Information Security and Risk Assessment MCQ With Answers – Part 3

Risk Assessment Information Security MCQ Tech Hyme

Many businesses believe that if they purchase enough equipment like Firewalls, IPS/IDS, Antivirus’s etc, they can create a secure infrastructure. These type of security products are just some of the tools available to assist in protecting a network and its data. It is also important to keep in mind that no product will create a secure organization by itself. Security is a process; there is no tool that you can set and forget.

You may also read:

67. Which of the following is often a disadvantage of using a closed system?

  1. Lack of end user support.
  2. Lack of product functionality.
  3. The source code cannot be verified.
  4. The source code is provided by the Internet community at large.

68. Which of the following is an advantage of an open system?

  1. End-user support.
  2. The source code can be verified.
  3. Difficulty in management.
  4. All users are always permitted to access the system.

69. What would be a disadvantage of deploying a proxy-based firewall?

  1. Proxy-based firewalls may not support custom applications.
  2. Proxy-based firewalls inspect to only the network layer of the OSI model.
  3. Proxy-based firewalls cannot block unwanted traffic.
  4. Proxy-based firewalls do not provide network address translation.

70. Which of the following is true of a stateful inspection firewall?

  1. Stateful inspection firewalls protect through all layers of the OSI model.
  2. Stateful inspection firewalls support more custom applications than other firewalls.
  3. Stateful inspection firewalls are faster then other firewalls.
  4. Stateful inspection firewalls do not provide network address translation.

71. Which of the following is true regarding a packet filter firewall?

  1. Packet filter firewalls provide more protection than other firewalls.
  2. Packet filter firewalls provide protection through the entire OSI model.
  3. Packet filter firewalls do not provide network address translation.
  4. Packet filter firewalls provide less protection than other firewalls.

72. Which of the following would be an advantage to deploying public key (asymmetric) as opposed to private key (symmetric) encryption technologies?

  1. Public key is more scalable.
  2. Public key encryption is faster.
  3. Public key requires less infrastructure.
  4. Private key is easier on the end-user community.

73. Digital signatures encrypt the message hash with which of the following keys?

  1. Sender’s public key
  2. Sender’s private key
  3. Receiver’s public key
  4. Receiver’s private key

74. What term is best defined as a model used to determine the security and functionality of a proposed project?

  1. Prototype
  2. Checkpoint
  3. Journaling
  4. Service level agreement

75. What is an advantage in performing a vulnerability assessment over a penetration test?

  1. Penetration tests test the entire network.
  2. Vulnerability assessments compromise a system or network.
  3. Vulnerability assessments are a structured repeatable test.
  4. Vulnerability assessments are faster to conduct than penetration testing.

76. What advantage does discretionary access control have over mandatory access control?

  1. Mandatory access control is easier to implement.
  2. Discretionary access control uses extensive labeling.
  3. Discretionary access control has less administrative overhead.
  4. Discretionary access control is determined by policy.

77. Which of the following technologies protects the confidentiality of information by embedding the message into an image or music file?

  1. Public key cryptography
  2. Private key cryptography
  3. Digital signatures
  4. Steganography

78. Which of the following algorithms is a public key algorithm?

  1. DES
  2. AES
  3. RC4
  4. RSA

79. Two-factor authentication can be established by combining something you have, you are, and which of the following terms?

  1. You know.
  2. You read.
  3. You touch.
  4. You need.

80. Which of the following can be a security concern with hostbased single-sign-on implementations?

  1. Passwords are often stored in plaintext.
  2. Passwords are often transmitted in plaintext.
  3. The authentication host can be a single point of failure.
  4. Lack of scalability.

81. A Message Authentication Code (MAC) is a message digest encrypted with which of the following keys?

  1. The sender’s public key
  2. The session key
  3. The receiver’s public key
  4. The server’s public key

82. Message hashes provide which of the following principles of information security management?

  1. Integrity
  2. Confidentiality
  3. Availability
  4. Authentication

83. Which of the following terms is best defined as a project to identify the threats that exist over key information and information technology?

  1. Vulnerability assessment
  2. Penetration test
  3. Threat analysis
  4. System development life cycle

84. Key escrow is an example of which of the following security principles?

  1. Split knowledge
  2. Two-factor authentication
  3. Need to know
  4. Least privilege

85. Which of the following algorithms is an example of a one-time pad?

  1. DES
  2. AES
  3. RSA
  4. RC4

86. A one-time pad differs from other symmetric key algorithms in that:

  1. A new key is never exchanged.
  2. The key is used for one message and then discarded.
  3. The length of the key can be longer than for other algorithms.
  4. The key dynamically regenerates.

87. Which of the following terms relates to increasing the integrity of information on a system?

  1. Fault tolerance
  2. Fail over
  3. Checkpoint
  4. Host-based intrusion detection

88. Which of the following processes comes at the end of the system development life cycle?

  1. Accreditation
  2. Logical configuration
  3. Development
  4. Certification

89. Public key cryptographic algorithms can be used for encryption and

  1. Message authentication codes
  2. Digital signatures
  3. Message hashing
  4. Message integrity checks

90. What is the first step in the system development life cycle?

  1. Perform a business impact analysis.
  2. Perform a penetration test.
  3. Perform a vulnerability assessment.
  4. Perform a risk analysis.

91. When should security become involved in the systems development life cycle?

  1. Prior to implementation
  2. Prior to all audits
  3. During requirements development
  4. During development

92. To implement the results of a risk assessment, the information security manger should assign responsibilities and

  1. Define an implementation schedule.
  2. Define an vulnerability matrix.
  3. Define a system development life cycle.
  4. Define a matrix for prototyping.

93. When comparing the security of wireless networks with traditional or cabled networking:

  1. Wired networking provides more points for potential eavesdropping.
  2. Eavesdropping is not possible on a wireless network.
  3. Wired networking provides some protection from eavesdropping.
  4. Eavesdropping is not possible on a wireless network.

94. In order to determine the metrics for your network you will need to begin with a measurement of current network conditions. This is called a

  1. Threat assessment
  2. Baseline
  3. Risk assessment
  4. Prototype

95. Which of the following can be a disadvantage of using a centralized access control system?

  1. Lack of consistent administration.
  2. Lack of resource control.
  3. Difficulty in synchronizing account information.
  4. It can create a single point of failure.

96. A formal acceptance, by management, of a third-party review of the security controls of a system, network, or application is:

  1. Certification
  2. Authentication
  3. Accreditation
  4. Classification

97. Prior to development, to determine possible exposure points to a new application in your organization the information security manager would perform a

  1. Vulnerability assessment
  2. Business impact analysis
  3. Risk assessment
  4. Penetration test

98. Which of the following technologies or standards would apply to authenticating a wireless network connection?

  1. Wired equivalent privacy
  2. 802.11b
  3. 802.11a
  4. 802.1x

99. Wired Equivalent Privacy (WEP) is a control that increases which of the basic principles of information security management?

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authenticity

 

 

Leave a Reply