November 27, 2021

TECH HYME

A Blog For Tech Enthusiasts

Information Security and Risk Assessment MCQ With Answers – Part 7

5 min read
Risk Assessment Information Security MCQ Tech Hyme

Even with the most robust security tools in place, it is important to monitor your systems. All security products are man made and can fail or be compromised. As with any other aspect of technology, one should never rely on simply one product or tool. Enabling logging on your systems is one way to put your organization in a position to identify problem areas.

You may also read:

200. Which of the following terms is best defined as a project to identify the threats that exist over key information and information technology?

  1. Vulnerability assessment
  2. Penetration test
  3. Threat analysis
  4. System development life cycle

201. Key escrow is an example of which of the following security principles?

  1. Split knowledge
  2. Two-factor authentication
  3. Need to know
  4. Least privilege

202. Which of the following algorithms is an example of a one-time pad?

  1. DES
  2. AES
  3. RSA
  4. RC4

203. A one-time pad differs from other symmetric key algorithms in that:

  1. A new key is never exchanged
  2. The key is used for one message and then discarded
  3. The length of the key can be longer than for other algorithms
  4. The key dynamically regenerates

204. Which of the following terms relates to increasing the integrity of information on a system?

  1. Fault tolerance
  2. Failover
  3. Checkpoint
  4. Host-based intrusion detection

205. Which of the following processes comes at the end of the system development life cycle?

  1. Accreditation
  2. Logical configuration
  3. Development
  4. Certification

206. Public key cryptographic algorithms can be used for encryption and

  1. Message authentication codes
  2. Digital signatures
  3. Message hashing
  4. Message integrity checks

207. What is the first step in the system development life cycle?

  1. Perform a business impact analysis
  2. Perform a penetration test
  3. Perform a vulnerability assessment
  4. Perform a risk analysis

208. When should security become involved in the systems development life cycle?

  1. Prior to implementation
  2. Prior to all audits
  3. During requirements development
  4. During development

209. To implement the results of a risk assessment, the information security manger should assign responsibilities and

  1. Define an implementation schedule
  2. Define a vulnerability matrix
  3. Define a system development life cycle
  4. Define a matrix for prototyping

210. When comparing the security of wireless networks with traditional or cabled networking:

  1. Wired networking provides more points for potential eavesdropping
  2. Eavesdropping is not possible on a wireless network
  3. Wired networking provides some protection from eavesdropping
  4. Eavesdropping is not possible on a wireless network

211. In order to determine the metrics for your network you will need to begin with a measurement of current network conditions. This is called a

  1. Threat assessment
  2. Baseline
  3. Risk assessment
  4. Prototype

212. Which of the following can be a disadvantage of using a centralized access control system?

  1. Lack of consistent administration
  2. Lack of resource control
  3. Difficulty in synchronizing account information
  4. It can create a single point of failure

213. A formal acceptance, by management, of a third-party review of the security controls of a system, network, or application is:

  1. Certification
  2. Authentication
  3. Accreditation
  4. Classification

214. Prior to development, to determine possible exposure points to a new application in your organization the information security manager would perform a:

  1. Vulnerability assessment
  2. Business impact analysis
  3. Risk assessment
  4. Penetration test

215. Which of the following technologies or standards would apply to authenticating a wireless network connection?

  1. Wired equivalent privacy
  2. 802.11b
  3. 802.11a
  4. 802.1x

216. Wired Equivalent Privacy (WEP) is a control that increases which of the basic principles of information security management?

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authenticity

217. Service level agreements with a managed service provider provide minimum requirements and are included in a:

  1. Contract
  2. Policy
  3. Procedure
  4. Standard

218. For e-mail messages with the greatest sensitivity which of the following technologies would have to be employed to provide confidentiality, integrity, and authenticity?

  1. Digital signatures
  2. Message digests
  3. Private key encryption
  4. Digital signatures and encryption

219. Which of the following technologies provides a mechanism for storing a digital certificate?

  1. Magnetic cards
  2. Smart cards
  3. Stream cipher
  4. Block cipher

220. Which layer of the OSI model would be responsible for ensuring reliable end-to-end delivery of a message?

  1. Physical
  2. Application
  3. Session
  4. Transport

221. At what layer of the OSI model would a proxy-based firewall exist?

  1. Physical
  2. Application
  3. Session
  4. Transport

222. Message Digest version five (MD5) is an algorithm that is used to ensure message:

  1. Integrity
  2. Authenticity
  3. Confidentiality
  4. Fault Tolerance

223. Creating a message digest is often the first step in creating a:

  1. Packet
  2. Digital signature
  3. Public key
  4. Private key

224. An attacker who is attempting to defeat an access control system often starts by performing which of the common types of attacks?

  1. Brute force attack
  2. Denial-of-service attack
  3. Distributed denial-of-service attack
  4. Dictionary attack

225. Temporal Key Integrity Protocol (TKIP) is a component of Wi-Fi Protected Access (WPA). What is the major advantage with using TKIP?

  1. TKIP ensures data integrity
  2. TKIP allows data encryption keys to be changed at regular time intervals
  3. TKIP provides protection against wireless denial-of-service attacks
  4. TKIP increases the signal strength of wireless networks

226. An e-mail with a large attachment designed to slow down the response time for the e-mail server is a representation of what type of malicious code?

  1. Trojan horse
  2. Worm
  3. E-mail bomb
  4. Logic bomb

227. What type of malicious code is a code fragment that attaches to a file and often replicates through the sharing of files on a network?

  1. Virus
  2. Worm
  3. E-mail bomb
  4. Logic bomb

228. What type of malicious code is typically a complete file that infects only one place on a single system and replicates through the network without file sharing?

  1. Virus
  2. Worm
  3. E-mail bomb
  4. Logic bomb

229. True or False: Private key cryptography requires less processing power than public key cryptography.

  • Answer True

230. Which of the following IPsec-related terms will help resolve authentication issues present in Internet Protocol (IP)?

  1. High-level Message Authentication Code (HMAC)
  2. Authentication Headers (AH)
  3. Encapsulated Secure Payload (ESP)
  4. Data Encryption Standard (DES)

231. Which of the following IPsec-related terms will help resolve confidentiality issues present in Internet Protocol (IP)?

  1. High-level Message Authentication Code (HMAC)
  2. Authentication Headers (AH)
  3. Encapsulated Secure Payload (ESP)
  4. Data Encryption Standard (DES)

 

Leave a Reply

Your email address will not be published. Required fields are marked *