Complete CIS 333 Course with Discussions, Labs and Final Exams
1. STRAYER CIS 333 Entire Course (Includes DQ's,Assignments
And 3 Sets of Final Exam)
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-entire-course-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 1 Discussion Providing Security Over Data NEW
CIS 333 Week 2 Discussion Risk Management and Malicious
Attacks NEW
CIS 333 Week 2 Lab 1 Performing Reconnaissance and Probing
Using Common Tools NEW
CIS 333 Week 3 Case Study 1 Bring Your Own Device (BYOD)
NEW
CIS 333 Week 3 Discussion Security Administration and Access
Control NEW
CIS 333 Week 3 Lab 2 Performing a Vulnerability NEW
CIS 333 Week 4 Assignment 1 Identifying Potential Malicious
Attacks, Threats, and Vulnerabilities NEW (2 Sets)
CIS 333 Week 4 Discussion Security Monitoring NEW
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and
User Access Controls NEW
CIS 333 Week 5 Discussion Business Impact Analysis (BIA) and
Risk Management NEW
2. CIS 333 Week 5 Lab 4 Using Group Policy Objects and Microsoft
Baseline Security Analyzer for Change Control NEW
CIS 333 Week 6 Case Study 2 Public Key Infrastructure NEW (2
Sets)
CIS 333 Week 6 Discussion Cryptography NEW
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic
Analysis NEW
CIS 333 Week 7 Discussion Network Security NEW
CIS 333 Week 7 Lab 6 Using Encryption to Enhance
Confidentiality and Integrity NEW
CIS 333 Week 8 Assignment 2 Identifying Potential Risk,
Response, and Recovery NEW
CIS 333 Week 8 Discussion The Impact of Malware NEW
CIS 333 Week 8 Lab 7 Performing a Web Site and Database
Attack by Exploiting Identified Vulnerabilities NEW
CIS 333 Week 9 Discussion Security Standards NEW
CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered
Security Approach NEW
CIS 333 Week 10 Discussion NEW
CIS 333 Week 10 Technical Project Paper Information Systems
Security NEW
CIS 333 Week 11 Discussion 1 Course Takeaway NEW
CIS 333 Week 11 Discussion 2 Course Wrap up NEW
3. CIS 333 Week 11 Final Exam Set 1 NEW
CIS 333 Week 11 Final Exam Set 2 NEW
CIS 333 Week 11 Final Exam Set 3 NEW
4. STRAYER CIS 333 Week 1 Discussion Providing Security Over
Data NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-1-discussion-providing-security-over-data-
recent
For more classes visit
http://www.uopassignments.com
• "Providing Security Over Data" Please respond to the
following:
• • The CIA triad (confidentiality, integrity, and availability)
offers three (3) security tenets that allow data owners the
framework to secure data. Considering your place of
employment or your home computing environment, discuss in
detail the primary means in which each of the three (3) tenets
are addressed to mitigate risk and enhance security in your
chosen environment.
• • The proliferation of mobile devices to create or access data
has had a significant effect on the security concerns
surrounding personal and corporate data. From the selected e-
Activity article, summarize the attack, and determine the key
ways in which you would consider mitigating the threat.
5. STRAYER CIS 333 Week 1 to Week 11 Discussion Question
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-1-to-week-11-discussion-question
For more classes visit
http://www.uopassignments.com
CIS 333 Week 1 Discussion Providing Security Over Data NEW
CIS 333 Week 2 Discussion Risk Management and Malicious
Attacks NEW
CIS 333 Week 3 Discussion Security Administration and Access
Control NEW
CIS 333 Week 4 Discussion Security Monitoring NEW
CIS 333 Week 5 Discussion Business Impact Analysis (BIA) and
Risk Management NEW
CIS 333 Week 6 Discussion Cryptography NEW
CIS 333 Week 7 Discussion Network Security NEW
CIS 333 Week 8 Discussion The Impact of Malware NEW
CIS 333 Week 9 Discussion Security Standards NEW
CIS 333 Week 10 Discussion NEW
CIS 333 Week 11 Discussion 1 Course Takeaway NEW
7. STRAYER CIS 333 Week 2 Discussion Risk Management and
Malicious Attacks NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-2-discussion-risk-management-and-malicious-
attacks-recent
For more classes visit
http://www.uopassignments.com
"Risk Management and Malicious Attacks" Please respond to
the following:
• With regards to risk-response planning, there are four (4)
responses to negative risks that an organization may pursue:
avoid, transfer, mitigate, and accept. Develop an original and
unique scenario to describe and contrast each of these
responses.
• From the selected e-Activity article, describe in detail the way
in which the malware was utilized to steal data or gain
privileged remote access to a computer or network. Suppose
you were an IT Security professional working at the attacked
business, and detail the security controls that you would
consider putting into practice that would help to prevent this
and similar types of malware attacks moving forward.
8. STRAYER CIS 333 Week 2 Lab 1 Performing Reconnaissance
and Probing Using Common Tools NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-2-lab-1-performing-reconnaissance-and-
probing-using-common-tools-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 2 Lab 1 Performing Reconnaissance and Probing
Using Common Tools NEW
9. STRAYER CIS 333 Week 3 Case Study 1 Bring Your Own Device
(BYOD) NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-3-case-study-1-bring-your-own-device-recent
For more classes visit
http://www.uopassignments.com
Case Study 1: Bring Your Own Device (BYOD)
Due Week 3 and worth 60 points
Read the following articles located in the course shell: “The
dark side of BYOD” from TechRepublic and “BYOD As We Know
It Is Dead” from Forbes.
Write a two to three (2-3) page paper in which you:
1. Identify the primary benefits of BYOD in organizations, and
determine the key ways in which its concepts can enhance an
end user’s overall working experience.
2. Analyze in detail the major risks surrounding BYOD, and
analyze the security controls and technologies that are
currently available and being utilized to manage these risks.
3. Provide a real-world example of how BYOD either positively
or negatively affected an organization’s productivity and / or
security.
4. Determine whether or not you would consider implementing
BYOD concepts in a real organization and whether or not the
benefits outweigh the risks.
