In attempting to build a secure organization, where should you start? One commonly held belief is that you should initially identify your assets and allocate security resources based on the value of each asset. Though this approach might prove effective, it can lead to some significant vulnerabilities. An infrastructure asset might not hold a high value, for example, but it should be protected with the same effort as a high-value asset. If not, it could be an entry point into your network and provide access to valuable data.
You may also read:
- Information Security and Risk Assessment MCQ With Answers – Part 1
- Information Security and Risk Assessment MCQ With Answers – Part 2
- Information Security and Risk Assessment MCQ With Answers – Part 3
- Information Security and Risk Assessment MCQ With Answers – Part 4
- Information Security and Risk Assessment MCQ With Answers – Part 5
- Information Security and Risk Assessment MCQ With Answers – Part 6
- Information Security and Risk Assessment MCQ With Answers – Part 7
- Information Security and Risk Assessment MCQ With Answers – Part 8
232. Which of the following is true regarding IPSEC?
- IPSEC will encapsulate Internet Protocol (IP) traffic only
- IPSEC will support only one concurrent tunnel
- IPSEC operates at the physical layer of the ODI model
- IPSEC requires the use of Public Key Infrastructure (PKI)
233. Presenting a fraudulent Internet Protocol (IP) address to attempt to bypass the access control enforced by a stateful inspection firewall is an example of what common type of network attack?
- Social engineering
- Spoofing
- SYN flood
- Steganography
234. Which of the following positions would be most likely to determine the security policy regarding access of information on a system?
- Users
- Business process owner
- Senior management
- Information security manager
235. Which of the following groups or organizations is most commonly used to develop baselines for information systems?
- Developers
- Programmers
- Software vendors
- Promotion to production staff
236. Which type of malicious detection software would detect a polymorphic virus by comparing the function of the application rather than comparing it to a known signature?
- Heuristic scanner
- Host-based intrusion detection
- Network-based intrusion detection
- Gateway anti-virus scanner
237. What is a primary difference between Secure Sockets Layer (SSL) and Secure HyperText Transfer Protocol (SHTTP)?
- SSL only encrypts Web traffic
- SHTTP does not encrypt the data
- SSL does not encrypt the data
- SSL is a transport layer protocol
238. Which statement most accurately reflects the encryption used by SSL?
- The session key is encrypted using asymmetric key encryption and the bulk data is encrypted with symmetric encryption
- The bulk data transfer is encrypted using asymmetric encryption; the key is exchanged out of band
- SSL uses asymmetric encryption for both session key exchange and bulk data encryption
- SSL does not use encryption
239. If you wanted to ensure the integrity of the message, which of the following technologies would provide the most insurance against tampering?
- Logging before and after records
- Digital signatures
- Asymmetric encryption
- Symmetric encryption
240. A vendor is recommending implementation of a new technology that will give your application nonrepudiation. Which of the following primary tenets of information security will be addressed with this solution?
- Availability and integrity
- Confidentiality and integrity
- Confidentiality and authenticity
- Authenticity and integrity
241. Which of the following primary tenets of information security will be addressed by using 802.1x with a wireless network?
- Authentication
- Availability
- Integrity
- Confidentiality
242. Which of the following technologies are commonly used in conjunction with 802.1x authentication?
- Remote Authentication Dial In User Service (RADIUS)
- Single Sign On (SSO)
- Public Key Infrastructure (PKI)
- Intrusion Detection System (IDS)
243. Which common type of access control system assigns rights to job functions and not user accounts?
- Rule-based access control
- Role-based access control
- Mandatory access control
- Discretionary access control
244. Which of the following is an example of security issues that can occur within the system development life cycle?
- Lack of senior management support
- Security is not involved in the requirements development
- Vendor interoperability
- Network latency
245. The information security manager needs to be most aware of which of the following issues when implementing new security controls?
- Impact on end users
- Senior management support
- System development life cycle
- Annual loss expectancy
246. Which of the following security concerns needs to be addressed during the disposal phase of the system development life cycle?
- Maintaining integrity of information
- Maintaining availability of the system
- Maintaining nonrepudiation of user access
- Maintaining confidentiality of information
247. Change control can be used in many phases on the system development life cycle. At which phase of the system development life cycle would you not use a change control process?
- Development
- Installation
- Disposal
- Requirements
248. Which of the following types of controls would affect direct access to system consoles?
- Process
- Platform
- Physical
- Network
249. Which of the following types of controls would directly affect the security of an operating system?
- Process
- Platform
- Physical
- Network
250. Which of the following technologies would utilize a Public Key Infrastructure (PKI)?
- Secure HyperText Transfer Protocol (SHTTP)
- Secure SHell (SSH)
- Message Authentication Codes (MAC)
- Digital signatures
251. Smart card technology is often used for what information security purpose?
- Message integrity
- Authentication
- Confidentiality
- Availability
252. Extensible Markup Language (XML) is a language often used with Web application development. XML provides which of the following?
- Dynamic content delivery
- Dynamic message integrity
- Dynamic user authentication
- Dynamic client configuration
253. An acceptable use policy would be an example of which type of control?
- Process
- Platform
- Physical
- Network
254. Which type of attack against access control systems uses a list of common words?
- A brute force attack
- A denial-of-service attack
- A dictionary attack
- A network spoofing attack
255. Which type of information security process assigns a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted?
- Risk analysis
- Risk assessment
- Network vulnerability assessment
- Information classification
256. Which type of device creates a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media?
- A degausser
- A demagnetizer
- A deionizer
- A deflator
257. Which of the following terms frequently refers to a network segment between the Internet and a private network?
- A security domain
- A zone of control
- A DeMilitarized Zone (DMZ)
- A security kernel
258. Which type of network attack captures sensitive pieces of information, such as passwords, passing through the network?
- Spoofing
- SYN flood
- Sniffing
- Steganography
259. Which of the following technologies would best secure the data on a laptop or other device that could be stolen?
- Data encryption
- File deletion
- No access to the floppy drive
- Steganography
260. Which of the following attacks is an example of a passive attack?
- Spoofing
- SYN flood
- Information gathering
- Port scanning
261. Which of the following common network attacks is an example of a denial-of-service attack?
- Spoofing
- SYN flood
- Sniffing
- Port scanning
262. Which of the following common network attacks is an example of an active attack?
- Information gathering
- Traffic analysis
- Sniffing
- Port scanning
263. Which type of network attack is most likely to present the ability to execute commands on the compromised machine?
- Spoofing
- SYN flood
- Sniffing
- Buffer overflow
264. Which attack is due to poor programming practices?
- Spoofing
- SYN flood
- Sniffing
- Buffer overflow
You may also like:
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)
- Part 1: Mastering CCNA – Wireless (145 Practice Test Questions)
- [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 3