Test 4a - Security Reading
What are five major elements of a typical disaster recovery plan?
(1) A manager who is in charge of the disaster recovery operation and a second manager who is indicated if the first manager is not available (2) Staff assignments and responsibilities during the disaster (3) Fixing pre-established list based on priorities (4) Location of alternative facilties operated by the company or professional disaster recovery firm (5) Recovery procedures for the data communication facilities, servers, and application system
Which of the following is a mode that is used by IPSec?
tunnel
Describe how asymmetric encryption and decryption work. (31)
Public key encryption (a type of asymmetric encryption technique) uses one key for encryption (public key) and the other for decryption (private key).
How does DES differ from RC4?
RC4 - can use up to a 256 bit key but most commonly uses a 40 bit key. It is 10 times faster than DES.
What are the three major ways of authenticating users? (41)
-something you know (password) -something you have (Access card, One time password) -something you are (Biometric)
Encryption is the process of:
disguising information by the use of mathematical rules, known as algorithms
A(n) ____________ examines the source and destination address of every network packet that passes through it.
packet level firewall
How does DES differ from AES?
AES - has a key sizes of 128, 192, and 256 bits. It is a new advanced secret key encryption that can be secure for many years.
Which of these companies is not considered a leader in cloud computing?
Blackboard
How does DES differ from 3DES? (33)
DES - uses a 56 bit key. The same steps and same key are used to cipher text. 3DES - uses a 168 bits key and involves using DES 3 times with 3 different keys to cipher text.
How does SSL differ from IPSec? (39)
SSL - operates on layer 7 (application layer) in OSI model, guarantees to secure communication over the internet, and secures one application at a time. IPSec - operates on layer 3 (network layer) in OSI model, secures the traversal of data between 2 end points, and has 2 entities communicate via IPSec.
Describe how symmetric encryption and decryption work. (30)
Single key encryption (a type of symmetric encryption) involves encryption and decryption by using a single key.
What are the pros and cons of each approach?
Something you know (password) Pro - have password meet certain security requirements Con - passwords are weakly chosen enabling intruders to guess them Something you have (Access card) Pro - require a password and an item to access Con - Something you have (OTP) Pro - can be trivial to introducers since they would need account name, password, and password device (token) Con - complex and burden on servers because password has to be updated every time Something you are (Biometric) Pro - provides high security to the user credentials since the system must be access with a body part Con - needs extra equipments, expensive, and can be puzzling
Compare and contrast symmetric and asymmetric encryption. (29)
Symmetric encryption - the key used to encrypt a message is the same as the one used to decrypt it. It uses one key to encrypt the text and shared to the people who receive the message. Asymmetric encryption - the key used to encrypt a message is different from the one used to decrypt it. It uses 2 keys to encrypt the text. One is public and the other is private.
In SaaS, what does a consumer get or get access to?
The right to use specific applications on demand.
What is a certificate authority? (37)
a trusted organization that can vouch for the authenticity of the person or organization using authentication
What is the purpose of a disaster recovery plan? (7)
address various levels of response to possible disasters and recover the data after the disaster
Explain how a denial-of-service attack works. (10)
an attacker attempts to disrupt the network by flooding it with messages so the network can't process messages from normal users
What is a firewall? (23)
secure an organization's Internet connection. It is a type of router or special purpose device.
What is key management? (32)
the process of controlling the secret keys used in encryption
What is PKI and why is it important? (36)
the process of using public key encryption on the internet. To implement a strongly trusted network infrastructure, PKI is necessary.