Anda di halaman 1dari 5

Quiz 1 Paper Network Security

keamanannya. Diperlukan beberapa langkah untuk mengatasi masalah tersebut sehingga WLAN tetap dapat dinikmati kelebihannya. 1. Serangan Terhadap WLAN

Keamanan Sistem dan namun tetap tersambung dengan jaringan sehingga sangat mendukung berbagai aktivitas yang Jaringan Komputer memerlukan mobilitas. Di balik kelebihannnya, WLAN memiliki kelemahan terutama terkait
WLAN Security jaringan kabel. Di antaranya memungkinkan pergerakan komputer dalam area jangkauan sinyal,

WLAN hadir di tengah-tengah kita memberikan beberapa keleihan yang tidak dimiliki oleh

Lesson/Domain 1: Security management practices

Dosen

: Hadi Syahrial, M.Kom

Jaringan berbasis gelombang radio bersifat terbuka, artinya semua orang yang berada dalam jangkauannya dapat berupaya untuk terhubung ke dalam jaringan meskipun sebenarnya tidak berhak. Dikenal istilah wardriving (wireless footprinting) yang menyatakan aktivitas untuk memperoleh informasi terkait suatu WLAN dan kemudian berupaya untuk mengaksesnya. Kebanyakan adalah untuk mendapatkan akses internet gratis. Namun ada yang melakukannya karena rasa ingin tahu, mencoba-coba hingga ada yang memang berniat jahat. Tools yang dipakai antara lain: NetStumbler, Kismet, Dstumbler, StumbVerter, GPSMap, JiGLE, Prism2dump, Tcpdump, Ethereal, AiroPeek NX, AirSnort, WLAN-Tools dan lain-lain. Kelemahan yang ada pada WLAN antara lain adalah:

: Fransiscus Xaverius Eko Budi Kristanto NIM : 1111600126 Berbagai fasilitas disediakan oleh vendor perangkat untuk mempermudah konfigurasi, termasuk default Kelas : XA konfigurasi yang bisa dipakai membuat WLAN dengan sedikit atau tanpa melakukan konfigurasi.
Perangkat yang dibiarkan memakai konfigurasi default dari vendor, akan sangat mudah diserang karena informasi terkait konfigurasi tersebut sangat mudah ditemukan di internet seperti SSID, IP address yang dipakai, remote manajemen, DHCP enable, kanal frekuensi, user/password administrator perangkat.

a. Kelemahan konfigurasi Nama

b. Kelemahan enkripsi

MAGISTER ILMU KOMPUTER UNIVERSITAS BUDI LUHUR JAKARTA internet yang mampu memecahkan algoritma key-scheduling RC4, yang dipakai dalam 2012 Which of the following is an example of an ultimate data owner?

WEP (Wired Equivalent Privacy) yang dipakai sebagai standar keamanan wireless sebelumnya, saat ini dapat dengan mudah dipecahkan dengan tools yang bisa dicari

Lesson/Domain 1: Security management practices 2012

1.

Which of the following is an example of an ultimate data owner? A. Front-line employee B. Customer accessing information via the extranet C. IT administrator D. CIO

The answer is: D. CIO 2. What is the term that defines when senior management initiates and sponsors a companys security program? A. Bottom-up approach B. Top-down approach C. Steering committee D. Middle-driven approach The answer is: B. Top-down approach 3. Which of the following would not be part of an organizational security policy? A. Security program goals B. E-mail security policy C. Responsibilities assignments D. Enforcement information The answer is: B. E-mail security policy 4. A technique used in qualitative risk analysis that uses the anonymous opinions of all individuals is called what? A. Consensus approach B. Delphi Technique C. Group mentality D. Group discussion phase The answer is: B. Delphi Technique 5. 1 Which of the following terms is a recommendation to an employee on how to act?

Lesson/Domain 1: Security management practices 2012


A. Baseline B. Rule C. Guideline D. Standard The answer is: C. Guideline 6. Which is not an example or characteristic of qualitative risk analysis? A. Delphi Technique B. Storyboarding C. Single loss expectancy calculations D. Opinion-based The answer is: C. Single loss expectancy calculations 7. A policy that is more technically focused and outlines the directives dictated by management is which of the following? A. System-specific B. Technical-specific C. Organizational D. Issue-specific The answer is: A. System-specific 8. Which is not an example of security awareness? A. Security training B. Security bulletin board notes C. Security ACLs D. Security objectives in an employees performance review The answer is: C. Security ACLs 9. A common omission in security programs by many companies is which of the following? A. Responsibility assignments B. Penalties for non-compliance 2

Lesson/Domain 1: Security management practices 2012


C. Risk analysis D. Awareness The answer is: B. Penalties for non-compliance 10. What step should happen first when an employee is terminated if its an unfriendly separation? A. Escorted off premises B. Network and system access privileges removed C. Facility ID badges handed out D. Employees personal items should be boxed The answer is: B. Network and system access privileges removed 11. What is the most important factor in the successful implementation of a companywide security program? A. Realistic budget estimates B. Hiring a reputable consulting firm C. Security awareness D. Having the support of senior management The answer is: D. Having the support of senior management 12. Identifying, assessing, and reducing risk to an acceptable level and maintaining the achieved level is referred to as what? A. Risk planning B. Risk management C. Security management D. Operations management The answer is: B. Risk management 13. Assigning a dollar figure to a single event assumed by the company if a threat occurred is called what? A. Single loss expectancy B. Exposure factor 3

Lesson/Domain 1: Security management practices 2012


C. Qualitative risk analysis D. Quantitative risk analysis The answer is: A. Single loss expectancy 14. Companies should set up different types of baselines for the company as a whole and for individual departments. This can include physical, technical, and administrative security. Which of the following defines a baseline? A. Rules indicating what should and should not be done B. A minimum level of security required C. Step-by-step instructions used to complete a task D. Recommendations The answer is: B. A minimum level of security required 15. A company cant get rid of all risk. The risk thats left over is referred to as residual risk, and the company must determine if this corresponds with their acceptable level of risk. Which of the following defines residual risk? A. Asset value x exposure factor B. SLE x ARO C. (Threats x vulnerability x asset value) x control gap D. Threats x vulnerability x asset value The answer is: C. (Threats x vulnerability x asset value) x control gap