DeVry SEC 280 Final Exam – Latest

http://www.spinwoop.com/?download=devry-sec-280-final-exam-latest

For Further Information And For A+ Work Contact US At SPINWOOP@GMAIL.COM

SEC 280 Final Exam DeVry – 2015 Question : (TCO 2) What are the security risks of installing games on an organization’s system?

Student Answer: There are no significant risks. Users can’t always be sure where the software came from and it may have hidden software inside of it. The users may play during work hours instead of during breaks. The games may take up too much memory on the computer and slow down processing, making it difficult to work. Instructor Explanation: page 75

Points Received: 4 of 4 Comments:

Question 2. Question : (TCO 2) All of the following are techniques used by a social engineer EXCEPT for which one?

Student Answer: An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number. An attacker calls up the IT department posing as an employee and requests a password reset. An attacker runs a brute-force attack on a password. An attacker sends a forged e-mail with a link to a bogus website that has been set to obtain personal information. Instructor Explanation: page 68

Points Received: 4 of 4 Comments:

Question 3. Question : (TCO 2) Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target’s trash is known in the community as _____

Student Answer: trash rummaging garbage surfing piggy diving dumpster diving Instructor Explanation: page 74

Points Received: 4 of 4 Comments:

Question 4. Question : (TCO 2) What are the SSL and TLS used for?

Student Answer: A means of securing application programs on the system To secure communication over the Internet A method to change from one form of PKI infrastructure to another A secure way to reduce the amount of SPAM a system receives Instructor Explanation: page 161

Points Received: 0 of 4 Comments:

Question 5. Question : (TCO 2) What is the ISO 17799?

Student Answer: A standard for creating and implementing security policies A standard for international encryption of e-mail A document used to develop physical security for a building A document describing the details of wireless encryption Instructor Explanation: page 173

Points Received: 4 of 4 Comments:

Question 6. Question : (TCO 2) What is XKMS?

Student Answer: Key Management Specification, which defines services to manage PKI operations within the Extensible Markup Language (XML) environment An XML standard for e-mail encryption An XML standard that is used for wireless data exchange A primary XML standard that is for application development Instructor Explanation: pages 164-165

Points Received: 4 of 4 Comments:

Question 7. Question : (TCO 3) A(n) _____ is a network typically smaller in terms of size and geographic coverage, and consists of two or more connected devices. Home or office networks are typically classified as this type of network.

Student Answer: local-area network office-area network wide-area network internal-area network Instructor Explanation: page 205

Points Received: 4 of 4 Comments:

Question 8. Question : (TCO 3) What is the main difference between TCP and UDP packets?

Student Answer: UDP packets are a more widely used protocol. TCP packets are smaller and thus more efficient to use. TCP packets are connection oriented, whereas UPD packets are connectionless. UDP is considered to be more reliable because it performs error checking. Instructor Explanation: page 210

Points Received: 4 of 4 Comments:

Question 9. Question : (TCO 3) Unfortunately, hackers abuse the ICMP protocol by using it to _____.

Student Answer: send Internet worms launch denial-of-service (DoS) attacks steal passwords and credit card numbers send spam Instructor Explanation: pages 211-212

Points Received: 4 of 4 Comments:

Question 10. Question : (TCO 3) Which of the following is a benefit provided by Network Address Translation (NAT)?

Student Answer: Compensates for the lack of IP addresses Allows devices using two different protocols to communicate Creates a DMZ Translates MAC addresses to IP addresses Instructor Explanation: pages 217-218

Points Received: 4 of 4 Comments:

Question 11. Question : (TCO 3) Which transport layer protocol is connectionless?

Student Answer: UDP TCP IP ICMP Instructor Explanation: page 210

Points Received: 4 of 4 Comments:

Question 12. Question : (TCO 3) Which transport layer protocol is connection oriented?

Student Answer: UDP TCP IP ICMP Instructor Explanation: page 210

Points Received: 4 of 4 Comments:

Question 13. Question : (TCO 3) Which of the following is an example of a MAC address?

Student Answer: 00:07:H9:c8:ff:00 00:39:c8:ff:00 00:07:e9:c8:ff:00 00:07:59:c8:ff:00:e8 Instructor Explanation: page 213

Points Received: 4 of 4 Comments:

Question 14. Question : (TCO 4) It is easier to implement, back up, and recover keys in a _____.

Student Answer: centralized infrastructure decentralized infrastructure hybrid infrastructure peer-to-peer infrastructure Instructor Explanation: page 132

Points Received: 4 of 4 Comments:

Question 15. Question : (TCO 4) All of the following statements sum up the characteristics and requirements of proper private key use EXCEPT which one?

Student Answer: The key should be stored securely. The key should be shared only with others whom you trust. Authentication should be required before the key can be used. The key should be transported securely. Instructor Explanation: page 135

Points Received: 4 of 4 Comments:

Question 16. Question : (TCO 4) Outsourced CAs are different from public CAs in what way?

Student Answer: Outsourced services can be used by hundreds of companies. Outsourced services provide dedicated services and equipment to individual companies. Outsourced services do not maintain specific servers and infrastructures for individual companies. Outsourced services are different in name only. They are essentially the same thing. Instructor Explanation: page 139

Points Received: 4 of 4 Comments:

Question 17. Question : (TCO 4) Cryptographic algorithms are used for all of the following EXCEPT _____.

Student Answer: confidentiality integrity availability authentication Instructor Explanation: pages 104-109

Points Received: 4 of 4 Comments:

Question 18. Question : (TCO 4) When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message. This application of encryption is an example of _____.

Student Answer: authentication nonrepudiation confidentiality auditing Instructor Explanation: page 104

Points Received: 4 of 4 Comments:

Question 19. Question : (TCO 6) Alice sends an e-mail that she encrypts with a shared key, which only she and Bob have. Upon receipt, Bob decrypts the e-mail and reads it. This application of encryption is an example of _____.

Student Answer: confidentiality integrity authentication nonrepudiation Instructor Explanation: page 104

Points Received: 4 of 4 Comments:

Question 20. Question : (TCO 6) A hub operates at which of the following?

Student Answer: Layer 1, the physical layer Layer 2, the data-link layer Layer 2, the MAC layer Layer 3, the network layer Instructor Explanation: page 233

Points Received: 4 of 4 Comments:

Question 21. Question : (TCO 6) The following are steps in securing a workstation EXCEPT _____.

Student Answer: install NetBIOS and IPX install antivirus remove unnecessary software disable unnecessary user accounts Instructor Explanation: page 229

Points Received: 4 of 4 Comments:

Question 22. Question : (TCO 8) The Wassenaar Arrangement can be described as which of the following?

Student Answer: An international arrangement on export controls for conventional arms as well as dual-use goods and technologies An international arrangement on import controls A rule governing import of encryption in the United States A rule governing export of encryption in the United States Instructor Explanation: page 606

Points Received: 4 of 4 Comments:

Question 23. Question : (TCO 8) The electronic signatures in the Global and National Commerce Act _____.

Student Answer: implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications make it a violation of federal law to knowingly use another’s identity are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals Instructor Explanation: page 608

Points Received: 4 of 4 Comments:

Question 24. Question : (TCO 8) Which of the following is a characteristic of the Patriot Act?

Student Answer: Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals Makes it a violation of federal law to knowingly use another’s identity Implements the principle that a signature, contract, or other record may not be deleted Denies legal effect, validity, or enforceability solely because it is electronic form Instructor Explanation: page 603

Points Received: 4 of 4 Comments:

Question 25. Question : (TCO 8) What is the Convention on Cybercrime?

Student Answer: A convention of black hats who trade hacking secrets The first international treaty on crimes committed via the Internet and other computer networks A convention of white hats who trade hacker prevention knowledge A treaty regulating international conventions Instructor Explanation: page 601

Points Received: 0 of 4 Comments:

(TCO 2) Give an example of a hoax and how it might actually be destructive.

