Premium Essay

Is3110 Lab 6

In: Computers and Technology

Submitted By eddieboy79
Words 290
Pages 2
1. You must be aware of what the risks, threats, and vulnerabilities are to your infrastructure so that you know where the most attention is needed

2. Setting up security measures through various means. Forcing users to update password every X number of days. Educating users. Firewalls Anti-malware

3. Common things such as user activity can be a huge risk, so it’s best to consider all options as potential threats with some being higher and lower than others.

4. Disable auto-run, deny USB storage devices for users, and restrict installation rights from within Active Directory

5. Security baselines are security settings which establish duties, but nothing else.

6. What are your plans/goals? What will the budget cost be?

7. Evaluating risk interactions and common causes because if you don’t know what the risk is, you can’t possibly mitigate it.

8. All short-term mitigation tasks need to be implemented immediately. Long-term mitigation tasks should be implemented immediately following all critical tasks. On- going is exactly that, the tasks involved here are part of day-to-day operations and need to be handled.

9. User Domain

10. System-Application

11. WorkStation

12. Because it allows users to access the private network

13. Because you do not know how it will react to the already implemented software. Just because there is a security does not mean you install it to the live servers. You basically need to know how well it plays with the rest of the system

14. Yes. You want a reference point.

15. Very crucial because compliance laws can be strict and carry heavy penalties if not followed. You do not want the company to incur fines because of laws that can be…...

Similar Documents

Premium Essay

Unit 6 Subnetting Lab 6

...Unit 6 Subnetting Lab 6 Answer the following questions listed. Using the Class B Subnetting Guide, answer the following: Given an IP address of 172.16.8.1 use the guide to get 30 hosts on each of your 2000 networks: 1. What Class is this IP address? B 2. How many bits would you borrow or take? 11 3. What subnet mask would you generate? 255.255.255.224 4. What is the first subnetwork range created? 172.16.0.1 to 172.16.0.30 5. What is the last subnetwork range created? 172.16.255.225 to 172.16.255.254 Given an IP address of 172.16.4.1 use the guide to get 62 hosts on each of your 1000 networks: 6. What Class is this IP address? B 7. How many bits would you borrow or take? 10 8. What subnet mask would you generate? 255.255.255.192 9. What is the first subnetwork range created? 172.16.0.1 to 172.16.0.62 10. What is the last subnetwork range created? 172.16.255.193 to 172.16.255.254 Given an IP address of 172.16.5.1 use the guide to get 100 hosts on each of your 500 networks: 11. What Class is this IP address? B 12. How many bits would you borrow or take? 9 13. What subnet mask would you generate? 255.255.255.128 14. What is the first subnetwork range created? 172.16.0.1 to 172.16.0.126 15. What is the last subnetwork range created? 172.16.255.129 to 172.16.255.254...

Words: 274 - Pages: 2

Premium Essay

Lab 6

...Chapter 6 Assessment Questions 1. In terms of business continuity, a hostage situation could be considered a disaster. True 2. _____ is choosing not to engage in an activity that carries some element of risk. Risk avoidance 3. _____ is carrying on despite the risks involved in a given activity. Risk acceptance 4. _____ is the process of assigning risk to someone else. Risk transference 5. _____ combines attempts to minimize the probability and impact of risk. Risk mitigation 6. The three main threat categories are information confidentiality, _____, and availability. Integrity 7. Even non-sensitive data should be kept under some level of access control. True 8. Any system or data resource that, if it were lost, stolen, damaged, altered, or publicly divulged, would cause a significant negative impact to the organization should be considered _____. Sensitive 9. Which of the following is an access control system in which rights are assigned by the owner of the resource? Discretionary access control 10. Which of the following is an access control system in which rights are assigned based on a user's role rather than his or her identity? Role-based access control 11. Which of the following is an access control system in which rights are assigned by a central authority? Mandatory access control 12. The principle of separation of responsibility requires a minimum of how many conditions to be met before...

Words: 282 - Pages: 2

Free Essay

Is3110 Week 5 Lab

...Lab Assessment Questions 1. How do documented back-up and recovery procedures help achieve RTO? * By documenting and implementing backup and recovery procedures, the process for recovery is much more efficient, helping with the time portion of RTO. By having effective backup and recovery procedures you should have the necessary resources to restore systems from backups and a repeatable process that is known to succeed in achieving RTO. 2. True or False. To achieve an RTO of 0, you need 100% redundancy in your IT system, application, and data. * True. This is a special case of disaster recovery called business continuance. Technology that is capable of maintaining a synchronous mirror or continuous data replication stream must be utilized for all data (work product, application, server personalities, etc.). 3. Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data back-up? * The goal of backing up data is to be able to restore it. 4. Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data recovery? * Perform test restores. A test restore will attempt to restore data from a recent backup. If the test succeeds, the backup is good. If the test doesn’t succeed, the backup process needs to be addressed. 5. What are the risks of using your external e-mail box as a back-up and data......

