Efecto del Latanoprost en la expresión de MMPs y TIMPs en el cuerpo ciliar

Clases de MMPs:

4.8.5 Efecto del Latanoprost en la expresión de MMPs y TIMPs en el cuerpo ciliar

1. A. A privilege audit is used to determine that all groups, users, and other accounts have

the appropriate privileges assigned according to the policies of an organization. For more information, see Chapter 8.

2. D. A mantrap limits access to a small number of individuals. It could be, for example, a

small room. Mantraps typically use electronic locks and other methods to control access. For more information, see Chapter 6.

3. B. Public-Key Cryptography Standards is a set of voluntary standards for public-key cryp-

tography. This set of standards is coordinated by RSA. For more information, see Chapter 7.

4. B. Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a

wired network. WEP has vulnerabilities and isn’t considered highly secure. For additional information, see Chapter 7.

5. C. The Process layer interfaces with applications and encapsulates traffic through the

Host-to-Host or Transport layer, the Internet layer, and the Network Access layer. For more information, see Chapter 2.

6. B. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that can be used between

LANs. L2TP isn’t secure, and you should use IPSec with it to provide data security. For more information, see Chapter 3.

7. A. A DMZ (demilitarized zone) is an area in a network that allows restrictive access to

untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. For more information, see Chapter 1.

8. C. A key recovery process must be able to recover a previous key. If the previous key can’t

be recovered, then all the information for which the key was used will be irrecoverably lost. For more information, see Chapter 7.

9. D. A flood attack is designed to overload a protocol or service by repeatedly initiating a

request for service. This type of attack usually results in a DoS (denial of service) situation occurring because the protocol freezes or excessive bandwidth is used in the network as a result of the requests. For more information, see Chapter 2.

10. B. A sensor collects data from the data source and passes it on to the analyzer. If the analyzer

determines that unusual activity has occurred, an alert may be generated. For additional information, see Chapter 4.

11. A. Hardening is the term used to describe the process of securing a system. This is accom-

plished in many ways, including disabling unneeded protocols. For additional information on hardening, see Chapter 5.

12. A. To meet the goal of integrity, you must verify that information being used is accurate and hasn’t been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. For more information, see Chapter 1.

13. D. Online Certificate Status Protocol (OCSP) is the mechanism used to immediately verify

whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn’t current once it’s published. For additional information, see Chapter 7.

14. B. Partitioning is the process of breaking a network into smaller components that can each

be individually protected. The concept is the same as building walls in an office building. For additional information, see Chapter 6.

15. A. IM and other systems allow unsuspecting users to download files that may contain

viruses. Due to a weakness in the file extension naming conventions, a file that appears to have one extension may actually have another extension. For example, the file account. doc.vbs would appear in many applications as account.doc, but it’s actually a Visual Basic script and could contain malicious code. For additional information, see Chapter 4.

16. B. Access control lists (ACLs) are used to allow or deny an IP address access to a network.

ACL mechanisms are implemented in many routers, firewalls, and other network devices. For additional information, see Chapter 5.

17. B. The default port for a web server is port 80. By changing the port to 1019, you force

users to specify this port when they are using a browser. This action provides a little additional security for your website. Adding a firewall to block port 80 would secure your website so much that no one would be able to access it. For more information, see Chapter 3.

18. D. A worm is designed to multiply and propagate. Worms may carry viruses that cause sys-

tem destruction, but that isn’t their primary mission. For more information, see Chapter 2.

19. A. Social engineering is using human intelligence methods to gain access or information

about your organization. For additional information, see Chapter 6.

20. C. In most environments, FTP sends account and password information unencrypted.

This makes these accounts vulnerable to network sniffing. For additional information, see Chapter 5.

21. A. An intrusion detection system (IDS) provides active monitoring and rule-based responses

to unusual activities on a network. A firewall provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IDS would notify you based on rules it’s designed to implement. For more information, see Chapter 3.

22. B. The chain of custody ensures that each step taken with evidence is documented and

accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. For additional information, see Chapter 8.

23. A. Steganography is the process of hiding one message in another. Steganography may

xlvi Answers to Assessment Test

24. C. The use policy is also referred to as the usage policy. It should state acceptable uses

of computer and organizational resources by employees. This policy should outline con- sequences of noncompliance. For additional information, see Chapter 8.

25. B. The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange

key information. This session creates a secret key. When the key has been exchanged, the regular session begins. For more information, see Chapter 7.

26. A. Elliptic Curve Cryptography (ECC) would probably be your best choice for a PDA.

ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. For additional information, see Chapter 7.

27. B. An incremental backup will generally be the fastest of the backup methods because

it backs up only the files that have changed since the last incremental or full backup. See Chapter 8 for more information.

28. C. Biometrics is the authentication process that uses physical characteristics, such as a palm

print or retinal pattern, to establish identification. For more information, see Chapter 1.

29. C. Role-Based Access Control (RBAC) is primarily concerned with providing access to

systems that a user needs based on the user’s role in the organization. For more information, see Chapter 8.

30. A. Computer forensics is the process of investigating a computer system to determine the

cause of an incident. Part of this process would be gathering evidence. For additional information, see Chapter 8.

1 Concepts

The FollowinG CompTiA SeCuriTy+

exAm objeCTiveS Are Covered in

ThiS ChApTer:

1.6 Explain the purpose and application of virtualization

Û Û

technology.

2.2 Distinguish between network design elements and

Û Û components. DMZ Û N VLAN Û N NAT Û N Network interconnections Û N NAC Û N Subnetting Û N Telephony Û N

3.7 Deploy various authentication models and identify

Û Û

the components of each.

Biometric reader Û N Kerberos Û N CHAP Û N PAP Û N Mutual Û N

3.8 Explain the difference between identification and

Û Û

Security is unlike any other topic in computing. To begin with, the word is so encompassing that it is impossible to know what you mean just by using it. When you talk about security, do you mean physical security of servers and workstations and protecting them from those who might try to steal them or from damage that might occur if the side of the building collapses? Or do you mean the security of data and protecting it from viruses and worms or from hack- ers and miscreants who have suddenly targeted you and have no other purpose in life than to keep you up at night? Or maybe security to you is the comfort that comes in knowing that you can restore files if a user accidentally deletes them.

The first problem with security is that it is next to impossible for everyone to agree on what it means because it can include all of these items. The next problem with security is that we don’t really mean that we want things to be completely secured. If you wanted the customer list file to truly be secure, you would never put it on the server and make it available. It is on the server because you need to access it and so do 30 other people. In this sense, security means that only 30 people can get to it and not anyone outside of the select 30.

The next problem is that while everyone wants security, no one wants to be inconvenienced by it. To use an analogy, few are the travelers who do not feel safer by watching airport personnel frisk and pat down all who head to the terminal—they just don’t want it to happen to them. This is true in computing as well; we all want to make sure data is accessed only by those who truly should be working with it, but we don’t want to have to enter 12-digit passwords and submit to retinal scans.

As a computer security professional, you have to understand all of these concerns. You have to know that a great deal is expected of you but few users want to be hassled or inconvenienced by the measures you must put in place. You have a primary responsibility to protect and safeguard the information your organization uses. Many times that means educating your users and making certain they understand the “why” behind what is being implemented.

Security is a high-growth area in the computer industry, and it has been for several years now. The need for qualified people is increasing rapidly, as a search of job boards will quickly illustrate. Your pursuit of the Security+ certificate is a good first step in this process. Security+ is not the only security certification on the market, and it is not even the only entry-level certification available to you. It is, however, the only one to truly focus on the topics that most think of when security comes to mind. To pass it, you must have a broad knowledge of all the different types of security mentioned in the first paragraph.

In this chapter, I’ll discuss the various aspects of computer security as they relate to your job. I will introduce the basics of computer security and provide several models you can use to understand the risks your organization faces. Not stopping there, I will also present steps you must take in order to minimize those risks.

In document Asociación de polimorfismos de un nucleótido simple (SNPs) de los genes de metaloproteinasas y del receptor de Prostaglandina F2 alfa con la respuesta clínica al Latanoprost en pacientes glaucomatosos (página 43-47)