It 255

In: Computers and Technology

Submitted By superrock2k
Words 309
Pages 2
Rock Laguerre
IT255
Homework
Instructor: Nicole Taylor

1. _____________ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and non-repudiation. A. Security association (SA) B. Secure socket layer (SSL) * C. Cryptography D. None of the above

2. A strong hash function is designed so that a message cannot be forged that will result in the same hash as a legitimate message. * True B. False

3. The act of scrambling plaintext into ciphertext is known as __________ A. Decryption * B. Encryption C. Plaintext D. Cleartext

4. An algorithm used for cryptographic purposes is known as a ______________ A. Hash B. Private key C. Public key * D. Cypher

5. Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key * True B. False

6. An encryption cipher that uses the same key to encrypt and decrypt is called a ____________ key * Symmetric (private) B. Asymmetric (public) C. Key encrypting D. None of the above

7. ______________ corroborates the identity of an entity, whether the sender, the sender’s computer, some device, or some information. A. Non-repudiation B. Confidentiality C. Integrity * D. Authentication

8. Which of the following is one of the four basic forms of a cryptographic attack? A. Ciphertest-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack * E. All the above

9. The two basic types of ciphers are transpositions and substitution * True B. False

10. A _____________ is used to detect forgeries. A. Hash function B. Checksum * C. Hash value D. KDC

11. DES, IDEA, RC4, and WEP are examples of ____________ A. Key revocation B. 802.11b wireless security C. Asymmetric key algorithms (or standards) *…...

Similar Documents

It 255

...Lab #2 / Nessus Vulnerability scan report in HTML Lab #2 / Zen Map Gui Screen Shot 1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. / Scanning all domains within the local domain. / If I was a financial accountant, I would use this to see what my employees are accessing and who is doing what on the company internet. I would like to find out who is compromising their privileges and accessing inappropriate sites. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? / They all affect security and integrity of a network domain local. 3. Which application is used in step #2 in the hacking process to perform a vulnerability assessment scan? / Nessus 4. Before you conduct an ethical hacking process or penetration test in a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? / Perform an IP host discovery and port intense scan 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? / A system that provides a record for publicly know ISS vulnerability / The public 6. Can ZenMap GUI detect what operating systems are present on IP servers and Workstations? What would that option look like in the command line if running a scan on 172.30.0.10? / Yes......

Words: 395 - Pages: 2

Itt 255 Lab 6

...Lab 6 – Assessment Worksheet: 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Ans: Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. More over BIA perceives the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Ans: Disaster recovery is the older of the 2 functions. DR planning is an essential part of business planning that – too often – gets neglected. Part of this has to do with the fact that making a Disaster Recovery plan requires a lot of time and attention from busy managers and executives from every functional department within the company. Business continuity is a newer term which was first popularized as a response to the Y2K bug. In order to stop your company from bleeding money in these situations, you need a plan that will allow the organization to continue generating revenue and providing services – although possibly with lower quality – on a temporary basis until the company has regained its bearings. 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents......

Words: 835 - Pages: 4

Itt 255

...IT255 Instructor Lab Manual LABORATORY Instructor Lab Manual IT255 Fundamentals of Information Systems Security Copyright © 2012 Jones & Bartlett Learning, LLC www.jblearning.com All Rights Reserved. Current Version Date: 12/06/2010 -1- IT255 Instructor Lab Manual LABORATORY ISS Curriculum Overview............................................................................................................................. 5 Ethics and Code of Conduct.......................................................................................................................... 6 ISS Mock IT Infrastructure ........................................................................................................................... 7 Laboratory #1 .............................................................................................................................................. 11 Lab #1: Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) ........................................... 11 Learning Objectives and Outcomes........................................................................................................ 11 Required Setup and Tools....................................................................................................................... 11 Recommended Procedures...................................................................................................................... 14 Deliverables .....................

