October 23, 2021

TECH HYME

A Blog For Tech Enthusiasts

Information Security and Risk Assessment MCQ With Answers – Part 4

5 min read
Risk Assessment Information Security MCQ Tech Hyme

Strong security can be used to gain a competitive advantage in the marketplace. Having secured systems that are accessible 24/7 means that an organization can reach and communicate with its clients more efficiently. An organization that becomes recognized as a good custodian of client records and information can incorporate its security record as part of its branding.

You may also read:

100. Service-level agreements with a managed service provider provide minimum requirements and are included in a

  1. Contract
  2. Policy
  3. Procedure
  4. Standard

101. For e-mail messages with the greatest sensitivity which of the following technologies would have to be employed to provide confidentiality, integrity, and authenticity?

  1. Digital signatures
  2. Message digests
  3. Private key encryption
  4. Digital signatures and encryption

102. Which of the following technologies provide a mechanism for storing a digital certificate?

  1. Magnetic cards
  2. Smart cards
  3. Stream cipher
  4. Block cipher

103. Which layer of the OSI model would be responsible for ensuring reliable end-to-end delivery of a message?

  1. Physical
  2. Application
  3. Session
  4. Transport

104. At what layer of the OSI model would a proxy-based firewall exist?

  1. Physical
  2. Application
  3. Session
  4. Transport

105. Message Digest version five (MD5) is an algorithm that is used to ensure message:

  1. Integrity
  2. Authenticity
  3. Confidentiality
  4. Fault tolerance

106. Creating a message digest is often the first step in creating a

  1. Packet
  2. Digital signature
  3. Public key
  4. Private key

107. An attacker who is attempting to defeat an access control system often starts by performing which of the common types of attacks?

  1. Brute force attack
  2. Denial-of-service attack
  3. Distributed denial-of-service attack
  4. Dictionary attack

108. Temporal Key Integrity Protocol (TKIP) is a component of Wi-Fi Protected Access (WPA). What is the major advantage of using TKIP?

  1. TKIP ensures data integrity.
  2. TKIP allows data encryption keys to be changed at regular time intervals.
  3. TKIP provides protection against wireless denial-of-service attacks.
  4. TKIP increases the signal strength of wireless networks.

109. An e-mail with a large attachment designed to slow down the response time for the e-mail server is a representation of what type of malicious code?

  1. Trojan horse
  2. Worm
  3. E-mail bomb
  4. Logic bomb

110. What type of malicious code is a code fragment that attaches to a file and often replicates through the sharing of files on a network?

  1. Virus
  2. Worm
  3. E-mail bomb
  4. Logic bomb

111. What type of malicious code is typically a complete file that infects only one place on a single system and replicates through the network without file sharing?

  1. Virus
  2. Worm
  3. E-mail bomb
  4. Logic bomb

112. True or false: Private key cryptography requires less processing power than public key cryptography.

  • Answer True

113. Which of the following IPSEC-related terms will help resolve authentication issues present in Internet Protocol (IP)?

  1. High-level Message Authentication Code (HMAC)
  2. Authentication Headers (AH)
  3. Encapsulated Secure Payload (ESP)
  4. Data Encryption Standard (DES)

114. Which of the following IPSEC-related terms will help resolve confidentiality issues present in Internet Protocol (IP)?

  1. High-level Message Authentication Code (HMAC)
  2. Authentication Headers (AH)
  3. Encapsulated Secure Payload (ESP)
  4. Data Encryption Standard (DES)

115. Which of the following is true regarding IPSEC?

  1. IPSEC will encapsulate Internet Protocol (IP) traffic only.
  2. IPSEC will support only one concurrent tunnel.
  3. IPSEC operates at the physical layer of the ODI model.
  4. IPSEC requires the use of Public Key Infrastructure (PKI).

116. Presenting a fraudulent Internet Protocol (IP) address to attempt to bypass the access control enforced by a stateful inspection firewall is an example of what common type of network attack?

  1. Social engineering
  2. Spoofing
  3. SYN flood
  4. Steganography

117. Which of the following positions would be most likely to determine the security policy regarding access of information on a system?

  1. Users
  2. Business process owner
  3. Senior management
  4. Information security manager

118. Which of the following groups or organizations is most commonly used to develop baselines for information systems?

  1. Developers
  2. Programmers
  3. Software vendors
  4. Promotion to production staff

119. Which type of malicious detection software would detect a polymorphic virus by comparing the function of the application rather than comparing it to known signature?

  1. Heuristic scanner
  2. Host-based intrusion detection
  3. Network-based intrusion detection
  4. Gateway anti-virus scanner

120. What is a primary difference between Secure Sockets Layer (SSL) and Secure HyperText Transfer Protocol (SHTTP)?

  1. SSL only encrypts Web traffic.
  2. SHTTP does not encrypt the data.
  3. SSL does not encrypt the data.
  4. SSL is a transport-layer protocol.

121. Which statement most accurately reflects the encryption used by SSL?

  1. The session key is encrypted using asymmetric key encryption and the bulk data is encrypted with symmetric encryption.
  2. The bulk data transfer is encrypted using asymmetric encryption; the key is exchanged out of band.
  3. SSL uses asymmetric encryption for both session key exchange and bulk data encryption.
  4. SSL does not use encryption.

122. If you wanted to ensure the integrity of a message, which of the following technologies would provide the most insurance against tampering?

  1. Logging before and after records
  2. Digital signatures
  3. Asymmetric encryption
  4. Symmetric encryption

123. A vendor is recommending implementation of a new technology that will give your application nonrepudiation. Which of the following primary tenants of infor mation security will be addressed with this solution?

  1. Availability and integrity
  2. Confidentiality and integrity
  3. Confidentiality and authenticity
  4. Authenticity and integrity

124. Which of the following primary tenants of information security will be addressed by using 802.1x with a wireless network?

  1. Authentication
  2. Availability
  3. Integrity
  4. Confidentiality

125. Which of the following technologies is commonly used in conjunction with 802.1x authentication?

  1. Remote Authentication Dial In User Service (RADIUS)
  2. Single Sign On (SSO)
  3. Public Key Infrastructure (PKI)
  4. Intrusion Detection System (IDS)

126. Which common type of access control system assigns rights to job functions and not user accounts?

  1. Rule-based access control
  2. Role-based access control
  3. Mandatory access control
  4. Discretionary access control

127. Which of the following is an example of security issues that can occur within the system development life cycle?

  1. Lack of senior management support.
  2. Security is not involved in the requirements development.
  3. Vendor interoperability.
  4. Network latency.

128. The information security manager needs to be most aware of which of the following issues when implementing new security controls?

  1. Impact on end users
  2. Senior management support
  3. System development life cycle
  4. Annual loss expectancy

129. Which of the following security concerns needs to be addressed during the disposal phase of the system development life cycle?

  1. Maintaining integrity of information
  2. Maintaining availability of the system
  3. Maintaining nonrepudiation of user access
  4. Maintaining confidentiality of information

130. Change control can be used in many phases on the system development life cycle. At which phase of the system development life cycle would you not use a change control process?

  1. Development
  2. Installation
  3. Disposal
  4. Requirements

131. Which of the following types of controls would affect direct access to system consoles?

  1. Process
  2. Platform
  3. Physical
  4. Network

132. Which of the following types of controls would directly affect the security of an operating system?

  1. Process
  2. Platform
  3. Physical
  4. Network

 

Leave a Reply