Key IIS Final VIP David Hai 1

Introduction to Information Security
Bắt đầu vào lúc Saturday, 21 May 2022, 1:56 PM

State Finished
Kết thúc lúc Saturday, 21 May 2022, 2:15 PM
Thời gian thực hiện 19 phút 6 giây
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 Which of the following represent the rows of the table in a relational database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. record retention
b. records or tuples
c. attributes
d. relation
Câu trả lời của bạn đúng

The correct answer is: records or tuples
Câu hỏi 2 Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL)
Đúng database objects to specific users or groups?

Select one:
1,00
a. Mandatory
b. System
c. Discretionary
d. Supplemental

The correct answer is: Mandatory

Câu hỏi 3 What is an effective countermeasure against Trojan horse attack that targets smart cards?
Đúng
Select one:
1,00 a. Handprint driver architecture.
b. Singe-access device driver architecture.
c. Fingerprint driver architecture.

The correct answer is: Singe-access device driver architecture.
Câu hỏi 4 The Common Criteria (CC) represents requirements for IT security of a product or system under which
Đúng distinct categories?

Select one:
1,00
a. Protocol Profile (PP) and Security Target (ST)
b. Functional and assurance
c. Targets of Evaluation (TOE) and Protection Profile (PP)
d. Integrity and control

The correct answer is: Functional and assurance
Câu hỏi 5 Which of the following security modes of operation involved the highest risk?
Đúng
Select one:
1,00 a. Multilevel Security Mode
b. Compartmented Security Mode
c. System-High Security Mode
d. Dedicated Security Mode

The correct answer is: Multilevel Security Mode

Câu hỏi 6 Which one of the following describes a reference monitor?
Đúng
Select one:
1,00 a. Network control concept that distributes the authorization of subject accesses to
objects.
b. Access control concept that refers to an abstract machine that mediates all accesses to
objects by subjects.
c. Identification concept that refers to the comparison of material supplied by a user with its
reference profile.
d. Audit concept that refers to monitoring and recording of all accesses to objects by
subjects.

The correct answer is: Access control concept that refers to an abstract machine that mediates all accesses to
Câu hỏi 7 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
1,00 a. closure
b. disaster
c. disposal
d. disclosure

The correct answer is: disclosure
Câu hỏi 8 Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
Đúng
Select one:
1,00 a. When it is to be done.
b. Why is it to be done.
c. What is to be done.
d. Who is to do it.
Câu trả lời của bạn đúng 

The correct answer is: Who is to do it.
Câu hỏi 9 Which state must a computer system operate to process input/output instructions?
Đúng
Select one:
1,00 a. Supervisor mode
b. User mode
c. Stateful inspection
d. Interprocess communication

The correct answer is: Supervisor mode
Câu hỏi 10 The absence or weakness in a system that may possibly be exploited is called a(n)?
Đúng
Select one:
1,00 a. Vulnerability
b. Threat
c. Risk
d. Exposure

The correct answer is: Vulnerability
Câu hỏi 11 Which of the following could illegally capture network user passwords?
Đúng
Select one:
1,00 a. Sniffing
b. Smurfing
c. Spoofing
d. Data diddling

The correct answer is: Sniffing

Câu hỏi 12 Ensuring the integrity of business information is the PRIMARY concern of _____.
Đúng
Select one:
1,00 a. On-line Security
b. Procedural Security
c. Logical Security
d. Encryption Security

The correct answer is: Procedural Security
Câu hỏi 13 Which one of the following is a good defense against worms?
Đúng
Select one:
1,00 a. Keeping data objects small, simple, and obvious as to their intent.
b. Limiting connectivity by means of well-managed access controls.
c. Placing limits on sharing, writing, and executing programs.
d. Differentiating systems along the lines exploited by the attack.

The correct answer is: Placing limits on sharing, writing, and executing programs.
Câu hỏi 14 What way could Java applets pose a security threat?
Đúng
Select one:
1,00 a. Java interpreters do not provide the ability to limit system access that an applet could
have on a client system
b. Java does not check the bytecode at runtime or provide other safety mechanisms for
program isolation from the client system.
c. Executables from the Internet may attempt an intentional attack when they are
downloaded on a client system
d. Their transport can interrupt the secure distribution of World Wide Web pages over the
Internet by removing SSL and S-HTTP


The correct answer is: Executables from the Internet may attempt an intentional attack when they are
Câu hỏi 15 What should you do immediately if the root password is compromised?
Đúng
Select one:
1,00 a. Change all passwords.
b. Change the root password.
c. Decrease the value of password history.
d. Increase the value of password age.

The correct answer is: Change all passwords.
Câu hỏi 16 What process determines who is trusted for a given purpose?
Đúng
Select one:
1,00 a. Identification
b. Accounting
c. Authorization
d. Authentication

The correct answer is: Authorization
Câu hỏi 17 Under discretionary access control (DAC), a subjects rights must be _____ when it leaves an organization
Đúng altogether.

Select one:
1,00
a. suspended
b. resumed
c. terminated
d. recycled

The correct answer is: terminated

Câu hỏi 18 What security risk does a covert channel create?
Đúng
Select one:
1,00 a. Data can be disclosed by inference.
b. A user can send data to another user.
c. It bypasses the reference monitor functions.
d. A process can signal information to another process.

The correct answer is: It bypasses the reference monitor functions.
Câu hỏi 19 Which of the following questions is less likely to help in assessing controls over hardware and software
Đúng maintenance?

Select one:
1,00
a. Is access to all program libraries restricted and controlled?
b. Are integrity verification programs used by applications to look for evidences of data
tampering, errors, and omissions?
c. Is there version control?
d. Are system components tested, documented, and approved prior to promotion to
production?

The correct answer is: Are integrity verification programs used by applications to look for evidences of data
Câu hỏi 20 Who is responsible for setting user clearances to computer-based information?
Đúng
Select one:
1,00 a. Data owners
b. Operators
c. Data custodians
d. Security administrators

The correct answer is: Security administrators 
Câu hỏi 21 Which of the following is true about Mandatory Access Control (MAC)?
Đúng
Select one:
1,00 a. It is more secure than DAC.(Discretionary Access Control).
b. It is more scalable than DAC (Discretionary Access Control).
c. It is less secure than DAC (Discretionary Access Control).
d. It is more flexible than DAC (Discretionary Access Control).

The correct answer is: It is more secure than DAC.(Discretionary Access Control).
Câu hỏi 22 A periodic review of user account management should not determine:
Đúng
Select one:
1,00 a. Whether management authorizations are up-to-date
b. Conformity with the concept of least privilege
c. Strength of user-chosen passwords
d. Whether active accounts are still being used

The correct answer is: Strength of user-chosen passwords
Câu hỏi 23 What reason would a network administrator leverage promiscuous mode?
Đúng
Select one:
1,00 a. To capture only unauthorized internal/external use.
b. To monitor the network to gain a complete statistical picture of activity.

c. To monitor only unauthorized activity and use.
d. To screen out all network errors that affect network statistical information.

The correct answer is: To monitor the network to gain a complete statistical picture of activity.

Câu hỏi 24 Removing unnecessary processes, segregating inter-process communications, and reducing executing
Đúng privileges to increase system security is commonly called

Select one:
1,00
a. Hardening
b. Aggregating
c. Segmenting
d. Kerneling

The correct answer is: Hardening
Câu hỏi 25 With mandatory access control (MAC), who may NOT make decisions that derive from policy?
Đúng
Select one:
1,00 a. All users except the administrator.
b. The administrator.
c. The guests.
d. The power users.
e. All users

The correct answer is: All users except the administrator.
Câu hỏi 26 Which of the following attacks focus on cracking passwords?

Đúng
Select one:
1,00 a. Spamming
b. SMURF
c. Dictionary
d. Teardrop

The correct answer is: Dictionary

Câu hỏi 27 With non-continuous backup systems, data that was entered after the last backup prior to a system crash will
Đúng have to be:

Select one:
1,00
a. created
b. updated
c. deleted
d. recreated

The correct answer is: recreated
Câu hỏi 28 In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between
Đúng keys?

Select one:
1,00
a. Dwell time
b. Flight time
c. Dynamic time
d. Systems time

The correct answer is: Flight time
Câu hỏi 29 What does "System Integrity" mean?

Đúng
Select one:
1,00 a. Design specifications have been verified against the formal top-level specification
b. The software of the system has been implemented as designed.
c. Users can’t tamper with processes they do not own
d. Hardware and firmware have undergone periodic testing to verify that they are
functioning properly

The correct answer is: Hardware and firmware have undergone periodic testing to verify that they are
functioning properly 
Câu hỏi 30 How is polyinstantiation used to secure a multilevel database?
Đúng
Select one:
1,00 a. It ensures that all mechanism in a system are responsible for enforcing the database
security policy.
b. It confirms that all constrained data items within the system conform to integrity
specifications.
c. It prevents low-level database users from inferring the existence of higher level data.
d. Two operations at the same layer will conflict if they operate on the same data item and
at least one of them is an update.

The correct answer is: It prevents low-level database users from inferring the existence of higher level data.
Câu hỏi 31 Which of the following statements pertaining to software testing approaches is correct?
Đúng
Select one:
1,00 a. Black box testing is predicated on a close examination of procedural detail
b. A bottom-up approach allows interface errors to be detected earlier
c. A top-down approach allows errors in critical modules to be detected earlier
d. The test plan and results should be retained as part of the system’s permanent
documentation

The correct answer is: The test plan and results should be retained as part of the system’s permanent
documentation
Câu hỏi 32 Which of the following is the most secure way to distribute password?
Đúng
Select one:
1,00 a. Employees must send in a signed email before obtaining a password.
b. Employees must show up in person and present proper identification before obtaining a
password.
c. None of the choices.
d. Employees must send in an email before obtaining a password.

The correct answer is: Employees must show up in person and present proper identification before obtaining
a password.
Câu hỏi 33 Which of the following computer design approaches is based on the fact that in earlier technologies, the
Đúng instruction fetch was the longest part of the cycle?

Select one:
1,00
a. Pipelining
b. Complex Instruction Set Computers (CISC)
c. Scolar processors
d. Reduced Instruction Set Computers (RISC)

The correct answer is: Complex Instruction Set Computers (CISC)
Câu hỏi 34 Which of the following provide network redundancy in a local network environment?
Đúng
Select one:
1,00 a. Duplexing
b. Shadowing
c. Dual backbones
d. Mirroring

The correct answer is: Dual backbones
Câu hỏi 35 Which must bear the primary responsibility for determining the level of protection needed for information
Đúng systems resources?

Select one:
1,00
a. Seniors security analysts
b. IS security specialists
c. Senior Management
d. System auditors

The correct answer is: Senior Management

Câu hỏi 36 The Common Criteria construct which allows prospective consumers or developers to create standardized
Đúng sets of security requirements to meet there needs is

Select one:
1,00
a. an evaluation Assurance Level (EAL).
b. a Protection Profile (PP).
c. a Security Target (ST).
d. a Security Functionality Component Catalog (SFCC).

The correct answer is: a Protection Profile (PP).
Câu hỏi 37 Which of the following correctly describe Role based access control?
Đúng
Select one:
1,00 a. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ACL.
b. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your user profile groups.
c. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ticketing system.
d. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your organizations structure.

The correct answer is: It allows you to specify and enforce enterprise-specific security policies in a way that
Câu hỏi 38 Which one of the following is a security issue related to aggregation in a database?
Đúng
Select one:
1,00 a. Partitioning
b. Data swapping
c. Polyinstantiation
d. Inference

The correct answer is: Inference
Câu hỏi 39 Which of the following phases of a system development life-cycle is most concerned with authenticating
Đúng users and processes to ensure appropriate access control decisions?

Select one:
1,00
a. Development/acquisition
b. Initiation
c. Operation/Maintenance
d. Implementation

The correct answer is: Operation/Maintenance
Câu hỏi 40 What is known as decoy system designed to lure a potential attacker away from critical systems?
Đúng
Select one:
1,00 a. Padded Cells
b. Vulnerability Analysis Systems
c. File Integrity Checker
d. Honey Pots

The correct answer is: Honey Pots
Câu hỏi 41 Which of the following methodologies is appropriate for planning and controlling activities and resources in
Đúng a system project?

Select one:
1,00
a. Gantt charts
b. Program evaluation review technique (PERT)
c. Function point analysis (FP)
d. Critical path methodology (CPM)

The correct answer is: Gantt charts

Câu hỏi 42 What type of wiretapping involves injecting something into the communications?
Đúng
Select one:
1,00 a. Active
b. Aggressive
c. Passive
d. Captive

The correct answer is: Active
Câu hỏi 43 Why must senior management endorse a security policy?

Đúng
Select one:
1,00 a. So that external bodies will recognize the organizations commitment to security.
b. So that they can be held legally accountable.
c. So that they will accept ownership for security within the organization.
d. So that employees will follow the policy directives.

The correct answer is: So that they will accept ownership for security within the organization.
Câu hỏi 44 If a token and 4-digit personal identification number (PIN) are used to access a computer system and the
Đúng token performs off-line checking for the correct PIN, what type of attack is possible?

Select one:
1,00
a. Brute force
b. Smurf
c. Man-in-the-middle
d. Birthday

The correct answer is: Brute force

Câu hỏi 45 Which one of the following describes a covert timing channel?
Đúng
Select one:
1,00 a. Allows one process to signal information to another by modulating its own use of system
resources.
b. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
c. Used by a supervisor to monitor the productivity of a user without their knowledge.
d. Modulated to carry an unintended information signal that can only be detected by
special, sensitive receivers.

The correct answer is: Allows one process to signal information to another by modulating its own use of
system resources.
Câu hỏi 46 Which of the following files should the security administrator be restricted to READ only access?
Đúng
Select one:
1,00 a. User profiles
b. User passwords
c. Security parameters
d. System log

The correct answer is: System log
Câu hỏi 47 Which of the following offers greater accuracy then the others?
Đúng
Select one:
1,00 a. Finger scanning
b. Iris scanning
c. Facial recognition
d. Voice recognition

The correct answer is: Iris scanning 
Câu hỏi 48 Which of the following would be the first step in establishing an information security program?
Đúng
Select one:
1,00 a. Purchase of security access control software
b. Adoption of a corporate information security policy statement
c. Development and implementation of an information security standards manual
d. Development of a security awareness-training program

The correct answer is: Adoption of a corporate information security policy statement
Câu hỏi 49 What is an error called that causes a system to be vulnerable because of the environment in which it is
Đúng installed?

Select one:
1,00
a. Configuration error
b. Environmental error
c. Exceptional condition handling error
d. Access validation error

The correct answer is: Environmental error
Câu hỏi 50 With Rule Based Security Policy, a security policy is based on:
Đúng
Select one:
1,00 a. Global rules imposed for only the local users.
b. Global rules imposed for all users.

c. Local rules imposed for some users.
d. Global rules imposed for no body.

The correct answer is: Global rules imposed for all users.

Câu hỏi 51 Which of the following addresses cumbersome situations where users need to log on multiple times to
Đúng access different resources?

Select one:
1,00
a. Triple Sign-On (TSO) systems
b. Single Sign-On (SSO) systems
c. Dual Sign-On (DSO) systems
d. Double Sign-On (DSO) systems

The correct answer is: Single Sign-On (SSO) systems
Câu hỏi 52 Under mandatory access control (MAC), a file is a(n):

Đúng
Select one:
1,00 a. Sensitivity
b. Privilege
c. Object
d. Subject

The correct answer is: Object
Câu hỏi 53 Qualitative loss resulting from the business interruption does not include:
Đúng
Select one:
1,00 a. Loss of competitive advantage or market share
b. Loss of revenue
c. Public embarrassment
d. Loss of public confidence and credibility

The correct answer is: Loss of revenue

Câu hỏi 54 With role-based access control (RBAC), each user can be assigned:
Đúng
Select one:
1,00 a. A token role.
b. A security token.
c. Only one role.
d. One or more roles.

The correct answer is: One or more roles.
Câu hỏi 55 Which of the following is NOT a system-sensing wireless proximity card?
Đúng
Select one:
1,00 a. passive device
b. field-powered device
c. transponder
d. magnetically striped card

The correct answer is: magnetically striped card
Câu hỏi 56 What is the method of coordinating access to resources based on the listening of permitted IP addresses?
Đúng
Select one:
1,00 a. ACL
b. DAC
c. MAC
d. None of the choices.

The correct answer is: ACL

Câu hỏi 57 A smart card represents:
Đúng
Select one:
1,00 a. All of the choices.
b. Something you are.
c. Something you have.
d. Something you know.

The correct answer is: Something you have.
Câu hỏi 58 What is a protocol used for carrying authentication, authorization, and configuration information between a
Đúng Network Access Server and a shared Authentication Server?

Select one:
1,00
a. RADIUS
b. IPSec
c. PPTP
d. L2TP

The correct answer is: RADIUS
Câu hỏi 59 Under Role based access control, access rights are grouped by:
Đúng
Select one:
1,00 a. Rules
b. Policy name
c. Sensitivity label
d. Role name

The correct answer is: Role name

Câu hỏi 60 Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched
Đúng Ethernet in a hub-and-spoke or star topology?

Select one:
1,00
a. Ethernet is a broadcast technology.
b. Hub and spoke connections are highly multiplexed.
c. IEEE 802.5 protocol for Ethernet cannot support encryption.
d. TCP/IP is an insecure protocol.

The correct answer is: Ethernet is a broadcast technology.

Bắt đầu vào lúc Saturday, 21 May 2022, 1:33 PM
State Finished
Kết thúc lúc Saturday, 21 May 2022, 1:51 PM
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 Which of the following is a feature of the Rule based access control?
Đúng
Select one:
1,00 a. The use of data flow diagram.
b. The use of profile.
c. The use of token.
d. The use of information flow label.

The correct answer is: The use of profile.
Câu hỏi 2 Which of the following are measures against password sniffing?
Đúng
Select one:
1,00 a. All of the choices
b. Passwords must not be stored in plain text on any electronic media.
c. Passwords must not be sent through email in plain text.
d. You may store passwords electronically if it is encrypted.

The correct answer is: All of the choices

Câu hỏi 3 Who is the individual permitted to add users or install trusted programs?
Đúng
Select one:
1,00 a. Operations Manager
b. Security Administrator
c. Computer Manager
d. Database Administrator

The correct answer is: Operations Manager
Câu hỏi 4 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
1,00
Select one:
a. The IDEAL Model
b. The Software Capability Maturity Model
c. The Spiral Model
d. The total Quality Model (TQM)

The correct answer is: The Software Capability Maturity Model
Câu hỏi 5 Which of the following attacks could be the most successful when the security technology is properly
Đúng implemented and configured?

Select one:
1,00
a. Social Engineering attacks
b. Trojan Horse attacks
c. Logical attacks
d. Physical attacks

The correct answer is: Social Engineering attacks

Câu hỏi 6 What principle requires that a user be given no more privilege then necessary to perform a job?
Đúng
Select one:
1,00 a. Principle of effective privilege.
b. Principle of most privilege.
c. Principle of least privilege.
d. Principle of aggregate privilege.

The correct answer is: Principle of least privilege.
Câu hỏi 7 What is the most effective means of determining how controls are functioning within an operating system?
Đúng
Select one:
1,00 a. Interview with computer operator
b. Review of operating system manual
c. Review of software control features and/or parameters
d. Interview with product vendor

The correct answer is: Review of software control features and/or parameters
Câu hỏi 8 All of the following are basic components of a security policy EXCEPT the _____.
Đúng
Select one:
1,00 a. statement of roles and responsibilities
b. definition of the issue and statement of relevant terms.
c. statement of applicability and compliance requirements.
d. statement of performance of characteristics and requirements.

The correct answer is: statement of performance of characteristics and requirements.

