Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Risk_MGMT_participat
| Question | Answer |
|---|---|
| Please explain what is substitution and transposition with example | Substitution: one letter or bit is changed, key is always constant Transposition: Taco key 3 = otac |
| How to realize digital signature with hash algorithm and public key algorithm | sender should first generate a hash value of the message. Then the sender should sign the hash value with his private key -receiver should first decrypt the digital signature with the sender's public key. |
| Please explain how to do a direct and indirect DOS attack. Explain what is reflected DOS attack with example | Attacker direct send SYN to the victim Attacker sends the flood to bot, then the bot sends that to the victim Attacker sends SYN with fake IP to the victim, the victim sends the SYN ACK to the real victim |
| How to reduce the DOS attack | Black holing Validate the SYN rate limiting |
| Please explain what is ARP poisoning. And how to prevent it | IP address to MAC address storage information is manipulated to reroute network traffic. It can be used for the man in the middle attack. Prevention: Static ARP table, Limit the local access |
| What protocol you can use to achieve workgroup switch authentication. What method you can use for wireless access authentication | EAP or Radius WEP and WPA |
| What is AAA and explain correspondingly | Authentication: identifying who you are Authorization: what you can do Auditing: record what you did |
| What are the four authentication credentials and explain that with examples? | i. What you know (e.g., a password) ii. What you have (e.g., an access card) iii. What you are, or (e.g., your fingerprint) iv. What you do (e.g., speaking a passphrase) |
| Please list at least four main types of Biometric Scanning and list the four main aspects related to Biometric Performance | -fingerprint, hand geo, retina, iris -enrollment, throughput, FAR, FRR |
| what is least privilege in the authorization? | Initially give people only the permissions a person absolutely needs to do his or her job |
| Please list the three access control (authorization) model | DAC, MAC, RBAC |
| If there are too much log information, what you need to do for the configuration. Could you example to explain that. | Setting up the clipping level. For example, I only log the activity that users fail for three times. |
| please differentiate security policy, procedure, standard, regulation and guideline through definition | security policy: company statement on security procedure: specifications standard: mandatory implementation guidance regulation: requirements for corporate security guideline: discrete implementation guidance |
| Suppose university network is under the same attack 2 times a year, each attack will lose 20% of the network value. The network value is about 10,0000 dollar. How much is the SLE value of this risk | Asset value(AV) * Exposure Factor (EF) = Single Loss Expectance (SLE) Therefore: (2 * .20) * 100,000 = 40,000 |
Created by:
ITSec_guy
Popular Computers sets