Words: 32796 - Pages: 132

Biostat 255 1

...subset of B and write A ⊂ B . Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 1 / 49 In what follows all sets will be subsets of a larger set Ω. The complement of A in Ω is denoted by Ac and represents elements of Ω which do not belong to A: Ac = { ω ∈ Ω : ω ∈ A} / The complement of the set Ω is given by the empty set ∅. Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 2 / 49 For any sets A ⊆ Ω, B ⊆ Ω, we denote by A ∪ B and A ∩ B their union and intersection. The union represents points which belong to A or B : A ∪ B = {ω ∈ Ω : ω ∈ A or ω ∈ B } while intersection corresponds to points which belong to both sets A ∩ B = {ω ∈ Ω : ω ∈ A and ω ∈ B } If A and B are disjoint sets, i.e. A ∩ B = ∅, then their union will be denoted by A + B . Finally, the difference and the symmetric difference are defined as B − A = B ∩ Ac = {ω : ω ∈ B and ω ∈ A} − difference / A∆B = (A − B ) ∪ (B − A) − symmetric difference Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 3 / 49 The operations of union and intersection are governed by certain laws. They are given by (i) identity laws: A∪∅ = A and A∩Ω = A (ii) domination laws: A∪Ω=Ω and A∩∅=∅ A∪A = A and A∩A=A A∪B =B∪A and A∩B =B∩A (iii) idempotent laws (iv) commutative laws: Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 4 / 49 (v) associative laws: A ∪ (B ∪ C ) = (A......

Words: 3741 - Pages: 15

9.2 It-255

...Network nodes are not directly aware that switches handle the traffic they send and receive, making switches the silent workhorse of a network. Other than offering an administrative interface, switches do not maintain layer three IP addresses, so hosts cannot send traffic to them directly. The primary attack against a switch is the ARP poisoning attack described earlier in the “Switches” section of this chapter. However, the possibility of an ARP attack doesn’t mean switches cannot be used as security control devices. As mentioned earlier, MAC addresses are unique for every network interface card, and switches can be configured to allow only specific MAC addresses to send traffic through a specific port on the switch. This function is known as port security, and it is useful where physical access over the network port cannot be relied upon, such as in public kiosks. With port security, a malicious individual cannot unplug the kiosk, plug in a laptop, and use the switch port, because the laptop MAC will not match the kiosk’s MAC and the switch would deny the traffic. While it is possible to spoof a MAC address, locking a port to a specific MAC creates a hurdle for a would-be intruder. Switches can also be used to create virtual local area networks (VLANs). VLANs are layer two broadcast domains, and they are used to further segment LANs. As described earlier, ARP broadcasts are sent between all hosts within the same VLAN. To communicate with a host that is not in......

Words: 399 - Pages: 2

It-255

...IT255 Introduction to Information Systems Security Unit 5 Importance of Testing, Auditing, and Monitoring © ITT Educational Services, Inc. All rights reserved. Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Role of an audit in effective security baselining and gap analysis  Importance of monitoring systems throughout the IT infrastructure  Penetration testing and ethical hacking to help mitigate gaps  Security logs for normal and abnormal traffic patterns and digital signatures  Security countermeasures through auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology  Verification  Validation  Testing  Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights......

Words: 799 - Pages: 4

Itt 255

... Ken Schmid Unit 3 Assignment 1 Remote Access Control Policy for Richman Investments Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication:......

Words: 312 - Pages: 2

It 255 Lab 3

...Shanda Dunlap April 8, 2013 IT-255 Lab 3 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Authentication and Access control 3. lf you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents – Security Policy based control. 4. What is mechanism on a Windows Server where you can administer granular policies and permission on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication and why is it an effective access control technique? Two Factor uses two of the three characteristics in Authentication types (Knowledge, Ownership, Characteristics) 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. Creates security principals in the Active Directory domain partition. 7. Is it good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. 8. Can a......

