Mock test

Q1. An attack that compromises the information stored in the client machine by web browsers for faster retrieval during subsequent visits is called what?

  1. Path traversal
  2. Data structure attacks
  3. Eavesdropping
  4. Cache poisoning

Q2. Which of the following are risk management processes? (This is a drag-and-drop type of question. Here, and for similar drag-and-drop questions, you can draw a line from the list of answers from the left to the empty box on the right.)

Mock test

Q3. Primary criterion of a Business continuity planning is to ensure that the scoping is _____.

  1. Adequate
  2. Large
  3. Appropriate
  4. Wide coverage

Q4. What is the algorithm used by the Wi-Fi Protected Access 2 (WPA2) protocol for encryption?

  1. RC4
  2. Data Encryption Algorithm (DES)
  3. Advanced Encryption Algorithm (AES)
  4. Triple-DES

Q5. Measurements help in reducing the frequency and severity of security-related issues. Which one of the following is not a right choice for measurements?

  1. Expectations from data privacy requirements
  2. Reduction in number of incidents
  3. More non-conformities during internal or external audits
  4. Expectations from confidentiality requirements of information

Q6. If an attack uses a combination of brute force and dictionary entries to crack a password, then such an attack is called what?

  1. Replay attack
  2. Password attack
  3. Session hijack
  4. Hybrid attack

Q7. Identify from the following list an activity that best describes a management control:

  1. Review of security controls
  2. System Documentation
  3. Network protection
  4. Personnel security

Q8. Brute-forcing of passwords is a

  1. Probabilistic technique
  2. Path traversal attack
  3. Protocol manipulation
  4. Boundary error

Q9. Which of the following are steps in computer system start up and shut down procedures?

Mock test

Q10. Which property of a TCP implementation is vulnerable to Denial of Service attacks?

  1. Session establishment
  2. Three-way handshake mechanism
  3. ICMP access
  4. Multicasting

Q11. While identifying security awareness training needs, which of the following are appropriate choices to consider?

Mock test

Q12. Which one the following types of hacker is most likely to compromise organizations, computer systems to perpetrate a computer crime for financial gain?

  1. Black hat hackers
  2. White hat hackers
  3. Ethical hackers
  4. Vulnerability assessors

Q13. Which one of the following pertaining to lighting is false?

  1. Lighting is a reactive control
  2. Lighting is a deterrent control
  3. For critical areas, the suggested illumination is two feet wide and eight feet tall
  4. Lighting discourages intruders

Q14. Which one of the choices is a popular algorithm used in asymmetric key encryption, which is a product of two large prime numbers that derives the key pairs?

  1. Rivest, Shamir, and Adleman (RSA)
  2. Blowfish
  3. Twofish
  4. Diffie-Hellman

Q15. An organization monitors the logon sessions of its employees. As per the legal requirements and the system monitoring policy of the organization, it is mandatory that the employee is informed and reminded from time to time about session monitoring. Select the most appropriate method for implementing such a requirement

  1. Policy document on the intranet
  2. Employee handbook
  3. Wall posters
  4. Logon Banners

Q16. Ping of death is an example of which one of the following?

  1.  Denial-of-Service attack
  2. A Protocol manipulation attack
  3. A Man-In-The-Middle attack
  4. A Spoofing attack

Q17. In information security, the level of trust or a degree of confidence on computer systems is known as what?

  1. Auditing
  2. Assessment
  3. Assurance
  4. Accreditation

Q18. Common Vulnerabilities and Exposures (CVE) contain the details of published vulnerabilities. These details are called what?

  1. A dictionary of vulnerabilities
  2. A database of vulnerabilities
  3. A list of vulnerabilities
  4. Vulnerability exposures

Q19. A time condition in web applications where the state of a resource changes between the time the resource is checked to when it is accessed is called what?

  1. Resource management errors
  2. SQL injection
  3. Race conditions
  4. Covert channel

Q20. In public key cryptography, a message is encrypted using the recipient's public key, and the recipient's private key is used to decrypt the message. This process ensures which tenet of information security?

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authenticity

Q21. An attack that redirects a user accessing a legitimate website to an attacker-constructed malicious site without the acceptance or knowledge of the user is known as __________.

  1. Phishing
  2. SmiShing
  3. Fishing
  4. Pharming

Q22. The process of packaging the data packets received from applications is known as encapsulation. What is the term that denotes the output of such a process?

