Professional Documents
Culture Documents
3. Among the following lists consisting of the information security terms availability,
integrity, confidentiality, and vulnerability, which is a complete list of characteristics
that are required by ISMS to be maintained for an organization’s information assets?
a) Availability, Integrity b) Availability, Integrity, Confidentiality
c) Integrity, Confidentiality d) Integrity, Confidentiality, Vulnerability
4. Which of the following is the most appropriate explanation of the operation that
spyware is meant to perform?
a) To destabilize the operation of the OS and software
b) To delete files from the file system without user consent
c) To hijack the browser and forcefully execute a particular operation
d) To collect personal information without being noticed by users
9. Which of the following is the name given to a file that is provided to fix a software
problem?
c) Identifying a password by using a dictionary data that enumerates strings that are
likely to be used as a password
d) Sending a large number of packets from multiple computers to a target server and
disabling the function of the server
11. . The communication protocol between a browser and a web server was changed from
HTTP to HTTPS. Which of the following does this achieve?
a) Improvement of transfer rate between a client PC and a web server
b) Prevention of computer virus infection
c) Protection of confidentiality in communication
d) Improvement of browser display speed
13. During the use of a PC in workplace, a message was displayed stating that antivirus
software had detected a virus. Which of the following is an appropriate action that
should be taken immediately?
a) Reboot of the PC
b) Notification to the workplace by e-mail from the PC
c) Disconnection of the PC from networks
d) Backup of files on the PC
14. Among the threats and vulnerabilities in information security, which of the following
is a vulnerability?
a) Computer virus b) Social engineering
c) Tapping of communications data d) Inappropriate password management
15. Which of the following is the most appropriate combination of the measures against
password theft and brute force attack respectively on websites having a login
function?
16. When the evaluation values of asset value, threat, and vulnerability of assets A
through D are as shown in the table, which of the following assets will be evaluated as
the asset where risk measures should be taken at the highest priority? Here, the risk
value is calculated by multiplying each three evaluation values together in the table
without weighting.
a
17. An administrator captures network packets and discovers that hundreds of ICMP
packets have been sent to the host. However, it is not a particularly busy time of the
day. Which of the following is the most likely the attack executed against the
computer in this situation?
a) Denial of service b) Man-in-the-middle
c) Spoofing d) Worm
18. Which of the following can be made possible by using a digital signature in
e-commerce?
a) Preventing an unintended third party from accessing any confidential file
b) Checking that a file is not infected with a virus or other malicious software
c) Protecting the content of a transaction from being leaked through wiretapping
d) Confirming the identity of a partner and the correctness of the details of a
transaction
a) The process of transforming the encrypted text back into its original plain text is
called reset.
b) In common key cryptography, the encrypted text is transmitted together with the
common key.
c) Public key cryptography uses two types of keys: a key for encryption and a key for
recovering the plain text
d) Common key cryptography that is also known as secret key cryptography is used
for digital signature.
20. Which of the following is an appropriate description concerning antivirus software?
a) A virus signature file for antivirus software is a database that contains the first 16
bytes or 32 bytes of the code for each virus.
b) Virus detection with antivirus software using signature files is effective for
detecting known viruses and identifying virus names.
c) If the size of a file infected by a virus is the same as before the infection, the file
can be restored to the state before the infection by removing the virus.
d) The method of detecting a virus by monitoring suspicious behavior identifies the
virus name based on the behavioral characteristics of the virus.
21. Which of the following is the name of a malicious program that infects multiple
computers and simultaneously makes an attack, such as a DDoS attack, when a
command is received from an attacker who is in a remote location?
a) Bot b) Honey pot
c) Macro virus d) Worm
22. . Which of the following is the most appropriate description concerning risk
management in information security?
a) The person with ultimate responsibility is appointed from among the staff members
in charge of information security management at the workplace.
b) Risk management is performed as an independent activity that is separated from
the activities of the organization.
c) All staff members of an organization divide up their roles, and perform the
activities of risk management across the organization.
d) An individual information security policy is developed for each department under a
single management system, and each department implements the policy
independently.
26. Which of the following is an appropriate purpose of using HTTPS for accessing a
Web page?
a) To receive all data of one screen effectively through a single connection
b) To secure communications by authenticating the server and encrypting data
c) To shorten the communication time by compressing data
d) To use a dynamically generated Web page in communications
27. Which of the following is the term that is used for the drawbacks and defects that may
exist in computer systems or networks and can be exploited for unauthorized
accesses?
a) Incidents b) Security holes
c) Hacking d) Forensics
28. Mr. A sent an e-mail to Mr. B that was encrypted with Mr. B’s key by using the public
key cryptosystem, and this e-mail contains details that Mr. A wants to send only to Mr.
B. Which of the following keys is needed to decrypt this e-mail?
A. Public key of Mr. A
B. Private key of Mr. A
C. Public key of Mr. B
D. Private key of Mr. B
29. Which of the following is the appropriate description concerning virus infection?
A. Infection may affect not only the OS and applications, but also the firmware
embedded in a device.
B. If only an external storage medium is used for exchanging data with other
computers without connecting a computer to the network, the computer will not
be infected.
C. The computer where infection is detected should be kept connected to the
network, and the OS and the security software should be immediately updated.
D. If e-mail attachments are not opened, the computer will not be infected.
31. Which type of scan measures a person's external features through a digital video
camera?
A. Iris scan
B. Retinal scan
C. Facial recognition scan
D. Signature kinetics scan
32. A newly discovered flaw in a software application would be considered which kind of
security vulnerability?
A. Input validation flaw
B. HTTP header injection vulnerability
C. 0-day vulnerability
D. Time-to-check to time-to-use flaw
33. Which of the following items of a computer system will an anti-virus program scan
for viruses?
A. Boot Sector
B. Deleted Files
C. Windows Process List
D. Password Protected Files
34. Which of the following programming languages is most vulnerable to buffer overflow
attacks?
A. Perl
B. C++
C. Python
D. Java
35. Certificate Authority (CA) generates a key pair that will be used for encryption and
decryption of email. The integrity of the encrypted email is dependent on the security
of which of the following?
A. Public key
B. Private key
C. Modulus length
D. Email server certificate
37. For messages sent through an insecure channel, a properly implemented digital
signature gives the receiver reason to believe the message was sent by the claimed
sender. While using a digital signature, the message digest is encrypted with which
key?
A. Sender's public key
B. Receiver's private key
C. Receiver's public key
D. Sender's private key
38. Which of the following is used to confirm that there is no falsification of the content
of an e-mail?
A. IMAP
B. SMTP
C. Information security policy
D. Digital signature
39. Mr. A sent an e-mail to Mr. B that was encrypted with Mr. B’s key by using the public
key cryptosystem, and this e-mail contains details that Mr. A wants to send only to Mr.
B. Which of the following keys is needed to decrypt this e-mail?
A. Public key of Mr. A
B. Private key of Mr. A
C. Public key of Mr. B
D. Private key of Mr. B
40. Which of the following is an authentication method where a user uses information
that differs each time and is generated with a device called a token or other such
device?
A. Digital signature
B. Password cracking
C. Password policy
D. One time password