Details of this Paper

devry sec360 full course [ all discussions all quizes all assignment and final exam ]

Description

solution


Question

Question;week 1Security Policy (graded)Policy is central to affecting security in organizations. Using the security policy for your workplace (or other organization with which you are familiar), what are some key features that allow personnel to control security? Are there any deficiencies? What can be added that would improve security?Security CBK (graded)The security Common Body of Knowledge (CBK) describes what security professionals collectively know about the discipline. What knowledge domains are included in the CBK? What do you think will be added to the CBK in the future?This section lists options that can be used to view responses.week 2Compliance Legislation (HIPAA) (graded)How can we utilize the four types of security policies to develop a HIPAA security program for organizations? What kinds of information does HIPAA protect? What kinds of organizations does HIPAA cover?Intellectual Property (IP) (graded)Your organization has asked you to assist in the discussion about how to best protect its intellectual property (IP). The engineers in your organization have developed new database and ordering software to support a faster process for fulfilling customer orders. Which of the various forms of IP protection will you recommend for safeguarding the engineers' work? Should it be protected at all? What does the organization risk by getting IP protection?week 3Snack Cake Security (graded)Your company has a special recipe for snack cakes. This snack cake is a key product in your company's lineup, and it is responsible for a large majority of shareholder value. Using a security model described in the text, describSecurity and the OSI Model (graded)Security can have a cumulative effect. Consider the OSI model as a key component of the Common Body of Knowledge. For definitions of OSI layers, click here: OSI Layers. What is the OSI model about, and how can we use it when we are selecting security controls?e an approach that will allow this important recipe to be kept secure.week 4Amusement Security (graded)Your company is in the business of entertainment, they run an amusement park. There are thousands of people all over the park every day. It is very important to control who has access to what, and not just for visitors, but for employees as well. Define groups of people, and indicate how you would control physical access for them.Security Operations Changes (graded)Describe how to insert changes in the operational security of the organization. How do you manage those who do not want to accept the changes?This section lists options that can be used to view responses.week 5Backup and Recovery Planning (graded)Why are backups so often overlooked in an organization? How do we sell the benefits of spending money on backup solutions to business managers and executives?Access Control Lists (graded)Access control lists are very valuable for administering granular control over an organization?s resources. So why do a lot of organizations opt not to use them in lieu of more general super user or administrator accounts?week 6Cryptograhy (graded)Which algorithm is more secure: AES256 or AES128? Why?The Enterprise Firewall is Dead (graded)A popular computer network publication stated at one time that the enterprise firewall was dead. It boldly stated that the exterior firewalls of the organization should be torn down and replaced with host-based firewalls instead. Is this insane, or is it the best new practice in security management? Explain your answer.This section lists options that can be used to view responses.week 7Intrusion Detection (graded)Your organization?s business manager has read an article about how intrusion detection systems can help deter hackers. He or she wants to spearhead a campaign to deploy them around the company?s locations in three states. Since an IDS can help deter hackers, does this make it a worthwhile project, or is there some reason to be wary? Specific to this example, how do you respond to ad hoc security requests like this? In general, how can you keep requests like this in checkSecure as a Car (graded)Engineering software is like engineering a car, if one were so inclined, there could be a completely bug- and security-free application. Do you agree with this? Why or why not?week 2 you decideYou DecideInformation Systems Use Security Policy: Write a paper consisting of 500-1,000 words (double spaced) about your experience in the Week 1 You Decide exercise. Briefly explain some of the issues that a company may face as it experiences growth, and begin to address the proper use of their information systems.Students should see Appendix C of the textbook for examples of policies that address the issues that companies may