Security for Networked AV Applications

Question 1

Ideally, security requirements should be identified during the ____ phase.

Answer 1

needs analysis

Question 2

A ____ describes what an organization is trying to protect and how vigorously it needs to protect it.

Answer 2

security posture

Question 3

The security posture should be set by the ____.

A. AV designer
B. architect
C. client
D. general contractor

Answer 3

C. client

Question 4

Stakeholder Input

These are the stakeholders who own data. They determine what needs to be protected and how vigorously. The other two areas support operational security.

A. Security
B. Network
C. Physical

Answer 4

A. Security

Question 5

Stakeholder Input

These are the IT stakeholders who specify and administrate network policies. There are generally two types of stakeholders: those responsible for the ports and protocols, firewalls, and routers in a network; and those responsible for access control.

A. Security
B. Network
C. Physical

Answer 5

B. Network

Question 6

Stakeholder Input

These are traditional security stakeholders, responsible for physical access to gear, spaces, and more. They can help you create policies on how to secure gear and cabinets to prevent theft.

A. Security
B. Network
C. Physical

Answer 6

C. Physical

Question 7

The Triple-A of Access Control

The person using the system is who they say they are. This is proven with certificates, passwords, and tokens.

A. Authentication
B. Authorization
C. Accounting

Answer 7

A. Authentication

Question 8

The Triple-A of Access Control

The person using the system is allowed to use it and take specific actions. This is managed through permissions in the system and directories.

A. Authentication
B. Authorization
C. Accounting

Answer 8

B. Authorization

Question 9

The Triple-A of Access Control

Those who manage the network
also have an accurate record of what happens with the system and over the network in general.

A. Authentication
B. Authorization
C. Accounting

Answer 9

C. Accounting

Question 10

Producing records proving who was using a networked system and what they did while they had access is called ____.

Answer 10

nonrepudiation

Question 11

HTTP, Telnet, and FTP are ____ protocols, meaning anyone with access and a simple network analyzer can see exactly what’s going across the wire, including usernames and passwords.

Answer 11

clear-text

Question 12

A ____ is a methodology for prioritizing the threats that you can mitigate. It usually takes the form of a comprehensive table or spreadsheet and helps you assign value to risks depending on two factors: probability and impact.

Answer 12

risk register

Question 13

The CIA triad stands for ____, ____, ____.

Answer 13

Confidentiality, Integrity, Availability.

Question 14

Typically, there are four ways to handle risk.

Limit or avert the risky activity.

A, Avoid
B. Accept
C. Transfer
D. Mitigate

Answer 14

A, Avoid

Question 15

Typically, there are four ways to handle risk.

Because the probability or impact is low enough, the client is willing to take the risk.

A, Avoid
B. Accept
C. Transfer
D. Mitigate

Answer 15

B. Accept

Question 16

Typically, there are four ways to handle risk.

The client can purchase insurance or maintenance plans or adopt cloud-based technology services.

A, Avoid
B. Accept
C. Transfer
D. Mitigate

Answer 16

C. Transfer

Question 17

Typically, there are four ways to handle risk.

Make changes to design, configuration, or operational procedures to lower the probability or impact of a risk to the point where it’s acceptable.

A, Avoid
B. Accept
C. Transfer
D. Mitigate

Answer 17

D. Mitigate