ITS 421 - Tactical Perimeter Defense

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.

Questions on Chapter 5

  1. What is basic purpose of the Computer Fraud and Abuse Act?

  2. What does the Digital Millennium Copyright Act protect?

  3. What is fair use? Can anyone make fair use of almost anything?

  4. The chapter talks about complying with laws that affect our company. How might there be a conflict between security concerns and fire codes?

  5. What should be included in a reasonable policy about visitors to secure data centers?

  6. In the story in the text about a dinner at the White House, what seemed to be a social engineering aspect? What should security people do as a reaction to social engineering?

  7. In the text, a penetration test team added a WAP to a system by accessing a network cable. What can you propose as controls that would prevent this from happening?

  8. How do social engineering scams like phishing lead to compromised systems or stolen IDs?

  9. What is hashing good for?

  10. RFID chips are being added to many bank cards as a security measure. Explain why this is not necessarily a good move.

  11. What are some of the techniques used by social engineers in personal exploits?

  12. Why do you think a physical attack is less profitable than a logical attack?

    Questions for Chapters 6 and 7

  13. What is business continuity?

  14. How can we address natural threats that would harm business continuity?

  15. What precautions should be taken regarding accounts and access rights when trusted employees leave the company? What about employees we no longer trust?

  16. What are the four risk management strategies reviewed in chapter 6?

  17. What is the common practice that addresses vulnerabilities in an operating system?

  18. What are the suggestions made that apply to user vulnerability?

  19. What is a subject, with regard to access rights?

  20. What is an object, with regard to access rights?

  21. Explain how listing our subjects and objects leads to creating access controls.

  22. Why is it more likely that a large organization will use security groups?

  23. What are the essential differences between mandatory, role based, and discretionary access controls?

  24. What does the text mean when it says that people can be unintentional threats?

  25. The text discusses social engineering a lot. What does that term mean to you in this context?

  26. What is the most common organizational structure, with regard to access rights?

  27. What value does a company get from mandatory job rotation? Is it different from required vacations? Which do you favor?

  28. Why should security awareness be ongoing training for most employees?

    Questions for Chapter 8

  29. What is meant by data at rest? Give an example.

  30. What is meant by data in motion? Give an example.

  31. What kind of action would put data at rest at risk of compromise? What should be done to reduce this risk?

  32. What kind of action should be taken to reduce the risk of compromised data in motion?

  33. What system generally implements access controls in Windows environments?

  34. What are the two systems listed in the text that implement access controls in UNIX environments?

  35. A hacker often wants to find an identity that has the right to write to an object's ACL. Why is this useful to the hacker?

  36. What two kinds of information do we expect to see in a Windows ACL?

  37. What is special about a/an SACL?

  38. Give an example of how you would give a user explicit rights to an object in a Windows system.

  39. Give an example of how you would give a user implicit rights to an object in a Windows system.

  40. In a Windows system, what is the difference between Read and Read and Execute?

  41. Which common permission in Windows does not apply to files? Why is it needed?

  42. What are the differences between a domain administrator, an enterprise administrator, and a super administrator?

  43. What the the basic file system rights in a UNIX system?

  44. What are the three groups that a chmod command is concerned with?

  45. What is the name of the most powerful user on a UNIX system?

  46. What kind of systems use SCADA systems to control them?