Information Security and Risk Assessment MCQ With Answers – Part 8

Risk Assessment Information Security MCQ Tech Hyme

In attempting to build a secure organization, where should you start? One commonly held belief is that you should initially identify your assets and allocate security resources based on the value of each asset. Though this approach might prove effective, it can lead to some significant vulnerabilities. An infrastructure asset might not hold a high value, for example, but it should be protected with the same effort as a high-value asset. If not, it could be an entry point into your network and provide access to valuable data.

You may also read:

232. Which of the following is true regarding IPSEC?

  1. IPSEC will encapsulate Internet Protocol (IP) traffic only
  2. IPSEC will support only one concurrent tunnel
  3. IPSEC operates at the physical layer of the ODI model
  4. IPSEC requires the use of Public Key Infrastructure (PKI)

233. Presenting a fraudulent Internet Protocol (IP) address to attempt to bypass the access control enforced by a stateful inspection firewall is an example of what common type of network attack?

  1. Social engineering
  2. Spoofing
  3. SYN flood
  4. Steganography

234. Which of the following positions would be most likely to determine the security policy regarding access of information on a system?

  1. Users
  2. Business process owner
  3. Senior management
  4. Information security manager

235. Which of the following groups or organizations is most commonly used to develop baselines for information systems?

  1. Developers
  2. Programmers
  3. Software vendors
  4. Promotion to production staff

236. Which type of malicious detection software would detect a polymorphic virus by comparing the function of the application rather than comparing it to a known signature?

  1. Heuristic scanner
  2. Host-based intrusion detection
  3. Network-based intrusion detection
  4. Gateway anti-virus scanner

237. What is a primary difference between Secure Sockets Layer (SSL) and Secure HyperText Transfer Protocol (SHTTP)?

  1. SSL only encrypts Web traffic
  2. SHTTP does not encrypt the data
  3. SSL does not encrypt the data
  4. SSL is a transport layer protocol

238. Which statement most accurately reflects the encryption used by SSL?

  1. The session key is encrypted using asymmetric key encryption and the bulk data is encrypted with symmetric encryption
  2. The bulk data transfer is encrypted using asymmetric encryption; the key is exchanged out of band
  3. SSL uses asymmetric encryption for both session key exchange and bulk data encryption
  4. SSL does not use encryption

239. If you wanted to ensure the integrity of the message, which of the following technologies would provide the most insurance against tampering?

  1. Logging before and after records
  2. Digital signatures
  3. Asymmetric encryption
  4. Symmetric encryption

240. A vendor is recommending implementation of a new technology that will give your application nonrepudiation. Which of the following primary tenets of information security will be addressed with this solution?

  1. Availability and integrity
  2. Confidentiality and integrity
  3. Confidentiality and authenticity
  4. Authenticity and integrity

241. Which of the following primary tenets of information security will be addressed by using 802.1x with a wireless network?

  1. Authentication
  2. Availability
  3. Integrity
  4. Confidentiality

242. Which of the following technologies are commonly used in conjunction with 802.1x authentication?

  1. Remote Authentication Dial In User Service (RADIUS)
  2. Single Sign On (SSO)
  3. Public Key Infrastructure (PKI)
  4. Intrusion Detection System (IDS)

243. Which common type of access control system assigns rights to job functions and not user accounts?

  1. Rule-based access control
  2. Role-based access control
  3. Mandatory access control
  4. Discretionary access control

244. Which of the following is an example of security issues that can occur within the system development life cycle?

  1. Lack of senior management support
  2. Security is not involved in the requirements development
  3. Vendor interoperability
  4. Network latency

245. The information security manager needs to be most aware of which of the following issues when implementing new security controls?

  1. Impact on end users
  2. Senior management support
  3. System development life cycle
  4. Annual loss expectancy

246. Which of the following security concerns needs to be addressed during the disposal phase of the system development life cycle?

  1. Maintaining integrity of information
  2. Maintaining availability of the system
  3. Maintaining nonrepudiation of user access
  4. Maintaining confidentiality of information

247. Change control can be used in many phases on the system development life cycle. At which phase of the system development life cycle would you not use a change control process?

  1. Development
  2. Installation
  3. Disposal
  4. Requirements

248. Which of the following types of controls would affect direct access to system consoles?

  1. Process
  2. Platform
  3. Physical
  4. Network

249. Which of the following types of controls would directly affect the security of an operating system?

  1. Process
  2. Platform
  3. Physical
  4. Network

250. Which of the following technologies would utilize a Public Key Infrastructure (PKI)?

  1. Secure HyperText Transfer Protocol (SHTTP)
  2. Secure SHell (SSH)
  3. Message Authentication Codes (MAC)
  4. Digital signatures

251. Smart card technology is often used for what information security purpose?

  1. Message integrity
  2. Authentication
  3. Confidentiality
  4. Availability

252. Extensible Markup Language (XML) is a language often used with Web application development. XML provides which of the following?

  1. Dynamic content delivery
  2. Dynamic message integrity
  3. Dynamic user authentication
  4. Dynamic client configuration

253. An acceptable use policy would be an example of which type of control?

  1. Process
  2. Platform
  3. Physical
  4. Network

254. Which type of attack against access control systems uses a list of common words?

  1. A brute force attack
  2. A denial-of-service attack
  3. A dictionary attack
  4. A network spoofing attack

255. Which type of information security process assigns a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted?

  1. Risk analysis
  2. Risk assessment
  3. Network vulnerability assessment
  4. Information classification

256. Which type of device creates a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media?

  1. A degausser
  2. A demagnetizer
  3. A deionizer
  4. A deflator

257. Which of the following terms frequently refers to a network segment between the Internet and a private network?

  1. A security domain
  2. A zone of control
  3. A DeMilitarized Zone (DMZ)
  4. A security kernel

258. Which type of network attack captures sensitive pieces of information, such as passwords, passing through the network?

  1. Spoofing
  2. SYN flood
  3. Sniffing
  4. Steganography

259. Which of the following technologies would best secure the data on a laptop or other device that could be stolen?

  1. Data encryption
  2. File deletion
  3. No access to the floppy drive
  4. Steganography

260. Which of the following attacks is an example of a passive attack?

  1. Spoofing
  2. SYN flood
  3. Information gathering
  4. Port scanning

261. Which of the following common network attacks is an example of a denial-of-service attack?

  1. Spoofing
  2. SYN flood
  3. Sniffing
  4. Port scanning

262. Which of the following common network attacks is an example of an active attack?

  1. Information gathering
  2. Traffic analysis
  3. Sniffing
  4. Port scanning

263. Which type of network attack is most likely to present the ability to execute commands on the compromised machine?

  1. Spoofing
  2. SYN flood
  3. Sniffing
  4. Buffer overflow

264. Which attack is due to poor programming practices?

  1. Spoofing
  2. SYN flood
  3. Sniffing
  4. Buffer overflow

 

Leave a Reply