CASP ? 328-349
An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.
Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application.
A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform.
A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications.
Place a Company ABC managed firewall in Company XYZ’s hub site; then place Company ABC’s file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABC’s business partner firewalls are opened up for web intranet access and other required services.
Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access.
Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access.
Place file, print, secure FTP server and authentication domain servers at Company XYZ’s hub site. Open up Company ABC’s business partner firewall to permit access to ABC’s web intranet access and other required services.
Erase all files on drive
Install of standard image
Remove and hold all drives
Physical destruction
Drive wipe
Security of data storage
The cost of the solution
System availability
User authentication strategy
PBX integration of the service
TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped.
TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall.
Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped.
The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped.
Transfer the risk
Accept the risk
Mitigate the risk
Avoid the risk
Implementation run-sheets
Solution designs
Business capabilities
Solution architectures
Business requirements documents
Reference models
Business cases
Business vision and drivers
Blackbox testing and fingerprinting
Code review and packet analyzer
Fuzzer and HTTP interceptor
Enumerator and vulnerability assessment
CoBIT
UCF
ISO 27002
EGRC
The Provisioning Service Target (PST) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning Service Target (PST) performs the provisioning.
The Provisioning Service Provider (PSP) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the PSP requests, and the Provisioning Service Provider (PSP) performs the provisioning.
The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the RA requests, and the Provisioning Service Provider (PSP) performs the provisioning.
The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target (PST) performs the provisioning.
The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.
The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.
The SOAP protocol can be easily tampered with, even though the header is encrypted.
The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.
XACML
Kerberos
SPML
SAML
Create a DMZ to isolate the two companies and provide a security inspection point for all intercompany network traffic.
Determine the necessary data flows between the two companies.
Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.
Implement inline NIPS on the connection points between the two companies.
Product A
Product B
Product C
Product D
Download the file from the program publisher's website.
Generate RSA and DSA keys using GPG.
Import the repository's public key.
Run sha1sum and verify the hash.
Deduplication
Zoning
Snapshots
Multipathing
LUN masking
The user needs a non-repudiation data source in order for the application to generate the key pair.
The user is providing entropy so the application can use random data to create the key pair.
The user is providing a diffusion point to the application to aid in creating the key pair.
The application is requesting perfect forward secrecy from the user in order to create the key pair.
Government regulation
Industry standard
Company guideline
Company policy
Conduct a network vulnerability assessment of acquired plant ICS platform and correct all identified flaws during integration.
Convert the acquired plant ICS platform to the Company XYZ standard ICS platform solely to eliminate potential regulatory conflicts.
Conduct a risk assessment of the acquired plant ICS platform and implement any necessary or required controls during integration.
Require Company ABC to bring their ICS platform into regulatory compliance prior to integrating the new plant into Company XYZ’s network.
Correlate current industry research with the RFP responses to ensure validity.
Create a lab environment to evaluate each of the three firewall platforms.
Benchmark each firewall platform’s capabilities and experiences with similar sized companies.
Develop criteria and rate each firewall platform based on information in the RFP responses.
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
Wait!
Here's an interesting quiz for you.