  1. Database
  2. Decapsuatlion
  3. Frame
  4. Datagram

Q23. Which one of the following statements are true?

Mock test

Q24. In an organization, a surveillance monitor, such as Closed Circuit Television (CCTV), is used in critical areas to monitor the movement of personnel. Which of the following controls is least effective for such a monitoring activity?

  1. Motion Sensor
  2. Heat Sensor
  3. Intrusion detection system
  4. Fire Wall

Q25. An organization is planning to set up a data center that houses critical business application servers. Which one of the following will be the least important factor to consider for such a facility?

  1. The location is not in close proximity to toxic chemical installations
  2. The location is not in a seismic zone
  3. The location is not very close to a seashore
  4. The location is not very close to a metropolis

Q26. In cryptography encrypting, a decrypted message results in what?

  1. A scrambled message
  2. A decrypted message
  3. A plain text
  4. An algorithm

Q27. Which of the following statements pertaining to the Bell-LaPadula model are appropriate?

Mock test

Q28. A prominent application of a Fiber Channel Protocol includes which one of the following?

  1. IPSec
  2. Storage Area Network
  3. Hyper Text Transfer Protocol
  4. File Transfer

Q29. Which one of the following disaster recovery tests is also called a functional drill?

  1. The checklist review
  2. The table-top exercise
  3. A simulation test
  4. A parallel test

Q30. A steady interference to electrical power is called Noise. What is the term used for an electrical power interference of a short duration?

  1. Sag
  2. Spike
  3. Transient
  4. Inrush

Q31. A malicious code that tracks user actions is called___________.

  1. Botware
  2. Worm
  3. Spyware
  4. Virus

Q32. Which one of the following water sprinkler systems is most appropriate when large volumes of water should be discharged to contain the fire?

  1. Dry pipe
  2. Wet pipe
  3. Deluge
  4. Preaction

Q34. Which of the following are true statements pertaining to information security controls?

Mock test

Q35. The charge difference between neutral, hot, and ground electrical wires is called what?

  1. Electromatic Interference
  2. Electromechanical interference
  3. Radio Frequency Interference
  4. Electromagnetic Interference

Q36. Residual risk is risk that remains after _____.

  1. The implementation of control
  2. Before control implementation
  3. Risk assessment
  4. An incident

Q37. In web applications, the lack of a verification mechanism to ensure that the sender of a web request actually intended to do so is exploited by which one of the following attacks?

  1. Cross-site scripting
  2. Cross-site request forgery
  3. Buffer overflow
  4. Path traversal

Q38. An asset is valued at $5,000,000, and it is estimated that a certain threat has an annualized rate of occurrence (ARO) once every three years. The asset has an exposure factor (EF) of 15%. What is the highest amount that a company should spend annually on countermeasures?

  1. $250,000
  2. $350,000
  3. $960,000
  4. $450,000

Q39. The activities of a logged in user are monitored and updated to an access log file. This process is known as what?

  1. Authentication
  2. Audit trail
  3. Accountability
  4. Access control

Q40. Providing invalid or out-of-bounds inputs to the database system to obtain either database access or the database content using the native language of the database system constitutes a type of attack known as what?

  1. Database manipulation
  2. Denial-of-Service
  3. SQL injection
  4. Arbitrary code injection

Q41. Which of the following are threats to physical security?

Mock test

Q42. A high-rise wall in the physical perimeter is a physical security control. Which one of the following is a false statement for such a control?

  1. It is preventative physical control
  2. It is a deterrent physical control
  3. It is corrective physical control
  4. It is a control to prevent physical intrusion

Q43. If a periodic port scanning is not performed on the information systems, then there is risk of _________ created by malicious programs.

  1. Port forwarding
  2. Port mapping
  3. Turnstile doors
  4. Backdoors

Q44 Business Continuity Planning life cycle includes the maintenance of plans. Which one of the following choices may not provide necessary inputs for updating the plans pertaining to information security?

  1. Incidents
  2. Results of periodic risk assessments
  3. Changes to business environment
  4. Changes in tax structure

Q45. The malicious activity of changing data during the input or processing stage of a software program to obtain a financial gain is known as __________.

  1. Data diddling
  2. Salami slicing
  3. Penny shaving
  4. Hacking

Q46. Hiding or showing menus in an application depending on the access permissions of a user is known as what?

  1. Context-dependent access control
  2. Content-dependent access control
  3. Mandatory access control
  4. Role-based access control

Q47. Identify the false statements from the following options pertaining to information security procedures:

Mock test

Q48. Which one of the following is not an assurance aim of Public Key Infrastructure (PKI)?

  1. Confidentiality
  2. Integrity
  3. Non-repudiation
  4. Availability

Q49. The process of checking and validating the effectiveness of physical security controls is called what?

  1. Administration
  2. Assessment
  3. Auditing
  4. Analysis

Q50. Federal Information Processing Standard (FIPS) 140 Security Level 3 does not emphasize which one of the following?

  1. A high probability of detection of physical attacks
  2. Response mechanisms for physical attacks
  3. Identity-based authentication
  4. Control of environmental conditions such as temperature, heat, and voltage

Q51. A law that was developed on the basis of the decisions of courts and tribunals is called __________.

  1. Civil law
  2. Common law
  3. Religious law
  4. Statute law

Q52. Which one of the following is a false statement pertaining to the Take-Grant model?

  1. Take rule: a subject takes rights from another subject
  2. Grant rule: a subject grants rights to another subject
  3. Create rule: a subject creates new nodes
  4. Restore rule: a subject restores its rights over an object

Q53. Providing wrong inputs to the system can be classified as which one of the following?

  1. Problem
  2. Vulnerability
  3. Incident
  4. Threat

Q54. The purpose of using Secure Shell (SSH) over TelNet is what?

  1. SSH provides shell access to the target system
  2. SSH is faster than Telnet
  3. SSH encrypts the session and Telnet does not encrypt the session
  4. SSH is less expensive than Telnet

Q55. In Cryptography, if a corresponding ciphertext to the block of plaintext selected by the analyst is available, then which type of attack is possible?

  1. Ciphertext only attack
  2. Adaptive-chosen-plaintext attack
  3. Chosen-plaintext attack
  4. Known-plaintext attack

Q56. When a sender wants to ensure that the message is not altered during transmission, the sender  uses a hash function. The hash value is known as what?

  1. Hash digest
  2. Checksum
  3. Message digest
  4. Message code

Q57. A cryptovariable is a:

  1. Cryptographic key
  2. Cryptographic method
  3. Cryptographic text
  4. Cryptography type

Q58. Which one of the following is not a type of sensor used in wave pattern motion detectors?

  1. Infrared
  2. Shortwave
  3. Microwave
  4. Ultrasonic

Q59. An organization has identified risks to its web servers from hacking attacks through the Internet. Which one of the following may not be a correct strategy to mitigate the risks?

  1. Establishing controls to filter the traffic to the server
  2. Establishing countermeasures in case of an unauthorized breach to the server
  3. Establishing safeguards to protect the information in the server
  4. Relocating the server to a different data center

Q60. Which of the following is false for Gas discharge fire extinguishing systems?

  1. They use carbon dioxide
  2. They are used under the floor in data centers
  3. They use water
  4. They use halon

Q61. While doing risk assessment for physical and environmental security requirements, which of the following security professionals will be taken into consideration?

  1. Physical facility
  2. Geographic operating location
  3. Supporting facilities
  4. Communications systems

Q62. Which of the following statement is false pertaining to the RC4 algorithm?

  1. It uses 40 to 256 bits
  2. Key sizes are different
  3. It is used in less complex hardware
  4. It cannot be used for faster processing environments

Q63. Which of the following are risk mitigation strategies?

Mock test

Q64. In digital signature, the process of signing is accomplished by what?

  1. Applying the sender's private key to the document
  2. Applying the sender's public key to the document
  3. Applying the hash function
  4. Applying the sender's private key to the message digest

Q65. At what temperature is the valve of wet pipe sprinkling systems designed to open?

  1. 164o Fahrenheit
  2. 164o Celsius
  3. 165o Celsius
  4. 165o Fahrenheit

Q66. Which one of the following is not a primary objective of the Orange book?

  1. Accountability
  2. Assurance
  3. Policy
  4. Authentication

Q67. IEEE 802.11 is set of standards for which type of the following networking technologies?

  1. Wireless Local Area Networking (WLAN)
  2. Local Area Networking (LAN)
  3. Wide Area Networking (WAN)
  4. Metropolitan Area Networking (MAN)

Q68. Identify the least appropriate method from the following to determine the strength or security of a cryptographic key:

  1. The length of the key
  2. Entropy
  3. The quality of the encryption algorithm
  4. Initialization vectors

Q69. Which one of the following choices is correct for Annualized Loss Expectancy (ALE)?

  1. Single Loss Expectancy divided by the Annual Rate of Occurrence
  2. Asset Value multiplied by Exposure Factor
  3. Asset Value multiplied by the Annual Rate of Occurrence
  4. Single Loss Expectancy multiplied by the Annual Rate of Occurrence

Q70. Which one of the following is false pertaining to the Gray-box penetration testing?

  1. The scope of testing can be from external or internal networks
  2. While testing from external networks, the details of internal network are is not known to the tester
  3. While testing from external networks, the details of internal network are known to the tester
  4. While testing from internal network, the details of the network are not known to the tester

Q71. The address pace of Ipv6 is what?

  1. 216 IP addresses
  2. 2,128 IP addresses
  3. 264 IP addresses
  4. 232 IP addresses

Q72. Identify the correct statements pertaining to the primary purpose of cryptography:

Mock test

Q73. A cold boot attack is used to retrieve information such as password or encryption keys from DRAM memories even after the power is removed. Which property of the DRAM memories is this attack trying to compromise?

  1. Data Retention
  2. Data Emanation
  3. Data Remanence
  4. Data Encryption

Q74. An exposure factor can be best described as:

  1. The rate of occurrence of a threat event
  2. Measure of an impact
  3. Measure of a vulnerability
  4. Measure of risk

Q75. While developing business continuity plans, which one of the following should be considered as the most important requirement?

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Business plans

Q76. Replay attacks are due to improper handling of:

  1. Authentication process
  2. Session data
  3. Application inputs
  4. Boundary values

Q77. Sending Unsolicited Commercial Email (UCE) is popularly known as:

  1. Phishing
  2. Pharming
  3. SMiShing
  4. Spamming

Q78. Identify the correct asset classification criteria from the following:

  1. Age
  2. Useful degree
  3. Useful life
  4. Value

Q79. The turnstile type of fencing should be considered in which of the following situations?

  1. When a group of people can be allowed at a time through the gate
  2. When a mantrap system is required
  3. When a single person should be allowed to pass through the gate at a time
  4. When intrusion detection systems are installed

Q80. For the proper operation of computer parts, the ideal humidity range should be 40 to 60%. What type of problem will occur if the humidity is above 60%?

  1. Electric plating
  2. Electro plating
  3. Condensation
  4. Static electricity

Q81. Threats exploit vulnerabilities through:

  1. Associates
  2. Adversaries
  3. Agents
  4. Angles

Q82. Identify the intellectual property-related terms from the following:

Mock test

Q83. A strong session management prevents what type of attack?

  1. Sniffing
  2. Spoofing
  3. Hijacking
  4. SYN

Q84. Identify the incorrect statements pertaining to security policy:

Mock test

Q85. Which of the following is not a true choice for the Kerberos implementation?

  1. It can be used to authenticate network services
  2. It can be used to provide third-party verification services
  3. It maintains a centralized server
  4. The Kerberos server is a single point of compromise

Q86. Basic Input Output System (BIOS) checks can be used to control access to the system using password protection. This control is called what?

  1. Pre-boot authorization
  2. Pre-boot authentication
  3. Boot sector authentication
  4. Pre-boot identification

Q87. Which of the following information security models proposes a directed graph?

  1. The Biba model
  2. The Clark-Wilson model
  3. The Take-Grant model
  4. The Integrity model

Q88. When a malicious code that came disguised inside a trusted program gets activated on a particular event or date, then such malicious code is called what?

  1. A Trojan horse
  2. Malware
  3. A logic bomb
  4. Virus

Q89. An access card that contains integrated circuits and can process information for physical and logical access control is called what?

  1. An ATM card
  2. A credit card
  3. A supplementary card
  4. A smart card

Q90. Which one of the following is a correct description of a preventative control?

  1. Preventative control is used to predict the occurrence of an undesirable event
  2. Preventative control is used to reduce the effect of an attack
  3. Preventative controls trigger a corrective control
  4. Preventative controls are to prevent security violations

Q91. Which of the following are right considerations while designing a data center?

