1. What are the three major classs used to supply hallmark of an person? a ) something you know ( e. g. . a watchword ) B ) something you have ( e. g. . a certification with associated private key or smart card ) degree Celsius ) something you are ( a biometric )
2. What is Authorization and how is this construct aligned with Identification and Authentication? a ) Mandate is the procedure of finding whether an entity. one time authenticated. is permitted to entree a specific plus. B ) Mandate is what takes topographic point after a individual has been both identified and authenticated ; it’s the measure that determines what a individual can so make on the system.
3. Supply at least 3 illustrations of Network Architecture Controls that help implement informations entree policies at the LAN-to-WAN Domain degree. a ) Firewalls: Controls the traffic flow between a sure web and an untrusted web. Normally firewalls are used to protect the boundaries of a web. B ) Access control lists ( ACL ) : Include limitations on inbound and outward connexions. every bit good as connexions between LAN segments internal to the site/enclave. degree Celsius ) Logical IDS: Network and workstation mechanisms that proctors web traffic and supply real-time dismaies for network-based onslaughts Service Network.
4. When a computing machine is physically connected to a web port. manual processs and/or an machine-controlled method must be to execute what type of security maps at the Network Port and Data Switch degree for entree control? Name and define at least three. a ) Physical Security – Is intended to observe and discourage unauthorised forces from deriving entree. B ) Logical Network Port Security – Implemented by configuring the web switch such that specific ports accept connexions from one or more specific MAC reference ( es ) . Merely a device configured with the authorised MAC reference is allowed to entree that web port. degree Celsius ) Port Authentication Using 802. 1X – Is an hallmark criterion that can be used for wired or wireless webs. This standard provides for user/device hallmark every bit good as distribution and direction of encoding keys.
5. What is a Network Access Control ( NAC ) System? Explain its benefits in procuring entree control to a web. a ) NAC is a networking solution for wired and Wi-Fi connexions that identifies possible jobs on a computing machine before it accesses the web. NAC uses a set of protocols to specify and implement a policy that describes how to procure entree to web nodes by devices when they ab initio attempt to entree the web. B ) A benefit of NAC is the ability to command entree to a web entree to the LAN without seting the web in danger. Based on a computer’s certificates and the package installed on it. a NAC system may give it full entree to the LAN. deny it any entree. or give it partial entree.
6. Explain the intent of a Public Key Infrastructure ( PKI ) and give an illustration of how you would implement it in a big organisation whose major concern is the proper distribution of certifications across many sites. a ) A PKI ( public key substructure ) enables users of a fundamentally unsecure public web such as the Internet to firmly and in private exchange informations and money through the usage of a populace and a private cryptanalytic key brace that is obtained and shared through a sure authorization. B ) Work with one of the globally sure roots. Cybertrust. to deploy a CA on your premises that is low-level to a Cybertrust root CA. You can construct and run a CA that runs locally on your ain equipment.
7. PKI provides the capablenesss of digital signatures and encoding to implement what security services? Name at least three. a ) Designation and hallmark through digital signature of a challenge B ) Data unity through digital signature of the information degree Celsius ) Confidentiality through encoding
8. What is the X. 509 criterion and how does it associate to PKI? a ) The X. 509 standard defines a criterion for pull offing public keys through a Public Key Infrastructure ( PKI ) . B ) It specifies standard formats for public key certifications. certification annulment lists. property certifications. and a enfranchisement way proof algorithm.
9. What is the difference between Identification and Verification in respect to Biometric Access Controls? a ) When biometries is used in the designation procedure. users do non province who they are. In designation. the procedure is one-to-many. When biometries is used in the confirmation procedure. users first declare who they are by come ining their logon name or showing an designation card. Then biometric engineering is used to verify that individuality. This procedure is considered to be one-to-one.
10. Supply a written account of what implementing Separation of Duties would look like in respect to pull offing a PKI Infrastructure for a big organisation. a ) Pull offing a PKI Infrastructure for a big organisation would necessitate controls to the degrees of administrative entree to a CA. There would be different functions for the different procedures. The separation of responsibilities would look something like: Calcium or PKI Administrator whose function is to pull off the CA itself. Certificate Manager who issues and reneges certifications.
Registration Agent is typically a function used in concurrence with smart cards ; an Enrollment Agent enrolls for a certification on behalf of another user. Key Recovery Manager if utilizing cardinal archival. The Cardinal Recovery Manager is responsible for retrieving private keys. An EFS Recovery Agent function may be created to retrieve informations encrypted utilizing EFS. Backup Operator who is responsible for endorsing up the CA and reconstructing informations in instance of failure. Hearer who is responsible for reexamining audit logs and guaranting policy is non being violated.
11. What are the 3 classs of exposure badness codifications? a ) CAT I – Any exposure. the development of which will. straight and instantly ensue in loss of Confidentiality. Availability. or Integrity. B ) CAT II – Any exposure. the development of which has a possible to ensue in loss of Confidentiality. Availability. or Integrity. degree Celsius ) CAT III – Any exposure. the being of which degrades steps to protect against loss of Confidentiality. Availability. or Integrity.
12. True or False. The usage of 802. 11i configured to utilize AES encoding. 802. 1X hallmark services along with the Extensile Authentication Protocol ( EAP ) provides the best solution for the endeavor degree WLAN. peculiarly a high security environment. a ) True
13. True or False. It is a best pattern to compose a watchword down and hive away it near the locality of the computing machine for easy entree. a ) False14. True or False. From a security position. biometric confirmation is best deployed as a constituent of two-factor or three-factor hallmark. a ) True15. From an entree control security position. why is executing an plus rating or alliance to a information categorization standard the first measure in planing proper security controls? a ) You need to cognize the degree of sensitiveness. value and criticalness of the informations in order to decently find who or what should hold entree to it. The categorization of informations aids find what baseline security controls are appropriate for safeguarding that information.