5. Use at least three (3) quality resources in this assignment (no
10. more than two to three [2-3] years old) from material outside
the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain how businesses apply cryptography in maintaining
information security.
• Use technology and information resources to research issues
in information systems security.
Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions
11. STRAYER CIS 333 Week 11 Final Exam Set 2 NEW
Check this A+ tutorial guideline at
http://www.assignmentcloud.com/cis-333-strayer/cis-
333-week-11-final-exam-set-2-new
For more classes visit
http://www.assignmentcloud.com
Question 1 ____________ is the amount of time it takes to recover
and make a system, application, and data available for use after
an outage.
Question 2 The requirement to keep information private or
secret is the definition of __________.
Question 3 The _________ Domain connects remote users to the
organization’s IT infrastructure.
Question 4 A ___________ gives priorities to the functions an
organization needs to keep going.
Question 5 ___________ is the process of transforming data from
cleartext into ciphertext.
Question 6 Today, people working in cyberspace must deal
with new and constantly evolving ________.
Question 7 The director of IT security is generally in charge of
ensuring that the ____________ conforms to policy.
Question 8 A ________ is a collection of computers connected to
one another or to a common connection medium.
12. Question 9 The goal and objective of a __________ is to provide a
consistent definition for how an organization should handle
and secure different types of data.
Question 10 Which of the following is the definition of
ciphertext?
Question 11 What term is used to describe streamlining
processes with automation or simplified steps?
Question 12 Audio conferencing is a software-based, real-time
audio conference solution for ________ callers.
Question 13 What is meant by digital subscriber line (DSL)?
Question 14 Medical practices and hospitals realized early on
that ________ provide(s) the ability to provide access to the
necessary information without having to invest in many
computers and network infrastructure.
Question 15 What term is used to describe communication that
doesn’t happen in real time but rather consists of messages
(voice or e-mail) that are stored on a server and downloaded to
endpoint devices?
Question 16 E-commerce systems and applications demand
strict C-I-A ________.
Question 17 If VoIP traffic needs to traverse through a WAN
with congestion, you need ___________.
Question 18 What name is given to a high-speed broadband
networking technology that uses a 53-byte cell to support real-
time voice, video, or data communications?
Question 19 What is meant by application convergence?
13. Question 20 Network devices can implement ___________ to better
support VoIP and SIP IP packets and reduce dropped calls and
delays.
Question 21 What is meant by firewall?
Question 22 When an attacker discovers a __________, he or she
can use it to bypass existing security controls such as
passwords, encryption, and so on.
Question 23 ________ is a type of attack in which the attacker
takes control of a session between two machines and
masquerades as one of them.
Question 24 A _________ has a hostile intent, possesses
sophisticated skills, and may be interested in financial gain.
They represent the greatest threat to networks and
information resources.
Question 25 A software program that collects information
about Internet usage and uses it to present targeted
advertisements to users is the definition of ________.
Question 26 Another type of attacker is called a ________. This is
a person with little or no skill who simply follows directions or
uses a “cookbook” approach to carrying out a cyberattack
without understanding the meaning of the steps he or she is
performing.
Question 27 An attempt to exploit a vulnerability of a computer
or network component is the definition of ________.
Question 28 What name is given to any event that results in a
violation of any of the C-I-A security tenets?
Question 29 What is meant by rootkit?
14. Question 30 What is meant by promiscuous mode?
Question 31 __________ is rapidly becoming an increasingly
important aspect of enterprise computing.
Question 32 ________ is the difference between the security
controls you have in place and the controls you need to have in
place in order to address all vulnerabilities.
Question 33 Which of the following is the definition of business
drivers?
Question 34 When you accept a __________, you take no further
steps to resolve.
Question 35 The first step in risk analysis is to determine what
and where the organization’s _________ are located.
Question 36 Your _________ plan shows that you have examined
risks to your organization and have developed plans to address
each risk.
Question 37 What name is given to any risk that exists but has
a defined response?
Question 38 The goal of ____________ is to quantify possible
outcomes of risks, determine probabilities of outcomes,
identify high-impact risks, and develop plans based on risks.
Question 39 Any organization that is serious about security
will view ___________ as an ongoing process.
Question 40 A ___________ will help identify not only which
functions are critical, but also how quickly essential business
functions must return to full operation following a major
interruption.
15. Question 41 The Bell-La Padula access control model focuses
primarily on ________.
Question 42 Which of the following adequately defines
continuous authentication?
Question 43 ________ is an authorization method in which access
to resources is decided by the user’s formal status.
Question 44 What name is given to an access control method
that bases access control approvals on the jobs the user is
assigned?
Question 45 An organization’s facilities manager might give
you a security card programmed with your employee ID
number, also known as a ________.
Question 46 ________ is an authentication credential that is
generally longer and more complex than a password.
Question 47 What is meant by multi-tenancy?
Question 48 What is meant by physically constrained user
interface?
Question 49 How is decentralized access control defined?
Question 50 A method of restricting resource access to specific
periods of time is called ________.
Question 51 When an information security breach occurs in
your organization, a __________ helps determine what happened
to the system and when.
Question 52 What is meant by certification?
16. Question 53 What term is used to describe a benchmark used
to make sure that a system provides a minimum level of
security across multiple applications and across different
products?
Question 54 What term is used to describe a set of step-by-step
actions to be performed to accomplish a security requirement,
process, or objective?
Question 55 What or who is the individual or team responsible
for performing the security test and evaluation for the system
and for preparing the report for the AO on the risk of operating
the system?
Question 56 The ___________ team’s responsibilities include
handling events that affect your computers and networks and
ultimately can respond rapidly and effectively to any event.
Question 57 The process of managing the baseline settings of a
system device is called ________.
Question 58 Which of the following is the definition of
guideline?
Question 59 Enacting changes in response to reported
problems is called ________.
Question 60 Which of the following is the definition of system
owner?
Question 61 SOC 2 and SOC 3 reports both address primarily
________-related controls.
Question 62 Security audits help ensure that your rules and
__________ are up to date, documented, and subject to change
control procedures.
