ITS 421 - Tactical Perimeter Defense

Review for Third Test

The following questions are provided to help you study for the third test. Do not expect to see these exact questions on the test.

Questions on Chapters 9 and 10

1. What does perimeter security mean?
   
   
2. How does landscaping affect intruders? How does it affect surveillance cameras?
   
   
3. Name a case in which we care more about when someone leaves a location than when they enter it.
   
   
4. What is an appropriate use of a series of bollards?
   
   
5. What are the two major divisions of biometrics?
   
   
6. With regard to biometrics, what is enrollment? What is identification?
   
   
7. How do most fingerprint scanners work that do not rely on a photograph?
   
   
8. There are two kinds of eye scans. Name them and and tell me which is more prone to errors caused by surgery, glasses, or contact lenses.
   
   
9. What are false acceptance and false rejection?
   
   
10. What is a crossover error rate?
    
    
11. What is the difference between an ACL and an ACE? What does each contain?
    
    
12. Where are we likely to find Kerberos being used?
    
    
13. What feature of a device does a Layer 2 control usually depend on?
    
    
14. What are two features of a packet that are typically used for filtering on routers and firewalls?
    
    Questions on Chapter 11
    
    
15. What does the text present as a slightly different idea about standards in this chapter?
    
    
16. Assuming we use the group of authoritative organizations presented in the chapter, which is likely to have the best selection of standards for all phases of any organization?
    
    
17. If a federal agency chooses not to adopt NIST standards, then what must they do to be in legal compliance?
    
    
18. Which of the listed bodies are most likely to present hard standards that address networking hardware and software? There are two.
    
    
19. Why does it make sense to establish guidelines after you establish policies, standards, and procedures?
    
    
20. Why should standards follow the selection or creation of policies?
    
    
21. How does the use of roles and groups make assigning and removing rights more manageable and uniform?
    
    Questions on Chapter 13
    
    
22. What is the difference between the methods used in symmetric key cryptography and asymmetric key cryptography?
    
    
23. What is the difference between public key cryptography and public key infrastructure?
    
    
24. When you make a purchase across the Internet do you use the vendor's public or private key?
    
    
25. If we decide to create key pairs inside our own organization, what would we need a certificate authority for?
    
    
26. What are algorithms use for regarding keys and encryption?
    
    
27. If we have a symmetric key system for 10 users who need to all send and receive securely to each of the others, how may keys do we need?
    
    
28. What is secure about my encrypting a message with your public key in a public key system?
    
    
29. What is the point of encrypting a message with your private key and sending it to me?
    
    
30. What are some of the fields we expect to see in a digital certificate? What standard must it follow?
    
    
31. What is done with private keys when they are compromised? What is done with digital certificates when they are compromised?
    
    
32. What does the text mean when it says that PKI does not prove that the holder of a key pair is trustworthy?