Words: 326 - Pages: 2

Lab 4 255

...Lab 4 Questions and Answers Diane Samayoa 1) Define why change control management is relevant to security operations is an organization? Change control is a systematic approach to managing all changes made to a product or system. The purpose is to ensure that no unnecessary changes are made, that all changes are documented, that services are not unnecessarily disrupted and that resources are used efficiently. 2) What type of access control system uses security labels? A LBAC Label-base access control 3) Describe two options you would enable in a Window’s Domain password policy. Uppercase letters along with lowercase and numbers 0-9 4) Where would patch management and software updates fall under in security operations and management? The SA or other authorized personnel are responsible for informing local administrators about patches that correspond to software packages included on the organizational software inventory. 5) Is there a setting in your GPO to specify how many login attempts will lockout an account? Name 2 parameters that you can set to enhance the access control to the system. Yes, you can augment the default access privileges for an access level. When you configure a user account, you can give the account one of three privilege levels: full access, port-configuration access, and read-only access. 6) What are some password policy parameter options you can define for GPOs that can enhance the C-I-A for system access? Minimum...

Words: 365 - Pages: 2

Itt 255

...Exercise 3: Access Controls Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers......

Words: 310 - Pages: 2

Rst 255 Term Paper

...Blake Groesbeck RST 255-B Term Paper 5/4/15 grosbck2 Term Paper: Bigger Stronger Faster In our everyday lives every action has a positive and negative effect, where individuals are constantly using ethical lenses to judge their stance on a certain situation, whether they know it or not. After having the chance to watch the ESPN 30 for 30 Bigger Stronger Faster, it was an extremely eye opening experience. The documentary took an objective stance on the use of anabolic steroids where the National Institute on Drug Abuse defines anabolic-androgenic steroids as, “a synthetic variant of the male sex hormone testosterone and that “anabolic” refers to muscle-building and “androgenic” refers to increased male sexual characteristics.” The use of anabolic steroids for sports/recreation is illegal and is considered by the United States as a controlled substance, however the use of anabolic steroids for medical use is legal. The ethical question I am asking is, “how can the United States “claim” that the use of anabolic steroids for medical reasons be ethical and can “help” someone when they “claim” that the use of anabolic steroids for sports/recreation to be unethical and will “hurt” someone?” In order to take an objective stance I will use three of the five ethical lenses provided in class. The five ethical lenses that were provided in class are: the Utilitarian Approach, the Rights Approach, the Fairness or Justice Approach, the Common Good Approach, and the Virtue Approach. ...

Words: 1505 - Pages: 7

Adj 255 Expert Tutor/ Indigohelp

...ADJ 255 Capstone CheckPoint: An Informed Opinion For more classes visit www.indigohelp.com Due Date: Day 4 [Individual] forum • Write a 75- to 100-word response to each of these questions: o Of the contemporary issues examined in this course, which issue did you feel most strongly about, and why? o Did you have a clear-cut opinion about that issue? o Which issue seemed to be the most irresolvable, and what do you think the future holds for that issue? • Submit your responses as a single post. --------------------------------------------------------------------------------------------------------------------------------------------------------------- ADJ 255 Entire Course For more classes visit www.indigohelp.com ADJ 255 Week 1 CheckPoint: Constitutionality of Free Speech vs. Threats to National Security ADJ 255 Week 1 Assignment: Privacy Rights and Press Freedoms ADJ 255 Week 1 CheckPoint: The Media, Crime, and Violence ADJ 255 Week 2 Discussion Question 1 ADJ 255 Week 2 Discussion Question 2 ADJ 255 Week 2 CheckPoint: Media-Based Anticrime Efforts ADJ 255 Week 3 CheckPoint: Excessive Use of Force ADJ 255 Week 3 Assignment: Senator’s Letter ADJ 255 Week 4 CheckPoint: Death Penalty Legislation ADJ 255 Week 4 Discussion Question 1 ADJ 255 Week 4 Discussion Question 2 ADJ 255 Week 5 CheckPoint: Women and the Criminal Justice System ADJ 255 Week 5 Assignment: Equality of Justice, Jury Nullification ADJ 255 Week 6......

