cis 333,strayer cis 333,strayer cis 333 complete course,strayer cis 333 entire course Flashcards
STRAYER CIS 333 Week 8 Lab 7 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-8-lab-7-performing-a-web-site-and-database-attack-by-exploiting-identified-vulnerabilities-new
For more classes visit
http://www.assignmentcloud.com
CIS 333 Week 8 Lab 7 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-8-lab-7-performing-a-web-site-and-database-attack-by-exploiting-identified-vulnerabilities-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 7 Lab 6 Using Encryption to Enhance Confidentiality and Integrity NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-7-lab-6-using-encryption-to-enhance-confidentiality-and-integrity-new
For more classes visit
http://www.assignmentcloud.com
CIS 333 Week 7 Lab 6 Using Encryption to Enhance Confidentiality and Integrity NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-7-lab-6-using-encryption-to-enhance-confidentiality-and-integrity-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 11 Final Exam Set 3 NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-final-exam-set-3-new
For more classes visit
http://www.assignmentcloud.com
Question 1 The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.
Question 2 Connecting your computers or devices to the ________ immediately exposes them to attack.
Question 3 The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.
Question 4 Which of the following is the definition of ciphertext?
Question 5 Which of the following describes the Family Educational Rights and Privacy Act (FERPA)?
Question 6 ____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Question 7 A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
Question 8 What term is used to describe the amount of time that an IT system, application, or data is not available to users?
Question 9 What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place?
Question 10 SIP is a ___________ protocol used to support real-time communications.
Question 11 What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?
Question 12 A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.
Question 13 ________ is the basis for unified communications and is the protocol used by real-time applications such as IM chat, conferencing, and collaboration.
Question 14 What name is given to a software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for real-time discussions with team members or colleagues?
Question 15 Medical practices and hospitals realized early on that ________ provide(s) the ability to provide access to the necessary information without having to invest in many computers and network infrastructure.
Question 16 What is meant by digital subscriber line (DSL)?
Question 17 What is meant by application convergence?
Question 18 What term is used to describe streamlining processes with automation or simplified steps?
Question 19 As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
Question 20 During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.
Question 21 What is meant by firewall?
Question 22 What is meant by promiscuous mode?
Question 23 Malicious software can be hidden in a ________.
Question 24 Another type of attacker is called a ________. This is a person with little or no skill who simply follows directions or uses a “cookbook” approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing.
Question 25 Loss of financial assets due to ________ is a worst-case scenario for all organizations.
Question 26 What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?
Question 27 In popular usage and in the media, the term ________ often describes someone who breaks into a computer system without authorization.
Question 28 What is meant by pharming?
Question 29 Black-hat hackers generally poke holes in systems, but do not attempt to disclose __________ they find to the administrators of those systems.
Question 30 ________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
Question 31 __________ is rapidly becoming an increasingly important aspect of enterprise computing.
Question 32 When you accept a __________, you take no further steps to resolve.
Question 33 The recovery point objective (RPO) identifies the amount of _________ that is acceptable.
Question 34 What is meant by risk register?
Question 35 A ___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business’s viability.
Question 36 What name is given to any risk that exists but has a defined response?
Question 37 How often should an organization perform a risk management plan?
Question 38 What is the difference between a BCP and a DRP?
Question 39 Your _________ plan shows that you have examined risks to your organization and have developed plans to address each risk.
Question 40 Which of the following best describes quantitative risk analysis?
Question 41 A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ________.
Question 42 ________ is an authorization method in which access to resources is decided by the user’s formal status.
Question 43 ________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object’s classification.
Question 44 What is meant by physically constrained user interface?
Question 45 A method of restricting resource access to specific periods of time is called ________.
Question 46 An organization’s facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
Question 47 Which of the following adequately defines continuous authentication?
Question 48 What name is given to an access control method that bases access control approvals on the jobs the user is assigned?
Question 49 _____________is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
Question 50 Which of these biometric authentication methods is not as accurate as the rest?
Question 51 One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.
Question 52 What is meant by certification?
Question 53 Your organization’s __________ sets the tone for how you approach related activities.
Question 54 The primary task of an organization’s __________ team is to control access to systems or resources.
