Monday, 16 November 2015



Click below link for Answers

SEC 280 Week 1 Case Study Ping Sweeps and Port Scans

Your boss has just heard about some nefarious computer activities called ping sweeps and port scans. He wants to know more about them and what their impact might be on the company. Write a brief description of what they are, and include your assessment of whether the activities are something to worry about or not. This assignment requires two to three pages, based upon the APA style of writing.

SEC 280 Week 2 Case Study Network Infrastructure Vulnerabilities

You are the Information Security Officer at a medium-sized company (1,500 employees). The CIO has asked you to explain why you recommend it is so important to secure your Windows and Unix/Linux servers from known shortcomings/vulnerabilities, explain to your CIO what you can do to make sure your network infrastructure is more secured. This assignment requires 3 pages in length (500 words minimum), based upon the APA style of writing. Use transition words, thesis statement, Introduction, Body, Conclusion and Reference Page with at least two references. Double spaced Arial 12 Font.

SEC 280 Week 3 Case Study Asymmetric and Symmetric Encryption

ABC Institute of Research has sensitive information that needs to be protected from its rivals. The Institute has collaborated with XYZ Inc. to research genetics. The information must be kept top secret at any cost. At ABC Institute, the researchers are unsure about the type of key (asymmetric or symmetric) to use. Please formulate a possible solution, and describe the advantages and disadvantages of any solution employed.

SEC 280 Week 4 Case Study Computer Security

Computer security is not an issue for organizations alone. Anyone whose personal computer is connected to a network or the Internet faces a potential risk of attack. Identify all the potential security threats on a personal computer. Identify some of the techniques an attacker might employ to access information on the system

SEC 280 Week 5 Case Study Risk Management Policy

You have just been hired as an Information Security Engineer for a large, multi-international corporation. Unfortunately, your company has suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets are private and secured. Credit-card information was compromised by an attack that infiltrated the network through a vulnerable wireless connection within the organization. The other breach was an inside job where personal data was stolen because of weak access-control policies within the organization that allowed an unauthorized individual access to valuable data. Your job is to develop a risk-management policy that addresses the two security breaches and how to mitigate these risks.

SEC 280 Week 6 Case Study Computer Systems Security

Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning

SEC 280 Final Exam

SEC 280 Final Exam
1.Which of the following is true about the server virtualization (Hypervisor)?
a.Virtualization can only exist in one location
b.Virtualization can only access local disk storage
c.Virtualization cluster can use different type and brand of processors
d.Virtualization is useful for the software testing purposes, e.g., snapshotting.
2.Which of the following is true about Cloud Computing?
a.It is best for a small startup company
b.It is best for security sensitive information, e.g., top secret documents
c.It is best for a company cannot afford to lose the information, e.g., bank transactions
d.It is best for a company is in a remote area and it cannot obtain a reliable Internet connection
3.Which of the following is NOT an example of the business continuity?
a.Power outage for 3 hours
b.Chief Financial Officer involves an auto accident and cannot come to work for 3 days
c.A terrorist attack
d.An employee’s own laptop has been affected by virus
4.Which of the following is NOT a consideration of a backup strategy?
a.How much time do you have?
b.What is your network backbone speed?
c.How many monitor do you have?
d.What time to start the backup?
5.Comparing the difference between backup to disk and tape. What is one reason the tape is preferred?
a.Tape is much faster
b.Tape is much more expensive
c.Tape is water proof
d.Tape can be transport out of site for DR purpose
6.Which of the following is true about the SAN Snapshot?
a.It is taking a picture of the raw image of the disk
b.It makes a backup copy of the operating system
c.It makes a backup copy of the VMDK files
d.None of the above
7.Which of the following backup method requires the most of tape to restore?
d.Delta (application)
8.What is NOT the purpose of colocation?
a.To prevent power outage
b.To prevent data loss
c.To prevent nature disaster, e.g., flood
d.To prevent denial of services attack (DoS)
9.Which of the following is the most common and least expensive backup method?
a.File level (e.g., Windows file system)
b.Operating System level (e.g., VMware datastore)
c.Image level (e.g., SAN snapshot, Ghost)
d.All of the above
10.What is FALSE about data retention?
a.How much data I can write on the tape?
b.When I can re-write the tape?
c.When I must send my tapes to offsite vault such as Iron Mountain for monthly or weekly end backup
d.When I can erase the tape?
11.Which of the following about a wireless access point (in 802.11g standard) is true?
a.It operates like a hub and in half-duplex mode
b.It operates like a hub and in full-duplex mode
c.It operates like a switch and in half-duplex mode
d.It operates like a switch and in full-duplex mode
12.Which of the following 802.1x protocol (in a wireless setting) uses mutual authentication?
13.Per class lecture, which of the following technology is for Power Over Ethernet?
14.A bank has a Class-C IP address and is to be subdivided into 2 branches. How many bit(s) need to be borrowed to accommodate 3 branches? (We are using the zero subnet 2s formula)
15.Which of the following is true regarding to the RADIUS?
a.It forwards the username and password to an Active Directory for validation
b.The overall function of a RADIUS is similar to a Cisco Wireless LAN controller
c.RADIUS uses Mandatory Access Control
d.RADIUS is a client / server protocol. An RADIUS uses UDP port 1812 for authentication and UDP 1813 for accounting
16.Which of the following is true when your boss asks you to make sure the company’s website is available 24x7x365?
17.Updating Windows patch on a server is best described as?
a.Network Security
b.Host Security
c.Physical Security
d.Social Engineering Security
18.Which of the following would be best described as Network Security?
a.Implementing Intrusion Detection System (IDS) on the network
b.Run Windows Update on a user’s workstation
c.Make sure a server cannot use USB drive
d.Having a wireless access point deploy on every departments
19.Most of today’s firewalls are executing rules base on which of the following:
a.Implicit deny
b.Implicit allow
c.Explicit deny
d.Explicit allow
20.To provide an evidence to prove one is indeed sign the document electronically:
21.A target received a spoof email (such as BankofAmerica) and calls back to the sender. The target will not question the authenticity of the tech support. This is an example of:
a.Social Engineering
b.Reverse social engineering
c.Forward social engineering
22.The simple tactic of following closely behind a person who has just used their own access card to gain physical access to a building is called?
a.Shoulder surfing
c.Access drafting
d.Man trap
23.A sender uses his private key to encrypt the message then the receiver uses sender’s public key to decrypt the message.
a.Message digest
b.Simple digital signature
c.Complex digital signature
24.Which of the following is special mathematical function to perform one-way encryption?
25.Which of the following makes an encryption algorithm more robust (harder to crack)?
b.Message Digest
26.An ________ can be viewed as an extension of a company's intranet that is extended to users outside the company, usually partners, vendors, and suppliers.
27.Which of the following OSI layers uses logical addressing?
28.Which of the following OSI layers formats and encrypts data to be sent across a network?
29.Which of the following is the best reason uses UDP?
a.Broadcasting message
c.Telnet to a router
d.Web surfing
30.In an IP address network, what is means?
c.This network
d.This node
31.Which of the following PKI component is responsible for checking the identity of a company during the certificate application process?
a.Registration Authority
b.Department of Licensing
c.Certificate Authority
d.Digital Signature
32.Which of the following is not a part of digital certificate?
a.Validity period
b.Issuer’s unique name
c.Digital signature of the CA
d.A private key
33.What is the best method to exchange the shared secret when establishing a site-to-site VPN?
b.Instant messaging
d.US Postal Service
34.What is the best method to obtain a party’s public key?
a.Digital Certificate
d.Cell Phone
35.Which PKI components issue the digital certificate?
a.Registration Authority
b.Certificate Authority
c.Licensing Authority
d.Digital Signature
36.Which of the following method is one of the ways for customers to find out the digital certificate has expired and/or revoked?
a.Certificate Revocation List (CRL)
b.Notification from CA
c.Email from the vendor
d.CA’s public key cannot open the certificate’s digital signature
37.Which of the following is true regarding to the certificate validation procedure?
a.We need to use the public key of the CA to decrypt the CA’s digital signature
b.We need to use the private key of the CA to encrypt the CA’s digital signature
c.We need to use the public key of the Vendor to encrypt the Vendor’s digital signature
d.We need to use the private key of the Vendor to decrypt the Vendor’s digital signature
38.Which of the following is the best method to obtain FREE digital certificates (Assuming you are in a Windows Domain environment)?
a.Microsoft Certificate Authority
b.Verisign Certificate Authority
c.Third party certificate authority
d.All of the above
39.What is used to increase the complexity of an encryption algorithm?
a.Message Digest
b.Digital Signature
c.Symmetric Algorithms
40.Which of the following is a mathematical function that performs one-way encryption? The main purpose is to verify the integrity of a plaintext.
b.Symmetric Algorithms
c.Asymmetric Algorithms
d.Digital Signature
41.Which of the following cryptography provides the fastest encrypt and decrypt process?
d.Digital Signature
42.What is a digital signature?
a.You will sign a message with your private key
b.You will sign a message with your public key
c.You will sign a message with the recipient’s private key
d.You will sign a message with the recipient’s public key
43.How to verify the integrity of a downloaded file?
a.Comparing the message digests
b.Comparing the encryption algorithm
c.Comparing the hashing algorithm
d.Comparing the public keys
44.Which of the following is an example of asymmetric algorithm?
a.Both encryption and decryption keys are the same
b.Both encryption and decryption keys are different
c.Both message digests are the same
d.Both message digests are different
45.Which of the following best describe ONE private IP address (internal workstations) is translated into ONE public IP address to access the Internet?
a.Static NAT
b.Dynamic NAT
d.All of the above
46.Which protocol is “to request the MAC address for a given IP address”?
47.What service is use to resolve a fully qualified domain name (FQDN) into an IP address?
48.Which of the following is not an example of a routing protocol?
49.Which of the following about this “” is true?
a.The subnet mask is
b.The host ID is 55
c.The network ID is 55
d.The is an IP address of a Windows server
50.What is the purpose of DMZ?
a.So if the corporate web server is hacked the Internal network is not compromised
b.So if the corporate web server is hacked the Internet network is compromised
c.So you can place all the internal servers (such as a domain controller) in the DMZ network
d.So you can place all the remote workers in DMZ network



Click below link for Answers

© Copyright 2015 Work Bank Theme by Workbank