face.View Grading RubricSubmit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read thesestep-by-step instructions or watch thisweek 5 and 6YOUDECIDEScenario, Your Role, Key PlayersInformation Systems Use Security PolicyScenarioScenario descriptionRoleWhat is Your Role in this scenario?PlayersLearn more about the Key Players in this scenario.DeliverableWhat would you to resolve this scenario?ScenarioSunshine Machine Works, who recently expanded its infrastructure, now needs to ensure that any authorized employee can access the intranet. Sales people and management staff frequently travel to remote locations, and often require access to documents stored on the intranet file server.Play00:00MuteRoleYou are the IT Services manager for Sunshine Machine Works. You are to assess the information presented and provide a response to management on how remote access may be handled for Sunshine Machine Works.Play00:00MutePlayersStoneChief Executive Officer Margie NelsonChief Financial Officer GarThomasGeneral ManagerDeliverableGiven the scenario, your role and the information provided by the key players involved, it is time for you to make a decision.;If you are finished reviewing this scenario, close this window and return to this Week's You Decide tab, in eCollege, to complete the activity for this scenario.;You can return and review this scenario again at any time.YOUDECIDEActivityAssignmentSince you are responsible for IT Services and want to keep the systems and network functioning effectively, you will want to provide technical guidance and leadership on this issue.Follow the instructions provided in the You Decide Exercise: Cryptographic Tunneling and the OSI Model.Write a paper consisting of 500-1,000 words (double-spaced) on the security effects of cryptographic tunneling based on an understanding of the OSI (Open Systems Interconnect) model.Review the OSI Simulation in the week 3 lecture.Provide input on the type of cryptographic tunneling protocols (e.g., L2TP, IPSEC, SSL, etc.) which may be used, the layer(s) of the OSI at which each operates, and also recommend how they may be implemented. Cryptographic tunneling is inherent in building any common virtual private network (VPN).Grading Rubric:CategoryPointsDescriptionUnderstanding20Demonstrate a strong grasp of the problem at hand. Demonstrate understanding of how the course concepts apply to the problem.Analysis20Apply original thought to solving the business problem. Apply concepts from the course material correctly toward solving the business problem.Execution10Write your answer clearly and succinctly using strong organization and proper grammar. Use citations correctly.Total50A quality paper will meet or exceed all of the above requirements.Note!Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the DropboxCryptographic Tunneling and the OSI ModelWrite a paper consisting of 500-1,000 words (double-spaced) on the security effects of cryptographic tunneling based on an understanding of the OSI (Open Systems Interconnect) model (Review the OSI Simulation in the Week 3 Lecture).Provide input on the type of cryptographic tunneling protocols (e.g., L2TP, IPSEC, SSL, etc.) that may be used, the layer(s) of the OSI at which each operates, and also recommend how they may be implemented. Cryptographic tunneling is inherent in building any common virtual private network (VPN).View Grading RubricSubmit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions="block_indent">Physical Security Simulation ReportCompose a report on the experience of performing the Physical Security survey. Students will write a report consisting of 250-500 words (double-spaced) on experiences in the Physical Security Simulation (see tab under Week 4).View Grading RubricSubmit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read thesestep-by-step instructionsPhysical Security Simulation ReportCompose a report on student experience in performing the Physical Security survey. Students will write a 250--500 word report (double-spaced) on experiences in the Physical Security Simulation.Note: The correct information for the physical security survey is provided at the end of the simulation. The people who were interviewed were aware ahead of time that the survey was to take place and were also aware of the problems of concern to management.Students should focus on the problems of acquiring good information through a physical security survey. Did the people you interviewed mislead you (either intentionally or unintentionally)? How did you go about obtaining good or correct information?The purpose of this project is to make students aware of some important issues that arise in a facility security survey.quizes(TCO 1) Defense-in-depth is a _____.security requirementsecurity modelsecurity strategysecurity policysecurity controlQuestion 2. Question:(TCO 1) What are the