ITS 2110 - Introduction to Network Security

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.

  1. What organization made the series of 802.11x standards? What technology do they relate to?

  2. What is a WAP? What are its typical components?

  3. Name two wireless security standards that have become obsolete in this decade?

  4. Why is UEFI preferred over a BIOS system on a contemporary computer?

  5. Why were the TEMPEST standards invented? What agency created them?

  6. Since servers are supposed to provide services, why would you turn some of them off when you harden a server?

  7. Name three physical security controls.

  8. Name two software security controls.

  9. What do Bluetooth and NFC technologies have in common?

  10. What are some potential security risks that can be found on mobile devices?

  11. What is an ICS? What sort of OS would we expect to find in it?

  12. Explain the difference between identification, authentication, and authorization.

  13. What are the three classic factors used in authentication? What is a newer possible factor?

  14. How might you try to steal a person's password if you cannot get personal access to their device?

  15. What is the difference between a brute force atttack and a dictionary attack on a user's account?

  16. What are some examples of "something you are"?

  17. What is meant by "separation of duties" with regard to security?

  18. How does an implicit deny system work?

  19. What is an ACL? How does it relate to an ACE?

  20. puppy pictureWhat does this image have to do with security? Where would it commonly be found?

  21. What is the purpose of a RADIUS server?

  22. Computing risk is important to enterprise security. What three steps should occur before you can do risk calculation?

  23. What is a port scanner? Why is it a useful security tool?

  24. What is a packet sniffer? How might a hacker use it?

  25. In addtion to attacks on our data, why must we prepare for natural disasters?

  26. What is business continuity? What is its goal?

  27. What is a business impact analysis? How does the data produced in this step become useful in the next plan?

  28. What would be the annualized down time of a system whose up time is four nines? How about five nines?

  29. Describe the benefits of using RAID 0 and RAID 1.

  30. What is a UPS? Compare the performance of an inline UPS to that of an off-line UPS.

  31. What are the four standard fire classes in the United States?

  32. What is meant by the likelihood of an attack? How is that different from the impact of the same attack?

  33. What is the difference between a preventive control and a detective control? When would each be used in a properly designed system?