The document provides instructions for essay questions spanning four weeks, focusing on topics in cryptography, network security, risk analysis, data classification, and asset protection. Each week's questions require concise answers of about 150 words, addressing various aspects of security protocols, cryptographic algorithms, risk assessment methods, and the importance of physical security measures. Additionally, the document outlines the significance of secure remote access protocols and the role of network services in communications.

1. WEEK 3 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then
submit to the
appropriate assignment folder. Each response to a single essay
question should
be about a half-page in length (about 150 words).
1. Cryptographic algorithms provide the underlying tools to
most security
protocols used in today’s infrastructures. The choice of which
type of
algorithm depends on the goal that you are trying to accomplish,
such as
encryption or data integrity. These algorithms fall into two main
categories:
symmetric key and asymmetric key cryptography. In this essay,
please
discuss the strengths and weaknesses of symmetric key
cryptography and
give an example of where this type of cryptography is used.
Then discuss
the strengths and weaknesses of asymmetric key cryptography
and give an
example of where this type of cryptography is used.
2. Cryptography has been used in one form or another for over
4000 years
and attacks on cryptography have been occurring since its
inception. The
type of people attempting to break the code could be malicious
in their

2. intent or could just be trying to identify weaknesses in the
security so that
improvements can be made. In your essay response, define
cryptanalysis
and describe some of the common cryptanalytic techniques used
in attacks.
3. Many people overlook the importance of physical security
when addressing
security concerns of the organization. Complex cryptography
methods,
stringent access control lists, and vigilant intrusion
detection/prevention
software will be rendered useless if an attacker gains physical
access to
your data center. Site and facility security planning is equally
important to
the technical controls that you implement when minimizing the
access a
criminal will have to your assets. In your essay response, define
CPTED and
describe how following the CPTED discipline can provide a
more aesthetic
alternative to classic target hardening approaches. Make sure
that the
three CPTED strategies are covered in your response.
WEEK 1 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then
submit to the
appropriate assignment folder. Each response to a single essay

3. question should
be about a half-page in length (about 150 words).
1. In this week’s readings, you learned about two methods of
risk analysis:
quantitative assessment and qualitative assessment. Explain the
steps
taken to assess a risk from a quantitative perspective where
monetary and
numeric values are assigned and discuss the formulas used to
quantify risk.
Then, explain the methods used to assess risk from a qualitative
perspective where intangible values are evaluated such as the
seriousness
of the risk or ramifications to the reputation of the company.
2. Domain 1 introduced numerous security terms that are used
in assessing
risk. Please define the terms vulnerability, threat, threat agent,
risk,
exposure and control. Then, describe the three different control
types and
give examples for each.
3. After you’ve conducted your risk assessment and determined
the amount

4. of total and residual risk, you must decide how to handle it.
Describe the
four basic ways of handling risk.
WEEK 2 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then
submit to the
appropriate assignment folder. Each response to a single essay
question should
be about a half-page in length (about 150 words).
1. Not all information has the same importance and value to a
company. How
data is classified is an important factor used in determining the
amounts of
funding and resources that should be applied to protecting each
type of
data. Describe the data classification levels within commercial
and military
organizations and provide examples of the types of information
that would
be classified at each classification level.

5. 2. It takes a team of individuals throughout the organization
working together
to safeguard the integrity and confidentiality of data resources.
Describe
the layers of responsibility within an organization when it
comes to asset
security and data protection. For each role, discuss their
responsibility
within the organization for asset security.
3. The architecture of a computer system is very important and
comprises
many topics. The system must ensure that memory is properly
segregated
and protected, ensure that only authorized subjects access
objects, ensure
that untrusted processes cannot perform activities that would
put other
processes at risk, control the flow of information, and define a
domain of
resources for each subject. It also must ensure that if the
computer
experiences any type of disruption, it will not result in an
insecure state.
Many of these issues are dealt with in the system’s security

6. policy, and the
security mode is built to support the requirements of this policy.
Explain
the concept of a trusted computing base and describe how it is
used to
enforce the system’s security policy. Provide examples of
specific elements
(hardware, software or firmware) in the architecture of the
computer
system could be used that provide security within the TCB.
WEEK 4 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then
submit to the
appropriate assignment folder. Each response to a single essay
question should
be about a half-page in length (about 150 words).
1. Communications within a computer network rely on
numerous
components for data to traverse from the initial sender of a
message or file
to the receiver at the distant end of the communication path. In
addition to
the media that the data travels across, the devices that guide the
data
packets through the network, and the protocols that establish

7. end-to-end
connectivity and negotiate the communication, network services
play a
critical role in providing the necessary addressing and name
resolution
services. Describe the following services and their role in
network
communications: ARP, DHCP, ICMP, SNMP, and DNS.
2. Modern organizations rely on the Internet for information and
research
necessary to stay competitive but this access can come with
significant risk
if they don’t take the necessary steps to safeguard their internal
resources
from outside attackers. In this week’s reading, various types of
firewalls and
firewall configurations were discussed. Describe the terms
bastion host,
DMZ, dual-homed firewall, screened host, and screened subnet
and their
roles in firewall architectures.
3. Many organizations employ a mobile workforce and/or
provide the option
of telework to their employees to allow them to work from
home. In both
situations, a secure means of accessing the corporate network
remotely
must be provided. Discuss the four main tunneling protocols
used to
provide virtual private network access between remote users and
their
corporate network.