(TCO 4) What is a certificate authority?

SEC 280 Principles of Information Systems Security Week 4 Midterm Answers


(TCO 1) The term script kiddies refers to _____.

(TCO 4) What is a digital certificate?

(TCO 4) Attackers need a certain amount of information before launching their attack. One common place to find information that could be useful to the attacker is to go through the trash of the target. The process of going through a target's trash is known in the community as _____.

(TCO 8) What do you call a law that is based on previous events or precedents?

(TCO 1) A ping sweep _____.

(TCO 4) An attacker is able to decrypt a message by finding a key that was not securely stored and should have been revoked. The is the result of _____.

(TCO 8) Which law was designed to enable public access to U.S. government records?

(TCO 1) John, who is in the development group, has admin passwords to both the development group files and the production group files. This might be a violation of which policy?

(TCO 4) The encryption method that is base on the idea of two keys--one that is public and one that is private--is _____.

(TCO 4) The cipher that replaces each letter of the alphabet with a different letter (not in sequence) is a _____.

(TCO 1) Ensuring that an individual is who he or she claims to be is the function of _____.

(TCO 4) Recall Captain Zap (Ian Murphy) from week 1 class video. How was he able to gather information regarding AT&T systems to carry out his famous hack? What is this kind of information called? 

(TCO 4; TCO 6) Explain the Heartbleed vulnerability in OpenSSL/TLS in your own words. What learning can you take from this that you can apply to your future profession?

(TCO 8) How do the Electronic Medical Records (EMR) requirements of the Affordable Care Act impact the security of health records? What are potential problems if people's health records are stolen? What can be done to protect these health records? How can we ensure that the right people are accountable for that? 

(TCO 2) We have discussed People as being on the 3 Ps of security. Discuss how you would account for people by laying out some guidelines as it pertains to them in a security policy? (Mention at least 4.)