17. Question 63 One of the best ways to avoid wasting your
organization’s resources is to ensure that you follow the ________
review cycle.
Question 64 What is meant by gray-box testing?
Question 65 The ___________ framework defines the scope and
contents of three levels of audit reports.
Question 66 The primary difference between SOC 2 and SOC 3
reports is ________.
Question 67 _________ was developed for organizations such as
insurance and medical claims processors, telecommunication
service providers, managed services providers, and credit card
transaction processing companies.
Question 68 As your organization evolves and as threats
mature, it is important to make sure your __________ still meet(s)
the risks you face today.
Question 69 ________ gives you the opportunity to review your
risk-management program and to confirm that the program has
correctly identified and reduced (or otherwise addressed) the
risks to your organization.
Question 70 Audits also often look at the current configuration
of a system as a snapshot in time to verify that it complies with
________.
Question 71 The ________ identifies staff reaction and response
times as well as inefficiencies or previously unidentified
vulnerabilities. All members of the staff involved in operations
or procedures participate in the test.
18. Question 72 Forensics and incident response are examples of
___________ controls.
Question 73 A _________ determines the extent of the impact that
a particular incident would have on business operations over
time.
Question 74 A(n) ________ is a measurable occurrence that has
an impact on the business.
Question 75 ___________ is the likelihood that a particular threat
exposes a vulnerability that could damage your organization.
Question 76 An attacker or event that might exploit a
vulnerability is a(n) ____________.
Question 77 ________ attempts to describe risk in financial terms
and put a dollar value on all the elements of a risk.
Question 78 A(n) ________ is an intent and method to exploit a
vulnerability.
Question 79 ___________ refers to the amount of harm a threat can
cause by exploiting a vulnerability.
Question 80 A control involved in the process of developing
and ensuring compliance with policy and procedures is the
definition of ________.
Question 81 Without any knowledge of the key, an attacker
with access to an encrypted message and the decryption cipher
could try every possible key to decode the message. This is
referred to as ________.
19. Question 82 What name is given to random characters that you
can combine with an actual input key to create the encryption
key?
Question 83 _______________ is another symmetric algorithm that
organizations currently use. It is a 64-bit block cipher that has a
variable key length from 32 to 448 bits. It is much faster than
DES or IDEA and is a strong algorithm that has been included in
more than 150 products, as well as v2.5.47 of the Linux kernel.
Its author, Bruce Schneier, placed it in the public domain.
Question 84 Cryptography accomplishes four security goals:
confidentiality, integrity, authentication, and ________________.
Question 85 ________ is the act of unscrambling ciphertext into
plaintext.
Question 86 What name is given to an encryption cipher that is
a product cipher with a 56-bit key consisting of 16 iterations of
substitution and transformation?
Question 87 What name is given to an encryption cipher that
uniquely maps any letter to any other letter?
Question 88 The most scrutinized cipher in history is the
________.
Question 89 A ________ is an encryption key used to encrypt
other keys before transmitting them.
Question 90 What is meant by checksum?
Question 91 Which of the following is the definition of packet-
filtering firewall?
20. Question 92 A _____________ contains rules that define the types of
traffic that can come and go through a network.
Question 93 What name is given to a protocol to implement a
VPN connection between two computers?
Question 94 Which OSI Reference Model layer must translate
the binary ones and zeros of computer language into the
language of the transport medium?
Question 95 Which OSI Reference Model layer is responsible for
transmitting information on computers connected to the same
local area network (LAN)?
Question 96 What term is used to describe the current
encryption standard for wireless networks?
Question 97 ________ allows the computer to get its configuration
information from the network instead of the network
administrator providing the configuration information to the
computer. It provides a computer with an IP address, subnet
mask, and other essential communication information,
simplifying the network administrator’s job.
Question 98 Which OSI Reference Model layer uses Media
Access Control (MAC) addresses? Device manufacturers assign
each hardware device a unique MAC address.
Question 99 A method to restrict access to a network based on
identity or other rules is the definition of ________.
Question 100 A method to restrict access to a network based
on identity or other rules is the definition of ________.
Question 101 In a __________, the attacker uses IP spoofing to
send a large number of packets requesting connections to the
21. victim computer. These appear to be legitimate but in fact
reference a client system that is unable to respond.
Question 102 Whether software or hardware based, a
____________ captures keystrokes, or user entries, and then
forwards that information to the attacker.
Question 103 Which of the following is the definition of logic
bomb?
Question 104 Unrecognized new processes running, startup
messages indicating that new software has been (or is being)
installed (registry updating), unresponsiveness of applications
to normal commands, and unusual redirection of normal Web
requests to unknown sites are all telltale symptoms of a ________.
Question 105 Which of the following is the definition of botnet?
Question 106 The purpose of the ________ is to “make the
Internet work better.” It focuses on the engineering aspects of
Internet communication and attempts to avoid policy and
business questions. It is an open organization, and it has no
membership requirements.
Question 107 Today, _________ standards address a wide variety
of topics, including power generation, power transmission and
distribution, commercial and consumer electrical appliances,
semiconductors, electromagnetics, batteries, solar energy, and
telecommunications. The organization was also instrumental in
the development of standards for electrical measurements,
including the gauss, hertz, and weber.
Question 108 The ________ provides oversight for architecture
for Internet protocols and procedures, processes used to create
standards, editorial and publication procedures for RFCs, and
22. confirmation of IETF chair and technical area directors. It also
provides much of the high-level management and validation of
the processes of conducting IETF business.
Question 109 The _____________ is the preeminent organization
for developing and publishing international standards for
technologies related to electrical and electronic devices and
processes.
Question 110 ________ is a document produced by the IETF that
contains standards as well as other specifications or
descriptive contents.
Question 111 An educational program that is generally
associated with a college or university that provides formal
courses that do not lead to degrees is the definition of ________.
Question 112 The standard bachelor’s degree is a __________
program.
Question 113 ________ refers to an educational institution that
has successfully undergone evaluation by an external body to
determine whether the institution meets applicable standards.
Question 114 The purpose of ________ is to provide formal
training courses that lead to a certificate or professional
certification and not a degree.
Question 115 The four main areas in NIST SP 800-50 are
awareness, training, education, and __________________.
Question 116 Which is the highest level of Check Point
certification for network security?
Question 117 Which is Cisco’s highest level of certification?
23. Question 118 The four main credentials of the ________ are
Systems Security Certified Practitioner (SSCP®), Certified
Information Systems Security Professional (CISSP®), Certified
Authorization Professional (CAP®), and Certified Secure
Software Lifecycle Professional (CSSLP®).
Question 119 The ____________ concentration from (ISC)2 is the
road map for incorporating security into projects, applications,
business processes, and all information systems.
Question 120 CompTIA’s Security+ certification provides
________.
Question 121 The regulating agency for the Family
Educational Rights and Privacy Act is the ________.
Question 122 The ________________ ,enacted as part of the
American Recovery and Reinvestment Act of 2009, was
designed to promote the widespread adoption and
standardization of health information technology.
Question 123 Information regulated under the Gramm-Leach-
Bliley Act is ________.
Question 124 The regulating agency for the Sarbanes-Oxley Act
is the ________.
Question 125 Tier C violations under the HITECH Act are
________.
24. STRAYER CIS 333 Week 3 Lab 2 Performing a Vulnerability
NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-3-lab-2-performing-a-vulnerability-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 3 Lab 2 Performing a Vulnerability
Assessment Case Study 1 Bring Your Own Device (BYOD)
25. STRAYER CIS 333 Week 4 Assignment 1 Identifying Potential
Malicious Attacks, Threats, and Vulnerabilities NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/333-
week-4-assignment-1-identifying-potential-malicious-
attacks,threats,and-vulnerabilities-recent
For more classes visit
http://www.uopassignments.com
Assignment 1: Identifying Potential Malicious Attacks, Threats,
and Vulnerabilities
Due Week 4 and worth 75 points
You have just been hired as an Information Security Engineer
for a videogame development company. The organization
network structure is identified in the below network diagram
and specifically contains:
1) 2 – Firewalls 5) 2 – Windows Server 2012 Active Directory
Domain Controllers (DC)
2) 1 – Web / FTP server 6) 3 – File servers
3) 1 – Microsoft Exchange Email server 7) 1 – Wireless access
point (WAP)
4) 1 – Network Intrusion Detection System (NIDS) 8) 100 –
Desktop / Laptop computers
9) VoIP telephone system
The CIO has seen reports of malicious activity being on the rise
and has become extremely concerned with the protection of the
intellectual property and highly sensitive data maintained by
26. your organization. As one of your first tasks with the
organization, the CIO requested you identify and draft a report
identifying potential malicious attacks, threats, and
vulnerabilities specific to your organization. Further, the CIO
would like you to briefly explain each item and the potential
impact it could have on the organization.
Write a four to five (4-5) page paper in which you:
1. Analyze three (3) specific potential malicious attacks and /
or threats that could be carried out against the network and
organization.
2. Explain in detail the potential impact of the three (3) selected
malicious attacks.
3. Propose the security controls that you would consider
implementing in order to protect against the selected potential
malicious attacks.
4. Analyze three (3) potential concerns for data loss and data
theft that may exist in the documented network.
5. Explicate the potential impact of the three (3) selected
concerns for data loss and data theft.
6. Propose the security controls that you would consider
implementing in order to protect against the selected concerns
for data loss and data theft.
7. Use at least three (3) quality resources in this assignment (no
more than two to three [2-3] years old) from material outside
the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
27. the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain the concepts of information systems security as
applied to an IT infrastructure.
• Describe the principles of risk management, common
response techniques, and issues related to recovery of IT
systems.
• Describe how malicious attacks, threats, and vulnerabilities
impact an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Use technology and information resources to research issues
in information systems security.
• Write clearly and concisely about network security topics
using proper writing mechanics and technical style
conventions.
28. STRAYER CIS 333 Week 4 Discussion Security Monitoring NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-4-discussion-security-monitoring-recent
For more classes visit
http://www.uopassignments.com
"Security Monitoring" Please respond to the following:
• Considering your place of employment or your home
computing environment, discuss in detail the way in which in-
depth (or layered) defense is employed to enhance security in
your chosen environment.
• According to the textbook, Intrusion Detection Systems (IDS),
which can be categorized as Host IDS (HIDS) and Network IDS
(NIDS), is a means of providing real-time monitoring. Compare
and contrast HIDS and NIDS, and provide at least one (1)
example identifying when one (1) would be more appropriate
to use over the other. Provide a rationale to support your
chosen example.
29. STRAYER CIS 333 Week 4 Lab 3 Enabling Windows Active
Directory and User Access Controls NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-4-lab-3-enabling-windows-active-directory-
and-user-access-controls-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and
User Access Controls NEW
30. STRAYER CIS 333 Week 5 Discussion Business Impact Analysis
(BIA) and Risk Management NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-5-discussion-business-impact-analysis-and-
risk-management-recent
For more classes visit
http://www.uopassignments.com
"Business Impact Analysis (BIA) and Risk Management" Please
respond to the following:
• According to the text, a BIA determines the extent of the
impact that a particular incident would have on business
operation over time. Determine the major ways in which
people, systems, data, and property will impact a BIA. Provide
specific examples to support your response.
• Compare and contrast qualitative risk analysis and
quantitative risk analysis, and provide at least two (2)
examples identifying a situation when each would be useful.
31. STRAYER CIS 333 Week 5 Lab 4 Using Group Policy Objects and
Microsoft Baseline Security Analyzer for Change Control NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-5-lab-4-using-group-policy-objects-and-
microsoft-baseline-security-analyzer-for-change-control-
recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 5 Lab 4 Using Group Policy Objects and Microsoft
Baseline Security Analyzer for Change Control NEW
32. STRAYER CIS 333 Week 6 Case Study 2 Public Key
Infrastructure NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-6-case-study-2-public-key-infrastructure-
recent
For more classes visit
http://www.uopassignments.com
Case Study 2: Public Key Infrastructure
Due Week 6 and worth 60 points
Suppose you are the Information Security Director at a small
software company. The organization currently utilizes a
Microsoft Server 2012 Active Directory domain administered
by your information security team. Mostly software developers
and a relatively small number of administrative personnel
comprise the remainder of the organization. You have
convinced business unit leaders that it would be in the best
interest of the company to use a public key infrastructure (PKI)
in order to provide a framework that fosters confidentiality,
integrity, authentication, and nonrepudiation. Email clients,
virtual private network (VPN) products, Web server
components, and domain controllers would utilize digital
certificates issued by the certificate authority (CA).
Additionally, the company would use digital certificates to sign
software developed by the company in order to demonstrate
software authenticity to the customer.
33. Write a two to three (2-3) page paper in which you:
1. Analyze the fundamentals of PKI, and determine the primary
ways in which its features and functions could benefit your
organization and its information security department.
2. Propose one (1) way in which the PKI could assist in the
process of signing the company’s software, and explain the
main reason why a customer could then believe that software
to be authentic.
3. Compare and contrast public and in-house CAs. Include the
positive and negative characteristics of each type of certificate
authority, and provide a sound recommendation of and a
justification for which you would consider implementing within
your organization. Explain your rationale.
4. Use at least three (3) quality resources in this assignment (no
more than two to three [2-3] years old) from material outside
the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain how businesses apply cryptography in maintaining
information security.
• Use technology and information resources to research issues
in information systems security.
34. • Write clearly and concisely about network security topics
using proper writing mechanics and technical style
conventions.
35. STRAYER CIS 333 Week 6 Discussion Cryptography NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-6-discussion-cryptography-recent
For more classes visit
http://www.uopassignments.com
"Cryptography" Please respond to the following:
• Considering that, due to its extremely sensitive nature, shared
data that organizations transmit through collaboration must be
kept confidential at all costs, formulate a possible solution that
utilizes symmetric or asymmetric cryptography, and describe
the advantages and disadvantages of the selected solution. If
you had to select one (1) of the two (2) encryption options over
the other, justify the one that you would choose, and explain
your reasoning.
• From the e-Activity and your own research, give your opinion
of the two (2) most important ways that you believe encryption
could assist in addressing some of the current challenges facing
organizations today, and explain why these solutions are so
important. Justify your answer.
36. STRAYER CIS 333 Week 6 Lab 5 Performing Packet Capture and
Traffic Analysis NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-6-lab-5-performing-packet-capture-and-traffic-
analysis-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic
Analysis NEW
37. STRAYER CIS 333 Week 3 Discussion Security Administration
and Access Control NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-3-discussion-security-administration-and-
access-control-recent
For more classes visit
http://www.uopassignments.com
"Security Administration and Access Control" Please respond
to the following:
• From the e-Activity, summarize the ethical dilemma, and
develop a plan in which you would mitigate the vulnerability.
• Compare and contrast physical access controls and logical
access controls. Further explain in what ways both physical and
logical access controls are related to implementing a security
policy.
38. STRAYER CIS 333 Week 7 Lab 6 Using Encryption to Enhance
Confidentiality and Integrity NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-7-lab-6-using-encryption-to-enhance-
confidentiality-and-integrity-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 7 Lab 6 Using Encryption to Enhance
Confidentiality and Integrity NEW
39. STRAYER CIS 333 Week 7 Discussion Network Security NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-7-discussion-network-security-recent
For more classes visit
http://www.uopassignments.com
"Network Security" Please respond to the following:
• From the first e-Activity, discuss your rationale for choosing
the specific firewall in question, and determine the primary
way in which a company could incorporate it into an enterprise
network in order to enhance security. Select the two (2) most
important and / or unique features of the chosen firewall, and
explain the primary reasons why those features make the
firewall a viable option in enterprises today. Justify your
answer.
• From the second e-Activity, discuss what you believe to be the
two (2) most important security considerations related to
cloud deployments, and explain the main reasons why you
believe such considerations to be the most important.
40. STRAYER CIS 333 Week 8 Assignment 2 Identifying Potential
Risk, Response, and Recovery NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-8-assignment-2-identifying-potential-
risk,response,and-recovery-recent
For more classes visit
http://www.uopassignments.com
Assignment 2: Identifying Potential Risk, Response, and
Recovery
Due Week 8 and worth 75 points
In Assignment 1, a videogame development company recently
hired you as an Information Security Engineer. After viewing a
growing number of reports detailing malicious activity, the CIO
requested that you draft a report in which you identify
potential malicious attacks and threats specific to your
organization. She asked you to include a brief explanation of
each item and the potential impact it could have on the
organization.
After reviewing your report, the CIO requests that you develop
a follow-up plan detailing a strategy for addressing all risks
(i.e., risk mitigation, risk assignment, risk acceptance, or risk
avoidance) identified in Assignment 1. Further, your plan
should identify controls (i.e., administrative, preventative,
detective, and corrective) that the company will use to mitigate
each risk previously identified.
41. Write a four to five (4-5) page paper in which you:
1. For each of the three (3) or more malicious attacks and / or
threats that you identified in Assignment 1, choose a strategy
for addressing the associated risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Explain your
rationale.
2. For each of the three (3) or more malicious attacks and / or
threats identified in Assignment 1, develop potential controls
(i.e., administrative, preventative, detective, and corrective)
that the company could use to mitigate each associated risk.
3. Explain in detail why you believe the risk management,
control identification, and selection processes are so
important, specifically in this organization.
4. Draft a one (1) page Executive Summary that details your
strategies and recommendations to the CIO (Note: The
Executive Summary is included in the assignment’s length
requirements).
5. Use at least three (3) quality resources in this assignment (no
more than two to three [2-3] years old) from material outside
the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; references must follow
APA or school-specific format. Check with your professor for
any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required page length.
The specific course learning outcomes associated with this
assignment are:
42. • Explain the concepts of information systems security as
applied to an IT infrastructure.
• Describe the principles of risk management, common
response techniques, and issues related to recovery of IT
systems.
• Describe how malicious attacks, threats, and vulnerabilities
impact an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Use technology and information resources to research issues
in information systems security.
• Write clearly and concisely about network security topics
using proper writing mechanics and technical style
conventions.
43. STRAYER CIS 333 Week 8 Discussion The Impact of Malware
NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-8-discussion-the-impact-of-malware-recent
For more classes visit
http://www.uopassignments.com
"The Impact of Malware" Please respond to the following:
• From the first e-Activity, analyze the selected two (2)
resources that are available for security professionals to find
information about threats and / or malware active today.
Justify your belief these resources are helpful for security
professionals.
• From the second e-Activity, explain whether or not you
believe that the myth of Mac devices being more secure than
Windows devices is becoming history, and justify your answer.
Further, indicate one (1) main reason why you believe this
myth still exists in the minds of end users and businesses.
44. STRAYER CIS 333 Week 8 Lab 7 Performing a Web Site and
Database Attack by Exploiting Identified Vulnerabilities NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-8-lab-7-performing-a-web-site-and-database-
attack-by-exploiting-identified-vulnerabilities-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 8 Lab 7 Performing a Web Site and Database
Attack by Exploiting Identified Vulnerabilities NEW
45. STRAYER CIS 333 Week 9 Discussion Security Standards NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-9-discussion-security-standards-recent
For more classes visit
http://www.assignmentcloud.com
"Security Standards" Please respond to the following:
• A number of organizations exist to define information
security standards. Explain the importance of standards
organizations with regard to both information systems and
information systems security. Provide a rationale for your
response.
• From the e-Activity, determine two (2) specific concerns that
you believe exist for cloud deployments, and ascertain whether
or not data breaches, such as the Snowden Incident have
heightened concerns. Justify your answer.
46. STRAYER CIS 333 Week 9 Lab 8 Eliminating Threats with a
Layered Security Approach NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-348-strayer/cis-
348-week-6-assignment-4-mobile-app-part-1-work-
breakdown-structure-recent
For more classes visit
http://www.uopassignments.com
CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered
Security Approach NEW
47. STRAYER CIS 333 Week 10 Discussion NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-10-discussion-recent
For more classes visit
http://www.uopassignments.com
• Describe one (1) IT position that you currently hold or would
like to hold in the future. Next, explain whether or not you
believe obtaining certifications would help you in the position
in question. If so, determine the certifications that you believe
would prove to be helpful. Provide a rationale for your
response.
• From the e-Activity, explain the regulatory compliance law
that you researched, and ascertain the effect that information
security could have on such a law. Based on the requirements
of the law that you researched, indicate whether or not you
believe that the regulations are reasonable for organizations to
follow. Justify your answer.
48. STRAYER CIS 333 Week 10 Technical Project Paper:
Information Systems Security NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-10-technical-project-paper-information-
systems-security-recent
For more classes visit
http://www.uopassignments.com
Technical Project Paper: Information Systems Security
Due Week 10 and worth 150 points
Suppose you are the IT professional in charge of security for a
small pharmacy that has recently opened within a shopping
mall. The daily operation of a pharmacy is a unique business
that requires a combination of both physical and logical access
controls geared toward protecting medication and funds
located on the premises, as well as the customers’ personally
identifiable information and protected health information that
resides on your system. Your supervisor has tasked you with
identifying inherent risks associated with your pharmacy and
establishing strong physical and logical access control methods
to mitigate the identified risks.
1) Firewall (1) 4) Desktop computers (4)
2) Windows 2012 Active Directory Domain Controllers (DC) (1)
5) Dedicated T1 Connection (1)
3) File Server (1)
Write an eight to ten (8-10) page paper in which you:
1. Identify at least five (5) potential physical threats that
require attention.
49. 2. Determine the impact of at least five (5) potential logical
threats that require attention.
3. Detail the security controls (i.e., administrative,
preventative, detective, and corrective) that the pharmacy
could implement in order to protect it from the five (5) selected
physical threats.
4. Explain in detail the security controls (i.e., administrative,
preventative, detective, and corrective) that could be
implemented to protect from the five (5) selected logical
threats.
5. For each of the five (5) selected physical threats, choose a
strategy for addressing the risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Justify your
chosen strategies.
6. For each of the five (5) selected logical threats, choose a
strategy for handling the risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Justify your
chosen strategies.
7. Use at least five (5) quality resources in this assignment (no
more than 2-3 years old) from material outside the
textbook.Note: Wikipedia and similar Websites do not qualify
as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
50. The specific course learning outcomes associated with this
assignment are:
• Explain the concepts of information systems security as
applied to an IT infrastructure.
• Describe how malicious attacks, threats, and vulnerabilities
impact an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Explain the role of access controls in implementing a security
policy.
• Use technology and information resources to research issues
in information systems security.
• Write clearly and concisely about network security topics
using proper writing mechanics and technical style
conventions.
• Explain how businesses apply cryptography in maintaining
information security.
• Analyze the importance of network principles and
architecture to security operations.
51. STRAYER CIS 333 Week 11 Discussion 1 Course Takeaway
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-11-discussion-1-course-takeaway-recent
For more classes visit
http://www.uopassignments.com
"Course Takeaway" Please respond to the following:
Share two new insights about networking security
fundamentals you have discovered from this course. Explain
how this type of course is essential for every network security
professional.
52. STRAYER CIS 333 Week 11 Discussion 2 Course Wrap up NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-11-discussion-2-course-wrap-up-recent
For more classes visit
http://www.uopassignments.com
"Course Wrap-up" Please respond to the following:
Explain five or more key topics discussed during this course
that you would like to teach a friend who has a minimal level of
information systems security knowledge. Discuss how you can
apply the learning outcomes of this course to your professional
and personal life.
53. STRAYER CIS 333 Week 11 Final Exam Set 1 NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-333-strayer/cis-
333-week-11-final-exam-set-1-recent
For more classes visit
http://www.uopassignments.com
Question 1 SIP is a ___________ protocol used to support real-time
communications.
Question 2 What name is given to a U.S. federal law that
requires U.S. government agencies to protect citizens’ private
data and have proper security controls in place?
Question 3 This security appliance examines IP data streams
for common attack and malicious intent patterns.
