Part 1 Select the best answer and provide a brief explanation (approx. 1/4 page essay) for each of the following questions: 1.The small manufacturing company you work for owns a milling machine that is worth $250,000. If it were damaged in a fire, it would be worth $10,000 in parts. The company has only had one minor fire in 10 years. What would the single loss expectancy (SLE) be? a)$250,000 b)$15,000 c)$10,000 d)$1000 2. Which of the following is a system that is intended or designed to be broken into by an attacker? a)Spoofing b)Decoy c)Honeypot d)Rogue machine 3. In the Windows world, what tool is used to disable a port? a)System Monitor b)Reliability Monitor c)Windows Firewall d)Microsoft Security Assessment Tool (MSAT) 4. Security auditing helps maintain network security by allowing administrators to do which of the following? a)Monitor access to objects, such as files and folders b)Register user accounts c)Troubleshoot running services d)Manage Group Policy settings 5. Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization? a)Risk Avoidance b)Separation of duties c)Least privilege d)Time of Day restriction Part 2 Answers should be approx. 1 page essay for each of the following questions: 1. Business Impact Analysis (BIA) is the process of evaluating a businesss critical systems to determine what a failure, disaster, or breach would do in terms of loss. In an essay, outline the key components of BIA and briefly explain how you would implement a Business Continuity Plan (BCP). 2. Compare the ALE (annual loss expectancy) in the risk calculation to the SLE (single loss expectancy). Explain why an organization in a tornado-prone area of the country needs to calculate the risk and determine safeguards. Using the SLE x ARO = ALE analysis, give an example of the loss of an $80,000 asset. 3. Describe the use of network monitors including packet sniffers and system logs in the day-to-day management of a network. Give examples of traffic and logs that would be examined. 4. Explain the process of hardening operating systems and network infrastructure. Describe at least two examples of a service, a port, and a protocol you would remove.
