Devry Sec 360 Final Exam Essay example

954 Words Dec 15th, 2015 4 Pages
Devry SEC 360 Final Exam
IF You Want To Purchase A+ Work then Click The Link Below For Instant Down Load IF You Face Any Problem Then E Mail Us At JOHNMATE1122@GMAIL.COM
Page 1 Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)
Preventive, detective, and responsive
Prohibitive, permissive, and mandatory
Administrative, technical, and physical
Management, technical, and operational
Roles, responsibilities, and exemptions Question 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information
…show more content…
(TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)
Layer 1
Layer 2
Layer 3
Layer 4/7 applications Question 14.14. (TCO 12) The two standard approaches to intrusion detection are _____ and _____. (Points : 5) access control, firewall anomaly, rule policy, label role, account user, program Question 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points : 5)
Improved performance
Increased availability
Greater versatility
Efficient business models
Page 2 Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points : 15) Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls--prevention, detection, and recovery. (Points : 15) Question 3. 3. (TCO 3) Briefly explain how defense in depth is a management strategy for security. (Points : 15) Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system.

Related Documents