Question 55 What is meant by standard?
Question 56 Enacting changes in response to reported problems are called ________.
Question 57 From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security.
Question 58 ___________ are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products.
Question 59 ________ is the process of managing changes to computer/device configuration or application software.
Question 60 What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
Question 61 One of the best ways to avoid wasting your organization’s resources is to ensure that you follow the ________ review cycle.
Question 62 Which of the following is the definition of hardened configuration?
Question 63 As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
Question 64 Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
Question 65 ________ provides information on what is happening as it happens.
Question 66 What is a Security Information and Event Management (SIEM) system?
Question 67 ________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization.
Question 68 Which of the following defines network mapping?
Question 69 Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________.
Question 70 Which of the following is the definition of anomaly-based IDS?
Question 71 An attacker or event that might exploit a vulnerability is a(n) ____________.
Question 72 You must consider many factors when evaluating countermeasures. Countermeasures might generate more calls to the help desk, slower response times for users, and so on. This is referred to as ________.
Question 73 An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
Question 74 ________ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk.
Question 75 A(n) ________ is an intent and method to exploit a vulnerability.
Question 76 It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
Question 77 ___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
Question 78 An intrusion detection system (IDS) is an example of ___________ controls.
Question 79 A _____________ is a flaw or weakness in a system’s security procedures, design, implementation, or internal controls.
Question 80 Forensics and incident response are examples of ___________ controls.
Question 81 What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
Question 82 What name is given to an encryption cipher that uniquely maps any letter to any other letter?
Question 83 Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
Question 84 In a ________, the cryptanalyst possesses certain pieces of information before and after encryption.
Question 85 Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication, and ________________.
Question 86 _______________ enables you to prevent a party from denying a previous statement or action.
Question 87 Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________.
Question 88 ________ is the act of unscrambling ciphertext into plaintext.
Question 89 A ________ is an encryption key used to encrypt other keys before transmitting them.
Question 90 What is meant by key distribution?
Question 91 A _____________ contains rules that define the types of traffic that can come and go through a network.
Question 92 ________ is a suite of protocols designed to connect sites securely using IP networks.
Question 93 Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?
Question 94 What name is given to a protocol to implement a VPN connection between two computers?
Question 95 A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.
Question 96 Network ________ is gathering information about a network for use in a future attack.
Question 97 Which OSI Reference Model layer is responsible for the coding of data?
Question 98 Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
Question 99 A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.
Question 100 Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
Question 101 _____________ are the main source of distributed denial of service (DDoS) attacks and spam.
Question 102 A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
Question 103 ________ include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus.
Question 104 ________ attack countermeasures such as antivirus signature files or integrity databases.
Question 105 A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
Question 106 The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
Question 107 Cascading Style Sheets (CSS), Common Gateway Interface (CGI), and Hypertext Markup Language (HTML) are standards developed or endorsed by the ____________.
Question 108 The ____________ is a network of centers around the United States that offers technical and business assistance to small- and medium-sized manufacturers.
Question 109 The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
Question 110 The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.
Question 111 What name is given to educational institutions that meet specific federal information assurance educational guidelines?
Question 112 The standard bachelor’s degree is a __________ program.
Question 113 The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
Question 114 With university doctoral programs, completing the degree requirements takes ________.
Question 115 “There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned.” This is a disadvantage to choosing the self-study option that can be labeled ________.
Question 116 The best fits for (ISC)2’s _____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.
Question 117 CompTIA’s Security+ certification provides ________.
Question 118 (ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
Question 119 The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
Question 120 The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®).
Question 121 The regulating agency for the Family Educational Rights and Privacy Act is the ________.
Question 122 The ________________ ,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology.
Question 123 The regulating agency for the Sarbanes-Oxley Act is the ________.
Question 124 Social Security numbers, financial account numbers, credit card numbers, and date of birth are examples of __________ as stipulated under GLBA.
Question 125 What name is given to patient health information that is computer based?
