Information Security and Risk Assessment MCQ With Answers

Risk Assessment Information Security MCQ Tech Hyme

Even with the most robust security tools in place, it is important to monitor your systems. All security products are man made and can fail or be compromised. As with any other aspect of technology, one should never rely on simply one product or tool. Enabling logging on your systems is one way to put your organization in a position to identify problem areas.

You may also read:

200. Which of the following terms is best defined as a project to identify the threats that exist over key information and information technology?

Vulnerability assessment
Penetration test
Threat analysis
System development life cycle

201. Key escrow is an example of which of the following security principles?

Split knowledge
Two-factor authentication
Need to know
Least privilege

202. Which of the following algorithms is an example of a one-time pad?

DES
AES
RSA
RC4

203. A one-time pad differs from other symmetric key algorithms in that:

A new key is never exchanged
The key is used for one message and then discarded
The length of the key can be longer than for other algorithms
The key dynamically regenerates

204. Which of the following terms relates to increasing the integrity of information on a system?

Fault tolerance
Failover
Checkpoint
Host-based intrusion detection

205. Which of the following processes comes at the end of the system development life cycle?

Accreditation
Logical configuration
Development
Certification

206. Public key cryptographic algorithms can be used for encryption and

Message authentication codes
Digital signatures
Message hashing
Message integrity checks

207. What is the first step in the system development life cycle?

Perform a business impact analysis
Perform a penetration test
Perform a vulnerability assessment
Perform a risk analysis

208. When should security become involved in the systems development life cycle?

Prior to implementation
Prior to all audits
During requirements development
During development

209. To implement the results of a risk assessment, the information security manger should assign responsibilities and

Define an implementation schedule
Define a vulnerability matrix
Define a system development life cycle
Define a matrix for prototyping

210. When comparing the security of wireless networks with traditional or cabled networking:

Wired networking provides more points for potential eavesdropping
Eavesdropping is not possible on a wireless network
Wired networking provides some protection from eavesdropping
Eavesdropping is not possible on a wireless network

211. In order to determine the metrics for your network you will need to begin with a measurement of current network conditions. This is called a

Threat assessment
Baseline
Risk assessment
Prototype

212. Which of the following can be a disadvantage of using a centralized access control system?

Lack of consistent administration
Lack of resource control
Difficulty in synchronizing account information
It can create a single point of failure

213. A formal acceptance, by management, of a third-party review of the security controls of a system, network, or application is:

Certification
Authentication
Accreditation
Classification

214. Prior to development, to determine possible exposure points to a new application in your organization the information security manager would perform a:

Vulnerability assessment
Business impact analysis
Risk assessment
Penetration test

215. Which of the following technologies or standards would apply to authenticating a wireless network connection?

Wired equivalent privacy
802.11b
802.11a
802.1x

216. Wired Equivalent Privacy (WEP) is a control that increases which of the basic principles of information security management?

Confidentiality
Integrity
Availability
Authenticity

217. Service level agreements with a managed service provider provide minimum requirements and are included in a:

Contract
Policy
Procedure
Standard

218. For e-mail messages with the greatest sensitivity which of the following technologies would have to be employed to provide confidentiality, integrity, and authenticity?

Digital signatures
Message digests
Private key encryption
Digital signatures and encryption

219. Which of the following technologies provides a mechanism for storing a digital certificate?

Magnetic cards
Smart cards
Stream cipher
Block cipher

220. Which layer of the OSI model would be responsible for ensuring reliable end-to-end delivery of a message?

Physical
Application
Session
Transport

221. At what layer of the OSI model would a proxy-based firewall exist?

Physical
Application
Session
Transport

222. Message Digest version five (MD5) is an algorithm that is used to ensure message:

Integrity
Authenticity
Confidentiality
Fault Tolerance

223. Creating a message digest is often the first step in creating a:

Packet
Digital signature
Public key
Private key

224. An attacker who is attempting to defeat an access control system often starts by performing which of the common types of attacks?

Brute force attack
Denial-of-service attack
Distributed denial-of-service attack
Dictionary attack

225. Temporal Key Integrity Protocol (TKIP) is a component of Wi-Fi Protected Access (WPA). What is the major advantage with using TKIP?

TKIP ensures data integrity
TKIP allows data encryption keys to be changed at regular time intervals
TKIP provides protection against wireless denial-of-service attacks
TKIP increases the signal strength of wireless networks

226. An e-mail with a large attachment designed to slow down the response time for the e-mail server is a representation of what type of malicious code?

Trojan horse
Worm
E-mail bomb
Logic bomb

227. What type of malicious code is a code fragment that attaches to a file and often replicates through the sharing of files on a network?

Virus
Worm
E-mail bomb
Logic bomb

228. What type of malicious code is typically a complete file that infects only one place on a single system and replicates through the network without file sharing?