1. Brieflylist two predominant reasons for the difficulty in defending against IT related attacks?
2. List two of the larger cyber terrorism targets. Why are they targets and for what?
3. To justify your large IT budget, you quote to the CFO that what percentage of attacks often happen from within an organization:___________
4. Phishing - malware or social engineering ? Why ?
5. List 3 good defenses against web application attacks?
6. What is a Denial of Service Attack, and what does an end user experience when one occurs ?
7. What is a vulnerability scan ?
8. Your CFO asks what $10,000 for "Penetration Testing" is for. You say:
9. List two physical securities for devices (where large or small)
10. Of the 4 major ways to secure an OS, list two
11. In the principle behind setting up reverse proxy servers, what is hidden from the outside world and potential attack ?
12. What is a DMZ, and what is a good use of one?
13. VLAN, explain why a useful security tool.
14. What is a good port security technique?
15. Wireless Access Point Security. How would you demonstrate to your leadership that you've made good attempts to secure the access to them. List 2 methods.
16. What is the relationship between Active Directory and Group Policy in the Windows World ?
17. Why would a hacker use a rainbow table?
18. Biometric authentication, foolproof Y or N, Why ?
19. Encryption of a hard disk possible via what methods (Hardware, Software or Both)?
20. This is an IT Security Class, what about Business Continuance is important?
21. Privileges - Once set, they usually do not change. T or F? Why?
22. Acceptable Use Policy. It's usually part of a more comprehensive security policy. What is it used for?