When developing a multi-layered security plan, you must look at each of the seven
domains of the IT infrastructure and increase security on each of those domains.
Increasing the security on each of those seven domains will increase the overall
1. Why is it critical to perform a penetration test on a web application prior to
Answer: To make sure no one can penetrate your web application before you put
it in a live situation
2. What is cross-site scripting attack? Expla
1. What is the Policy? Give an example of an information systems security policy.
Answer: A document that states how an organization is to perform and conduct
business functions. Example: Every device connected to the Richman
Investments network must comp
1. What is the main difference between a Trojan and a Virus?
Answer: A Virus requires user to execute it and it replicates itself. Trojan does not
require user to execute it because Trojan look like legitimate hiding it malicious intent
and cannot reprodu
1. Which key do you provide anyone you want to encrypt messages with private or
public key or both?
Answer: Public Key
2. What does GPG allow you to do once it is installed?
Answer: Transfer keys and Encrypt and Decrypt
3. Name 2 different types of encryp
1. What is different between a risk analysis (RA) and a business impact analysis
Answer: Risk analysis is the process of defining and analyzing the dangers to
individuals, business, and government agencies posed by potential natural and
1. What is the purpose of the address resolution protocol (ARP)?
Answer: The purpose of Address Resolution Protocol (ARP) is to resolve an IP address to
the physical address.
2. What is the purpose of the dynamic host configuration protocol (DHCP)?
Richman Investments at all times is to establish acceptable and unacceptable use of
electronic devices and network resources. All employees of Richman Investments must
comply with the rules and regulations for use of the Internet, sending
1. Define why change control management is relevant to security operations in an
Answer: Change control is a systematic approach to managing all changes made
to a product or system. The purpose is to ensure that no unnecessary changes
1. What are the three fundamental elements of an effective access control
solution for information systems?
Answer: Identification, Authentication, Authorization.
2. What two access controls can be setup for a Windows Server 2003 folders
1. What is the application ZenMap GUI typically used for? Describe a scenario in
which you would use this type of application. Zen Map is used to scan a network to
see what Internet Protocols and what IP addresses are on the network. You would
use this to
1. Violation of a security policy by a user. RISK
Place employee on probation, review acceptable use policy (AUP) and employee
manual, and discuss status during performance reviews.
2. Disgruntled employee sabotage. RISK
Track and monitor abnormal employe
Network Behavior Anomaly Detection (NBAD) is a safety technique used in monitoring
network for signs of bizarre activity. This program is enacted by establishing a baseline,
overseeing at in situations of normal network and user behavioral characteristics