1. Define defense in depth and describe the different layers.
2. What is a leading security principle in Information Assurance and does it improve the security posture of an organization?
3. Explain the disadvantages of partitioning as a means of implementing multilevel security for databases.
4. How can hardware be designed for fault tolerance? Are these methods applicable to software? Why or why not?
5. The OSI model is inefficient; each layer must take the work of higher layers, add some result, and pass the work to lower layers. This process ends with the equivalent of a gift inside seven nested boxes, each one wrapped and sealed. Surely this wrapping (and unwrapping) is inefficient. From reading earlier chapters of this book, cite a security advantage of the layered approach.
6. What security advantage occurs from a packet's containing the source NIC address and not just the destination NIC address?
7. Is a social engineering attack more likely to succeed in person, over the telephone, or through e-mail? Justify your answer.
8. Do firewall rules have to be symmetric? That is, does a firewall have to block a particular traffic type both inbound ( to the protected site ) and outbound ( from the site )? Why or why not?
9. Which layer of the OSI model identifies the computer and why?
10. What layer of the OSI model would tell me how long a connection was active?