Words: 949 - Pages: 4

Adj 255 Course Success Begins / Tutorialrank.Com

...ADJ 255 Capstone CheckPoint: An Informed Opinion(UOP) For more course tutorials visit www.tutorialrank.com Due Date: Day 4 [Individual] forum • Write a 75- to 100-word response to each of these questions: o Of the contemporary issues examined in this course, which issue did you feel most strongly about, and why? o Did you have a clear-cut opinion about that issue? o Which issue seemed to be the most irresolvable, and what do you think the future holds for that issue? • Submit your responses as a single post. ---------------------------------------------------------------------- ADJ 255 Final Project: Criminal Justice Opinion Portfolio(UOP) For more course tutorials visit www.tutorialrank.com Resource: Appendix A • Due Date: Day 7 [Individual] forum • Create a 2,500- to 2,800-word Criminal Justice Opinion Portfolio outlining your opinion on one issue from each of the eight weeks of this class. Select issues about which you feel strongly, and create eight distinct opinion essays to complete your portfolio. • See Appendix A for additional project requirements. • Cite your sources according to APA requirements. • Post your Criminal Justice Opinion Portfolio as an attachment ---------------------------------------------------------------------- ADJ 255 Week 1 CheckPoint: Constitutionality of Free Speech vs. Threats to National Security(UOP) For more course tutorials visit www.tutorialrank.com Resource: Electronic Reserve Readings......

Words: 670 - Pages: 3

Adj 255 Slingshot Academy / Tutorialrank.Com

...ADJ 255 Entire Course For more course tutorials visit www.tutorialrank.com ADJ 255 Week 1 CheckPoint: Constitutionality of Free Speech vs. Threats to National Security ADJ 255 Week 1 Assignment: Privacy Rights and Press Freedoms ADJ 255 Week 1 CheckPoint: The Media, Crime, and Violence ADJ 255 Week 2 Discussion Question 1 ADJ 255 Week 2 Discussion Question 2 ADJ 255 Week 2 CheckPoint: Media-Based Anticrime Efforts ADJ 255 Week 3 CheckPoint: Excessive Use of Force ADJ 255 Week 3 Assignment: Senator’s Letter ADJ 255 Week 4 CheckPoint: Death Penalty Legislation ADJ 255 Week 4 Discussion Question 1 ADJ 255 Week 4 Discussion Question 2 ADJ 255 Week 5 CheckPoint: Women and the Criminal Justice System ADJ 255 Week 5 Assignment: Equality of Justice, Jury Nullification ADJ 255 Week 6 CheckPoint: Abolish Parole ADJ 255 Week 6 Discussion Question 1 ADJ 255 Week 6 Discussion Question 2 ADJ 255 Week 7 CheckPoint: The USA PATRIOT ACT- Appendix B ADJ 255 Week 7 Assignment: Government Expansion for National Security ADJ 255 Week 8 CheckPoint: Strategies for Law Enforcement- Appendix C ADJ 255 Week 8 Discussion Question 1 ADJ 255 Week 8 Discussion Question 2 ADJ 255 Capstone CheckPoint: An Informed Opinion ADJ 255 Final Project: Criminal Justice Opinion Portfolio ---------------------------------------------------------------------------------------------------------------------- ADJ 255 Capstone CheckPoint: An Informed Opinion(UOP) For more course......

Words: 729 - Pages: 3

It 255

...Hana Laplant 4/12/12 Unit 4 Assignment 1&2 Enhance an existing it security policy framework Security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes computers running Windows 7 or Windows Server 2008 R2. Organizations invest a large portion of their information technology budgets on security applications and services, such as antivirus software, firewalls, and encryption. But no matter how much security hardware or software you deploy, how tightly you control the rights of users, or carefully you configure security permissions on your data, you should not consider the job complete unless you have a well-defined, timely auditing strategy to track the effectiveness of your defenses and identify attempts to circumvent them. To be well defined and timely, an auditing strategy must provide useful tracking data on an organization's most important resources, critical behaviors, and potential risks. In a growing number of organizations, it must also provide absolute proof that IT operations comply with corporate and regulatory requirements. Unfortunately, no organization has unlimited resources to monitor every single resource and activity on a network. If you do not plan well enough, you will likely have gaps in your auditing strategy. However, if you try to audit every resource and activity, you may find yourself with far too much monitoring data, including thousands of benign......

Words: 1876 - Pages: 8