1. Explain the elements of the CIA Triad and give an example of each. Right
Ans - · Confidentiality - Protect the confidentiality of data
· Integrity - Preserve the integrity of data
· Availability - Promote the availability of data for authorized use
2. Explain Defense in Depth Right Ans - Layers that provide the three
elements needed to secure assets: prevention, detection, and response.
Defense in depth also seeks to offset the weaknesses of one security layer by
the strengths of two or more layers.
3. Explain the role of a Risk Matrix in Qualitative Risk Assessment. Right
Ans - The qualification level of the risk and probability.
4. What is a message digest? Right Ans - A fixed size numeric
representation of the contents of a message, computed by a hash function. A
message digest can be encrypted, forming a digital signature. Messages are
inherently variable in size.
5. What is a digital certificate? How can it prove identity? Right Ans - A
digital certificate is issued by a trusted party called Certificate Authority (CA).
There is a cryptographic hash associated with the digital certificate that when
matching the internal certificate is authenticated.
6. What is the difference between asymmetric and symmetric encryption?
Right Ans - · Symmetric - When the same key is used to both encrypt and
decrypt messages.
· Asymmetric - When different keys are used to encrypt and decrypt messages.
7. Which is RSA - symmetric or asymmetric? Right Ans - RSA is Asymmetric
but uses two different but linked keys
8. Describe the seven layers in the OSI stack. Right Ans - 1. Physical Layer -
The physical layer transports data using electrical, mechanical or procedural
interfaces. This layer is responsible for sending computer bits from one device
to another along the network.
, 2. Data Link Layer - The data link, or protocol layer, in a program handles
moving data into and out of a physical link in a network. It ensures that the
pace of the data flow doesn't overwhelm the sending and receiving devices.
This layer also permits the transmission of data to Layer 3, the network layer,
where it's addressed and routed.
3. Network Layer - The primary function of the network layer is to move data
into and through other networks. From a TCP/IP perspective, this is where IP
addresses are applied for routing purposes.
4. Transport Layer - The transport layer is responsible for transferring data
across a network and provides error-checking mechanisms and data flow
controls. This is where the communications select TCP port numbers to
categorize and organize data transmissions across a network.
5. Session Layer - The session layer sets up, coordinates, and terminates
conversations between applications. Its services include authentication and
reconnection after an interruption. This layer determines how long a system
will wait for another application to respond.
6. Presentation Layer - The presentation layer translates or formats data for
the application layer based on the semantics or syntax the application accepts.
This layer also handles the encryption and decryption that the application
layer requires.
7. Application Layer - The application layer enables the user -- human or
software -- to interact with the application or network whenever the user
elects to read messages, transfer files, or perform other network-related tasks.
9. Explain the differences between policies, guidelines, procedures, and
standards. Right Ans - · Policy (Top of Pyramid): General Management
Statement - High level organizational goals by upper management for overall
purpose or mission.
· Standards (Second layer of Pyramid): Specific Mandatory Controls. - NIST,
ISO, PCIDSS support policy but list specific requirements in place. Can support
policy. Standards are not laws. See chapter 4.
· Procedures (Third layer of Pyramid): Step by Step Instructions. - Can
Disaster recovery plan or can be how to configure a network.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Zendaya. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R187,03. You're not tied to anything after your purchase.