Information Security and Risk Assessment MCQ With Answers

Risk Assessment Information Security MCQ Tech Hyme

Strong security can be used to gain a competitive advantage in the marketplace. Having secured systems that are accessible 24/7 means that an organization can reach and communicate with its clients more efficiently. An organization that becomes recognized as a good custodian of client records and information can incorporate its security record as part of its branding.

You may also read:

100. Service-level agreements with a managed service provider provide minimum requirements and are included in a

Contract
Policy
Procedure
Standard

101. For e-mail messages with the greatest sensitivity which of the following technologies would have to be employed to provide confidentiality, integrity, and authenticity?

Digital signatures
Message digests
Private key encryption
Digital signatures and encryption

102. Which of the following technologies provide a mechanism for storing a digital certificate?

Magnetic cards
Smart cards
Stream cipher
Block cipher

103. Which layer of the OSI model would be responsible for ensuring reliable end-to-end delivery of a message?

Physical
Application
Session
Transport

104. At what layer of the OSI model would a proxy-based firewall exist?

Physical
Application
Session
Transport

105. Message Digest version five (MD5) is an algorithm that is used to ensure message:

Integrity
Authenticity
Confidentiality
Fault tolerance

106. Creating a message digest is often the first step in creating a

Packet
Digital signature
Public key
Private key

107. An attacker who is attempting to defeat an access control system often starts by performing which of the common types of attacks?

Brute force attack
Denial-of-service attack
Distributed denial-of-service attack
Dictionary attack

108. Temporal Key Integrity Protocol (TKIP) is a component of Wi-Fi Protected Access (WPA). What is the major advantage of using TKIP?

TKIP ensures data integrity.
TKIP allows data encryption keys to be changed at regular time intervals.
TKIP provides protection against wireless denial-of-service attacks.
TKIP increases the signal strength of wireless networks.

109. An e-mail with a large attachment designed to slow down the response time for the e-mail server is a representation of what type of malicious code?

Trojan horse
Worm
E-mail bomb
Logic bomb

110. What type of malicious code is a code fragment that attaches to a file and often replicates through the sharing of files on a network?

Virus
Worm
E-mail bomb
Logic bomb

111. What type of malicious code is typically a complete file that infects only one place on a single system and replicates through the network without file sharing?

Virus
Worm
E-mail bomb
Logic bomb

112. True or false: Private key cryptography requires less processing power than public key cryptography.

Answer True

113. Which of the following IPSEC-related terms will help resolve authentication issues present in Internet Protocol (IP)?

High-level Message Authentication Code (HMAC)
Authentication Headers (AH)
Encapsulated Secure Payload (ESP)
Data Encryption Standard (DES)

114. Which of the following IPSEC-related terms will help resolve confidentiality issues present in Internet Protocol (IP)?

High-level Message Authentication Code (HMAC)
Authentication Headers (AH)
Encapsulated Secure Payload (ESP)
Data Encryption Standard (DES)

115. Which of the following is true regarding IPSEC?

IPSEC will encapsulate Internet Protocol (IP) traffic only.
IPSEC will support only one concurrent tunnel.
IPSEC operates at the physical layer of the ODI model.
IPSEC requires the use of Public Key Infrastructure (PKI).

116. Presenting a fraudulent Internet Protocol (IP) address to attempt to bypass the access control enforced by a stateful inspection firewall is an example of what common type of network attack?

Social engineering
Spoofing
SYN flood
Steganography

117. Which of the following positions would be most likely to determine the security policy regarding access of information on a system?

Users
Business process owner
Senior management
Information security manager

118. Which of the following groups or organizations is most commonly used to develop baselines for information systems?

Developers
Programmers
Software vendors
Promotion to production staff

119. Which type of malicious detection software would detect a polymorphic virus by comparing the function of the application rather than comparing it to known signature?

Heuristic scanner
Host-based intrusion detection
Network-based intrusion detection
Gateway anti-virus scanner

120. What is a primary difference between Secure Sockets Layer (SSL) and Secure HyperText Transfer Protocol (SHTTP)?

SSL only encrypts Web traffic.
SHTTP does not encrypt the data.
SSL does not encrypt the data.
SSL is a transport-layer protocol.

121. Which statement most accurately reflects the encryption used by SSL?

The session key is encrypted using asymmetric key encryption and the bulk data is encrypted with symmetric encryption.
The bulk data transfer is encrypted using asymmetric encryption; the key is exchanged out of band.
SSL uses asymmetric encryption for both session key exchange and bulk data encryption.
SSL does not use encryption.

122. If you wanted to ensure the integrity of a message, which of the following technologies would provide the most insurance against tampering?

Logging before and after records
Digital signatures
Asymmetric encryption
Symmetric encryption

123. A vendor is recommending implementation of a new technology that will give your application nonrepudiation. Which of the following primary tenants of infor mation security will be addressed with this solution?

Availability and integrity
Confidentiality and integrity
Confidentiality and authenticity
Authenticity and integrity

124. Which of the following primary tenants of information security will be addressed by using 802.1x with a wireless network?

Authentication
Availability
Integrity
Confidentiality

125. Which of the following technologies is commonly used in conjunction with 802.1x authentication?

Remote Authentication Dial In User Service (RADIUS)
Single Sign On (SSO)
Public Key Infrastructure (PKI)
Intrusion Detection System (IDS)

126. Which common type of access control system assigns rights to job functions and not user accounts?

Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control

127. Which of the following is an example of security issues that can occur within the system development life cycle?

Lack of senior management support.
Security is not involved in the requirements development.
Vendor interoperability.
Network latency.

128. The information security manager needs to be most aware of which of the following issues when implementing new security controls?

Impact on end users
Senior management support
System development life cycle
Annual loss expectancy

129. Which of the following security concerns needs to be addressed during the disposal phase of the system development life cycle?

Maintaining integrity of information
Maintaining availability of the system
Maintaining nonrepudiation of user access
Maintaining confidentiality of information

130. Change control can be used in many phases on the system development life cycle. At which phase of the system development life cycle would you not use a change control process?