Part 1:
1. The alternative to Encapsulating Security Protocol (ESP) is __________________.
2. One of the main drawbacks of the File Transfer Protocol (FTP) is that ________________.
a. It was the first file transfer protocol invented in the IP suite
b. It does not encrypt content.
c. It does not encrypt passwords.
d. It is widely used by web sites.
e. Both b and c
3. An IPSec tunnel is step up in two stages. In the Information column of the Frame Summary, these steps are called _________.
4. The first phase of setting up an IPsec tunnel is called _______ _______.
5. The second phase of setting up an IPsec tunnel is called ________ _______.
6. SA stands for Security Association. An equivalent word would be _________
7. The protocol used for setting up the "administrative" tunnel in IPsec is __________.
8. ISAKMP stands for ________.
a. Internet Security Association and Key Management Protocol
b. Internet Secure Admission Key Management Protocol
c. Internet Security Association and Key Maintenance Protocol
d. Internet Secure Admission Key Maintenance Protocol
e. Internet Security Association and Key Management Provisioning
Part 2:
1. List five types of system information that can be obtained from the Windows Task Manager? How can you use this information to confirm the presence of malware on a system? (Hint: Look at the bandwidth and CPU utilization.)
2. Windows Task Manager and Windows Computer Manager both provide information about system services. Compare and contrast the types of information (about system services) that can be obtained from these tools.
3. Explain how you could use one or more of the Windows log files to investigate a potential malware infection on a system. What types of information are available to you in your chosen log file?
4. Should you filter log files during an investigation into a security incident? Why or why not?
5. Should remote desktop services be enabled on employee workstations for use by IT Help Desk personnel? Why or why not?
6. How does Microsoft Baseline Security Analyzer (MBSA) differ from Windows Update? Why are Shares a source of system vulnerabilities?