Student Answer: An example of a hoax that might be destructive would be when a hacker defaces a website and puts up that everything 90% off. This isn’t real but the company will have to uphold the discount or else get sued for false advertisement. Instructor Explanation: page 71
An e-mail is sent that gets a user to delete critical system files.

Points Received: 9 of 10 Comments: An e-mail is sent that gets a user to delete critical system files.

Question 2. Question : (TCO 2) List the four ways backups are conducted and stored.

Student Answer: The easiest type of backup is a full backup. In a full backup, all files and software are copied on the storage media. In a differential backup, only the files and software that have changed since the last full backup are backed up. The incremental backup is a variation on differential backup, with the difference being that instead of copying all files that have changed since the last full backup, the incremental back up backs up only files that have changed since the last full or incremental backup occurred. Lastly the delta backup is to back up as little information as possible each time you perform a backup. This backup can be; CD-ROM, FTP, Tape Drives or USB drives. Instructor Explanation: pages 497-498
Full backup, differential backup, incremental backup, delta backup

Points Received: 10 of 10 Comments:

Question 3. Question : (TCO 2) List at least five types of disasters that can damage or destroy the information of an organization.

Student Answer: Five types of disasters that can damage or destroy the information of an organization are; fire, flood, tornado, terrorism, and a gas leak or explosion. Instructor Explanation: page 493
Possible answers include the following:
• Fire
• Flood
• Tornado
• Hurricane
• Electrical storm
• Earthquake
• Political unrest
• Blizzard
• Gas leak/explosion
• Chemical spill
• Terrorism
• War

Points Received: 10 of 10 Comments:

Question 4. Question : (TCO 2) What are the various ways a backup can be conducted and stored?

Student Answer: The easiest type of backup is a full backup. In a full backup, all files and software are copied on the storage media. In a differential backup, only the files and software that have changed since the last full backup are backed up. The incremental backup is a variation on differential backup, with the difference being that instead of copying all files that have changed since the last full backup, the incremental back up backs up only files that have changed since the last full or incremental backup occurred. Instructor Explanation: pages 495-497
Backups should include the organization’s critical data, and critical software as well. Backups may be conducted by backing up all files (full backup), only the files that have changed since the last full backup (differential backup), only the files that have changed since the last full or differential backup (incremental backup), or only the portion of the files that has changed since the last delta or full backup (delta backup). Backups should be stored both on-site for quick access if needed, as well as off-site in case a disaster destroys the primary facility, its processing equipment, and the backups that are stored on-site.

Points Received: 10 of 10 Comments:

Question 5. Question : (TCO 2) Your boss wants you to give him some suggestions for a policy stating what the individual user responsibilities for information security should be. Create a bulleted list of those responsibilities.

Student Answer: The responsibilities for the information security policy include: Change Management Classification of Information Privacy Instructor Explanation: page 77
The following are examples:
• Lock the door to your office or workspace.
• Do not leave sensitive information inside your car unprotected.
• Secure storage media containing sensitive information in a secure storage device.
• Shred paper containing organizational information before discarding it.
• Do not divulge sensitive information to individuals (including other employees) who do not have an authorized need to know it.
• Do not discuss sensitive information with family members.
• Be aware of who is around you when discussing sensitive corporate information. Does everybody within earshot have the need to hear this information?
• Enforce corporate access control procedures.
• Be aware of the correct procedures to report suspected or actual violations of security policies.
• Follow procedures established to enforce good password security practices. Passwords are such a critical element that they are frequently the ultimate target of a social-engineering attack.

Points Received: 5 of 10 Comments: page 77 The following are examples: Lock the door to your office or workspace. Do not leave sensitive information inside your car unprotected. Secure storage media containing sensitive information in a secure storage device. Shred paper containing organizational information before discarding it. Do not divulge sensitive information to individuals (including other employees) who do not have an authorized need to know it. Do not discuss sensitive information with family members. Be aware of who is around you when discussing sensitive corporate information. Does everybody within earshot have the need to hear this information? Enforce corporate access control procedures. Be aware of the correct procedures to report suspected or actual violations of security policies. Follow procedures established to enforce good password security practices. Passwords are such a critical element that they are frequently the ultimate target of a social-engineering attack.