Câu hỏi 9 In SSL/TLS protocol, what kind of authentication is supported?
Đúng
Select one:
1,00 a. Peer-to-peer authentication
b. Role based authentication scheme
c. Only server authentication (optional)
d. Server authentication (mandatory) and client authentication (optional)

The correct answer is: Server authentication (mandatory) and client authentication (optional)
Câu hỏi 10 A central authority determines what subjects can have access to certain objects based on the organizational
Đúng security policy is called:

Select one:
1,00
a. Non-Discretionary Access Control
b. Discretionary Access Control
c. Rule-based Access Control
d. Mandatory Access Control

The correct answer is: Non-Discretionary Access Control
1,00
Select one:
a. The total Quality Model (TQM)
b. The Software Capability Maturity Model
c. The IDEAL Model
d. The Spiral Model

The correct answer is: The Software Capability Maturity Model

Câu hỏi 12 Under the mandatory access control (MAC) control system, what is required?
Đúng
Select one:
1,00 a. Sensing
b. Performance monitoring
c. Labeling

The correct answer is: Labeling
Câu hỏi 13 Which of the following biometric devices has the lowest user acceptance level?
Đúng
Select one:
1,00 a. Hand geometry
b. Signature recognition
c. Fingerprint scan

The correct answer is: Fingerprint scan
Câu hỏi 14 Which of the following is not a media viability control used to protect the viability of data storage media?
Đúng
Select one:
1,00 a. storage
b. clearing
c. handling
d. marking

The correct answer is: clearing

Câu hỏi 15 What is the main concern with single sign-on?
Đúng
Select one:
1,00 a. Maximum unauthorized access would be possible if a password is disclosed
b. The users’ password would be to hard to remember
c. User access rights would be increased
d. The security administrator’s workload would increase

The correct answer is: Maximum unauthorized access would be possible if a password is disclosed
Câu hỏi 16 Which of the following is best defined as a mode of system termination that automatically leaves system
Đúng processes and components in a secure state when a failure occurs or is detected in the system?

Select one:
1,00
a. Fail proof
b. Fail safe
c. Fail soft
d. Fail resilient

The correct answer is: Fail safe
Câu hỏi 17 In a RADIUS architecture, which of the following acts as a client?

Đúng
Select one:
1,00 a. The authentication server.
b. None of the choices.
c. The end user.
d. A network Access Server.

The correct answer is: A network Access Server.

Câu hỏi 18 Which of the following is not a critical security aspect of Operations Controls?
Đúng
Select one:
1,00 a. Data media used
b. Operations using resources
c. Controls over hardware
d. Environment controls

The correct answer is: Environment controls
Câu hỏi 19 Which of the following correctly describe the features of SSO?
Đúng
Select one:
1,00 a. More efficient log-on.
b. More costly to administer.
c. More costly to setup.
d. More key exchanging involved.

The correct answer is: More efficient log-on.
Câu hỏi 20 What is the PRIMARY use of a password?

Đúng
Select one:
1,00 a. Authenticate the user
b. Allow access to files
c. Identify the user
d. Segregate various user’s accesses

The correct answer is: Authenticate the user

Câu hỏi 21 What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access DialIn User
Đúng System, Terminal Access Controller Access Control System) to authenticate dial-in users?

Select one:
1,00
a. Each session has a unique (one-time) password assigned to it.
b. Audit and access information are not kept on the access server.
c. Single user logons are easier to manage and audit.
d. Call-back is very difficult to defeat.

The correct answer is: Audit and access information are not kept on the access server.
Câu hỏi 22 Which of the following does not address Database Management Systems (DBMS) Security?
Đúng
Select one:
1,00 a. Partitioning
b. Padded Cells
c. Perturbation
d. Cell suppression

The correct answer is: Padded Cells
Câu hỏi 23 Programmed procedures which ensure that valid transactions are processed accurately and only once in the
Đúng current timescale are referred to as

Select one:
1,00
a. Operation controls
b. Data installation controls
c. Application controls
d. Physical controls

The correct answer is: Application controls

Câu hỏi 24 Which of the following would constitute the best example of a password to use for access to a system by a
Đúng network administrator?

Select one:
1,00
a. holiday
b. Jenny&30
c. Christmas12
d. TrZc&45g

The correct answer is: TrZc&45g
Câu hỏi 25 In a discretionary mode, which of the following entities is authorized to grant information access to other
Đúng people?

Select one:
1,00
a. manager
b. group leader
c. security manager
d. user

The correct answer is: user
Câu hỏi 26 What is called an automated means of identifying or authenticating the identity of a living person based on
Đúng physiological or behavioral characteristics?

Select one:
1,00
a. MicroBiometrics
b. Biometrics
c. Micrometrics
d. Macrometrics

The correct answer is: Biometrics

Câu hỏi 27 Discretionary access control (DAC) are characterized by many organizations as:
Đúng
Select one:
1,00 a. Mandatory adjustable controls
b. Need-to-know controls
c. Preventive controls

The correct answer is: Need-to-know controls
Câu hỏi 28 Which one of the following is an example of electronic piggybacking?

Đúng
Select one:
1,00 a. Following an authorized user into the computer room.
b. Attaching to a communications line and substituting data.
c. Recording and playing back computer transactions.
d. Abruptly terminating a dial-up or direct-connect session.

The correct answer is: Following an authorized user into the computer room.
Câu hỏi 29 Tokens, as a way to identify users are subject to what type of error?
Đúng
Select one:
1,00 a. Human error
b. Token error
c. Decrypt error
d. Encrypt error

The correct answer is: Human error

Câu hỏi 30 The alternate processing strategy in a business continuity plan can provide for required backup computing
Đúng capacity through a hot site, a cold site, or

Select one:
1,00
a. An off-site storage replacement.
b. A crate and ship replacement.
c. A dial-up services program.
d. An online backup program.

The correct answer is: An online backup program.
Câu hỏi 31 To ensure least privilege requires that _____ is identified.

Đúng
Select one:
1,00 a. what the users job is
b. what the users privilege owns
c. what the users group is
d. what the users cost is

The correct answer is: what the users job is
Câu hỏi 32 What setup should an administrator use for regularly testing the strength of user passwords?
Đúng
Select one:
1,00 a. A networked workstation so that the live password database can easily be accessed by
the cracking program
b. A standalone workstation on which the password database is copied and processed by
c. A password-cracking program is unethical; therefore it should not be used.
d. A networked workstation so the password database can easily be copied locally and
processed by the cracking program

The correct answer is: A standalone workstation on which the password database is copied and processed by 
Câu hỏi 33 On UNIX systems, passwords shall be kept:
Đúng
Select one:
1,00 a. In a shadow password file.
b. In any location on behalf of root.
c. In the /etc/passwd file.
d. In root.

The correct answer is: In a shadow password file.
Câu hỏi 34 What best describes this scenario? This is a common security issue that is extremely hard to control in large
Đúng environments. It occurs when a user has more computer rights, permissions, and privileges that what is
required for the tasks the user needs to fulfill.
1,00
Select one:
a. Excessive Rights
b. Excessive Privileges
c. Excessive Permissions
d. Excessive Access

The correct answer is: Excessive Privileges
Câu hỏi 35 A backup of all files that are new or modified since the last full backup is
Đúng
Select one:
1,00 a. A differential backup
b. A full backup
c. A father/son backup
d. In incremental backup

The correct answer is: A differential backup

Câu hỏi 36 Which of the following does not apply to system-generated passwords?
Đúng
Select one:
1,00 a. Passwords are harder to remember for users
b. If the password-generating algorithm gets to be known, the entire system is in jeopardy
c. Passwords are harder to guess for attackers
d. Passwords are more vulnerable to brute force and dictionary attacks.

The correct answer is: Passwords are more vulnerable to brute force and dictionary attacks.
Câu hỏi 37 Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?
Đúng
Select one:
1,00 a. The attacker must have access to the target system.
b. The attacker must have write access to the password file.
c. The attacker must have read access to the password file.
d. The attacker must know the password encryption mechanism and key variable.

The correct answer is: The attacker must have write access to the password file.
Câu hỏi 38 Which of the following biometric system rates is high?

Đúng
Select one:
1,00 a. Speed and throughput rate
b. False reject rate
c. False accept rate
d. Crossover error rate

The correct answer is: False accept rate

Câu hỏi 39 Penetration testing will typically include _____.
Đúng
Select one:
1,00 a. Computer Emergency Response Team (CERT) procedures.
b. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.
c. Social engineering, configuration review, and vulnerability assessment.
d. Generally accepted auditing practices.

The correct answer is: Social engineering, configuration review, and vulnerability assessment.
Câu hỏi 40 Which of the following media is MOST resistant to tapping?

Đúng
Select one:
1,00 a. Coaxial cable
b. Microwave
c. Twisted pair
d. Fiber optic

The correct answer is: Fiber optic
Câu hỏi 41 Why would a 16 characters password not desirable?

Đúng
Select one:
1,00 a. Difficult to crack using brute force.
b. Hard to remember
c. Offers numerous characters.
d. All of the choices.

The correct answer is: Hard to remember

Câu hỏi 42 With Rule Based Security Policy, global rules usually rely on comparison of the _____ of the resource being
Đúng accessed.

Select one:
1,00
a. Sensitivity
b. Entities
c. Users
d. A group of users.

The correct answer is: Sensitivity
Câu hỏi 43 In the process of facial identification, the basic underlying recognition technology of facial identification
Đúng involves:

Select one:
1,00
a. Scanning and recognition.
b. Eigenfeatures of eigenfaces.
c. Detection and scanning.

The correct answer is: Eigenfeatures of eigenfaces.
Câu hỏi 44 Which of the following is a 5th Generation Language?

Đúng
Select one:
1,00 a. LISP
b. Assembly
c. BASIC
d. NATURAL

The correct answer is: LISP

Câu hỏi 45 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
1,00 a. Reliability
b. Perceived intrusiveness
c. Storage requirements
d. Accuracy

The correct answer is: Accuracy
Câu hỏi 46 What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of
Đúng an information system?

Select one:
1,00
a. Assurance procedures
b. Administrative controls
c. Mandatory access controls
d. Accountability controls

The correct answer is: Assurance procedures
Câu hỏi 47 With role-based access control (RBAC), roles are:

Đúng
Select one:
1,00 a. All equal
b. Based on labels
c. Based on flows.
d. Hierarchical

The correct answer is: Hierarchical

Câu hỏi 48 Macro viruses written in Visual Basic for Applications (VBA) are a major problem because
Đúng
Select one:
1,00 a. Anti-virus software is usable to remove the viral code.
b. These viruses almost exclusively affect the operating system.
c. These viruses can infect many types of environments.
d. Floppy disks can propagate such viruses.

The correct answer is: These viruses almost exclusively affect the operating system.
Câu hỏi 49 Software generated passwords have what drawbacks?

Đúng
Select one:
1,00 a. Passwords are too long.
b. Password are too short.
c. Password are too secure.
d. Passwords are unbreakable.
e. Passwords are not easy to remember.

The correct answer is: Passwords are not easy to remember.
Câu hỏi 50 Which of the following tools can you use to assess your networks vulnerability?
Đúng
Select one:
1,00 a. SATAN
b. ISS
c. All of the choices
d. Ballista

The correct answer is: All of the choices

Câu hỏi 51 Which of the following forms of authentication would most likely apply a digital signature algorithm to every
Đúng bit of data that is sent from the claimant to the verifier?

Select one:
1,00
a. Continuous authentication
b. Encrypted authentication
c. Dynamic authentication
d. Robust authentication

The correct answer is: Continuous authentication
Câu hỏi 52 What should be the size of a Trusted Computer Base?

Đúng
Select one:
1,00 a. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
b. Large – in order to enable it to protect the potentially large number of resources in a
typical commercial system environment.
c. Large – in order to accommodate the implementation of future updates without incurring
the time and expense of recertification.
d. Small – in order to permit it to be implemented in all critical system components without
using excessive resources.

The correct answer is: Small – in order to facilitate the detailed analysis necessary to prove that it meets
design requirements.
Câu hỏi 53 Passwords can be required to change monthly, quarterly, or any other intervals:
Đúng
Select one:
1,00 a. depending on the criticality of the information needing protection
b. depending on the criticality of the information needing protection and the password’s
frequency of use
c. not depending on the criticality of the information needing protection but depending on
the password’s frequency of use
d. depending on the password’s frequency of use 

The correct answer is: depending on the criticality of the information needing protection and the password’s
frequency of use
Câu hỏi 54 Which of the following actions can increase the cost of an exhaustive attack?
Đúng
Select one:
1,00 a. Increase the length of a password.
b. Increase the history of a password.
c. Increase the age of a password.

The correct answer is: Increase the length of a password.
Câu hỏi 55 Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant
Đúng advantage?

Select one:
1,00
a. Defeat the TEMPEST safeguard
b. Undetectable active monitoring.
c. Bypass the system security application.
d. Gain system information without trespassing

The correct answer is: Undetectable active monitoring.
Câu hỏi 56 SQL commands do not include which of the following?

Đúng
Select one:
1,00 a. Delete, Insert
b. Add, Replace
c. Select, Update
d. Grant, Revoke

The correct answer is: Add, Replace

Câu hỏi 57 Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of _____.
Đúng
Select one:
1,00 a. Routers and firewalls
b. Network-based IDS systems
c. General purpose operating systems
d. Host-based IDS systems

The correct answer is: General purpose operating systems
Câu hỏi 58 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Đúng appropriately defined?

Select one:
1,00
a. Security policy
b. Enforcement guidelines
c. Program manual
d. Acceptable use policy

The correct answer is: Acceptable use policy
Câu hỏi 59 Authentication is typically based upon:

Đúng
Select one:
1,00 a. Something you are.
b. All of the choices.
c. Something you know.
d. Something you have.

The correct answer is: All of the choices.

Câu hỏi 60 Which of the following would best describe the difference between white-box testing and black-box testing?
Đúng
Select one:
1,00 a. Black-box testing involves the business units
b. White-box testing examines the program internal logical structure
c. Black-box testing uses the bottom-up approach
d. White-box testing is performed by an independent programmer team

The correct answer is: White-box testing examines the program internal logical structure

Bắt đầu vào lúc Monday, 9 May 2022, 10:18 AM
State Finished
Kết thúc lúc Monday, 9 May 2022, 10:34 AM
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Đúng
Select one:
1,00 a. Captive
b. Aggressive
c. Active
d. Passive
Đúng
Select one:
1,00 a. Inference
b. Data swapping
c. Polyinstantiation
d. Partitioning
Câu hỏi 3 What tool is being used to determine whether attackers have altered system files of executables?
Đúng
Select one:
1,00 a. Honey Pots
b. Padded Cells
c. Vulnerability Analysis Systems
d. File Integrity Checker


Select one:
1,00
a. Encrypted authentication
b. Robust authentication
c. Continuous authentication
d. Dynamic authentication
Câu hỏi 5 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and
Đúng reduced maintenance?

Select one:
1,00
a. Relational Data Bases
b. Object-Relational Data Bases (ORDB)
c. Data Base management systems (DBMS)
d. Object-Oriented Data Bases (OODB)
Câu hỏi 6 Which one of the following should be employed to protect data against undetected corruption?
Đúng
Select one:
1,00 a. Authentication
b. Integrity
c. Non-repudiation
d. Encryption

Câu hỏi 7 Which of the following correctly describe discretionary access control (DAC)?
Đúng
Select one:
1,00 a. It is the least secure method.
b. It is the most secure method.
c. It can extend beyond limiting which subjects can gain what type of access to which
objects.

Select one:
1,00
a. An online backup program.
b. A crate and ship replacement.
c. An off-site storage replacement.
d. A dial-up services program.
Câu hỏi 9 The access matrix model consists of which of the following parts?
Đúng
Select one:
1,00 a. A list of subjects.
b. All of the choices
c. A list of objects.
d. A function that returns an objects type.


Select one:
1,00
a. Accountability controls
b. Assurance procedures
c. Mandatory access controls
d. Administrative controls
Câu hỏi 11 To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the
Đúng following can be implemented to mitigate the risks on a corporate network?

Select one:
1,00
a. Implement strong centrally generated passwords to control use of the vulnerable
applications.
b. Implement a virtual private network (VPN) with controls on workstations joining the
VPN.
c. Ensure audit logging is enabled on all hosts and applications with associated frequent log
reviews.
d. Ensure that only authorized trained users have access to workstations through physical
access control.
Đúng
Select one:
1,00 a. A standalone workstation on which the password database is copied and processed by
b. A password-cracking program is unethical; therefore it should not be used.
c. A networked workstation so the password database can easily be copied locally and
d. A networked workstation so that the live password database can easily be accessed by

Câu hỏi 13 Which of the following refers to the number of columns in a table?
Đúng
Select one:
1,00 a. Cardinality
b. Degree
c. Relation
d. Schema
Câu hỏi 14 Management can expect penetration tests to provide all of the following EXCEPT _____.
Sai
Select one:
1,00 a. a method to correct the security flaws
b. demonstration of the effects of the flaws
c. identification of security flaws
d. verification of the levels of existing infiltration resistance
Câu trả lời của bạn sai.
Đúng
Select one:
1,00 a. Placing limits on sharing, writing, and executing programs.
b. Differentiating systems along the lines exploited by the attack.
c. Keeping data objects small, simple, and obvious as to their intent.
d. Limiting connectivity by means of well-managed access controls.

Câu hỏi 16 Which of the following is not a responsibility of a database administrator?
Đúng
Select one:
1,00 a. Implementing access rules to databases
b. Providing access authorization to databases
c. Reorganizing databases
d. Maintaining databases

Đúng
Select one:
1,00 a. Dictionary
b. Teardrop
c. Spamming
d. SMURF

Đúng
Select one:
b. Generally accepted auditing practices.
d. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.

Câu hỏi 19 Under Mandatory Access Control (MAC), a clearance is a:
Đúng
Select one:
1,00 a. Privilege
b. Object
c. Sensitivity
d. Subject
Câu hỏi 20 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
Đúng
Select one:
1,00 a. Confidentiality
b. Integrity
c. Identification
d. Authentication
Đúng
Select one:
1,00 a. disposal
b. disaster
c. closure
d. disclosure

Câu hỏi 22 Who should determine the appropriate access control of information?
Đúng
Select one:
1,00 a. Administrator
b. Owner
c. User
d. Server
Câu hỏi 23 Which of the following is the marriage of object-oriented and relational technologies combining the
Đúng attributes of both?

Select one:
1,00
a. object-oriented database
b. object-relational database
c. object-linking database
d. object-management database
Đúng
Select one:
b. Threat
c. Risk
d. Exposure


Select one:
1,00
a. Call-back is very difficult to defeat.
b. Each session has a unique (one-time) password assigned to it.
c. Audit and access information are not kept on the access server.
d. Single user logons are easier to manage and audit.
Câu hỏi 26 What can be accomplished by storing on each subject a list of rights the subject has for every object?
Đúng
Select one:
1,00 a. Capabilities
b. Key ring
c. Rights
d. Object
Câu hỏi 27 Which of the following is the weakest authentication mechanism?

Đúng
Select one:
1,00 a. One-time passwords
b. Token devices
c. Passphrases
d. Passwords

Câu hỏi 28 Identification establishes:
Đúng
Select one:
1,00 a. None of the choices.
b. Accountability
c. Authorization
d. Authentication
Câu hỏi 29 What ensures that attributes in a table depend only on the primary key?
Đúng
Select one:
1,00 a. Entity integrity
b. Referential integrity
c. The database management system (DBMS)
d. Data Normalization

Select one:
1,00
a. Implementation
b. Development/acquisition
c. Operation/Maintenance
d. Initiation

Câu hỏi 31 Signature identification systems analyze what areas of an individual’s signature?
Đúng
Select one:
1,00 a. The specific features of the signature AND the specific features of the process of signing
one’s signature
b. The specific features of the process of signing one’s signature.
c. The signature rate.
d. The specific features of the signature.

Đúng
Select one:
1,00 a. Fiber optic
b. Twisted pair
c. Microwave
d. Coaxial cable

Đúng
Select one:
1,00 a. The authentication server.
c. A network Access Server.
d. The end user.

Câu hỏi 34 In non-discretionary access control, a central authority determines what subjects can have access to certain
Đúng objects based on the organizational security policy. The access controls may be based on:

Select one:
1,00
a. the group-dynamics as they relate to the individual’s role in the organization
b. the society’s role in the organization
c. the group-dynamics as they relate to the master-slave role in the organization
d. the individual’s role in the organization

Đúng
Select one:
1,00 a. Attaching to a communications line and substituting data.
b. Following an authorized user into the computer room.
c. Recording and playing back computer transactions.
Câu hỏi 36 What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services
Đúng are made available only to properly designated parties?

Select one:
1,00
a. Authentication and Control Service
b. Directory Service
c. Distributed File Service
d. Remote Procedure Call Service

Câu hỏi 37 Which of the following functions is less likely to be performed by a typical security administrator?
Đúng
Select one:
1,00 a. Setting or changing file sensitivity labels
b. Setting user clearances and initial passwords
c. Reviewing audit data
d. Adding and removing system users
Câu hỏi 38 Which one of the following authentication mechanisms creates a problem for mobile users?
Đúng
Select one:
1,00 a. reusable password mechanism
b. challenge response mechanism
c. address-based mechanism
d. one-time password mechanism
Câu hỏi 39 A ‘Pseudo flaw’ is which of the following?

Đúng
Select one:
1,00 a. A normally generated page fault causing the system halt
b. A mean for testing for bounds violations in application programming
c. An omission when generating Pseudo-code
d. An apparent loophole deliberately implanted in an operating system

Câu hỏi 40 What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
Đúng depositing the funds into his own bank account?

Select one:
1,00
a. Trojan horses
b. Data fiddling
c. Data diddling
d. Salami techniques
Câu hỏi 41 A persistent collection of interrelated data items can be defined as which of the following?
Đúng
Select one:
1,00 a. database security
b. database management system
c. database shadowing
d. database
Đúng
Select one:
1,00 a. Handprint driver architecture.
c. Fingerprint driver architecture.
Đúng
Select one:
1,00 a. Labeling
b. Sensing
c. Performance monitoring

Câu hỏi 44 What is the main issue with media reuse?
Đúng
Select one:
1,00 a. Data remanence
b. Purging
c. Media destruction
d. Degaussing
Đúng
Select one:
1,00 a. Black box testing is predicated on a close examination of procedural detail
b. A top-down approach allows errors in critical modules to be detected earlier
c. The test plan and results should be retained as part of the system’s permanent
documentation
d. A bottom-up approach allows interface errors to be detected earlier
Câu hỏi 46 In the Information Flow Model, what acts as a type of dependency?
Đúng
Select one:
1,00 a. Successive points
b. Flow
c. Transformation
d. State

Câu hỏi 47 What physical characteristics does a retinal scan biometric device measure?
Đúng
Select one:
1,00 a. The size, curvature, and shape of the retina
b. The amount of light reaching the retina
c. The pattern of blood vessels at the back of the eye
d. The amount of light reflected by the retina
Câu hỏi 48 Which of the following is an effective measure against a certain type of brute force password attack?
Đúng
Select one:
1,00 a. Password history is used.
b. Password used must not be a word found in a dictionary.
c. Password reuse is not allowed.
Câu hỏi 49 Which of the following refers to the data left on the media after the media has been erased?
Đúng
Select one:
1,00 a. semi-hidden
b. remanence
c. recovery
d. sticky bits
Câu hỏi 50 Which of the following ensures that security is not breached when a system crash or other system failure
Đúng occurs?

Select one:
1,00
a. Redundancy
b. Hot swappable
c. Trusted recovery
d. Secure boot

Câu hỏi 51 Why would an information security policy require that communications test equipment be controlled?
Đúng
Select one:
1,00 a. The equipment can be used to browse information passing on a network
b. The equipment must always be available for replacement if necessary
c. The equipment can be used to reconfigure the network multiplexers
d. The equipment is susceptible to damage
Câu hỏi 52 Covert channel is a communication channel that can be used for:
Đúng
Select one:
1,00 a. Violating the security policy.
b. Strengthening the security policy.
c. Hardening the system.
Đúng
Select one:
b. Review of software control features and/or parameters
c. Review of operating system manual
Đúng
Select one:
1,00 a. Role name
b. Rules
c. Sensitivity label
d. Policy name

Đúng people?

Select one:
1,00
a. manager
b. security manager
c. group leader
d. user
Câu hỏi 56 What is the term used to describe a virus that can infect both program files and boot sectors?
Đúng
Select one:
1,00 a. Multipartite
b. Polymorphic
c. Multiple encrypting
d. Stealth
Đúng
Select one:
1,00 a. Stateful inspection
b. Supervisor mode
c. User mode
d. Interprocess communication

Câu hỏi 58 Which of the following will you consider as a program that monitors data traveling over a network?
Đúng
Select one:
1,00 a. Smurfer
b. Sniffer
c. Fragmenter
d. Spoofer
Đúng
Select one:
1,00 a. Compartmented Security Mode
b. System-High Security Mode
c. Dedicated Security Mode
d. Multilevel Security Mode

Đúng
Select one:
1,00 a. Only server authentication (optional)
b. Server authentication (mandatory) and client authentication (optional)
c. Peer-to-peer authentication
d. Role based authentication scheme

Bắt đầu vào lúc Saturday, 16 April 2022, 10:57 PM
State Finished
Kết thúc lúc Saturday, 16 April 2022, 11:12 PM
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Đúng
Select one:
1,00 a. Security parameters
b. System log
c. User passwords
d. User profiles
Câu hỏi 2 Access controls that are not based on the policy are characterized as:
Đúng
Select one:
1,00 a. Discretionary controls
b. Secret controls
c. Mandatory controls
d. Corrective controls
Câu hỏi 3 What is the main purpose of undertaking a parallel run of a new system?
Đúng
Select one:
1,00 a. Verify that the system provides required business functionality
b. Provide a backup of the old system

c. Validate the operation of the new system against its predecessor
d. Resolve any errors in the program and file interfaces

Câu hỏi 4 A “critical application” is one that MUST _____.
Đúng
Select one:
1,00 a. Be subject to continual program maintenance
b. Remain operational for the organization to survive
c. Be constantly monitored by operations management
d. Undergo continual risk assessments
1,00
Select one:
a. Excessive Rights
c. Excessive Access
d. Excessive Permissions

Đúng
Select one:
1,00 a. Something you know.
c. All of the choices.

Câu hỏi 7 What is an indirect way to transmit information with no explicit reading of confidential information?
Đúng
Select one:
1,00 a. Covert channels
b. Timing channels
c. Overt channels
d. Backdoor
Câu hỏi 8 Which situation would TEMPEST risks and technologies be of MOST interest?
Đúng
Select one:
1,00 a. Where high availability is vital.
b. Where the consequences of disclose are very high.
c. Where countermeasures are easy to implement
d. Where data base integrity is crucial

Đúng
Select one:
1,00 a. Something you have.
c. Something you are.

Câu hỏi 10 What are the three fundamental principles of security?
Đúng
Select one:
1,00 a. Integrity, availability, and accountability
b. Confidentiality, integrity, and availability
c. Availability, accountability, and confidentiality
d. Accountability, confidentiality, and integrity

Đúng
Select one:
1,00 a. The security administrator’s workload would increase
b. User access rights would be increased
c. The users’ password would be to hard to remember
d. Maximum unauthorized access would be possible if a password is disclosed
Câu hỏi 12 Attacks on smartcards generally fall into what categories?

Đúng
Select one:
1,00 a. Social Engineering attacks.
b. Physical attacks.
d. Logical attacks.
e. Trojan Horse attacks.


Select one:
1,00
a. holiday
b. Jenny&30
c. TrZc&45g
d. Christmas12

Select one:
1,00
a. Brute force
b. Birthday
c. Man-in-the-middle
d. Smurf
Câu hỏi 15 In a change control environment, which one of the following REDUCES the assurance of proper changes to
Đúng source programs in production status?

Select one:
1,00
a. Testing of the change.
b. Documentation of the change.
c. Programmer access.
d. Authorization of the change.

