Chapter 10 Review questions Page 380-381 1. What is the difference between authentication and authorization? Can a system permit authorization without authentication? Why or why not? 4. What is the typical relationship between the untrusted network, the firewall, and the trusted network? 5. How is an application layer firewall different from a packet filtering firewall? Why an application layer firewall is sometimes called a proxy server? 11. What is network footprinting? What is network fingerprinting? How are they related? 15. What are the main components of cryptology? 17. Define asymmetric encryption. Why would it be of interest to information security professionals? 19. Explain the key differences between symmetric and asymmetric encryption. Which can the computer process faster? Which lowers the costs associated with key management? 20. What is VPN? Why are VPNs widely used? Chapter 11 Review questionsPage 423 1. When an organization undertakes an information security-driven review of job descriptions, which job descriptions must be reviewed? Which IT jobs not directly associated with information security should be reviewed? 2. List and describe the criteria for selecting information security personnel. 4. What attributes do organizations seek in a candidate when hiring information security professionals? Prioritize this list of attributes and justify your ranking. 5. What are the critical issues that management must consider when dismissing an employee? Do these issues change based on whether the departure is friendly or hostile? 9. What functions does the CISO perform, and what are the key qualifications and requrements for the position? 10. What functions does the security manager perform, and what are the key qualifications and requirements of the position? 11. What functions does the security technician perform, and what are the key qualifications and requirements for the position. 12. What functions does the internal security consultant perform, and what are the key qualifications and requirements for the position? 13. What is the rationale for acquiring professional credentials? 14. List and describe the certification credentials available to information security professionals. 19. What is separation of duties? How can this method be used to improve and organizations information security practices? 20. What is least privilege? Why is implementing least privilege important?