Difference: CISFinalStudyGuide2012 (2 vs. 3)

Revision 32012-05-11 - JimSkon

Line: 1 to 1
META TOPICPARENT name="ComputerInformationSecurity2012"

Final Exam Study Guide

Tuesday, May 15, 10:00-11:50am

Chapters covered

Line: 49 to 48
  1. What is a Demilitarized Zone, and what is it's purpose. Give two distinct examples of how they are used.
  2. What is a perimeter network? What are they used? How can they be set up?
  3. Why have a two-router configuration? How and why is a proxy server used with such an architecture.
Chapter 22: Penetration Testing
  1. With respect to Penetration Testing, what is internal testing and external testing.
  2. Describe. comapare, and contrast white-box, gray-box, and black-box testing.
  3. List each phase of a penetration test. Describe what takes place in each phase.
  4. Why is there a need for "rules of engagement" in a penetration test? What are several examples of typical rules?
  5. What is the purpose of defining a methology when planning a penetration test?
  6. Describe each of the following types of penetration testing in terms of what is done:
    1. Information Gathering
    2. Vulnerability Analysis
    3. External Penetration Testing
    4. Internal Network Penetration Testing
    5. Router Penetration Testing
    6. Firewall Penetration Testing
    7. IDS Penetration Testing
    8. Wireless Network Penetration Testing
    9. Denial-of-Service Penetration Testing
    10. Password-Cracking Penetration Testing
    11. Social Engineering Penetration Testing
    12. Stolen Laptop, PDA, and Cell Phone Penetration Testing
    13. Application Penetration Testing
    14. Physical Security Penetration Testing
    15. Database Penetration Testing
    16. Voice-Over-IP Penetration Testing
    17. VPN Penetration Testing
  7. What are five major liability issues with Penetration Testing.
  8. What is meant by a “Get Out of Jail Free” card?
Chapter 23: What Is Vulnerability Assessment?
  1. What are the major differences between penetration testing and vulnerability assessment.
  2. What are the steps of the Vulnerability mitigation cycle? Example each step.
  3. What are local or central scaning? What is the advanage of each.
  4. Whats is meant by Defense in depth? Name and describe at least of the possible layers.
  5. Name and describe at least five countermeasures a company can take to protect itself from being scanned by hackers.
  6. What is the difference and definitions of reactive and proactive security?

VPN Penetration Testing

This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback