Difference: CISFinalStudyGuide2012 (5 vs. 6)

Revision 62012-05-14 - JimSkon

Line: 1 to 1
 
META TOPICPARENT name="ComputerInformationSecurity2012"

Final Exam Study Guide

Tuesday, May 15, 10:00-11:50am

Line: 9 to 9
 
Chapter 1: Building a Secure Organization
  1. What are the major Obstacles to Security?
  2. What are the Ten Steps to Building a Secure Organization
Changed:
<
<
  1. The four possible ways or dealing with risk
>
>
  1. The four possible ways of dealing with risk
 
Chapter 2: A Cryptography Primer
  1. What are Ciphers, one time pads, stream ciphers, and block ciphers? What are the advantages and disadvantages of each?
  2. What is symmetric key encryption? What are the advantages and disadvantages of this type of encryption?
Line: 19 to 19
 
Chapter 3: Preventing System Intrusions
  1. What are Hackers and Crackers?
  2. What are the key symptoms of intrusions?
Changed:
<
<
  1. What is the meaning and purpose of Authentication, Authorization, and Accounting. Whats is an ACL?
>
>
  1. What is the meaning and purpose of Authentication, Authorization, and Accounting. What is an ACL?
 
  1. What is meant by “what the user knows” and “what the user has”? Whats is a “token”, and what types are there?
Chapter 4: Preventing System Intrusions
  1. What are the steps of a directed attack?
Line: 48 to 48
 
  1. What are some of the biggest internal security risks within a company? Consider both human and hardware.
  2. How is risk evaluated and measured?
Chapter 10: Local Area Network Security
Changed:
<
<
  1. Whats is a TCP SYN attack, a UPD attack.
>
>
  1. What is a TCP SYN attack, a UPD attack.
 
  1. What ar ethe three levels of LAN security, and what do they mean?
  2. What is the purpose of a DMZ?
  3. What are the two levels of IDS analysis for detecting intrusions. What are the advantages and disadvantages of each?
Line: 64 to 64
 
  1. What are the three dimensions of attacks against teh cellular network? For each give two example of a specific type of attack.
Chapter 18: Intrusion Prevention and Detection Systems
  1. What is a 0-day exploit? What are the dangers? What are some techniques for addressing this danger?
Changed:
<
<
  1. Explain each of the following in way the distinguish each from all the others:
>
>
  1. Explain each of the following in a way which distinguishs each from all the others:
 
    1. Virus
    2. Worm
    3. Backdoor
Line: 83 to 83
 
  1. What is a write blocker? Why are they important?
Chapter 21: Firewalls
  1. What is service differentiation in a firewall. Give a specific example.
Changed:
<
<
  1. When a packet enters a firewall what are tje possible operations that can be applied to the packet based on the firewall policy.
  2. In a firewall, what is a a first-match policy? Explain how it works.
>
>
  1. When a packet enters a firewall what are the possible operations that can be applied to the packet based on the firewall policy?
  2. In a firewall, what is a first-match policy? Explain how it works.
 
  1. What are the main five values in a modern firewall rule? What is the
  2. What is a firewall default rule? Why are they used?
  3. What type of first match policy anomalies can happen in a firewall policy. Give two distinct examples.
Line: 124 to 124
 
  1. What is meant by a “Get Out of Jail Free” card?
Chapter 23: What Is Vulnerability Assessment?
  1. What are the major differences between penetration testing and vulnerability assessment.
Changed:
<
<
  1. What are the steps of the Vulnerability mitigation cycle? Example each step.
>
>
  1. What are the steps of the Vulnerability mitigation cycle? Give an example for each step.
 
  1. What are local or central scanning? What is the advantage of each.
Changed:
<
<
  1. Whats is meant by Defense in depth? Name and describe at least of the possible layers.
>
>
  1. Whats is meant by Defense in depth? Name and describe at least 5 of the possible layers.
 
  1. Name and describe at least five countermeasures a company can take to protect itself from being scanned by hackers.
  2. What is the difference and definitions of reactive and proactive security?
Chapter 26: Public Key Infrastructure
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback