Lab 5 Assessment Questions
2.What is Authorization and how is this concept aligned with Identification and Authentication? Authorization is a set of rights defined for a subject and an object; this concept is aligned with Identification and Authentication because these are the 3 steps to the access control process
3.Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at LAN-to-WAN Domain level. a.Remote Access Servers
4.When a computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? a.MAC Address Authorization configured for to protected each network port b.MAC Address Profiling
c.Secured VLAN deployment for devices that meet this standard and cannot meet more intelligent solutions such as security posture assessment.
5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. Network Access Control (NAC) System enforces network security policies at the network access point rather than the client operating system. NAC systems also require authorization of the client operating system security posture before being allowed access to resources on the network. Endpoints or users that fail authentication are blocked from any network access either by physically shutting down the port or logically by blocking the MAC or IP addresses.
6.Explain the purpose of a Public Key Infrastructure (PKI) and give an example of how you would implement it in a large organization whose major concern is the proper distribution of certificates across many sites. The PKI infrastructure provides for the generation, production, distribution, control, accounting and destruction of public key certificates. PKI provides a variety of services including issuance of digital certificates to individual users and servers; end-user enrollment software; integration with certificate directories; tools for managing, renewing, and revoking certificates using Certificate Revocation Lists (CRLs); and related services and support. 7.PKI provides the capabilities of digital signatures and encryption to implement what security services? Name at least three. a.Identification and authentication through digital signature of a challenge b.Data integrity through digital signature of the information c.Confidentiality through encryption
8.What is the X.509 standard and how does it relate to PKI? The X.509 formatted public key certificate is one of the most important components of PKI. This certificate is a data file that binds the identity of an entity to a public key. The data file contains a collection of data elements that together allow for unique authentication of the own ingenuity when used in combination with the associated private key.
9.What is the difference between Identification and Verification in regard to Biometric Access Controls? Identification processes are significantly more complex and error prone than verification processes. Biometrics technologies are indicators of authentication assurance with results based on a predetermined threshold with measurable False Accept Rates and False Reject Rates.
10.Provide a written explanation of what implementing Separation of Duties would look like in regard to managing a PKI Infrastructure for a large organization. Each branch location IT Admin would be responsible for managing their PKI data base. Each PKI database would also have to separate keys for each different department. The different departments wouldn’t have access to all the information, just the information that they need.
11.What are the 3 categories of vulnerability severity coeds? a.Category I
12. True or False. The use of 802.11i configured to use AES encryption,802.1X authentication services along with the Extensible Authentication Protocol (EAP) provides the best solution for the enterprise level WLAN, particularly a high security environment. True
13.True or False. It is a best practice to write a password down and store it near the vicinity of the computer for easy access. False
14.True or False. From a security perspective, biometric verification is best deployed as a component of two-factor or three-factor authentication. True
15.From an access control security perspective, why is performing an asset valuation or alignment to a data classification standard the first step in designing proper security controls? An asset valuation will determine the next steps in designing proper security controls