Difference: CISFinalStudyGuide2012 (4 vs. 5)

Revision 52012-05-12 - JimSkon

Line: 1 to 1
META TOPICPARENT name="ComputerInformationSecurity2012"

Final Exam Study Guide

Tuesday, May 15, 10:00-11:50am

Chapters covered

Before Midterm: Chapter 1-11. Use the midterm study guide for these chapters, found here: CISMidtermStudyGuide
After Midterm: 12, 18, 19, 21, 22, 23, 26, 30

Below are questions to study for these chapters:

Test coverage: 1-11, 12, 18, 19, 21, 22, 23, 26, 30

Below are questions to study for these chapter

Chapter 1: Building a Secure Organization
  1. What are the major Obstacles to Security?
  2. What are the Ten Steps to Building a Secure Organization
  3. The four possible ways or dealing with risk
Chapter 2: A Cryptography Primer
  1. What are Ciphers, one time pads, stream ciphers, and block ciphers? What are the advantages and disadvantages of each?
  2. What is symmetric key encryption? What are the advantages and disadvantages of this type of encryption?
  3. What is asymmetric key encryption? (Public Key Encryption) What are the advantages and disadvantages of this type of encryption?
  4. How are messages signed? Why are they signed? What is message integrity, non-repudiation, and confidentiality?
  5. What are the steps involved in sending a secure, signed message between two people using PKI technology?
Chapter 3: Preventing System Intrusions
  1. What are Hackers and Crackers?
  2. What are the key symptoms of intrusions?
  3. What is the meaning and purpose of Authentication, Authorization, and Accounting. Whats is an ACL?
  4. What is meant by “what the user knows” and “what the user has”? Whats is a “token”, and what types are there?
Chapter 4: Preventing System Intrusions
  1. What are the steps of a directed attack?
  2. What are some of major types of attacks, and how do they work?
  3. What is, and what are the major types of malicious software?
  4. What are lure and pull attacks?
  5. What are the major clues to recognizing misuse?
Chapter 5: Unix and Linux Security
  1. How do the Linux/Unix use the read, write and execute bits for security? What are the user categories?
  2. How does ssh work to achieve secure communication?
Chapter 6: Eliminating the Security Weakness of Linux and Unix Operating Systems
  1. What are the major steps to hardening a Linux and Unix system?
Chapter 7: Internet Security
  1. What is Strong Authentication and how can it be achieved? What are the methods used?
  2. What are the levels of response to an attack?
  3. What is the The Dolev-Yao Adversary Model? What are Eavesdrop, Forge, Replay, Delay and rush, Reorder, Delete? How do you defend against each of these?
  4. What is Independence of Keys, and why is it important?
  5. What is the significance of limited output and key size?
  6. What are the modes of operations of encryption? What is the significance, advantages, and disadvantages of each?
  7. What is Mutual Authentication?
Chapter 8: The Botnet Problem
  1. What are the major Botnet Topologies and Protocols? What is the strength and weaknesses of each?
  2. What is the typical BOT life cycle?
  3. What are the methods for detecting bots? What are the methods for taking down a botnet?
Chapter 9: Intranet Security
  1. What are some of the biggest internal security risks within a company? Consider both human and hardware.
  2. How is risk evaluated and measured?
Chapter 10: Local Area Network Security
  1. Whats is a TCP SYN attack, a UPD attack.
  2. What ar ethe three levels of LAN security, and what do they mean?
  3. What is the purpose of a DMZ?
  4. What are the two levels of IDS analysis for detecting intrusions. What are the advantages and disadvantages of each?
Chapter 11: Wireless Network Security
  1. How does WEP work? What is it weakness?
  2. What are the dangers of insecure routing? How can routing be made more secure?
Chapter 12:Cellular Network Security
  1. On the cellular network, what are cross-network services? Given an example of such a service. Why, in general, are these services available? What are the inherent risk of such services?
  2. On third generation cellular networks, how are each of the following attacks avoided:
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback