WK - 7
1. Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Student>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Testing & monitoring Security Controls
Part 1: Identify Types of Security Events and Baseline Anomalies That Might Indicate Suspicious Activity.
Different traffic patterns can be a red flag when it comes to ident
Unit 3 Work
1. Access Controls:
1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access.
Administrative Controls; Hardware Controls; Software Cont
1. What is a policy? Give an example of an information systems security policy.
2. What is a Standard? Give an example of an information systems security standards.
3. What is a Procedure?
4. What is a Guideline?
Unit 10: Examine Real-World Implementations of Security Standards and Compliance
1. Childrens Internet Protection Act (CIPA)
The Childrens Internet Protection Act (CIPA) was enacted by Congress in 2000 to address co
12-12-13 to 3-6-14
WK 1 Through 10
Confidentiality, Integrity and Availability (CIA):
CH 1: PG: 10 to 14
A. What is it?
You may have heard information security specialists referring to the "CIA" - but they're usually not talking about
WK - 6
Lab - 6
1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)?
Risk analysis is identifying the potential threats along with associated vulnerabilities to the organizatio
WK 6 / PT2580
BUSINESS CONTINUITY PLAN & TESTING FOR IMPLEMENTATION
All institutions are required to develop, maintain, and test a business continuity plan. These plans enable mission
critical systems and functions to b
Security Domains And Strategies
Project Part 1: Multi-Layered Security Plan:
When developing a multi-layered security plan, you must look at each of the
seven domains of the IT infrastructure and increase security on each of those
domains. Increasing the
SUMMARY REPORT ON A
MALICIOUS CODE ATTACK
NT 2580 UNIT 9 Assignment 2 Mr Hagood
Summary of Malicious Attack
The CIH virus (which also has names known as CIH, Space filler, and
Win32.CIH, and Chernobyl) is a virus that was developed
WHAT ARE THE PHASES
OF A COMPUTER ATTACK
NT2580 Week 9 Mr. Hagood
What are the phases of a computer attack?
Phase I: Reconnaissance Probing
During the first phase of a computer attack, the attacker will gather as much
Unit 9: Workstation Domain Anti-virus and Anti-malware Policy
Anti-Malware efficiently detects and removes malware from laptops and desktops with a single scan. Viruses,
spyware, keystroke loggers, Trojans and ro
1. What is the main difference between Trojan and a Virus?
A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan
horse, at first glance will appear to be useful s
a person who uses
something, esp. a
computer or other
and more powerful
than a personal
Exercise 1: Definitions
1. Backdoor: an undocumented and often unauthorized access method to a computer
resource that bypasses normal access controls.
2. Black-hat Hacker: a computer attacker who tries to break IT securi
1. Backdoor: undocumented and often unauthorized access method to a computer
resource that bypasses normal access controls.
2. Cookies: A text file sent from a web site to a web browser to store for later u
LAB - 2
1. Screen shots
LAB 2, Assessment and Questions:
1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use
this type of application.
Port scanning and passive OS fingerprinti
Lab 3 Questions:
1. What are the three fundamental elements of an effective access control solution for information
Identification, Authentication, and Authorization
2. What two access controls can
Lab 4 Questions
1. Define why change control management is relevant to security operations in an organization.
It is a systematic approach to managing all changes made to a product or system. The purpose is
Remote Access Policy
Draft Date: 1-16-2014
The purpose of this policy is to define standards for connecting to TADR Inc.s network from any host. These
standards are designed to minimize the potential exposure to TADR Inc. from damages which may
Acceptable Use Policy
Author: Cuneo, Thomas
Date Created: 1-16-2014
JR. Admin Spec
SR. IT Admin
16 Jan 2014
16 Jan 20
In Class Assignment: Encryption Types
1. Data Encryption Standard (DES):
The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are block cipher
designs which have been designated cryptography standa
LAB 7 Questions:
Windows Encryption and Hashing to Confidentiality & Integrity
1. Which Key do you provide anyone you want to encrypt messages with private or public keys or both?
The public key is always provided as part
Unit 8, Assignment 1:
Select one layout and devise three strategies for hardening the network environment throughout the seven domains
of a typical IT Infrastructure.
Network Layout 4: VPN
# 6: Remote Ac
LAB 8 Assessment Questions and Answers:
1. Why is it critical to perform a penetration test on a web application prior to production
To make sure no one can penetrate your web application before you put it
AND COMPLIANCE LAWS
NT2520 Week 10 Mr Hagood
EXAMINE REAL-WORLD IMPLEMENATATIONS OF SECURITY STANDARDS AND
CIPA stands for The Children's Internet Protection