common effects of controls?Prevention, detection, and responseAdministration, technology, and physicalDetection, accounting, and access controlIdentification, audit, and access controlConfidentiality, integrity, and availabilityQuestion 3. Question:(TCO 1) Information security managers should not be motivated by _____.IN concern for the well-being of societygovernmental regulationfear, uncertainty, and doubtpromotion potentialreadiness:Question 4. Question:(TCO 1) The unique security issues and considerations of every system make it crucial to understand all of the following, except _____.security standardssecurity skills of developershardware and software security configurationsdata sensitivityIN the business of the organizationQuestion 5. Question:(TCO 2) Which of the following domains is not part of the IISSCC CBK?ArchitectureProject ManagementEthicsLawOperations SecurityQuestion 6. Question:(TCO 2) A security event that causes damage is called _____.IN a compromisea violationan incidenta mishapa transgressionQuestion 7. Question:(TCO 2) What is the enemy of security?IndustryForeign nationsCompetitorsComplexityPeopleQuestion 8. Question:(TCO 2) What are the effects of security controls?Confidentiality, integrity, and availabilityAdministrative, physical, and operationalDetection, prevention, and responseManagement, operational, and technicalNone of the aboveQuestion 9. Question:(TCO 1) Policies and procedures are often referred to as _____.modelsa necessary evilguidelinesdocumentationQuestion 10. Question:(TCO 2) There are _____ domains of the Common Body of Knowledge.12nine1110(TCO 3) _____ conduct periodic risk-based reviews of information assets, policies, and procedures.Security testersVendor managersInternal auditorsAccess coordinatorsTechnical managersText, page 81Points Received: 5 of 5Comments:Question 2. Question:(TCO 3) An excellent document to review for best practices in security management is _____.IN ISO/IEC 17799BS 7799ISO/IEC 27001Appendix H of NIST SP 800-53Any of the abovePoints Received: Comments:Question 3. Question:(TCO 3) An organization?s security posture is defined and documented in _____ that must exist before any computers are used.standardsguidelinesprocedurespoliciesAll of the aboveText, pages 68-73Points Received: 5 of 5Comments:Question 4. Question:(TCO 3) What does SDLC stands for?Software development license cycleSoftware development life cycleSystem development life cycleSystem definition life cycleNone of the aboveLecturePoints Received: 5 of 5Comments:Question 5. Question:(TCO 4) Various countries have different views of individual privacy. The European Union (EU) has very different privacy laws than the United States has. To allow U.S. companies better ease of operation in the European Union, the Department of Commerce negotiated the _____ with the EU.privacy treatyMemorandum of Agreement regarding privacyPrivacy Reciprocity Act of 1993international safe harbor principlesPrivacy Act of 1983Text, page 150Points Received: 5 of 5Comments:Question 6. Question:(TCO 4) Which of the following "commandments" should be part of the information security professional's code of ethics?I will abide by the Constitution of the United States.I will dress appropriately for the company environment.I will protect the equities of senior management.I will act honorably, honestly, justly, responsibly, and legally.Text, page 154Points Received: 5 of 5Comments:Question 7. Question:(TCO 5) Information hiding or data hiding is implemented through _____.abstractionencapsulationlayeringisolated storageencryptionText, page 94Points Received: 5 of 5Comments:Question 8. Question:(TCO 5) A reference monitor is _____.a security modela security controla network security modelonly appropriate in ringed architectureText, page 90 and lecturePoints Received: 5 of 5Comments:Question 9. Question:(TCO 4) Denial of service attacks, rogue code, and software piracy are some of the ways that _____ commit crimes.aggressive programmerscomputer enthusiastscyber criminalsforeign operativesText, page 144Points Received: 5 of 5Comments:Question 10. Question:(TCO 5) The _____ can be illustrated using something known as a ring of trust.TCBprinciple of least privilegesecondary storage zonekernelText, page 91Points Received: 5 of 5Comments:* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)TCO 6) The layers of physical security defense in depth do not include _____.monitoring (video or human)intrusion detection/preventionmechanical and electronicenvironmentalsecurity clearances(Week 4 Lecture) Security clearances are personnel security controls. Authenticating clearances may well be part of the physical security process.Points Received: 5 of 5Comments:Question 2. Question:(TCO 6) Which of the following are categories of intrusion detection devices?Door sensorsBiometric detectorsPerimeter detectorsSecurity detectorsAll of the aboveText, pages 175-176Points Received: 5 of 5Comments:Question 3. Question:(TCO 6) Physical security deals with all of the following except _____.buildingslogical systemscomputer roomscomputer devicesfencesText, Chapter 8, p. 165Points Received: 5 of 5Comments:Question 4. Question:(TCO 7) Security operations generally does not provide controls for _____.IN personnel securityresource protectionbackup and recovery of locally stored workstation dataprivileged entity controlsvirus scanningText, page 193Points Received: 0 of 5Comments:Question 5. Question:(TCO 7) Security operations does NOT use controls for _____.threatsvulnerabilitiesintrusionscommunications devicesmanagement decision making(Lecture) Security operations provides information to management, but does not decide for management.Points Received: 5 of 5Comments:Question 6. Question:(TCO 8) Disaster recovery planning includes all of the following except _____.IT systems and applicationsapplication datadata entry usersnetworksIN communication linesText, pages 129-133Points Received: 0 of 5Comments:Question 7. Question:(TCO 8) A business impact analysis identifies _____.risks to the businessquantifies risksrisks to the business if critical services are discontinuedIN priorities of restoring critical servicesAll of the aboveText, Chapter 6, p. 128Points Received: 0 of 5Comments:Question 8. Question:(TCO 9) The minimum set of access rights or privileges needed to perform a specific job description is called _____.separation of dutiesleast privilegeprivileged controlsseparation of privilegeText, pages 188 & 206Points Received: 5 of 5Comments:Question 9. Question:(TCO 9) Which of the following is NOT true for RADIUS?Uses remote access Dial-In User ServiceUsed by AOL to authenticate usersCreates a private tunnel between end pointsPolicies can be centrally administeredCan use multifactor authentication(Text, p. 220) Radius is not a tunneling technology.Points Received: 5 of 5Comments:Question 10. Question:(TCO 9) The predominant strategy that is used to assure confidentiality is _____.biometric authenticationdiscretionary access controlrole-based access controlsymmetric encryptionthe principle of least privilegeText, page 206Points Received: 5 of 5Comments:* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)(TCO 10) Secure hashing is also known as _____.public-key cryptographya message digestTransport Layer SecuritySecure Sockets LayerIPSecInstructor Explanation: Week 6 Lecture and page 239 of course textPoints Received: 5 of 5Comments:Question 2. Question:(TCO 10) Which of the following uses symmetric-key or shared-secret cryptography?AESRSADiffie HellmanIN MD5PSAInstructor Explanation: Week 6 Lecture and pages 244-245 of course textPoints Received: 0 of 5Comments:Question 3. Question:(TCO 11) Firewalls do not _____.block unauthorized trafficdetect tamperinguse simple softwarefilter words or phrases in trafficenforce a security policyInstructor Explanation: Week 6 Lecture and pages 275-279 of course textPoints Received: 0 of 5Comments:Question 4. Question:(TCO 11) Which of the following is not a characteristic of a proxy server?Configured to allow access only to specific systemsMaintains detailed audit informationDependent on all other proxies on the bastion hostRuns as a nonprivileged userAny service that is not supported by the proxy server is blocked.Instructor Explanation: Page 273 of course text and Week 6 LecturePoints Received: 5 of 5Comments:Question 5. Question:(TCO 12) Modern intrusion detection systems act as sensors for hosts and network devices and work in a centrally controlled distributed fashion using _____.softwareremote procedure callsagent technologycommon interfacesaccess to local audit recordsInstructor Explanation: (Week 7 Lecture) Distributed agent technology with a central management module is most common.Points Received: 0 of 5Comments:Question 6. Question:(TCO 12) A decoy used to lure intruders into staying around is called a(n) _____.pharmphishentrapmenthoneypotmug of aleInstructor Explanation: (Week 7 Lecture) A honeypot is a decoy to capture the attention of intruders. A mug of ale might work, but that is not software!Points Received: 5 of 5Comments:Question 7. Question:(TCO 12) An event where seemingly harmless data is forwarded by the router to a host on an internal network is known as a _____.drive-by attackproxy-server attackdata-driven attackpenetration testingsteganographyInstructor Explanation: Page 271 of course textPoints Received: 5 of 5Comments:Question 8. Question:(TCO 13) Which form of malware is dependent on operating systems and replicating?Trap doorVirusWormTrojanLogic bombInstructor Explanation: Week 7 Lecture and page 304 of course textPoints Received: 5 of 5Comments:Question 9. Question:(TCO 13) Which phase of the SDLC should have security representation?Concept definitionRequirements definitionDesignTest and EvaluationAll phasesInstructor Explanation: Week 7 Lecture and page 307 of course textPoints Received: 5 of 5Comments:Question 10. Question:(TCO 13) Which form of malware contains hidden and malicious functions disguised as a utility program that performs useful work?Trap doorVirusWormTrojan horseLogic bombInstructor Explanation: Page 304 of course textPoints Received: 5 of 5Comments:* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)finalPage 1Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points: 5)Preventive, detective, and responsiveProhibitive, permissive, and mandatoryAdministrative, technical, and physicalManagement, technical, and operationalRoles, responsibilities, and exemptionsQuestion 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points: 5)technologies, domains, familiescontrols, families, domainsdomains, families, technologiesprinciples, domains, familiescontrols, domains, principlesQuestion 3.3. (TCO 2) What are the effects of security controls? (Points: 5)Confidentiality, integrity, and availabilityAdministrative, physical, and operationalDetection, prevention, and responseManagement, operational, and technicalQuestion 4.4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points: 5)assets, accountability, softwareassets, separation of duties, complexitysoftware, separation of duties, complexitysoftware, accountability, peoplepeople, separation of duties, technologyQuestion 5.5. (TCO 4) "There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____. (Points: 5)lawcode of ethicscorporate policyfair information practices statementAny of the aboveQuestion 6.6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points: 5)criteria, models, solutionscontrols, abstractions, solutionssolutions, abstractions, modelsmodels, abstractions, solutionsmodels, controls, solutionsQuestion 7.7. (TCO 6) Many believe that the most important physical security control is _____. (Points: 5)closed-circuit televisiona good security planan educated workforcecertified security staffresourcesQuestion 8.8. (TCO 7) The mission of the security operations center might best be described as _____. (Points: 5)continuous monitoringmaintaining the known good statepolicy enforcementreporting to managementconfiguration managementQuestion 9.9. (TCO 8) Alternate sites used in disaster recovery would normally not include which of the following? (Points: 5)Hot siteCold siteWarm siteShared siteAlternate siteQuestion 10.10. (TCO 9) The basic elements of any access control model is a reference monitor that mediates access to _____ by _____. (Points: 5)files, peopleobjects, subjectsfiles, principalsnamed resources, named userscomputer time, applicationsQuestion 11.11. (TCO 10) In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography. (Points: 5)signatures, messagesmessages, datahash totals, messagesmessages, hash totalsdata, messagesQuestion 12.12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points: 5)Use symmetric keysIssue smart cardsImplement SSLUse IPSecSet up VPN connectionsQuestion 13.13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points: 5)Layer 1Layer 2Layer 3Layer 4/7applicationsQuestion 14.14. (TCO 12) The two standard approaches to intrusion detection are _____ and _____. (Points: 5)access control, firewallanomaly, rulepolicy, labelrole, accountuser, programQuestion 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points: 5)Improved performanceIncreased availabilityGreater versatilityEfficient business modelsPage 2Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points: 15)Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls--prevention, detection, and recovery. (Points: 15)Question 3. 3. (TCO 3) Briefly explain how defense in depth is a management strategy for security. (Points: 15)Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points: 15)Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points: 15)Question 6. 6. (TCO 6) Briefly describe the idea of a smart card. (Points: 15)Question 7. 7. (TCO 7) Explain the purpose of a security operations center. (Points: 15)Question 8. 8. (TCO 8) Explain the term warm site. (Points: 15)Page 3Question 1. 1. (TCO 9) Distinguish between an access control list and a capabilities list. (Points: 15)Question 2. 2. (TCO 10) Briefly explain why key management is a critical requirement for a good symmetric cryptographic solution. (Points: 15)Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points: 15)Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points: 15)Question 5. 5. (TCO 12) Explain what the symbol P(A|B) means. (Points: 15)Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points: 15)Question 7. 7. (TCO 13) Briefly explain what object orientation is and what it is used for. (Points: 15)

 

Paper#52319 | Written in 18-Jul-2015

Price : $117
SiteLock