Words: 467 - Pages: 2

Premium Essay

Is3110 Lab 6

...Lab 6 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? It is important to prioritize because you must be aware of what the risks, threats, and vulnerabilities there are to your infrastructure. You need this so that you know where the most attention needs to be focused on. 2. Based on your executive summary produced in Lab #4 Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? Setting up security measures through various means includes the following: * Forcing users to update password every X number of days. * Educating the users. * Firewalls - Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? Common things such as user activity can be a very big risk, so your best bet is to consider all options as potential threats. You will have to rank some risk higher than the others. 4. What risk mitigation solutions do you recommend for handling the following risk element? A user inserts a CD or USB hard drive with personal photos, music, and videos on organization owned computers. A good antivirus program and have all devices scanned as soon as they are plugged in. Educate employees Disable optical drives/USB ports. 5. What is security baseline definition? A baseline is a starting point or a......

Words: 759 - Pages: 4

Free Essay

Lab 6

...3. What are three modes of SELinux? Explain their basic functionality. Enforcing: SELinux policy is enforced/SELinux denies access based on policy rules Permissive: SELinux policy is not enforced/SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode. Disabled: SELinux is disabled/Only DAC (Discretionary Access Control) rules are used. 4. Consider the following firewall rule, and describe what this permits or denies. Allow http (web) traffic through SSL using SSH & allow ICMP pings, while denying all other traffic. 5. What command would you use to allow all the traffic from the loopback? iptables -A INPUT -i lo -m ACCEPT iptables -A OUTPUT -o lo -m ACCEPT 6. What command would you use to view the network port configuration for the iptables? /etc/network/interfaces 7. If a service is to allow in one place and to deny in another, what is the outcome? Allow, because deny is the file pulled first and then the allow file, so the last one pulled is to allow. 8. Is the order of the rules important? If you deny something within the IP network layer, but permit something within the TCP transport layer that uses IP network layer that you just denied, will your TCP traffic be permitted? Yes. Because the "allow/permit" is in the next layer and pulled after the Network layer where you had the "deny", it will work as this is the last information pulled and enforced. 9. If one of the files does......

Words: 355 - Pages: 2

Premium Essay

Lab 6

...Assessment Worksheet 91 LaB #6 – aSSESSmENt WORKSHEEt Perform Business Continuity Implementation Planning Course Name and Number: Student Name: Instructor Name: lab due date: 6 Perform Business Continuity Implementation Planning Overview In this lab, you were asked to begin the business continuity planning process for an e-commerce company, Online Goodies. You reviewed the key business functions and a prioritized list of impacted IT systems, applications, and data provided by your supervisor. You also compared the components of the major documentation required by the business continuity planning process: risk analysis, business impact analysis, business continuity plan, disaster recovery plan, and the business continuity implementation plan. Lab Assessment Questions & Answers 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. BIA the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)? Disaster recovery plan is have a full access to recover any lost data or essentials after a disaster while the business......

Words: 681 - Pages: 3

Premium Essay

Lab 6

...1. Why are spindle fibers important for mitosis? (5 points) Chromosomes use spindle fibers as pathways to daughter cells during mitosis. 2. State the four bases that make up DNA. (4 points) a. Adenine b. Guanine c. Thymine d. Cytosine 3. What are the two base pairs? (2 points) a. T & C b. A & G 4. Answer the following questions: a. Define the term crossing over. (3 points) During meiosis’ prophase the homologous chromatids exchange segments. b. Explain why crossing over is important in meiosis. (3 points) Parents cell use it to pass genes off to their children cells. 5. What are the two main differences between mitosis and meiosis? (4 points) a. The amount of cell divisions b. The genes that are exchanged between chromosomes 6. Answer the following questions: a. Explain the difference between mitosis and cytokinesis. (3 points) Cytokinesis is running one cell into two cells. Mitosis is a nuclear division that causes the separation of chromosomes. b. When does mitosis occur during the cell cycle? (1 point) During the prophase, metaphase, anaphase, and telophase. c. When does cytokinesis occur during the cell cycle? (1 point) The telophase 7. Explain the differences that occur during cytokinesis of plant and animal cells. (5 points) The animal cell membrane is drawn inward until the cytoplasm is divided into two equal parts. In plant cells, cytoplasm is divided by the formation of a cell plate that extends until the two daughter cells become......