Question 6. Question : (TCO 3) List three kinds of information contained in an IP packet header.

Student Answer: Version, IP Header Length (number of 32 -bit words forming the header, usually five) Type of Service (ToS), today known as Differentiated Services Code Point (DSCP) (usually set to 0, however may indicate particular Quality of Service needs from the network, the DSCP defines the way routers should queue packets while they are waiting to be forwarded). Instructor Explanation: pages 215-216
• The kind of packet it is (protocol version number)
• The size of the packet’s header (packet header length)
• How to process this packet (type of service telling the network whether or not to use options such as minimize delay, maximize throughput, maximize reliability, and minimize cost)
• The size of the entire packet (Overall length of packet, as this is a 16-bit field; the maximum size of an IP packet is 65,535 bytes, but in practice most packets are around 1500 bytes.)
• A unique identifier, distinguishing this packet from other packets
• Whether or not this packet is part of a longer data stream, and how it should be handled relative to other packets
• A description of where this packet fits into the data stream as compared to other packets (the fragment offset)
• A checksum of the packet header (to minimize the potential for data corruption during transmission)
• Where the packet is from (source IP address such as 10.10.10.5)
• Where the packet is going (destination IP address such as 10.10.10.10)
• Option flags that govern security and handling restrictions, such as whether or not to record the route this packet has taken, whether or not to record timestamps, and so forth
• The data this packet carries

Points Received: 10 of 10 Comments:

Question 7. Question : (TCO 3) What is the difference between TCP and UDP?

Student Answer: TCP header size is 20 bytes. UDP Header size is 8 bytes. TCP rearranges data packets in the order specified. UDP has no inherent order as all packets are independent of each other. If ordering is required, it has to be managed by the application layer. TCP is suited for applications that require high reliability, and transmission time is relatively less critical. UDP is suitable for applications that need fast, efficient transmission, such as games. UDP’s stateless nature is also useful for servers that answer small queries from huge numbers of clients. Instructor Explanation: page 210
UDP is known as a “connectionless” protocol, as it has very few error-recovery services and no guarantee of packet delivery. UDP is considered to be an unreliable protocol and is often only used for network services that are not greatly affected by the occasional lost or dropped packet. TCP is a “connection-oriented” protocol, and was specifically designed to provide a reliable connection between two hosts exchanging data. As part of the TCP protocol, each packet has a sequence number to show where that packet fits into the overall conversation. With the sequence numbers, packets can arrive in any order and at different times and the receiving system will still know the correct order for processing them.

Points Received: 10 of 10 Comments:

Question 8. Question : (TCO 4) What are the laws that govern encryption and digital rights management?

Student Answer: Worldwide, many laws have been created which criminalize the circumvention of DRM, communication about such circumvention, and the creation and distribution of tools used for such circumvention. Such laws are part of the Copyright Directive, the Digital Millennium Copyright Act, and DADVSI. Instructor Explanation: pages 609-610
Encryption technology is used to protect digital rights management and prevent unauthorized use. Circumventing technological controls used to protect intellectual property is a violation of the DMCA. In some countries, carrying encrypted data can result in authorities demanding the keys or threatening prosecution for failure to disclose the keys.

Points Received: 10 of 10 Comments:

Question 9. Question : (TCO 5) Describe the laws that govern digital signatures.

Student Answer: The Electronic Signatures Act went into effect on October 1, 2000 and gives electronic contracts the same weight as those executed on paper. The act has some specific exemptions or preemptions, notably the provision concerning student loans. Instructor Explanation: pages 607-608
Digital signatures have the same legal status as written signatures. Digital signatures use PINs or other “secrets” that require end-user protection to be protected from fraud.

