Session 1

Define the security objectives/TRIAD. When are you considered secured?

Answer:

Define the difference between least privilege and separation of duties.

Answer:

Which category of security control deals with education?

Answer:

Terms such as availability, protection, and privacy are frequently used in discussing information-storing systems. (True/False)

Answer:

According to Session 1 materials what are five examples of security techniques applied to computer systems?

Answers:

Under the Bush administration, the Department of State developed national policies to deal with risks to the critical information infrastructure. (True/False)

Answer:

Session 2

What is the framework COBIT, its strengths, and focus?

Answer:

In computer crime investigations you need to maintain integrity of data so you can establish that it wasnt changed at any point in time. You can use things like write blockers and hashing techniques. (True/False)

Answer:

In Session 2 what are the terms that relate to BCP? Please describe each.

Answer:

______________ is the official management decision given by a senior agency official to authorize operation of an information system and to accept the risk to agency operations based on the implementation of an agreed-upon set of security controls.

Answer:

According to Session 2 materials please define the steps in a detailed or formal risk analysis.

Answer:

Session 3

What is another name for the U.S. Department of Defense Trusted Computer System Evaluation Criteria (TCSEC)?

Answer:

Which of the following models does a Microsoft Window server utilize?

Brewer and Nash Model

Take-Grant Model

Graham Denning Model

Lattice Model

Answer:

Which architecture identifies components and their associated functionality and describes connectivity of components.

Technical

Enterprise

Security

Framework

Answer:

What is the "Common Criteria," and how is it applied?

Answer:

Session 4

Stephen and Nancy are both users of (PKI). Explain how they use their keys to communicate when Stephen sends a private message to Nancy, and provides proof that Stephen sent the message.

Answer:

____________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Answer:

According to Session 4 material what are the five primary functions of cryptography?

Answer:

Convert the cipher text Aqw fgugtxg cp C kp vjku encuu to English. Describe the steps you performed to get the answer. What is the offset/key?

Answer:

RC4 is perhaps the most used stream cypher including in products supporting Secure Socket (SSL) and Secure Electronic Transaction. (True/False)

Answer:

Session 5

_______________ is the traditional method of implementing access control.

MAC B. RBAC

DAC D. MBAC

Answer:

What are the three general means for authenticating a users identity? Also give examples.

Answer:

Compare and contrast Access Control List (ACLs) and Capability List.

Answer:

What is multi-factor authentication? Why does it provide better protection?

Answer:

What is Hash Guessing? What utility did you learn in your reading that you could use?

Answer: