SCIT framework

1. How many types of transmission media are there? Describe each one.
2. Naming 7 layers of OSI model and the roles of them.
3. What is an IP address and domain name? Describe the mechanic to resolve one domain
name to an IP address.
4. How many types of computer networks are there? Describe each one.
5. Listing all kind of network security device and talking about the role of each

6. Describe the roles of router and firewall in a network structure.

7. What is software as a service (SaaS)? Describe the security issues related to SaaS
8. What is hardware as a service (HaaS)? Describe the security issues related to HaaS
9. Describe four activities of security implementation
10. List all security objects, security types and give the examples of each one.
11. Describe 6 network security threats
12. Describe 6 network vulnerabilities
13. Describe six types of cyber crime
14. Define eight types of network attack
15. Define the most important hacker's tool and how they work.
16. What is the difference between server-side and client-side processing and what will be
stored in server-side mode.

17. Describe 4 main components of cryptography

18. What is symmetric encryption, what is asymmetric encryption and what is the difference
between the two.
19. Describe 4 popular symmetric encryption algorithms
20. Talking about 3 public-key encryption algorithms
21. What is a hash function and what are specials of a hash function.
22. Naming four popular hash functions and the application of hash functions.
23. Describe digital certificate and certificate authority CA
24. Describe some firewall services in accordance to OSI layers and give an example of IP
filtering in a firewall.
25. What is DMZ in a network and how does it work?
26. Describe main function of a firewall and the way it protects network resources from
hackers

27. What is IDS, What is IPS and what is difference between the two
28. What is difference between two type of IDS host-based and network-base
29. Describe of three IDS detection methods
30. What is difference between two methods of IPS
31. What is a honeypot and how does it work?
32. Describe four actions an IPS will take when it faces an attack
33. Design a company network which protected by firewall, IPS and IDS
34. Compare the differences between IDS vs IPS
35. Compare the differences between Firewall vs IDS/IPS
36. What is deep packet inspection and what is the difference between DPI and Stateful
Packet Inspection.

37. How does a virus work

38. Which sources can the virus be infected from?
39. What is a polymorphic virus? Give some example of polymorphic virus
40. Describe the way that signature-based antivirus program can find out a virus
41. Describe types of virus. Give some examples
42. What are the purposes of the virus attacks?
43. How to protect yourself from virus attacks?
44. How does an antivirus work
45. Present five methods of an antivirus program to detect the virus in the system
46. What is content filtering and why an antivirus program should have this function

47. Describe five basic access control types

48. Define five logical access control methods.
49. What is multi-factor authentication? describe four common multi-factor authentications
50. Describe the steps of a public-key authentication process
51. Describe the five principle of authorization
52. What principles will make a security policy successful
53. Describe five steps to make a security policy for an organization
54. What activities a security audit company can do for an organization
55. What is access right matrix and give an example of access right matrix for a company
56. Define processes of the security certification

57. What is a hypervisor?

58. What is difference between bare-metal hypervisor and hosted hypervisor
59. Listing top security threats when we apply virtualization technology.
60. Telling us the two opinions of security in a virtualization environment.
61. Listing top security threats of cloud computing environment.
62. What is VDI, talking about advantage and disadvantage of VDI model
63. Describe the two ways of attacking a virtualization system.
64. Describe three levels of cloud services that a company can go through.
65. What are the benefits of cloud computing trends
66. Listing 6 security issues that a company should be aware of when going to the cloud.

67. Listing all security threats of mobile network

68. Why are botnets the most concern of IoT security?
69. Naming all wireless connections your mobile devices may have and which one is the
most unsecured?
70. How many kinds of bluetooth attacks are there? describe each one.
71. How to keep your mobile devices safe?
72. Naming top 10 security threats for mobile devices and how to respond to them.
 73. What is shadow IoT? Please listing some shadow IoT devices in your organization/family
74. Naming 10 security recommendations for the growing up of IoT devices today.
75. What do we have to do to make our SOHO safe in front of attacks over IoT devices?
76. What should you do to prevent data leak when your mobile devices are lost or stolen?

77. Naming layers of TCP/IP stacks and the security protocol for each layer
78. What is TLS/SSL and their applications
79. Describe the working mechanic of VPN and explain why VPN is more secure network
then the others
80. Describe the working process of HTTP over SSL. What is the main difference between
HTTP and HTTPS
81. Describe 6 steps of mutual SSL authentication and the role of CA.

82. Naming three layers of ISO-27000 family and list some details in general guidelines
83. List out five major sectors guidelines of ISO-27002 standards
84. Explain five steps of doing ISO-27000 implementation

Case study question

1. Assuming that you are IT manager of a textile garment company with 2,000 employees.
The company has an office in Hanoi and a factory in Haiduong province. You are
required by the CEO to make a WAN connection from the head office to the factory with
a security solution that comes along for this connection. Please describe this security
solution.

2. Recently, there were a lot of ransomware attacks on Vietnamese companies. Your boss
is very concerned about the network security of your company. Please advise him of the
total security solution in order to respond to ransomware attacks to reduce the damages
if any.

3. Your company provides online services to more than 1 million customers. What security
solutions should you have to do in order to make the services always up and running
smoothly. What you should do to make your customers safe when experiencing your
company’s services.

4. You are working for a university in Vietnam with about 2000 students. Your boss has a
plan to deploy a wifi network within campus to provide internet access for students.
Please present all necessary security measures to make the wifi network secure and
safe for not only students but also employees of the university.

5. Your family is moving to a villa in Ocean Park. The villa is fully equipped with smart
home devices such as living doors, garage door, cameras, swimming pool sensors, door
curtain, lights, alarm and so on. Please tell us how to make your home secure and safe
from intruders and cyber attacks.
6. You are a network security officer of a retail company that owns five supermarkets in
Vietnam. There are about 30,000 consumers visiting your supermarkets everyday and
there are nearly 100,000 transactions daily. Please present a security plan to make sure
that the customers information and transactions are secure in front of hackers from
outside your organization.