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-final-exam-set-3-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 11 Discussion 2 Course Wrap up NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-discussion-2-course-wrap-up-new
For more classes visit
http://www.assignmentcloud.com
“Course Wrap-up” Please respond to the following:
Explain five or more key topics discussed during this course that you would like to teach a friend who has a minimal level of information systems security knowledge. Discuss how you can apply the learning outcomes of this course to your professional and personal life.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-discussion-2-course-wrap-up-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 9 Discussion Security Standards NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-9-discussion-security-standards-new
For more classes visit
http://www.assignmentcloud.com
“Security Standards” Please respond to the following:
• A number of organizations exist to define information security standards. Explain the importance of standards organizations with regard to both information systems and information systems security. Provide a rationale for your response.
• From the e-Activity, determine two (2) specific concerns that you believe exist for cloud deployments, and ascertain whether or not data breaches, such as the Snowden Incident have heightened concerns. Justify your answer.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-9-discussion-security-standards-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 10 Discussion NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-10-discussion-new
For more classes visit
http://www.assignmentcloud.com
- Describe one (1) IT position that you currently hold or would like to hold in the future. Next, explain whether or not you believe obtaining certifications would help you in the position in question. If so, determine the certifications that you believe would prove to be helpful. Provide a rationale for your response.
- From the e-Activity, explain the regulatory compliance law that you researched, and ascertain the effect that information security could have on such a law. Based on the requirements of the law that you researched, indicate whether or not you believe that the regulations are reasonable for organizations to follow. Justify your answer.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-10-discussion-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 11 Final Exam Set 1 NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-final-exam-set-1-new
For more classes visit
http://www.assignmentcloud.com
Question 1 SIP is a ___________ protocol used to support real-time communications.
Question 2 What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place?
Question 3 This security appliance examines IP data streams for common attack and malicious intent patterns.
Question 4 What name is given to an exterior network that acts as a buffer zone between the public Internet and an organization’s IT infrastructure (i.e., LAN-to-WAN Domain)?
Question 5 ____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Question 6 The requirement to keep information private or secret is the definition of __________.
Question 7 The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.
Question 8 The _________ Domain connects remote users to the organization’s IT infrastructure.
Question 9 The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.
Question 10 With wireless LANs (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _____________.
Question 11 As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
Question 12 Voice and unified communications are ________ applications that use 64-byte IP packets.
Question 13 The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.
Question 14 What term is used to describe streamlining processes with automation or simplified steps?
Question 15 What is meant by application convergence?
Question 16 If VoIP traffic needs to traverse through a WAN with congestion, you need ___________.
Question 17 What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?
Question 18 The total number of errors divided by the total number of bits transmitted is the definition of __________.
Question 19 What is meant by DS0?
Question 20 ________ is the basis for unified communications and is the protocol used by real-time applications such as IM chat, conferencing, and collaboration.
Question 21 Prior to VoIP, attackers would use wardialers to ________.
Question 22 Which of the following is the definition of netcat?
Question 23 In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
Question 24 Malicious software can be hidden in a ________.
Question 25 A software program that collects information about Internet usage and uses it to present targeted advertisements to users is the definition of ________.
Question 26 ________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
Question 27 A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.
Question 28 A protocol analyzer or ____________ is a software program that enables a computer to monitor and capture network traffic.
Question 29 What is meant by promiscuous mode?
Question 30 A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
Question 31 __________ tests interrupt the primary data center and transfer processing capability to an alternate site.
Question 32 How often should an organization perform a risk management plan?
Question 33 __________ is rapidly becoming an increasingly important aspect of enterprise computing.
Question 34 When you accept a __________, you take no further steps to resolve.
Question 35 What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?
Question 36 What name is given to a comparison of security controls in place and the controls that are needed to address all identified threats?
Question 37 The process of managing risks starts by identifying __________.
Question 38 Which of the following is the definition of business drivers?
Question 39 A ___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption.
Question 40 What is meant by risk register?
Question 41 The ____________ is the central part of a computing environment’s hardware, software, and firmware that enforces access control for computer systems.
Question 42 What is meant by physically constrained user interface?
Question 43 Biometrics is another ________ method for identifying subjects.
Question 44 _____________is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
Question 45 An organization’s facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
Question 46 Which of the following is not a type of authentication?
Question 47 Two-factor __________ should be the minimum requirement for valuable resources as it provides a higher level of security than using only one.
Question 48 A mechanism that limits access to computer systems and network resources is ________,
Question 49 What term is used to describe a device used as a logon authenticator for remote users of a network?
Question 50 The Bell-La Padula access control model focuses primarily on ________.
Question 51 The process of managing the baseline settings of a system device is called ________
Question 52 Which of the following is the definition of system owner?
Question 53 ___________ are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products.
Question 54 Which of the following is the definition of guideline?
Question 55 A security awareness program includes ________.
Question 56 One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.
Question 57 The ___________ team’s responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event
Question 58 ________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Question 59 What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
Question 60 The primary task of an organization’s __________ team is to control access to systems or resources.
Question 61 As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
Question 62 Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
Question 63 _________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
Question 64 SOC 2 and SOC 3 reports both address primarily ________-related controls.
Question 65 A method of security testing that isn’t based directly on knowledge of a program’s architecture is the definition of ________.
Question 66 The ___________ framework defines the scope and contents of three levels of audit reports.
Question 67 ________ provides information on what is happening as it happens.
Question 68 The primary difference between SOC 2 and SOC 3 reports is ________.
Question 69 Which of the following is the definition of hardened configuration?
Question 70 What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?
Question 71 It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
Question 72 Forensics and incident response are examples of ___________ controls.
Question 73 ___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
Question 74 An intrusion detection system (IDS) is an example of ___________ controls.
Question 75 What term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit?
Question 76 A(n) ________ is a measurable occurrence that has an impact on the business.
Question 77 A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.
Question 78 A threat source can be a situation or method that might accidentally trigger a(n) ____________.
Question 79 An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
Question 80 A _________ determines the extent of the impact that a particular incident would have on business operations over time.
Question 81 In a ________, the cryptanalyst possesses certain pieces of information before and after encryption.
Question 82 A ________ is an encryption key used to encrypt other keys before transmitting them.
Question 83 What term is used to describe an encryption algorithm that has no corresponding decryption algorithm?
Question 84 What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity?
Question 85 _______________ enables you to prevent a party from denying a previous statement or action.
Question 86 What name is given to random characters that you can combine with an actual input key to create the encryption key?
Question 87 What is meant by key distribution?
Question 88 What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
Question 89 The most scrutinized cipher in history is the ________.
Question 90 ________ is a one-way calculation of information that yields a result usually much smaller than the original message.
Question 91 Which of the following is the definition of network address translation (NAT)?
Question 92 A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.
Question 93 Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?
Question 94 What term is used to describe the current encryption standard for wireless networks?
Question 95 Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address.
Question 96 What name is given to a protocol to implement a VPN connection between two computers?
Question 97 Which OSI Reference Model layer includes all programs on a computer that interact with the network?
Question 98 A method to restrict access to a network based on identity or other rules is the definition of ________.
Question 99 A method to restrict access to a network based on identity or other rules is the definition of ________.
Question 100 What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system’s real IP address?
Question 101 Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ________.
Question 102 Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
Question 103 ________ counter the ability of antivirus programs to detect changes in infected files.
Question 104 Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________.
Question 105 One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________.
Question 106 Which of the following describes the Internet Engineering Task Force (IETF)?
Question 107 The ________________ is a subcommittee of the IETF that serves as an advisory body to the Internet Society (ISOC). It is composed of independent researchers and professionals who have a technical interest in the well-being of the Internet.
Question 108 The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
Question 109 The __________ is a national program that empowers and encourages excellence among U.S. organizations, including manufacturers, service organizations, educational institutions, health care providers, and nonprofit organizations.
Question 110 The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
Question 111 The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
Question 112 With university doctoral programs, completing the degree requirements takes ________.
Question 113 What name is given to educational institutions that meet specific federal information assurance educational guidelines?
Question 114 Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
Question 115 One type of degree that many institutions offer is the associate’s degree. This degree is the most accessible because it generally represents a _________ program.
Question 116 The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
Question 117 The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®).
Question 118 Which is the highest level of Check Point certification for network security?
Question 119 CompTIA’s Security+ certification provides ________.
Question 120 (ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
Question 121 ____________ creates standards that federal agencies use to classify their data and IT systems.
Question 122 Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________.
Question 123 Tier C violations under the HITECH Act are ________.
Question 124 The regulating agency for the Federal Information Systems Management Act is the ________.
Question 125 What is meant by protected health information (PHI)?
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-final-exam-set-1-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 11 Discussion 1 Course Takeaway
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-discussion-1-course-takeaway-new
For more classes visit
http://www.assignmentcloud.com
“Course Takeaway” Please respond to the following:
Share two new insights about networking security fundamentals you have discovered from this course. Explain how this type of course is essential for every network security professional.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-11-discussion-1-course-takeaway-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 10 Technical Project Paper: Information Systems Security NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-10-technical-project-paper-information-systems-security-new
For more classes visit
http://www.assignmentcloud.com
Technical Project Paper: Information Systems Security
Due Week 10 and worth 150 points
Suppose you are the IT professional in charge of security for a small pharmacy that has recently opened within a shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls geared toward protecting medication and funds located on the premises, as well as the customers’ personally identifiable information and protected health information that resides on your system. Your supervisor has tasked you with identifying inherent risks associated with your pharmacy and establishing strong physical and logical access control methods to mitigate the identified risks.
1) Firewall (1) 4) Desktop computers (4)
2) Windows 2012 Active Directory Domain Controllers (DC) (1) 5) Dedicated T1 Connection (1)
3) File Server (1)
Write an eight to ten (8-10) page paper in which you:
1. Identify at least five (5) potential physical threats that require attention.
2. Determine the impact of at least five (5) potential logical threats that require attention.
3. Detail the security controls (i.e., administrative, preventative, detective, and corrective) that the pharmacy could implement in order to protect it from the five (5) selected physical threats.
4. Explain in detail the security controls (i.e., administrative, preventative, detective, and corrective) that could be implemented to protect from the five (5) selected logical threats.
5. For each of the five (5) selected physical threats, choose a strategy for addressing the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
6. For each of the five (5) selected logical threats, choose a strategy for handling the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
7. Use at least five (5) quality resources in this assignment (no more than 2-3 years old) from material outside the textbook.Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Explain the concepts of information systems security as applied to an IT infrastructure.
• Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
• Explain the means attackers use to compromise systems and networks, and defenses used by organizations.
• Explain the role of access controls in implementing a security policy.
• Use technology and information resources to research issues in information systems security.
• Write clearly and concisely about network security topics using proper writing mechanics and technical style conventions.
• Explain how businesses apply cryptography in maintaining information security.
• Analyze the importance of network principles and architecture to security operations.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-10-technical-project-paper-information-systems-security-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered Security Approach NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-9-lab-8-eliminating-threats-with-a-layered-security-approach-new
For more classes visit
http://www.assignmentcloud.com
CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered Security Approach NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-9-lab-8-eliminating-threats-with-a-layered-security-approach-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 8 Assignment 2 Identifying Potential Risk, Response, and Recovery NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-8-assignment-2-identifying-potential-risk,response,and-recovery-new
For more classes visit
http://www.assignmentcloud.com
Assignment 2: Identifying Potential Risk, Response, and Recovery
Due Week 8 and worth 75 points
In Assignment 1, a videogame development company recently hired you as an Information Security Engineer. After viewing a growing number of reports detailing malicious activity, the CIO requested that you draft a report in which you identify potential malicious attacks and threats specific to your organization. She asked you to include a brief explanation of each item and the potential impact it could have on the organization.
After reviewing your report, the CIO requests that you develop a follow-up plan detailing a strategy for addressing all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance) identified in Assignment 1. Further, your plan should identify controls (i.e., administrative, preventative, detective, and corrective) that the company will use to mitigate each risk previously identified.
Write a four to five (4-5) page paper in which you:
1. For each of the three (3) or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your rationale.
2. For each of the three (3) or more malicious attacks and / or threats identified in Assignment 1, develop potential controls (i.e., administrative, preventative, detective, and corrective) that the company could use to mitigate each associated risk.
3. Explain in detail why you believe the risk management, control identification, and selection processes are so important, specifically in this organization.
4. Draft a one (1) page Executive Summary that details your strategies and recommendations to the CIO (Note: The Executive Summary is included in the assignment’s length requirements).
5. Use at least three (3) quality resources in this assignment (no more than two to three [2-3] years old) from material outside the textbook. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length.
The specific course learning outcomes associated with this assignment are:
• Explain the concepts of information systems security as applied to an IT infrastructure.
• Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems.
• Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
• Explain the means attackers use to compromise systems and networks, and defenses used by organizations.
• Use technology and information resources to research issues in information systems security.
• Write clearly and concisely about network security topics using proper writing mechanics and technical style conventions.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-8-assignment-2-identifying-potential-risk,response,and-recovery-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and User Access Controls NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-4-lab-3-enabling-windows-active-directory-and-user-access-controls-new
For more classes visit
http://www.assignmentcloud.com
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and User Access Controls NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-4-lab-3-enabling-windows-active-directory-and-user-access-controls-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 7 Discussion Network Security NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-7-discussion-network-security-new
For more classes visit
http://www.assignmentcloud.com
“Network Security” Please respond to the following:
• From the first e-Activity, discuss your rationale for choosing the specific firewall in question, and determine the primary way in which a company could incorporate it into an enterprise network in order to enhance security. Select the two (2) most important and / or unique features of the chosen firewall, and explain the primary reasons why those features make the firewall a viable option in enterprises today. Justify your answer.
• From the second e-Activity, discuss what you believe to be the two (2) most important security considerations related to cloud deployments, and explain the main reasons why you believe such considerations to be the most important.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-7-discussion-network-security-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 4 Assignment 1 Identifying Potential Malicious Attacks, Threats, and Vulnerabilities NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/333-week-4-assignment-1-identifying-potential-malicious-attacks,threats,and-vulnerabilities-new
For more classes visit
http://www.assignmentcloud.com
Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
Due Week 4 and worth 75 points
You have just been hired as an Information Security Engineer for a videogame development company. The organization network structure is identified in the below network diagram and specifically contains:
1) 2 – Firewalls 5) 2 – Windows Server 2012 Active Directory Domain Controllers (DC)
2) 1 – Web / FTP server 6) 3 – File servers
3) 1 – Microsoft Exchange Email server 7) 1 – Wireless access point (WAP)
4) 1 – Network Intrusion Detection System (NIDS) 8) 100 – Desktop / Laptop computers
9) VoIP telephone system
The CIO has seen reports of malicious activity being on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requested you identify and draft a report identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. Further, the CIO would like you to briefly explain each item and the potential impact it could have on the organization.
Write a four to five (4-5) page paper in which you:
1. Analyze three (3) specific potential malicious attacks and / or threats that could be carried out against the network and organization.
2. Explain in detail the potential impact of the three (3) selected malicious attacks.
3. Propose the security controls that you would consider implementing in order to protect against the selected potential malicious attacks.
4. Analyze three (3) potential concerns for data loss and data theft that may exist in the documented network.
5. Explicate the potential impact of the three (3) selected concerns for data loss and data theft.
6. Propose the security controls that you would consider implementing in order to protect against the selected concerns for data loss and data theft.
7. Use at least three (3) quality resources in this assignment (no more than two to three [2-3] years old) from material outside the textbook. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Explain the concepts of information systems security as applied to an IT infrastructure.
• Describe the principles of risk management, common response techniques, and issues related to recovery of IT systems.
• Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
• Explain the means attackers use to compromise systems and networks, and defenses used by organizations.
• Use technology and information resources to research issues in information systems security.
• Write clearly and concisely about network security topics using proper writing mechanics and technical style conventions.
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/333-week-4-assignment-1-identifying-potential-malicious-attacks,threats,and-vulnerabilities-new
For more classes visit
http://www.assignmentcloud.com
STRAYER CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic Analysis NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-6-lab-5-performing-packet-capture-and-traffic-analysis-new
For more classes visit
http://www.assignmentcloud.com
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic Analysis NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-333-week-6-lab-5-performing-packet-capture-and-traffic-analysis-new
For more classes visit
http://www.assignmentcloud.com
