CSS 111 - Introduction to Information System Security

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.

1. What is access control about? What are three actions that are typically taken by administrators regarding access control?
   
   
2. In which kind of access control might users permit or deny access to assets? Which kind of access control is the most restrictive? Which kind of access control might be linked to roles or group memberships?
   
   
3. If a user is authorized but not authenticated why can't they access resources? How about if they are authenticated but not authorized?
   
   
4. Give an example of a security measure that depends on
1. something you know
2. something you have
3. something you are
   
   
5. What does it mean to use two level authentication?
   
   
6. On what layer of the OSI model do packet filtering firewalls function?
   
   
7. What are three elements, normally found in a packet, that a firewall might base a rejection on?
   
   
8. What makes a firewall a "static firewall"?
   
   
9. What would make a firewall dynamic?
   
   
10. What kind of traffic do stateful firewalls watch for and reject?
    
    
11. What is the FTP protocol used for?
    
    
12. What is the SMTP protocol used for?
    
    
13. Which layer of the OSI model does not have a type of firewall associated with it?
    
    
14. The text says firewalls should not be configurable from a part of our network. Which part?
    
    
15. What kind of product is SurfControl? Why would you install a product like that?
    
    
16. What kind of network access does a RADIUS server support?
    
    
17. What is the difference between a trusted VPN and a secure VPN?
    
    
18. What is the general formula the book used to calculate a Cost Benefit Analysis?
    
    
19. What is the difference between intrusion detection and intrusion prevention?
    
    
20. If we have installed a host-based IDPS, what assets can we expect it to protect?
    
    
21. What is a honeypot supposed to do?
    
    
22. What does a port scanner do? Which kind of firewall should be looking for traffic from a hacker who has used a port scanner?
    
    
23. What does a packet sniffer do? What else might it be called? What are the three rules from the text about using a packet sniffer?
    
    
24. What is the overall IEEE standard that applies to wireless networking?
    
    
25. Define plaintext and ciphertext.
    
    
26. Why is a Caesar cipher easy to crack?
    
    
27. What general kind of cipher is the Caesar cipher an example of?
    
    
28. What is hashing? What does hashing do that makes it harder to crack?
    
    
29. How is a symmetric algorithm system different from an asymmetric system? What must be done in both cases to defeat it?
    
    
30. What are the three symmetric algorithms that the text discussed?
    
    
31. What common web transaction uses an asymmetric encryption algorithm?
    
    
32. What is the value of authentication in PKI?
    
    
33. What is the meaning of nonrepudiation?
    
    
34. What role does a certificate authority play in PKI?
    
    
35. What is PKI?
    
    
36. What should happen when a certificate is reported as being hacked?
    
    
37. Why can we say that Pretty Good Privacy uses both symmetric and asymmetric keys?
    
    
38. What does steganography mean?  Why is this likely to require more file space than other encryption methods?
    
    
39. You are setting up a wireless access point. It offers WEP, WPA, and WPA2 as encryption choices. Should you have a preference for which one to use? Why?
    
    
40. How do ID badges provide physical security? What about doors whose locks are opened by an ID badge?
    
    
41. What is a tailgater? How might you avoid allowing this activity?
    
    
42. What does a fail-safe electronic lock do when there is a power failure? How about a fail-secure lock? Which was on the vault in the Nakatomi Plaza?
    
    
43. What is a mantrap? Why would you use one?
    
    
44. What is a plenum?
    
    
45. What kind of fire detection depends on human action?
    
    
46. What is the difference between flame detection and thermal fire detection?
    
    
47. What are the four standard US classes for fire extinguishers?
    
    
48. The video I showed in class for water mist points out a problem with this type of system, and with sprinklers as well. What is it?
    
    
49. Gas dispersant systems can be effective, but what is their specific danger?
    
    
50. How might data be intercepted by direct observation?
    
    
51. What are two ways that data transmission might be intercepted?
    
    
52. Where are portable devices most often stolen? What does this tell you about security for such devices?