Points Received: 10 of 10 Comments:

Question 10. Question : (TCO 6) What are the four common methods for connecting equipment at the physical layer?

Student Answer: The four common methods for connecting equipment at the physical layer are; coaxial cable, twisted-pair cable, fiber optics and wireless. Instructor Explanation: page 245
Coaxial cable, twisted-pair cable, fiber-optics, and wireless

Points Received: 10 of 10 Comments:

Question 11. Question : (TCO 6) Explain a simple way to combat boot disks.

Student Answer: A simple way to combat boot disks would be to load the boot disk onto a USB flash drive. Boot up from the flash drive. Instructor Explanation: pages 180-181
Physically remove or disable them in the BIOS, floppy, and CD-ROM drives.

Points Received: 10 of 10 Comments:

Question 12. Question : (TCO 6) Describe the functioning of the SSL/TLS suite.

Student Answer: SSL or secure sockets layer is a protocol that is used by TLS, SSH, and IPsec. They provide the most common means of interacting with a PKI and certificates. They are cryptographic protocols to provide data integrity and security over networks by encrypting network connections at the transport layer. Instructor Explanation: pages 446-447
SSL and TLS use a combination of symmetric and asymmetric cryptographic methods to secure traffic. Before an SSL session can be secured, a handshake occurs to exchange cryptographic information and keys.

Points Received: 10 of 10 Comments:

Question 13. Question : (TCO 6) What are some of the security issues associated with web applications and plug-ins?

Student Answer: Some of the security issues associated with web applications and plug-ins are but not limited to, SQL injection, cross site scripting, automatic updates, virtual machines running in the back ground, and sensitive data exposure. some web applications circumvent security settings and make a system vulnerable. Instructor Explanation: pages 465-467
Web browsers have mechanisms to enable plug-in programs to manage applications such as Flash objects and videos. Firefox has a No-Script helper that blocks scripts from functioning. Plug-ins that block pop-up windows and phishing sites can improve end-user security by permitting greater control over browser functionality.

Points Received: 10 of 10 Comments:

Question 14. Question : (TCO 7) What are some ethical issues associated with information security?

Student Answer: Many of the ethical issues that face IT professionals involve privacy. For example: Should you read the private e-mail of your network users just “because you can?” Is it okay to read employees’ e-mail as a security measure, to ensure that sensitive company information isn’t being disclosed? Is it okay to read employees’ e-mail to ensure that company rules (for instance, against personal use of the e-mail system) aren’t being violated? If you do read employees’ e-mail, should you disclose that policy to them? Before or after the fact? Is it okay to monitor the Web sites visited by your network users? Should you routinely keep logs of visited sites? Is it negligent to not monitor such Internet usage, to prevent the possibility of pornography in the workplace that could create a hostile work environment? Is it okay to place key loggers on machines on the network to capture everything the user types? Screen capture programs so you can see everything that’s displayed? Should users be informed that they’re being watched in this way? Is it okay to read the documents and look at the graphics files that are stored on users’ computers or in their directories on the file server? Instructor Explanation: page 611
Ethics is the social-moral environment in which a person makes decisions. Ethics can vary by sociocultural factors and groups.

Points Received: 10 of 10 Comments:

Question 15. Question : (TCO 9) What are password and domain password policies?

Student Answer: In many operating systems, the most common method to authenticate a user’s identity is to use a secret passphrase or password. A secure network environment requires all users to use strong passwords, which have at least eight characters and include a combination of letters, numbers, and symbols. These passwords help prevent the compromise of user accounts and administrative accounts by unauthorized users who use manual methods or automated tools to guess weak passwords. Strong passwords that are changed regularly reduce the likelihood of a successful password attack. Instructor Explanation: pages 564-566
Password policies are sets of rules that help users select, employ, and store strong passwords. Tokens combine “something you have” with “something you know,” such as a password or PIN, and can be hardware- or software-based. Passwords should have a limited span and should expire on a scheduled basis.

Points Received: 10 of 10 Comments: