are needed for e-commerce? c) Does the webmaster or e-commerce administrator have control over the
a) What is website defacement? b) Why is it damaging? c) In directory access commands and URLs, what does ".." represent? d) What are directory traversal attacks? e) Create a URL to retrieve the
Do you think programmers should be allowed to develop server-side dynamic webpages, given the dangers that are involved in their doing so?
Client-side scripting attacks usually require the client to visit a webserver with malicious content. How do you think attackers get users to visit such webpages?
An employee working at home complains that some of her messages to fellow employees at the firm's headquarters site are not getting through. What might be the problem?
A company is warned by its credit card companies that it will be classified as a high-risk firm unless it immediately reduces the number of fraudulent purchases made by its e-commerce clients. Come
What is a concurrency flaw?
What are the advantages for IT security professionals having a training environment like the WebGoat platform?
After seeing the impact of the hacked Twitter account, would news organizations become even more attractive targets? Why or why not?
Could an insider use the fact that news feeds are scanned for trading decisions to manipulate the stock market? How?
How could highly integrated information systems be a threat to corporations?
Could a subcontractor with weak security practices make a corporation more vulnerable? How?
Why would Web threats see such a drastic six-fold (600%) increase?
How can malware writers adapt to software detection techniques?
How can organizations limit their exposure to malware?
a) What is the difference between data and information? b) How can data be protected while it is being transmitted? c) How can data be protected while it is being processed? d) What are some ways
a) What should backup creation policies specify? b) Why are restoration tests needed? c) Where should backup media be stored for the long term? d) What should be done about backup media until they
a) Why is retaining e-mail for a long period of time useful? b) Why is it dangerous? c) What is legal discovery? d) What are courts likely to do if it would be very expensive for a firm to
a) Are e-mail messages sent by employees private? b) What should employees be trained not to put in e-mail messages?
a) Why is spreadsheet security an IT security concern? b) What two protections should be applied to spreadsheets? c) Briefly list the functions of a vault server? d) Comment on vault server
a) What is a relational database? Explain. b) Why would a database administrator want to restrict access to certain tables? c) Why would a database administrator want to restrict access to certain
a) What is a DBMS? b) Can a DBMS manage multiple databases? Why? c) How can validation protect against a SQL injection attack? d) How can sanitation protect against a SQL injection attack?
a) What types of database events should be audited? b) How could SQL triggers be used to secure a database? c) What is a DDL trigger? d) What is a DML trigger?
a) What is a multi-tiered architecture? Why is it important? b) How could a multi-tiered architecture stop or mitigate the effects of an attack? c) Why is changing the default database listening port
a) Why is encryption usually attractive for sensitive data from a legal standpoint? b) How long must an encryption key be to be considered strong today? c) What happens if the encryption key is
a) What is Data Loss Prevention (DLP)? b) Are there some types of data that are too risky to collect? c) What is PII? Please give a couple examples of PII. d) What is data masking?
a) List the ways in which data can be lost, adding some of your own. b) How does backup ensure availability?
a) Could web scraping be a threat to a corporation? Why? b) What are mashups? Give an example. c) What is the difference between a spider and a web scraper? d) Is web scraping ethical, legal,
a) How are linking attributes used to connect disparate databases? b) Explain information triangulation? c) What are the odds of correctly identifying a person based on their ZIP code, date of birth,
a) What is DRM? Give an example of how DRM works. b) Why is DRM desirable? c) Give some examples of use restrictions that a company may wish to impose on a document. d) How can many DRM protections
a) Why is it important to destroy data on backup media and PCs before discarding them or transferring them to someone else? b) What is the difference between basic file deletion and wiping? c) Is it
a) Distinguish between file/directory data backup and image backup. b) Why is file/directory backup attractive compared with image backup? c) Why is image backup attractive compared with
a) Why don't most companies do full backup every night? b) What is incremental backup (be precise)? c) A company does a full backup one night. Call this backup Cardiff. On three successive nights,
a) What are the advantages of centralized backup compared with local backup? b) Define CDP. c) Why is CDP attractive? d) Why is it expensive? e) Why is backup over the Internet to a backup
a) Why is magnetic tape desirable as a backup medium? b) Why is tape not desirable? c) Why is backup onto another hard drive attractive?
