USA: +1(669)289-8683 
Sign in
WEEK 4 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. Communications within a computer network rely on numerous
components for data to traverse from the initial sender of a message or file
to the receiver at the distant end of the communication path. In addition to
the media that the data travels across, the devices that guide the data
packets through the network, and the protocols that establish end-to-end
connectivity and negotiate the communication, network services play a
critical role in providing the necessary addressing and name resolution
services. Describe the following services and their role in network
communications: ARP, DHCP, ICMP, SNMP, and DNS.
2. Modern organizations rely on the Internet for information and research
necessary to stay competitive but this access can come with significant risk
if they don’t take the necessary steps to safeguard their internal resources
from outside attackers. In this week’s reading, various types of firewalls and
firewall configurations were discussed. Describe the terms bastion host,
DMZ, dual-homed firewall, screened host, and screened subnet and their
roles in firewall architectures.
3. Many organizations employ a mobile workforce and/or provide the option
of telework to their employees to allow them to work from home. In both
situations, a secure means of accessing the corporate network remotely
must be provided. Discuss the four main tunneling protocols used to
provide virtual private network access between remote users and their
corporate network.
WEEK 2 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. Not all information has the same importance and value to a company. How
data is classified is an important factor used in determining the amounts of
funding and resources that should be applied to protecting each type of
data. Describe the data classification levels within commercial and military
organizations and provide examples of the types of information that would
be classified at each classification level.
2. It takes a team of individuals throughout the organization working together
to safeguard the integrity and confidentiality of data resources. Describe
the layers of responsibility within an organization when it comes to asset
security and data protection. For each role, discuss their responsibility
within the organization for asset security.
3. The architecture of a computer system is very important and comprises
many topics. The system must ensure that memory is properly segregated
and protected, ensure that only authorized subjects access objects, ensure
that untrusted processes cannot perform activities that would put other
processes at risk, control the flow of information, and define a domain of
resources for each subject. It also must ensure that if the computer
experiences any type of disruption, it will not result in an insecure state.
Many of these issues are dealt with in the system’s security policy, and the
security mode is built to support the requirements of this policy. Explain
the concept of a trusted computing base and describe how it is used to
enforce the system’s security policy. Provide examples of specific elements
(hardware, software or firmware) in the architecture of the computer
system could be used that provide security within the TCB.
WEEK 1 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. In this week’s readings, you learned about two methods of risk analysis:
quantitative assessment and qualitative assessment. Explain the steps
taken to assess a risk from a quantitative perspective where monetary and
numeric values are assigned and discuss the formulas used to quantify risk.
Then, explain the methods used to assess risk from a qualitative
perspective where intangible values are evaluated such as the seriousness
of the risk or ramifications to the reputation of the company.
2. Domain 1 introduced numerous security terms that are used in assessing
risk. Please define the terms vulnerability, threat, threat agent, risk,
exposure and control. Then, describe the three different control types and
give examples for each.
3. After you’ve conducted your risk assessment and determined the amount
of total and residual risk, you must decide how to handle it. Describe the
four basic ways of handling risk.
WEEK 3 ESSAY QUESTIONS
Instructions: Answer all questions in a single document. Then submit to the
appropriate assignment folder. Each response to a single essay question should
be about a half-page in length (about 150 words).
1. Cryptographic algorithms provide the underlying tools to most security
protocols used in today’s infrastructures. The choice of which type of
algorithm depends on the goal that you are trying to accomplish, such as
encryption or data integrity. These algorithms fall into two main categories:
symmetric key and asymmetric key cryptography. In this essay, please
discuss the strengths and weaknesses of symmetric key cryptography and
give an example of where this type of cryptography is used. Then discuss
the strengths and weaknesses of asymmetric key cryptography and give an
example of where this type of cryptography is used.
2. Cryptography has been used in one form or another for over 4000 years
and attacks on cryptography have been occurring since its inception. The
type of people attempting to break the code could be malicious in their
intent or could just be trying to identify weaknesses in the security so that
improvements can be made. In your essay response, define cryptanalysis
and describe some of the common cryptanalytic techniques used in attacks.
3. Many people overlook the importance of physical security when addressing
security concerns of the organization. Complex cryptography methods,
stringent access control lists, and vigilant intrusion detection/prevention
software will be rendered useless if an attacker gains physical access to
your data center. Site and facility security planning is equally important to
the technical controls that you implement when minimizing the access a
criminal will have to your assets. In your essay response, define CPTED and
describe how following the CPTED discipline can provide a more aesthetic
alternative to classic target hardening approaches. Make sure that the
three CPTED strategies are covered in your response.