Mock test

Q92. An access control model that uses a pair of values that are related to the least upper bound and the greatest lower bound in a model is called what?

  1. Discretionary access control
  2. Non-discretionary access control
  3. Matrix-based access control
  4. Lattice-based access control

Q93. Secret and hidden channels that transmit information to unauthorized entities based on the response time of the system are known as what?

  1. Covert storage channel
  2. Covert channel
  3. Covert timing channel
  4. Covert information channel

Q94. Secure Sockets Layer (SSL) is a popular protocol that uses cryptographic encryption to protect the communication data. Which type of cipher does this protocol use for such a protection?

  1. Block cipher
  2. Stream cipher
  3. Triple-DES
  4. Rijndael algorithm

Q95. Which one of the following statements pertaining to combustible materials is false?

  1. Cloth and rubber are Class A materials
  2. Magnesium and sodium are Class D materials
  3. Oils and Greases are Class B materials
  4. Water is a Class C material

Q96. The focus of the red book in rainbow series published by the US Department of Defense (DoD) is ___________.

  1. Integrity
  2. Confidentiality
  3. Authenticity
  4. Confidentiality and Integrity

Q97. Which one of the following pertaining to fire-suppression mediums is false?

  1. Halon is a fire suppression medium
  2. Halon is a very widely used fire suppression medium
  3. Halon is an ozone-depleting substance
  4. Halon is no longer allowed to be used as a fire suppression medium

Q98. Which one of the following methods is most suitable for protecting copyrighted information?

  1. Steganography
  2. Digital watermarking
  3. SecureID
  4. Digital signature

Q99. Which of the following information security models is also known as a State machine model?

  1. The Take-Grant model
  2. The Bell_LaPadula model
  3. The Biba Model
  4. The Clark-Wilson model

Q100. The systematic use of information to identify sources and estimate risk is known as what?

  1. Risk evaluation
  2. Risk treatment
  3. Risk acceptance
  4. Risk analysis

Q101. When you want to ensure that the message you sent can be opened only by the receiver, then you will do what?

  1. Encrypt the document using your public key
  2. Encrypt the document using receiver's private key
  3. Encrypt the document using your private key
  4. Encrypt the document using receiver's public key

Q102. Portable fire extinguishers predominantly use which fire-suppression medium?

  1. Halon
  2. Carbon dioxide (CO2)
  3. Water
  4. Magnesium

Q103. Which of the following choices can be appropriate when an organization needs to resume its critical IT operations in 24 to 48 hours?

Mock test

Q104. The amount of time or effort required to accomplish an attack is known as what?

  1. Work load
  2. Attack vector
  3. Work factor
  4. Attack factor

Q105. The layer that manages the communication between two computers in the OSI model is called what?

  1. The Network layer
  2. The Session layer
  3. The Data link layer
  4. The Application layer

Q106. Fooling an information system to make it trust an entity that has imitated the trusted entity is known as what?

  1. Sniffing
  2. Social engineering
  3. Smurf
  4. Spoofing

Q107. Which one of the following controls will be most effective to prevent data theft due to data remanence in the storage media?

  1. Degaussing
  2. Formatting seven times
  3. Physically destroying the media
  4. Erasing the data before reuse

Q108. Hash value in cryptography is a computed value based on the contents of the message. What is this computed value called?

  1. Primesum
  2. Key strength
  3. Checksum
  4. One-way function

Q109. If an access to an asset is determined by its owner, then such an access control is termed as what?

  1. Mandatory
  2. Rule based
  3. Discretionary
  4. Lattice-based

Q110. Which one of the following is a service asset?

  1. Computer
  2. Air-conditioner
  3. Printer
  4. Computing

Q111. Which one of the following is false pertaining to the information owners?

  1. Owners are entrusted with the day-to-day maintenance of information
  2. Owners delegate the maintenance of information to the custodian
  3. Owners determine the classification level of the information
  4. Owners are responsible for the protection of the information

Q112. An organization is doing risk assessment for the Information Technology department. Which one of the following choices would not yield much input for the assessment?

  1. Classification of assets
  2. List of threats
  3. Vulnerability assessment reports
  4. Number of audits

Q113. Which one of the following protocols is most likely to reduce the manual configuration of IP addresses to host computers?

  1. Transmission Control Protocol
  2. Internet Protocol
  3. Dynamic Host Control Protocol
  4. Address Resolution Protocol

Q114. IPsec is a set of protocols used to secure Internet communications. Which of the following is not a key function of the protocol?

  1. Authentication
  2. Encryption
  3. Key exchange
  4. Key modification

Q115. Randomization vulnerabilities are predominantly concerned with which one of the following?

  1. Access control
  2. Encryption
  3. Authentication
  4. Boundary condition

Q116. Providing personnel identification number (PIN) along with a smart card and swiping a finger constitutes what type of authentication?

  1. Multi-tier
  2. Two-factor
  3. Three-factor
  4. Factoring

Q117. In Cryptography, when a key is authorized for use by legitimate entries for a period of time, then such a period is called what?

  1. Cryptovariable
  2. Cryptotime
  3. Cryptoperiod
  4. Cryptanalysis

Q118. Which one of the following is not true pertaining to Virtual Private Networking (VPN)?

  1. VPN is a virtual network within a public network, such as the Internet
  2. VPN uses the concept of tunneling
  3. A tunnel in VPN is an unencrypted path
  4. VPN uses IPsec protocols

Q119. In the Bell-LaPadula model, which one of the following statements is false?

  1. The security properties are related to the Mandatory Access Control and Discretionary Access Control
  2. The model prescribes access controls to classified or confidential information
  3. The security properties are related to the Mandatory Access Control and Non-Discretionary Access Control
  4. The focus of the model is confidentiality

Q120. Which one of the following is false pertaining to the TCP/IP protocols?

  1. TCP is a connection-oriented protocol, whereas UDP is a connectionless protocol
  2. TCP is a connectionless protocol, whereas IP is a connection-oriented protocol
  3. Internet protocol works in the Internet layer of the TCP/IP model
  4. TCP works in the transport layer of the TCP/IP model

Q121. The concept of least privilege is applicable to what?

  1. System administrators
  2. Security administrators
  3. Users
  4. Operators

Q122. Border Gateway Protocols work in which layer of the TCP/IP model?

  1. The Application layer
  2. The Physical layer
  3. The Data link layer
  4. The Transport layer

Q123. In Public Key Infrastructure, which of the following is not a key management procedure?

  1. Secure storage of keys
  2. Secure distribution of keys
  3. Secure destruction of keys
  4. Secure modification of keys

Q124. Asymmetric key encryption is also known as what?

  1. Private key cryptography
  2. Private key encryption
  3. Public key cryptography
  4. Public key infrastructure

Q125. An armed response to an intrusion is called what?

  1. Preventive-administrative control
  2. Preventive-technical control
  3. Reactive-physical control
  4. Reactive-administrative control

Q126. An organization is planning to conduct information security awareness training programs for its employees. Which one of the following topics should they consider the most important?

  1. Briefing the security requirements of the organization
  2. Legal responsibilities of the organization
  3. Business controls
  4. Usage instructions that relate to information-processing facilities

Q127. At what stage of penetration testing are vulnerability scanners used?

  1. Scoping
  2. Penetrating testing
  3. Information analysis planning
  4. Vulnerability detection

Q128. The practice of discovering the full content of a DNS zone via successive queries is called what?

  1. Zone transfer
  2. Zone Update
  3. Zone security
  4. Zone enumeration

Q129. The separation of users and data is an example of which type of assurance?

  1. Operational assurance
  2. Life Cycle assurance
  3. System assurance
  4. Network assurance

Q130. In computer crime, the role of computers could be which one of the following?

Mock test

Q131. Which one of the following is not true for Recovery Time Objectives (RTO) pertaining to Business Continuity Planning?

  1. It is a timeframe within which the systems should be recovered
  2. It is indicated in terms of hours/days
  3. The maximum period of time of that transaction data that a business can afford to lose during successful recovery
  4. It is based on Service Level Agreements

Q132. The goal of the code of ethics by (ISC) includes which one of the following?

  1. Protect society, the commonwealth, and the infrastructure
  2. Act honorably, honestly, justly, responsibly, and legally
  3. Provide diligent and competent service to principals
  4. All of the above

Q133. Which one of the following is a crime committed by way of identity theft?

  1. Online purchases through stolen credit cards
  2. Selling skimmed credit cards
  3. Sending spam mails by spoofing mail addresses
  4. Breaking into a bank and stealing money

Q134. Which one of the following attacks does not represent a form of social engineering?