Words: 821 - Pages: 4

Free Essay

Lab 6

...Category | Points | Description | Section 1Configuring OSPF Single Area: 40 Points * Task 1: Step 5 * Related Explanation or Response * Task 1: Step 6 * Related Explanation or Response * Task 1: Step 10 * Related Explanation or Response * Task 2: Step 4 * Related Explanation or Response * Summary Paragraph | 2323232320 | Paste the requested screenshot.Provide the requested answer.Paste the requested screenshot.Provide the requested answer.Paste the requested screenshot.Provide the requested answer.Paste the requested screenshot.Provide the requested answer.In your own words, summarize what you have learned about IP subnetting and configuration. | Total | 40 | | ------------------------------------------------- Name: Barry Bird Date:4/17/14 Professor: Mohammad Kasraian ------------------------------------------------- Configuring OSPF Single Area vLab (30 points) Write a paragraph (minimum five college-level sentences) below that summarizes what was accomplished in this lab, what you learned by performing it, how it relates to this week’s TCOs and other course material, and (just as important) how you feel it will benefit you in your academic and professional career. (10 points) In this Ilab we learned how to Configuring OSPF setting in a router simulated environment. We learned the commands that must be used to properly install these settings. We learned how to create a designated router and a backup......

Words: 506 - Pages: 3

Free Essay

Is3110 Lab 4

...| LAB 4 * A. Healthcare provider under HIPPA compliance law * Risk-Threat-Vulnerability | Primary Domain Impacted | Risk Impact/Factor | Unauthorized access from public Internet | LAN-WAN | Major | User destroys data in application and deletes all files | USER | Minor | Hacker penetrates your IT infrastructure and gains access to you internal network | SYSTEM APPLICATION | Critical | Intra-office employee romance gone bad | USER | Minor | Fire destroys primary data center | LAN | Major | Service provider SLA is not achieved | WAN | Major | Workstation OS has a known software vulnerability | LAN-WAN | Major | Unauthorized access to organization owned workstations | USER | Major | Loss of production data | SYSTEM APPLICATION | Minor | Denial of Service attack on organization DMZ and e-mail server | LAN-WAN | Critical | Remote communications from home office | REMOTE ACCESS | Minor | LAN server OS has a known software vulnerability | LAN | Major | User downloads an unknown e-mail attachment | USER | Minor | Workstation browser has software vulnerability | WORKSTATION | Major | Mobile employee needs secure browser access to sales order entry system | REMOTE ACCESS | Minor | Service provider has a major network outage | WAN | Critical | Weak ingress/ egress traffic filtering degrades Performance | LAN-WAN | Major | User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned......

Words: 296 - Pages: 2

Premium Essay

Is3110 Lab 6

...IS3110 Lab 6 DAWOOD ALRUBAYE 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most. 2. 2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? * Setting up security measures through various means. * Forcing users to update password every X number of days. * Educating users. * Firewalls * Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers. * A good antivirus program and have all devices scanned as soon as they are plugged in. * Educate employees. * Disable optical drives/USB ports (if they are not needed) 5. What is security baseline definition? A baseline is a starting point or a standard.......

Words: 319 - Pages: 2

Premium Essay

Lab# 6

...Lab #6 – Assessment Worksheet Identifying and Removing Malware on a Windows System Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used AVG AntiVirus Business Edition to identify the viruses, worms, Trojans, malware, or other malicious software found on a compromised Windows machine. You completed a scan of the entire computer, learned how to exclude folders to avoid false positives, and understood the importance of maintaining the signatures database. You discovered the difference between a full computer scan and a Resident Shield scan. Finally, you also permanently removed the malware identified by the antivirus software and scheduled the scan to run automatically. Lab Assessment Questions & Answers 1. Why is it recommended to update the antivirus software’s signature database before performing an antivirus scan on your computer? updating the antivirus software with the latest virus definitions ensures the software has the latest information to identify and quarantine threats. 2. What are typical indicators that your computer system is compromised? slow response opening, operating system not booting up correctly or no functioning normally, event logs reporting numerous unusual......

