A security analyst wants to protect against intrusion, denial-of-service attacks, and unauthroized access using a level 3 system. What component should be the security amalyst' priority in protecting?
Added by Kenneth B.
Step 1
** Show more…
Show all steps
Your feedback will help us improve your experience
Sri K and 69 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
There is general agreement that all parts of a network should be secured. However, everyone who accesses the network and its resources has a particular focus on which element, resource, or component of the system is the more important to secure. If you were faced with an imminent catastrophic attack or security event and you have only the time to secure one thing, what would it be and why? What would come in second?
Sri K.
Texts: Sally Parr is a social media editor for Bravo Manufacturing, a company which builds ruggedized computer systems for the aerospace and defense industries. Among Sally's duties is monitoring a discussion forum which the company hosts on one of the web servers in its DMZ. Bill Fernley is a web developer and administrator who maintains the company's Internet-facing systems - web server, mail gateway, etc. He works closely with Mike Chambers, a security analyst reporting to the CISO. On Monday morning, Sally is reviewing the weekend's posts on the discussion forum to make sure that any customer questions get answered. When she opens one discussion thread, a browser dialog window pops up, reading "Test - please ignore". She calls Bill to ask whether he is doing any testing, but he says, "No - the system hasn't been patched or updated for over a month". Bill executes an SQL query on the database which backs the discussion forum, in order to get the text of the last week's posts: SELECT post_text FROM forum_posts WHERE post_date BETWEEN '2019-01-18' AND '2019-01-25'; He immediately spots an entry from the previous evening with text that reads: '<script>alert("Test - please ignore");</script>'. Bill reports what he has found to Mike, who must quickly install some kind of compensating control. Which control would be most appropriate? Select one: 1) A packet-filtering firewall 2) A spam filter 3) A web application firewall. Which phase of the cyber intrusion kill chain has the attack reached, according to this evidence? Select one: 1) Weaponize 2) Reconnaissance 3) Deliver.
Akash M.
A company needed to enable remote access to one of its servers for remote maintenance purposes. Firewall policy did not allow any external access to the internal systems. Therefore, it was decided to install a modem on that server and to activate the remote access service to permit dial-up access. As a control, a policy has been implemented to manually power on the modem only when the third party was requesting access to the server and powered off by the company’s system administrator when the access is no longer needed. As more and more systems are being maintained remotely, the company is asking an Internet and Information Security (IIS) expert to evaluate the current risks of the existing solution and to propose the best strategy for addressing future connectivity requirements. Based on this scenario, provide your answer to the following questions.a.Briefly describe the most significant risk that should be evaluated regarding the existing remoteaccess practices [5 points]b.Discuss the control that should be implemented to prevent an attack on the internal network being initiated through an internet VPN connection? [5 points]
Breanna O.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD