Expert Answers

1. While reviewing the security logs for your server, you notice that a user on the Internet has attempted to access one of your internal application servers. Although it appears that the user’s attempts were unsuccessful, you are still very concerned about the possibility that your systems may be compromised. Which of the following solutions are you most likely to implement?

a. A firewall system at the connection point to the Internet
b. An improved RBAC-based access control system for the application servers
c. File-level encryption
d. Kerberos authentication

2. What specific policy might most likely recommend removing a server from the network and re-installing all software and data?

a. A privacy policy
b. An authentication policy
c. An incident response policy
d. Wireless network access policy

3. The security risk of allowing dynamic content ( to execute) on a target machine is:
a. The time delay from when it is downloaded and executed could make the browser experience not very satisfying.
b. Malware may be included in the downloaded code and infect the target machine.
c. The mobile code author may never be known.
d. None of the above.

4. Encrypting a message with a private key (of the sender) in an asymmetric system provides:
a. Proof of receipt
b. Confidentiality
c. Proof of origin
d. Message availability

5. In relational database parlance, the basic building block is a __________, which is a flat table.

a. attribute
b. tuple
c. primary key
d. relation

6. The upper layers of the OSI model are in correct order in the following:.

a. Session, application, presentation
b. Session, presentation, application
c. Session, application, presentation, physical
d. Application, presentation, session, physical

6. Routers operate at the _____________ of the OSI stack?
a. Transport
b. Application
c. Session
d. Network

Part 3
1. Briefly describe the purpose of firewalls and how they work, including two fundamental approaches to creating firewall policies and types of firewalls

2. There are many threats associated with e-mail. List those threats and describe a mitigation strategy for each.