Words: 291 - Pages: 2

Premium Essay

Is3110 Labs

...Brett Reigel Lab 2 Assessment Worksheet COBIT 1. A. WAN to LAN Domain B. System Application Domain C.LAN Domain D. Server Domain 2. a. PO9.3 Event Identification – Identify threats with potential negative impact on the enterprise, including business, regulatory, legal, technology, trading partner, human resources and operational aspects. b. PO9.4 Risk Assessment – Assess the likelihood and impact of risks, using qualitative and quantitative methods. c. PO9.5 Risk Response – Develop a response designed to mitigate exposure to each risk – Identify risk strategies such as avoidance, reduction, acceptance – determine associated responsibilities; and consider risk tolerance levels. 3. a. Unauthorized access from public internet - AVAILABILITY b. User destroys data in application and deletes all files - INTEGRITY c. Workstation OS has a known software vulnerability – CONFIDENTIALITY d. Communication circuit outages – AVAILABILITY e. User inserts CD’s and USB hard drives with personal photos, music and videos on organization owned computers – INTEGRITY 4. I have yet to remediate any threats in a real world application. 5. a. People b. Infrastructure c. People d. People e. People 6. True 7. Because risk management is an ongoing process that requires a constant, and vigilant application of COBIT. 8. The data classification standard defines categories of data. Each Category defines how you must handle that data and any special......

Words: 373 - Pages: 2

Premium Essay

Lab 6

...Lab Assessment Questions & Answers 1. What is the difference between roles and features in Windows Server 2008? A server role is a set of software programs that lets a computer perform a specific function for multiple users or other computers within a network. Features are software programs that can support or increase the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. 2. What is installed when you choose the Windows Server Backup Feature? Windows Server Backup Microsoft Management Console (MMC) snap-in. 3. How often should servers be backed up? It is recommended to do them frequently. About every 90 days should be fine. 4. What are the different types of backup that are performed in servers? Copy Backup, Daily Backup, Differential Backup, Incremental Backup, Normal Backup. 5. What are the primary purposes of backing up a server? Recover information after it is lost. 6. Besides performing and scheduling changes, what else can you do in the Windows XP Backup and Restore program? In the Backup you can backup everything on the computer, selected files, drives, or network data, only backup the System State data. In the Restore you can only restore from a backup file. 7. Can you restore a server’s operating system image using the restore application? Yes, by using Windows Recovery Environment and a backup that you created earlier with Windows Server Backup. 8. What are the options to......

Words: 304 - Pages: 2

Free Essay

Lab 6

...University of West Florida Electrical and Computer Engineering Digital Logic and Computer Systems EEL 3701L Lab 6: BCD to Seven Segment Display Decoder Due: November 3, 2014 Meghan Szatkowski, Brandon Burrows, Michael Long Abstract: For this lab we were to create a circuit that displays decimal numbers from binary numbers since most humans are not capable of reading binary. Using a 7-segment display we are able to achieve that by converting the BCD value into a 7 bit output. The 7-segment display has 7 LEDs and a certain amount of voltage triggers each of the 7 segments to produce a decimal number. Procedure 1. Create a truth table for your 4 bit input and the corresponding output necessary to light the proper segments of the display. For example, if the input is represented by WXYZ and the output is identified as ABCDEFG then if the input is 0000, all outer LEDs should be lit while the middle LED should be off. Once you create the rows in a truth table for the other 9 combinations, find the function for each segment. 2. Depending on whether you are dealing with more 0s or 1s, choose NAND or AND gates to implement each segment function. 3. Wire the input DIP switches to the decoder input. Note that you have 2 3x8 decoders. You will need to use the inputs and enable lines to combine them in order to implement these 7 functions. 4. Wire the NAND or AND gates to the proper outputs of the decoders in order to implement the functions for each......

Words: 1151 - Pages: 5

Premium Essay

Lab 6

...Unit 6 Lab 6.1: Pseudocode Learning Objectives and Outcomes Use Boolean variables and logical operators in computer programs. Use compound logical conditions. Required Setup and Tools Standard lab setup Lab Manual Lab Demo Media and Startup Files CD Recommended Procedures Complete Lab 6.1: Pseudocode from the lab manual. Deliverables Submit the following at the end of this lab activity: The completed inputOptions() module in pseudocode in Step 1 The completed displayProvider() module with a case structure in pseudocode in Step 2 The completed and workable algorithm with nested If-Else statements using logical operators in Step 3 Unit 6 Lab 6.2: Flowcharts Learning Objectives and Outcomes Use flowcharts and pseudocode to represent Boolean conditions. Use if-then, if-then-else, and case structures in a computer program. Use Boolean variables and logical operators in computer programs. Use compound logical conditions. Required Setup and Tools Standard lab setup Lab Manual Lab Demo Media and Startup Files CD Recommended Procedures Complete Lab 6.2: Flowcharts from the lab manual. Deliverables Submit the following at the end of this lab activity: Corrected variable declarations and initializations using Visio in Step 2 Corrected module calls using Visio in Step 3 Corrected inputOptions() module using Visio in Step 4 Corrected displayProvider() module with case labels and flow lines using Visio in Step 5 Corrected displayChoices() module with......

Words: 355 - Pages: 2