Question 4 What name is given to an exterior network that acts
as a buffer zone between the public Internet and an
organization’s IT infrastructure (i.e., LAN-to-WAN Domain)?
Question 5 ____________ is the amount of time it takes to recover
and make a system, application, and data available for use after
an outage.
Question 6 The requirement to keep information private or
secret is the definition of __________.
Question 7 The physical part of the LAN Domain includes a
__________, which is an interface between the computer and the
LAN physical media.
54. Question 8 The _________ Domain connects remote users to the
organization’s IT infrastructure.
Question 9 The world needs people who understand computer-
systems ________ and who can protect computers and networks
from criminals and terrorists.
Question 10 With wireless LANs (WLANs), radio transceivers
are used to transmit IP packets from a WLAN NIC to a
_____________.
Question 11 As users upgrade LANs to GigE or 10GigE, switches
must support ________ and data IP traffic.
Question 12 Voice and unified communications are ________
applications that use 64-byte IP packets.
Question 13 The ________ in analog communications is one error
for every 1,000 bits sent; in digital communications, the
__________ is one error for every 1,000,000 bits sent.
Question 14 What term is used to describe streamlining
processes with automation or simplified steps?
Question 15 What is meant by application convergence?
Question 16 If VoIP traffic needs to traverse through a WAN
with congestion, you need ___________.
Question 17 What term is used to describe a packet-based
WAN service capable of supporting one-to-many and many-to-
many WAN connections?
Question 18 The total number of errors divided by the total
number of bits transmitted is the definition of __________.
55. Question 19 What is meant by DS0?
Question 20 ________ is the basis for unified communications
and is the protocol used by real-time applications such as IM
chat, conferencing, and collaboration.
Question 21 Prior to VoIP, attackers would use wardialers to
________.
Question 22 Which of the following is the definition of netcat?
Question 23 In a ________, the attacker sends a large number of
packets requesting connections to the victim computer.
Question 24 Malicious software can be hidden in a ________.
Question 25 A software program that collects information
about Internet usage and uses it to present targeted
advertisements to users is the definition of ________.
Question 26 ________ is a type of attack in which the attacker
takes control of a session between two machines and
masquerades as one of them.
Question 27 A ___________ is a software program that performs
one of two functions: brute-force password attack to gain
unauthorized access to a system, or recovery of passwords
stored in a computer system.
Question 28 A protocol analyzer or ____________ is a software
program that enables a computer to monitor and capture
network traffic.
Question 29 What is meant by promiscuous mode?
56. Question 30 A _________ has a hostile intent, possesses
sophisticated skills, and may be interested in financial gain.
They represent the greatest threat to networks and
information resources.
Question 31 __________ tests interrupt the primary data center
and transfer processing capability to an alternate site.
Question 32 How often should an organization perform a risk
management plan?
Question 33 __________ is rapidly becoming an increasingly
important aspect of enterprise computing.
Question 34 When you accept a __________, you take no further
steps to resolve.
Question 35 What name is given to a risk-analysis method that
uses relative ranking to provide further definition of the
identified risks in order to determine responses to them?
Question 36 What name is given to a comparison of security
controls in place and the controls that are needed to address all
identified threats?
Question 37 The process of managing risks starts by identifying
__________.
Question 38 Which of the following is the definition of business
drivers?
Question 39 A ___________ will help identify not only which
functions are critical, but also how quickly essential business
functions must return to full operation following a major
interruption.
57. Question 40 What is meant by risk register?
Question 41 The ____________ is the central part of a computing
environment’s hardware, software, and firmware that enforces
access control for computer systems.
Question 42 What is meant by physically constrained user
interface?
Question 43 Biometrics is another ________ method for
identifying subjects.
Question 44 _____________is the process of dividing a task into a
series of unique activities performed by different people, each
of whom is allowed to execute only one part of the overall task.
Question 45 An organization’s facilities manager might give
you a security card programmed with your employee ID
number, also known as a ________.
Question 46 Which of the following is not a type of
authentication?
Question 47 Two-factor __________ should be the minimum
requirement for valuable resources as it provides a higher level
of security than using only one.
Question 48 A mechanism that limits access to computer
systems and network resources is ________,
Question 49 What term is used to describe a device used as a
logon authenticator for remote users of a network?
Question 50 The Bell-La Padula access control model focuses
primarily on ________.
58. Question 51 The process of managing the baseline settings of a
system device is called ________
Question 52 Which of the following is the definition of system
owner?
Question 53 ___________ are the benchmarks that help make sure
a minimum level of security exists across multiple applications
of systems and across different products.
Question 54 Which of the following is the definition of
guideline?
Question 55 A security awareness program includes ________.
Question 56 One of the most popular types of attacks on
computer systems involves ___________. These attacks deceive or
use people to get around security controls. The best way to
avoid this risk is to ensure that employees know how to handle
such attacks.
Question 57 The ___________ team’s responsibilities include
handling events that affect your computers and networks and
ultimately can respond rapidly and effectively to any event
Question 58 ________ states that users must never leave sensitive
information in plain view on an unattended desk or
workstation.
Question 59 What name is given to a method of developing
software that is based on small project iterations, or sprints,
instead of long project schedules?
Question 60 The primary task of an organization’s __________
team is to control access to systems or resources.
59. Question 61 As your organization evolves and as threats
mature, it is important to make sure your __________ still meet(s)
the risks you face today.
Question 62 Security audits help ensure that your rules and
__________ are up to date, documented, and subject to change
control procedures.
Question 63 _________ was developed for organizations such as
insurance and medical claims processors, telecommunication
service providers, managed services providers, and credit card
transaction processing companies.
Question 64 SOC 2 and SOC 3 reports both address primarily
________-related controls.
Question 65 A method of security testing that isn’t based
directly on knowledge of a program’s architecture is the
definition of ________.
Question 66 The ___________ framework defines the scope and
contents of three levels of audit reports.
Question 67 ________ provides information on what is happening
as it happens.
Question 68 The primary difference between SOC 2 and SOC 3
reports is ________.
Question 69 Which of the following is the definition of
hardened configuration?
