End of Chapter Solutions Template s1

Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796

Chapter 2, Page 74 Prof. Michael P. Harris

ITSY 2430 Intrusion Detection Chapter Quiz 02
Name: ______Date: ______

Chapter Review Questions, Security Policy Design: Risk Analysis

1.  Which of the following should be done before formulating a security policy?

2.  Personnel records fit into which category of assets?

3.  Survivable Network Analysis begins with what assumption?

4.  Survivable Network Analysis looks for which of the following in a network?

5.  What is an escalation procedure? (Choose all that apply.)

6.  Name three factors that can increase the cost (beyond the actual sticker price) of replacing a piece of hardware that has been damaged or stolen.

7.  List and describe the four steps of a Survivable Network Analysis in the order in which they should occur.

8.  The hardware and software you need to protect can be valued more easily by following what approach?

9.  If an organization doesn’t have a full-fledged security staff on duty, what should it do? (Choose all that apply.)

10. When should an organization conduct a new round of risk analysis?

11. A risk analysis report should call attention to ______.

12. ______is the term for the process of identifying, choosing, and setting up countermeasures justified by the risks you identify.

13. The ultimate goal of formulating a security policy is which of the following?

14. What are the hardware, software, and informational resources you need to protect called?

15. Equipment and buildings in the organization are called ______assets.

16. Which of the following risk factors are events and conditions that haven’t occurred but could happen?

17. Documents on network computers, e-mail messages, log files compiled by firewalls and IDSs, and confidential information on personnel, customers, and finances are considered what type of asset?

18. Ensuring that databases and other stores of information remain accessible if primary systems go offline is known as ______.

19. The presence of one or more factors that increase threat probabilities increase your ______.

20. The routers, cables, servers, and firewall hardware and software that enable employees to communicate with one another and other computers on the Internet are considered ______assets.

Page 1 of 3