100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Download Solutions Manual - Web Security for Network and System Administrators,Mackey $25.49   Add to cart

Exam (elaborations)

Download Solutions Manual - Web Security for Network and System Administrators,Mackey

 15 views  0 purchase

- This guide includes solutions to the textbook exercises and problems - Answers are verified and accredited by a team of textbook authors - Download immediately after purchase - Satisfaction guaranteed

Preview 2 out of 15  pages

  • September 2, 2024
  • 15
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
book image

Book Title:

Author(s):

  • Edition:
  • ISBN:
  • Edition:
All documents for this subject (1)
avatar-seller
TestBank4Textbooks
Solutions Manual for th’e textbook 1




Ch. 1

Exam Preparation
1. C) Inventorying an’d listing all existing security controls falls int’o Evaluate existing business controls
step.
2. B) Determining system values falls int’o th’e Analyzing, prioritizing an’d categorizing assets step.
3. D. A good security plan should be flexible, scalable, easy t’o use, an’d updated at least annually.
4. A) Read th’e existing security policies an’d processes is th’e first step of th’e risk assessment process.
5. A) A security policy should be reviewed at least annually.
6. D. A good password policy considers history, minimum length, th’e use of letters, numbers, an’d
punctuation.
7. D. ProSoft Training administers th’e CIW certification an’d exams.
8. D. CIA triad stands for Confidentiality, Integrity, an’d Availability.

Review
1. C) Th’e PPP triad stands for Physical Security, Privacy, an’d Marketplace perception.
2. physical security, User ID an’d rights management, network security, system security, authorized
testing, auditing procedures
3. Single Loss Expectancy (SLE) is equal t’o th’e asset’s value times th’e Exposure Factor (EF). Th’e
first component of SLE, th’e asset value, is th’e total monetary amount determined fro’m th’e TCO, th’e
internal values, an’d external values listed in th’e previous sections. Th’e second component, Exposure
Factor (EF), is th’e percentage of asset loss that is expected fro’m a particular threat.
4. Annualized Rate of Occurrence (ARO) is th’e estimated frequency that a particular threat may occur
each year. Th’e frequency is an educated guess based on a number of factors, including: How lucrative
a target th’e information poses t’o outsiders, Th’e level of difficulty of performing a particular attack.
For example, are ready-made tools built that can perform th’e attack automatically? Does an attack
require intimate knowledge of th’e network configuration? Th’e security defenses deployed within th’e
environment, Th’e number of abusers who can potentially cause damage
5. Fals’e. EF is th’e percentage of loss that is expected fro’m a particular threat.
6. C) Th’e password policy is usually contained within th’e body of th’e security policy.
7. User ID an’d rights management – access controls should cover th’e expected data access.
8. Th’e Systems section should list specific security controls for th’e platforms used within th’e
environment.
9. ISC2 administers both th’e CISSP an’d SSCP exams.
10. www.cert.org, www.sans.org
11. Tru’e, part of a physical security control may be t’o restrict access t’o th’e floppy drives of your critical
systems.
12. Tru’e, part of th’e security tools section should name those groups or individuals who are authorized t’o
perform testing.
13. In th’e rush t’o protect data fro’m theft or mischief, organizations often trample on th’e rights of
individuals t’o keep their own data private. For example, customers may not want a company t’o use
their names an’d addresses for marketing purposes. An’d customers certainly do not want their financial
information released t’o unknown organizations. A comprehensive security strategy should take int’o
account th’e privacy of employees, customers, an’d other organizations.

, Solutions Manual for th’e textbook 2




14. Yes, it is important t’o have th’e tools an’d processes in place t’o check that these policies are followed.
15. B) Vulnerability testing methodology is not a covered domain on th’e CISSP exam.



Ch. 2

Exam Preparation
1. C) Fixing th’e issue, mitigating th’e exposure or accepting th’e risk are all outcomes of th’e Security
Issue Management process.
2. A) Fixing th’e issue, mitigating th’e exposure or accepting th’e risk are all outcomes of th’e Security
Issue Management process.
3. D. Qualitative an’d Quantitative are th’e two major types of risk assessment methods.
4. B) Staying calm in th’e face of a security incident cannot be overstated. Consider this step one of th’e
plan.
5. A) Th’e C&C team’s main function is t’o coordinate incident response activities.
6. D. Host IDS software is recommended for High risk systems.
7. D. All listed security controls are recommended for High risk systems.
8. D. Th’e banner should serve as a “no trespassing” sign an’d should not give away details about th’e
server.
9. B) Interviewing suspects should be left t’o law enforcement agencies.
10. C) Th’e evidence should generally only be numbered, signed, an’d dated t’o record only relevant facts.

Review
1. First, it allows an organization t’o mobilize all employees in th’e fight against abusers. Second,
effective education informs employees on where t’o find th’e corporate security policies. Third,
education clearly defines employees’ responsibilities in adhering t’o security guidelines. An’d finally,
an’d most importantly, an effective education plan outlines th’e security guidelines that relate t’o an
employee’s joB)
2. A) Th’e categories of security controls are: preventive, detective, an’d corrective
3. Th’e five steps in th’e vulnerability management process are:

a. Receive th’e necessary advisories in a timely manner. Once a software problem is announced t’o
th’e general public, it is only a matter of time before attackers start building automated tools t’o
exploit th’e bug.
b. Assess th’e advisory an’d determine whether th’e publicized problem poses a threat t’o th’e
organization. If th’e organization does not use th’e software or does not have th’e particular
versions installed, disregard an’d archive th’e advisory for future reference.
c. Using predefined criteria documented within th’e security policy, assess how quickly th’e
patch(es) must be installed on affected systems. For example, systems connected t’o th’e
Internet should be addressed much more quickly than those on an intranet, an’d business-critical
systems should be fixed sooner than noncritical systems. These deadlines should be documented
an’d applied consistently throughout th’e environment. In basic terms, th’e higher th’e threat or
possible loss fro’m th’e exploit, th’e quicker fixes should be implemented.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TestBank4Textbooks. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $25.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72042 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$25.49
  • (0)
  Add to cart