  1. Phishing
  2. 419 Nigerian spam
  3. Denial-of-Service
  4. A Trojan horse

Q135. Key loggers capture the keystrokes of the unsuspicious user. Which one of the following attacks represents a behavior that may be capturing the activity information in the network?

  1. Spamming
  2. Sniffing
  3. Replay attacks
  4. Pinging

Q136. Which one of the following pertaining to criminal law is not a right choice?

  1. It deals with violations of government laws
  2. Criminal laws are files by government agencies against an individual or organization
  3. It deals with lawsuit files by private parties, such as individuals and corporations
  4. The punishment under criminal law includes imprisonment

Q137. ___________ is a set of exclusive rights granted to the inventor of new, useful, inventive, and industry-applications:

  1. Copyright
  2. Patent
  3. Trademark
  4. Trade secret

Q138. Sarbanes-Oxley mandates a number of reforms to which one of the following?

  1. Enhancing corporate responsibility
  2. Financial disclosures
  3. Combating corporate and accounting fraud
  4. All of the above

Q139. Which one of the following statements pertaining to communication protocols is false?

  1. A protocol is a communication standard
  2. A protocol is network traffic routing device
  3. A protocol defines rules pertaining to syntax and semantics
  4. A protocol defines rules pertaining to synchronization for communications

Q140. The four upper layers in the OSI model are sometimes referred to as_______.

  1. Network layers.
  2. Media layer
  3. Host layers.
  4. Communication layers.

Q141. Spoofing can also be referred to as:

  1. Masquerading
  2. Disguising
  3. Impersonating
  4. All of the above

Q142. Which of the following is not a service provided by Domain name System Security Extensions (DNSSEC)?

  1. Authentication
  2. Accounting
  3. Data integrity
  4. Authenticated denial of existence

Q143. Which one of the following statements pertaining to Dynamic Host Control Protocol (DHCP) is false?

  1. DHCP uses Point-to-Point Protocol (PPP)
  2. DHCP uses Network Address Translation (NAT) for assigning IP addresses
  3. DHCP is the preferred method of IP allocation to routers and firewalls
  4. The address allocation method is termed as Request, Offer, Send, and Accept (ROSA)

Q144. Path traversal is a type of attack that tries to:

  1. Compromise the availability of a server
  2. Spoof the network traffic
  3. Gain unauthorized access to web server directory structures
  4. Corrupt the database

Q145. Which of the following cryptographic standards uses three 56-bit keys?

  1. Data Encryption Standard
  2. Triple-DES
  3. Advanced Encryption Standard
  4. Blowfish

Q146. Secure Electronic Transaction (SET) is a:

  1. Set of standard protocols for file transfer
  2. Set of standard protocols for web browsing
  3. Set of standard protocols for securing credit card transactions over insecure networks
  4. None of the above

Q147. What is the normal range of a raised floor in a data center?

  1. 2 to 3 feet
  2. 2 meters to 4 meters
  3. 300 mm to 800 mm
  4. 50 cm to 90 cm

Q148. A periodical mock test rehearsing the steps of actions to be taken during an emergency is also known what?

  1. A Table-top review
  2. Evacuation drills
  3. Fire fighting
  4. A shutdown of systems

Q149. Full disk encryption is used to encrypt the data in laptops. This is done to prevent which type of attack?

  1. A warm boot attack
  2. A hot boot attack
  3. A cold boot attack
  4. A boot sector attack

Q150. Average time required to repair a device is termed as what?

  1. Mean Time Between Failure
  2. Useful life of a device
  3. Mean Time To Repair
  4. Mean Time to Install

Q151. A technique to hide information from unauthorized entities is known as what?

  1. Reference monitor
  2. Salami slicing
  3. Encapsulation
  4. Emanation

Q152. Property states that a subject a given security level may not write to any object at a lower security level. Which security model states this property?

  1. The Bell-LaPadula Model
  2. The Take-Grant model
  3. The Biba model
  4. The Clark-Wilson model

Q153. In Biometrics, identification provided by a person is verified by a process called one-to-one search. This process can be described as what?

  1. Authorization
  2. Identification
  3. Authentication
  4. Access control

Q154. An authority who manages the certificates in a Public Key Infrastructure is known as what?

  1. The Root authority
  2. The System authority
  3. The Certification authority
  4. The Digital authority

Q155. Which of the following algorithms are not useful for hashing?

  1. MD4
  2. MD5
  3. MD2
  4. RC4

Q156. Kerberos is suitable for preventing what?

  1. Spoofing attacks
  2. Replay attacks
  3. Phishing attacks
  4. Decryption attacks

Q157. The disposal phase in system development life cycle is concerned with which one of the following?

  1. Disposition of information
  2. Disposition of hardware and software
  3. Disposition of media
  4. All of the above

Q158. In software development, life cycle verification during development and implementation is a process used to check what?

  1. Adherence to timelines
  2. Adherence to budgets
  3. Adherence to software specifications.
  4. Adherence to hardware specifications

Q159. What is the biggest concern in using a waterfall model for software development?

  1. It is a top-to-bottom approach
  2. It is a simplistic approach
  3. The activities have to be completed in sequence
  4. The approach does not support reworks

Q160. Which of the following are core security considerations for secure software development processes?

  1. User authentication
  2. Password management
  3. Access controls
  4. All of the above

Q161. From the security perspective, which of the following procedures is most important during software development processes?

  1. Hardware configuration procedure
  2. Network setup procedure
  3. Change control procedure
  4. Documentation procedure

Q162. Failure to properly create, store, transmit, or protect passwords is an example of: what?

  1. Improper network management
  2. Insufficient access controls
  3. Improper credential management
  4. Insufficient authentication mechanisms

Q163. Failure of a web application to validate, filter, or encode user input before returning it to another user's web client is known as what?

  1. Path traversal
  2. Cross Site Scripting
  3. Cross Site Request Forgery
  4. Input validation

Q164. Mobile codes are executed in which one of the following?

  1. Server
  2. Target machine
  3. Network
  4. Routers

Q165. Which of the following are common data structure attacks?

  1. Altering the data in primary memory
  2. Rearranging the order of execution in the memory
  3. Malicious code execution through a data buffer
  4. All of the above

Q166. The encryption of data between the client and the server in an Internet web browsing session can be accomplished using what?

  1. SSL
  2. HTTP
  3. FTP
  4. DHCP

Q167. Which one of the following is not a technical control?

  1. Firewall
  2. Security policy
  3. Intrusion detection systems
  4. Anti-virus software

Q168. An organization's security initiatives based on policies, procedures, and guidelines; security awareness training; and risk management together define what?

  1. Security setup
  2. Security posture
  3. Security management
  4. Security initiative

Q169. Which of the following parameters are considered for assets during asset classification and help in devising suitable controls for security protection?

  1. Value
  2. Sensitivity
  3. The degree of assurance required
  4. All of the above

Q170. Which one of the following classifications of information, if compromised could cause certain damage to national security as per governmental classification types?

  1. Top secret
  2. Secret
  3. Confidential
  4. Sensitive but unclassified

Q171. While initiating a business continuity planning process, which of the following is first established?

  1. Roles and responsibilities
  2. Alternative sites
  3. Testing the plans
  4. Performing an impact analysis

Q172. Business continuity plans should identify which one of the following?

  1. Mission-critical systems
  2. Business impact due to no-availability of critical systems
  3. Preventive and recovery controls
  4. All of the above

Q173. A call tree in Business Continuity Planning represents which one of the following?

  1. A list of personnel associated with the continuity processes
  2. A list of technical department personnel
  3. A list of external auditors
  4. A list of administrative staff

Q174. Which of the following are important for Business Continuity Processes?

  1. A step-by-step procedure for recovery
  2. The appropriate testing of BC plans
  3. Awareness of people
  4. All of the above

Q175. Half-open connections are a vulnerability in what?

  1. SPX protocol
  2. HTTP
  3. TCP
  4. IP

Q176. SYN cookies are:

  1. Attacks on TCP protocol implementation
  2. Used in Spoofing
  3. Security control for SYN attacks
  4. A Denial-Of-Service attack

Q177. In client server networking, cookies are:

  1. Text files sent by the server to the client
  2. A type of attack
  3. Viruses
  4. Malicious code

Q178. The process of sending ECHO_REQUEST using Internet Control Messaging Protocol is popularly known as what?

  1. Digging
  2. Pinging
  3. Tunneling
  4. Echoing
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.136.90