IT Security Questions and Answers, Assignments of Computer Science

Download IT Security Questions and Answers and more Assignments Computer Science in PDF only on Docsity! IT 279 UNIT 5 ASSIGNMENT 2 / Unit 5 Assignment Purdue University Global IT279 CISSP II 1. Which characteristic of PGP is different from the use of formal trust certificates? A. The use of Certificate Authority servers. B. The establishment of a web of trust between the users. C. The use of trust domains by the servers and the clients. “Phil Zimmerman’s Pretty Good Privacy (PGP) secure email system appeared on the computer security scene in 1991. It combines the CA hierarchy described earlier in this chapter with the ‘web of trust’ concept- that is, you must become trusted by one or more PGP users to begin using the system” (Chapple, Stewart, & Gibson, 2018, p. 255). 2. Users access your network using smart cards. Recently, hackers have uncovered the encryption key of a smart card using reverse engineering. Which smart card attack was used? A. Fault generation B. Microprobing C. Software attack “A fault attack is an attack on a physical electronic device (e.g., smartcard, HSM, USB token) which consists in stressing the device by an external mean (e.g., voltage, light) in order to generate errors in such a way that these errors leads to a security failure of the system (key recovery, ePurse balance increase, false signature, PIN code recovery…)[ CITATION Oli11 \l 1033 ]. 3. Your organization has decided to use one-time pads to ensure that certain confidential data is protected. All of the following statements are true regarding this type of cryptosystem, EXCEPT: IT 279 UNIT 5 ASSIGNMENT 3 / A. Each one-time pad can be used only once. B. The pad must be made up of sequential values. C. The pad must be as long as the message. “The one-time pad must be randomly generated. The one-time pad must be physically protected against disclosure. Each one-time pad must be used only once. The key must be at least as long as the message to be encrypted” (Chapple, Stewart, & Gibson, 2018, p. 211). 4. Which of the following types of access control attacks against passwords contain all possible passwords in a hash format? A. Brute force attacks B. Rainbow tables C. Dictionary attacks IT 279 UNIT 5 ASSIGNMENT 6 / “Risk analysis identifies risk, quantifies the impact of threats, and aids in budgeting for security. It helps integrate the needs and objectives of the security policy with the organization’s business goals and intentions. The risk analysis/risk assessment is a ‘point in time’ metric. Threats and vulnerabilities constantly change, and the risk assessment needs to be redone periodically in order to support continuous improvement” (Stewart, Chapple, & Gibson, 2018, p. 83). B. When it comes to risk mitigation, which risk countermeasure involves not even taking the chance with the risk? A. Risk acceptance B. Risk transference C. Risk avoidance “Assigning risk or transferring risk is the placement of the cost of loss a risk represents onto another entity or organization. Purchasing insurance and outsourcing are common forms of assigning or transferring risk” (Stewart, Chapple, & Gibson, 2018, p. 76). C. In terms of risk analysis and dealing with risk, which of the three common ways listed below is the practice of coming up with alternatives so that the risk in question is not realized? A. Acceptance B. Transference C. Avoidance “Risk avoidance is the process of selecting alternate options or activities that have less associate risk than the default, common, expedient, or cheap option” (Stewart, Chapple, & Gibson, 2018, p. 77). IT 279 UNIT 5 ASSIGNMENT 7 / References Chapple, M., Stewart, J. M., Gibson, D. CISSP: Certified Information Systems Security Professional Official Study Guide. [Purdue University Global Bookshelf]. Retrieved from https://purdueuniversityglobal.vitalsource.com/#/books/9781119475873/ Benot, O. (2011). Fault Attack. Retrieved from Encyclopedia of Cryptography and Security: https://link.springer.com/referenceworkentry/10.1007%2F978-1-4419- 5906-5_505 IT 279 UNIT 5 ASSIGNMENT REPORT CARD Total number of Quiz taken: 6 Total number of Questions taken 1365 Total number of Answers provided 1318 Total Unique Question Taken 793 Please select a certification then click on the OK button: — Select Cert