a) How can disk arrays ensure data reliability and availability? b) Explain RAID 0. c) Explain RAID 1. d) Explain RAID 5.
a) What is parity? b) How does the XOR operator work? c) How can parity be used to restore lost data? d) How long would it take to recalculate the data on a lost disk?
a) What are the advantages of RAID 5 over RAID 1? b) Which RAID level discussed in this chapter has the fastest read-write speeds? c) Is RAID 5 appropriate for home users? Why, or why not?
Is there data in your organization that should be encrypted, but isn't? Why?
Could you get enough information from the Internet to take out a loan in another person's name?
How much data would you lose if your computer's hard drive crashed right now? Could you reduce the amount of data that would be lost? How?
What effect do you think cloud computing will have on data security?
What do you think the impact of social networking will have on data security? Provide your reasoning?
Why do so many data thefts originate from outside the victim's host country (Hint: Extradition)?
What is the purpose of a "hidden" volume? (This was an option when you created the first volume.)?
What are keyfiles and how do they work?
Why isn't this functionality included with Windows?
How should a corporation respond to a large-scale loss of customer data?
How might a corporation be hurt by acknowledging a large-scale data loss?
As data loss admissions become more widespread, how would they affect consumers' willingness to share information with corporations?
How should a corporation decide the appropriate level of resources to devote to securing its data?
Why are corporations worried about insider threats with respect to data loss?
Why have the incidents of data loss seen a rise in the past few years?
a) Why was Walmart able to respond quickly? b) List at least three actions that Walmart took that you might not have thought of.
a) Why should a senior manager head the CSIRT? b) Why should members of affected line departments be on CSIRT? c) Who is the only person who should speak on behalf of the firm? d) Why should the
a) What different actions do criminal and civil law deal with? b) How do punishments differ in civil and criminal law? c) Who brings lawsuits in civil and criminal cases? d) What is the normal
a) What is case law? b) What are jurisdictions? c) What is cyberlaw? d) What are the three levels of U.S. federal courts? e) Which levels can create precedents? f) Does federal jurisdiction
a) Why will courts not admit unreliable evidence? b) What is a computer forensics expert? c) What type of witness is allowed to interpret facts for juries? d) Why should companies work with
a) What section of which title of the U.S. Code prohibits hacking? b) What other attacks does it prohibit? c) Does it protect all computers? d) What are damage thresholds? e) What types of acts
a) What is an IDS? b) Is an IDS a preventative, detective, or restorative control? c) What are false positives? d) Why are false positives problems for IDSs?
a) What are the four functions of IDSs? b) What are the two types of analysis that IDSs usually do? c) What types of action did this section mention? d) What information should alarms contain? e)
a) What is the advantage of a distributed IDS? b) Name the elements in a distributed IDS. c) Distinguish between the manager and agents. d) Distinguish between batch and real-time transfers for
a) At what information do NIDSs look? b) Distinguish between stand-alone NIDSs and switch-based or router-based NIDSs. c) What are the strengths of NIDSs? d) What are the two weaknesses of NIDSs?
a) Can good planning and protection eliminate security incidents? b) Name three terms that successful attacks are commonly called?
a) What is the major attraction of a HIDS? b) What are the two weaknesses of host IDSs? c) List some things at which host operating system monitors look?
a) Why are integrated log files good? b) Why are they difficult to create? c) Explain the time synchronization issue for integrated log files. d) How do companies achieve time synchronization? e)
a) What is precision in an IDS? b) What are false positives, and why are they bad? c) What are false negatives, and why are they bad? d) How can tuning reduce the number of false positives? e)
Showing 3000 - 3100
of 3387
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34