Question 70 What term is used to describe a reconnaissance
technique that enables an attacker to use port mapping to learn
which operating system and version are running on a
computer?
60. Question 71 It is necessary to create and/or maintain a plan
that makes sure your company continues to operate in the face
of disaster. This is known as a ________.
Question 72 Forensics and incident response are examples of
___________ controls.
Question 73 ___________ is the likelihood that a particular threat
exposes a vulnerability that could damage your organization.
Question 74 An intrusion detection system (IDS) is an example
of ___________ controls.
Question 75 What term is used to describe something built in
or used in a system to address gaps or weaknesses in the
controls that could otherwise lead to an exploit?
Question 76 A(n) ________ is a measurable occurrence that has an
impact on the business.
Question 77 A company can discontinueor decide not to enter a
line of business if the risk level is too high. This is categorized
as ________.
Question 78 A threat source can be a situation or method that
might accidentally trigger a(n) ____________.
Question 79 An organization knows that a risk exists and has
decided that the cost of reducing it is higher than the loss would
be. This can include self-insuring or using a deductible. This is
categorized as ________.
Question 80 A _________ determines the extent of the impact that
a particular incident would have on business operations over
time.
61. Question 81 In a ________, the cryptanalyst possesses certain
pieces of information before and after encryption.
Question 82 A ________ is an encryption key used to encrypt other
keys before transmitting them.
Question 83 What term is used to describe an encryption
algorithm that has no corresponding decryption algorithm?
Question 84 What name is given to an object that uses
asymmetric encryption to bind a message or data to a specific
entity?
Question 85 _______________ enables you to prevent a party from
denying a previous statement or action.
Question 86 What name is given to random characters that you
can combine with an actual input key to create the encryption
key?
Question 87 What is meant by key distribution?
Question 88 What name is given to an encryption cipher that is
a product cipher with a 56-bit key consisting of 16 iterations of
substitution and transformation?
Question 89 The most scrutinized cipher in history is the
________.
Question 90 ________ is a one-way calculation of information that
yields a result usually much smaller than the original message.
Question 91 Which of the following is the definition of network
address translation (NAT)?
62. Question 92 A firewall that examines each packet it receives
and compares the packet to a list of rules configured by the
network administrator is the definition of ________.
Question 93 Which OSI Reference Model layer creates,
maintains, and disconnects communications that take place
between processes over the network?
Question 94 What term is used to describe the current
encryption standard for wireless networks?
Question 95 Which OSI Reference Model layer uses Media
Access Control (MAC) addresses? Device manufacturers assign
each hardware device a unique MAC address.
Question 96 What name is given to a protocol to implement a
VPN connection between two computers?
Question 97 Which OSI Reference Model layer includes all
programs on a computer that interact with the network?
Question 98 A method to restrict access to a network based on
identity or other rules is the definition of ________.
Question 99 A method to restrict access to a network based on
identity or other rules is the definition of ________.
Question 100 What term is used to describe a method of IP
address assignment that uses an alternate, public IP address to
hide a system’s real IP address?
Question 101 Malicious code attacks all three information
security properties. Malware can modify database records
either immediately or over a period of time. This property is
________.
63. Question 102 Malicious code attacks all three information
security properties. Malware can erase or overwrite files or
inflict considerable damage to storage media. This property is
________.
Question 103 ________ counter the ability of antivirus programs
to detect changes in infected files.
Question 104 Another way that malicious code can threaten
businesses is by using mass bulk e-mail (spam), spyware,
persistence cookies, and the like, consuming computing
resources and reducing user productivity. These are known as
________.
Question 105 One of the ways that malicious code can threaten
businesses is by causing economic damage or loss due to the
theft, destruction, or unauthorized manipulation of sensitive
data. These are known as ________.
Question 106 Which of the following describes the Internet
Engineering Task Force (IETF)?
Question 107 The ________________ is a subcommittee of the IETF
that serves as an advisory body to the Internet Society (ISOC). It
is composed of independent researchers and professionals who
have a technical interest in the well-being of the Internet.
Question 108 The ________ is the main United Nations agency
responsible for managing and promoting information and
technology issues.
Question 109 The __________ is a national program that empowers
and encourages excellence among U.S. organizations, including
manufacturers, service organizations, educational institutions,
health care providers, and nonprofit organizations.
64. Question 110 The ________ is a U.S. standards organization whose
goal is to empower its members and constituents to strengthen
the U.S. marketplace position in the global economy, while
helping to ensure the safety and health of consumers and the
protection of the environment.
Question 111 The four main areas in NIST SP 800-50 are
awareness, training, education, and __________________.
Question 112 With university doctoral programs, completing
the degree requirements takes ________.
Question 113 What name is given to educational institutions
that meet specific federal information assurance educational
guidelines?
Question 114 Obtaining the coveted CAE/IAE or CAE/R
designation means the curriculum and research institutions
meet or exceed the standards defined by the _______.
Question 115 One type of degree that many institutions offer is
the associate’s degree. This degree is the most accessible
because it generally represents a _________ program.
Question 116 The ____________ concentration from (ISC)2 is the
road map for incorporating security into projects, applications,
business processes, and all information systems.
Question 117 The four main credentials of the ________ are
Systems Security Certified Practitioner (SSCP®), Certified
Information Systems Security Professional (CISSP®), Certified
Authorization Professional (CAP®), and Certified Secure
Software Lifecycle Professional (CSSLP®).
Question 118 Which is the highest level of Check Point
certification for network security?
65. Question 119 CompTIA’s Security+ certification provides
________.
Question 120 (ISC)2 offers the ________________ credential, which is
one of the few credentials that address developing secure
software. It evaluates professionals for the knowledge and
skills necessary to develop and deploy secure applications.
Question 121 ____________ creates standards that federal agencies
use to classify their data and IT systems.
Question 122 Under HIPAA, an organization that performs a
health care activity on behalf of a covered entity is known as
a(n) ________.
Question 123 Tier C violations under the HITECH Act are
________.
Question 124 The regulating agency for the Federal
Information Systems Management Act is the ________.
Question 125 What is meant by protected health information
(PHI)?