Information Security and Risk Assessment MCQ With Answers

Risk Assessment Information Security MCQ Tech Hyme

In attempting to build a secure organization, where should you start? One commonly held belief is that you should initially identify your assets and allocate security resources based on the value of each asset. Though this approach might prove effective, it can lead to some significant vulnerabilities. An infrastructure asset might not hold a high value, for example, but it should be protected with the same effort as a high-value asset. If not, it could be an entry point into your network and provide access to valuable data.

You may also read:

232. Which of the following is true regarding IPSEC?

IPSEC will encapsulate Internet Protocol (IP) traffic only
IPSEC will support only one concurrent tunnel
IPSEC operates at the physical layer of the ODI model
IPSEC requires the use of Public Key Infrastructure (PKI)

233. Presenting a fraudulent Internet Protocol (IP) address to attempt to bypass the access control enforced by a stateful inspection firewall is an example of what common type of network attack?

Social engineering
Spoofing
SYN flood
Steganography

234. Which of the following positions would be most likely to determine the security policy regarding access of information on a system?

Users
Business process owner
Senior management
Information security manager

235. Which of the following groups or organizations is most commonly used to develop baselines for information systems?

Developers
Programmers
Software vendors
Promotion to production staff

236. Which type of malicious detection software would detect a polymorphic virus by comparing the function of the application rather than comparing it to a known signature?

Heuristic scanner
Host-based intrusion detection
Network-based intrusion detection
Gateway anti-virus scanner

237. What is a primary difference between Secure Sockets Layer (SSL) and Secure HyperText Transfer Protocol (SHTTP)?

SSL only encrypts Web traffic
SHTTP does not encrypt the data
SSL does not encrypt the data
SSL is a transport layer protocol

238. Which statement most accurately reflects the encryption used by SSL?

The session key is encrypted using asymmetric key encryption and the bulk data is encrypted with symmetric encryption
The bulk data transfer is encrypted using asymmetric encryption; the key is exchanged out of band
SSL uses asymmetric encryption for both session key exchange and bulk data encryption
SSL does not use encryption

239. If you wanted to ensure the integrity of the message, which of the following technologies would provide the most insurance against tampering?

Logging before and after records
Digital signatures
Asymmetric encryption
Symmetric encryption

240. A vendor is recommending implementation of a new technology that will give your application nonrepudiation. Which of the following primary tenets of information security will be addressed with this solution?

Availability and integrity
Confidentiality and integrity
Confidentiality and authenticity
Authenticity and integrity

241. Which of the following primary tenets of information security will be addressed by using 802.1x with a wireless network?

Authentication
Availability
Integrity
Confidentiality

242. Which of the following technologies are commonly used in conjunction with 802.1x authentication?

Remote Authentication Dial In User Service (RADIUS)
Single Sign On (SSO)
Public Key Infrastructure (PKI)
Intrusion Detection System (IDS)

243. Which common type of access control system assigns rights to job functions and not user accounts?

Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control

244. Which of the following is an example of security issues that can occur within the system development life cycle?

Lack of senior management support
Security is not involved in the requirements development
Vendor interoperability
Network latency

245. The information security manager needs to be most aware of which of the following issues when implementing new security controls?

Impact on end users
Senior management support
System development life cycle
Annual loss expectancy

246. Which of the following security concerns needs to be addressed during the disposal phase of the system development life cycle?

Maintaining integrity of information
Maintaining availability of the system
Maintaining nonrepudiation of user access
Maintaining confidentiality of information

247. Change control can be used in many phases on the system development life cycle. At which phase of the system development life cycle would you not use a change control process?

Development
Installation
Disposal
Requirements

248. Which of the following types of controls would affect direct access to system consoles?

Process
Platform
Physical
Network

249. Which of the following types of controls would directly affect the security of an operating system?

Process
Platform
Physical
Network

250. Which of the following technologies would utilize a Public Key Infrastructure (PKI)?

Secure HyperText Transfer Protocol (SHTTP)
Secure SHell (SSH)
Message Authentication Codes (MAC)
Digital signatures

251. Smart card technology is often used for what information security purpose?

Message integrity
Authentication
Confidentiality
Availability

252. Extensible Markup Language (XML) is a language often used with Web application development. XML provides which of the following?

Dynamic content delivery
Dynamic message integrity
Dynamic user authentication
Dynamic client configuration

253. An acceptable use policy would be an example of which type of control?

Process
Platform
Physical
Network

254. Which type of attack against access control systems uses a list of common words?

A brute force attack
A denial-of-service attack
A dictionary attack
A network spoofing attack

255. Which type of information security process assigns a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted?

Risk analysis
Risk assessment
Network vulnerability assessment
Information classification

256. Which type of device creates a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media?

A degausser
A demagnetizer
A deionizer
A deflator

257. Which of the following terms frequently refers to a network segment between the Internet and a private network?

A security domain
A zone of control
A DeMilitarized Zone (DMZ)
A security kernel

258. Which type of network attack captures sensitive pieces of information, such as passwords, passing through the network?

Spoofing
SYN flood
Sniffing
Steganography

259. Which of the following technologies would best secure the data on a laptop or other device that could be stolen?

Data encryption
File deletion
No access to the floppy drive
Steganography

260. Which of the following attacks is an example of a passive attack?

Spoofing
SYN flood
Information gathering
Port scanning

261. Which of the following common network attacks is an example of a denial-of-service attack?

Spoofing
SYN flood
Sniffing
Port scanning

262. Which of the following common network attacks is an example of an active attack?

Information gathering
Traffic analysis
Sniffing
Port scanning

263. Which type of network attack is most likely to present the ability to execute commands on the compromised machine?

Spoofing
SYN flood
Sniffing
Buffer overflow

264. Which attack is due to poor programming practices?

Spoofing
SYN flood
Sniffing
Buffer overflow

You may also like:

Information Security and Risk Assessment MCQ With Answers – Part 8

Sarcastic Writer

Leave a Reply Cancel reply

Related Posts

Leave a Reply Cancel reply