Using facial recognition and password

FIND A SOLUTION AT Academic Writers Bay

[Choose]
1. Use a third party
2. Reduce risk to zero (usually by denying access to a system)
3. Employ the control
4. Do not employ the control
1. Which of the following best describes economy of mechanism?
• Door locks stay open when power is on
• Security should be complex to defend against attack
• Door lock stay closed when power is off
• Security should be simple so that less errors can be made
2. Which of the following best represents defence in depth?
• Setting a mantrap deep enough that both doors can be reached at once
• Using either facial recognition or password
• Using facial recognition and password
• Using the plenum space to hide pinhole cameras
3. Which of the following best represents identification?
• Has rights to perform tasks or access data
• Has responsibility for a component of an information system
• Assuring that each principal is who they claim to be
• Assuring that a neutral third party transaction or event did (or did not) occur
4. Prospect theory finds that most people are ………………..?
• risk seeking
• risk averse
• risk neutral
• psyhologically incapable of rating outcomes
5. It has been found that most people will weight a loss,
• The same as a gain
• One third as much as a gain
• Half as much as a gain
• Twice as much as a gain
6. Give the best match of the following options with their descriptions
• Transfer ( )
• Avoid ( )
• Accept ( )
• Mitigate ( )
7. Which part of the CIA triangle is most affected by a DoS attack?
• I
• None of the other options
• A
• C
8. Which of the following is most correct?
• Over time, attacks have become more sophisticated, but require less intruder knowledge.
• Password guessing requires high intruder knowledge and is a highly sophisticated attack.
• Self-replicating code is a relatively new form of attack
• Over time, attacks require more hacker knowledge as they have become more sophisticated.
[Choose]
1. Database command send with extra command contained inside
2. Send data outside the range accepted by the receiving computer
3. unsolicited email
4. Link with close address, often used in email
9. Find the closest matching description to the attack
• Spam ( )
• URL Spoof ( )

SQL Injection (
Buffer Overflow (
)
• )
10. Technically, the acronym VPN represents,
• A server for making web traffic anonymous
• A network established by a Telco to cover a city or a wider area
• A website to entice potential hackers
• An encrypted ‘tunnel’ on a network (typically the Internet)
11. Which of the following devices has the following capabilities
1) can learn MAC addresses on the local network
2) use full duplex
• Router
• Hub
• Switch
• Modem
12. While of the following physical systems have been used to convey IP packets?
• Ethernet
• All the other options are correct
• Coaxial cable
• Homing pigeons
13. Which of the following best describes ARO?
• The monetary loss or impact of each occurrence of a threat
• The frequency with which an event is expected to occur on an annualized basis
• A measure of the magnitude of loss of an asset. It is used in the calculation of single loss expectancy
• The estimate of how much an event is expected to cost per year
14. Which of the following best describes SLE?
• The estimate of how much an event is expected to cost per year
• A measure of the magnitude of loss of an asset. It is used in the calculation of single loss expectancy
• The frequency with which an event is expected to occur on an annualized basis
• The monetary loss or impact of each occurrence of a threat
15. Suppose the loss from a single attack (before or after control) is $10,000. However, after implementing a
control, the expected rate of attack changed from two per year to one every 5 years. Suppose the control costs
25,000 (to be depreciated evenly to zero over 5 years). What is the CBA for the threat and control
combination?
• $7,000/yr
• $5,000/yr
• $13,000/yr
• $21,000/yr
16. Suppose that a control has zero cost, but it does mitigate some of the risk. Supposed that the cost/benefit
analysis is simply calculated as, CBA=ALE(prior)-ALE(post)-ACS where ACS is the annualized cost of the
safeguard. The CBA is then……………?
• Impossible to tell without further information
• Negative
• Positive
• Zero
17. Which of the following best describes quantitative risk assessment?
• The process of numerically measuring the impact of an event and its ongoing likelihood to determine
the impact of an event on a project, program, or business
• The decision-making process of identifying threats and vulnerabilities and their potential impacts
• A measure to detect, prevent, or mitigate the risk associated with a threat
• The process of analysing an environment to identify the threats, vulnerabilities, and mitigating actions to
determine the impact of an event on a project, program, or business
18. Which of the following is most correct about NIST and ISO standards?
• NIST is freely available while ISO is not
• ISO standards deal exclusively with security and/or risk analysis
• ISO is a lower level standard than NIST, with deeper levels of technical detail
• NIST standards deal exclusively with security and/or risk analysis
19. Which of the following steps best characterises risk analysis?
• Specify vulnerable assets.
• Calculate relative risk factor for assets.
• Inventory & prioritize assets.
• Identify & prioritize threats
20. In PKI, decommissioning public keys is most often associated with,
• The updating of public keys
• The deletion of a node from communication
• The updating of session keys
• The deletion of a user’s rights to use the PKI system
21. Bruce Schneier………………………
• Claims that “obscurity means insecurity.”
• Claims that encryption algorithms must be closely guarded.
• Advocates “security by obscurity” in all cases.
• Advocates biometrics rather than encryption.
22. Which of the following is needed as part of the system to avoid man-in-the-middle attacks?
• All the other options are correct
• CA
• PKI
• TTP
23. Which of the following best matches the meaning of steganography?
• The process of cryptanalysis.
• The process of hiding messages in a picture or graphic.
• The entire range of values that can be used to construct a key.
• The amount of work needed to perform cryptanalysis.
24. Which of the following is NOT a typical aspect of the key distribution problem?
• It depends on security through obscurity
• Is more a problem for symmetric key encryption as opposed to asymmetric
• Is a problem of a large number of keys
• It is a problem of distribution of keys out of band
25. Which of the following most applies to a security program policy?
• It sets the strategic direction, scope, and tone for all security efforts within the organization
• It lists rules such as ACL lists
• It contains guidelines to support routine operations, and to instruct employees to use technologies and
processes properly
• It details what to do in case of specifc violations of policy
26. A general security policy is also known as
• Information security policy
• IT security policy
• SPP
• All the other options
27. Which of the following is most likely to contain specific statements of instructions?
• Policies
• Procedures
• Processes
• Standards
28. Which of the following is the best predefine indicator of an incident?
• Violation of policy
• Unknown programs or processes
• Presence of unfamiliar files
• Activities at unexpected times
29. Which is most accurate?
• contingency planning documentation must contain all the technical details of an incident
• the involvement of law enforcement improves the organisation’s control over events
• crisis management requires the skills of a computer forensics expert
• the organization decides which incidents are to be classified as disasters
30. Which of the following is true of the IR/DR documentation
• All the other options are correct
• It should be clearly marked on the spine
• It should contain full details of the incident/disaster
• The drafting should be driven by technical staff
31. What usually most determines an upgrade from a disaster to BC?
• If the event requires a warm site
• If the event can’t be resolved in the primary premises
• If the event can’t be resolved in the time frame of the event
• If the event requires a hot site
32. What is needed to make a mantrap usable?
• There must be no entry point through the ceiling
• Only the inner door needs to be locked
• Custodial staff must keep the area tidy
• A person should not be trapped unattended
33. A ‘sag’ is a,
• momentary drop in power voltage levels
• prolonged interruption in power
• momentary interruption in power
• prolonged drop in power voltage levels
34. A soda acid system works by depriving a fire of which element of the fire triangle?
• Oxygen
• Heat
• Water
• Fuel
35. A powered door lock is fail safe if,
• It is open when the power comes on
• It is closed when the power fails
• It is open when the power fails
• It is closed when the power comes on
36. The headquarters of Van Diesel Shipping & Co. are situatied near a seizmic fault, and it is estimated that a
damaging earthquake could occur about once every 30 years. It is value, and their entire estimated that the
company could only recover 30% of their assets are estimated at $8,000,000. Vincent van Diesel is considering an
earthquake insurance policy costing $5,000/year. With an insurance payout the firm would recover 80% of their
business in the event of an earthquake. (Note carefully that percentages are what they could recover). The use of
insurance has no effect on the likelihood of a fire.
What is the CBA for this risk/control pair?
by steps
37. With Al software costing $7,000, Erkle Fnerkle from Fnerkle & Sons estimates that phishing ttacks would occur at
the rate of 4/yr, with the damage from an average attack costing $230. Without the control, the average cost of
single attack is estimated at $450 and the ARO is 50 times/yr. (The software is to be depreciated linearly over 5
years.) Find the CBA for this risk/control pair
by steps
38. Fnerkle & Sons has a serious data loss vulnerability. Without any security investment, the annual loss from the
vulnerability is $11,300/yr. User training seems to be the best control for the vulnerability. The control has two
parts:
• a $29,000/year cost for the training fee and lost employee time.
• a one-off cost of developing the training material of $14000 (to be depreciated linearly over 5 years).
The annual loss of the vulnerabilty with the security expenditure included is $4800/yr. What is the CBA for this
risk/control pair?
by steps
39. A firm’s CEO, Erkle Fnerkle, has discussed an insurance offer against fire valued at $56,000/yr. Erkle estimates that
he could lose about 83% of his assets in the event of a fire. His assets are valued at $10,000,000.
If he pays the insurance, there will only be a loss of around 5%. Note that insurance payments do not affect the
rate of fires. However, Erkle has no good data on the likelihood of such an event.
What annual rate of occurrence would result in a break-even scenario? (Zero CBA) Give your answer in terms of
the number of years between fires for a breakeven point. In other words, how many years between attacks for
a break-even proposition?
of years between attacks.
WARNING, DO NOT give the answer in attacks per year, but as the average number
by steps
40. Erkle anticipates that there is a 15% chance that Van Damm stock could treble in value over a year, otherwise it
will halve in value. If the trader decides to place $1800 on the stock, what is its expected value in a year?
by steps
41. Encrypt the following string KEYLOGGER with the key FILE using the polyalphabetic method shown in class
(use the Caesar cipher table).
42. Explain the key differences between ALE, Gordon Loeb, Risk Matrix and Blueprint approaches to information
security.
43. Briefly explain the major threats and controls of the “human firewall” (the “people” layer in the sphere of
security)

READ ALSO...   What is meant by a contrary indicator?
Order from Academic Writers Bay
Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPERNO PLAGIARISM – CUSTOM PAPER