Câu hỏi 16 What is an example of an individual point of verification in a computerized application?
Đúng
Select one:
1,00 a. A boundary protection.
b. A sensitive transaction.
c. An inference check.
d. A check digit.

Đúng
Select one:
1,00 a. Hierarchical
b. Based on flows.
c. Based on labels
d. All equal
Câu hỏi 18 Access control techniques do not include:

Đúng
Select one:
1,00 a. Rule-Based Access Controls
b. Mandatory Access Controls
c. Random Number Based Access Control
d. Role-Based Access Controls

Câu hỏi 19 What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain
Đúng access to a target computer system?

Select one:
1,00
a. Processing speed of the system executing the attack.
b. Keyspace for the password.
c. Expertise of the person performing the attack.
d. Encryption algorithm used for password transfer.
Câu hỏi 20 By far, the largest security exposure in application system development relates to
Đúng
Select one:
1,00 a. Change control.
b. Errors and lack of training.
c. Deliberate compromise.
d. Maintenance and debugging hooks.
Câu hỏi 21 Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
Đúng incorrect?

Select one:
1,00
a. TCSEC provides a means to evaluate the trustworthiness of an information system
b. With TCSEC, functionality and assurance are evaluated separately.
c. Database management systems are not covered by the TCSEC

Đúng
Select one:
1,00 a. Increase the value of password age.
b. Decrease the value of password history.
c. Change the root password.
d. Change all passwords.

Đúng
Select one:
1,00 a. Subject
b. Sensitivity
c. Object
d. Privilege
Câu hỏi 24 Which of the following is not a form of a passive attack?

Đúng
Select one:
1,00 a. Sniffing
b. Data diddling
c. Scavenging
d. Shoulder surfing

Câu hỏi 25 Retinal scans check for:
Đúng
Select one:
b. Something you know.
Câu hỏi 26 What type of subsystem is an application program that operates outside the operating system and carries
Đúng out functions for a group of users, maintains some common data for all users in the group, and protects the
data from improper access by users in the group?
1,00
Select one:
a. Directory subsystem
b. Protected subsystem
c. Prevented subsystem
d. File subsystem
Câu hỏi 27 Which risk management methodology uses the exposure factor multiplied by the asset value to determine its
Đúng outcome?

Select one:
1,00
a. Annualized Loss Expectancy
b. Annualized Rate of Occurrence
c. Information Risk Management
d. Single Loss Expectancy


Select one:
1,00
a. Mandatory Access Control
b. Rule-based Access Control
c. Discretionary Access Control
d. Non-Discretionary Access Control
Câu hỏi 29 Which of the following is a characteristic of a decision support system (DSS)?
Đúng
Select one:
1,00 a. DSS is aimed at solving highly structured problems
b. DSS combines the use of models with non-traditional data access and retrieval functions
c. DSS supports only structured decision-making tasks
d. DSS emphasizes flexibility in the decision making approach of users
Câu hỏi 30 A channel within a computer system or network that is designed for the authorized transfer of information is
Đúng identified as a(n)?

Select one:
1,00
a. Opened channel
b. Covert channel
c. Closed channel
d. Overt channel

Câu hỏi 31 Which of the following is a communication mechanism that enables direct conversation between two
Đúng applications?

Select one:
1,00
a. Open Database Connectivity (ODBC)
b. Open Library Environment (OLE)
c. Distributed Component Object Model (DCOM)
d. Dynamic Data Exchange (DDE)
Đúng installed?

Select one:
1,00
a. Exceptional condition handling error
b. Configuration error
c. Environmental error
Câu hỏi 33 Under mandatory access control (MAC), classification reflects:

Đúng
Select one:
1,00 a. Privilege
b. Sensitivity
c. Subject
d. Object

Đúng
Select one:
1,00 a. Assembly
b. LISP
c. BASIC
d. NATURAL
Câu hỏi 35 Which of the following is a facial feature identification product that can employ artificial intelligence and can
Đúng require the system to learn from experience?

Select one:
1,00
a. Neural networking
b. Digital nervous system.
c. Dynamic signature verification (DSV)
Đúng
Select one:
1,00 a. Conformity with the concept of least privilege
b. Whether active accounts are still being used
c. Strength of user-chosen passwords
d. Whether management authorizations are up-to-date
Đúng
Select one:
1,00 a. Security administrators
b. Data owners 
c. Operators
d. Data custodians

Câu hỏi 38 In terms of the order of effectiveness, which of the following technologies is the least effective?
Đúng
Select one:
1,00 a. Signature
b. Hand geometry
c. Keystroke pattern
d. Voice pattern
Câu hỏi 39 To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These
Đúng rules are:

Select one:
1,00
a. Certification rules and enforcement rules.
b. Integrity-bouncing rules.
c. Certification rules and general rules.
d. Processing rules and enforcement rules.
Đúng accessed.

Select one:
1,00
a. Sensitivity
b. A group of users.
c. Users
d. Entities

Câu hỏi 41 Which of the following is an important part of database design that ensures that attributes in a table depend
Đúng only on the primary key?

Select one:
1,00
a. Reduction
b. Compaction
c. Assimilation
d. Normalization
Đúng
Select one:
1,00 a. Passwords must not be sent through email in plain text.
b. You may store passwords electronically if it is encrypted.
c. Passwords must not be stored in plain text on any electronic media.
d. All of the choices
Câu hỏi 43 Which of the following correctly describe the difference between identification and authentication?
Đúng
Select one:
1,00 a. Identification is the child process of authentication.
b. Identification is a means to verify who you are, while authentication is what you are
authorized to perform.
c. Authentication is a means to verify who you are, while identification is what you are
d. Identification is another name of authentication.

Câu hỏi 44 An access control policy for a bank teller is an example of the implementation of which of the following?
Đúng
Select one:
1,00 a. user-based policy
b. identity-based policy
c. rule-based policy
d. role-based policy
Câu hỏi 45 What attack involves actions to mimic one’s identity?

Đúng
Select one:
1,00 a. Social engineering
b. Spoofing
c. Exhaustive
d. Brute force
Câu hỏi 46 Which of the following is not used as a cost estimating technique during the project planning stage?
Đúng
Select one:
1,00 a. Delphi technique
b. Program Evaluation Review Technique (PERT) charts
c. Expert Judgment
d. Function points (FP)

Câu hỏi 47 Why are macro viruses easy to write?
Đúng
Select one:
1,00 a. Only a few assembler instructions are needed to do damage.
b. Office templates are fully API compliant.
c. Active contents controls can make direct system calls
d. The underlying language is simple and intuitive to apply.
Sai
Select one:
1,00 a. The administrator.
b. All users except the administrator.
c. The guests.
d. All users
e. The power users.
Câu hỏi 49 Discretionary access control (DAC) and mandatory access control (MAC) policies can be effectively replaced
Đúng by:

Select one:
1,00
a. Server based access control.
b. Role based access control.
c. Token based access control.
d. Rule based access control.

Đúng
Select one:
b. Hard to remember
d. Difficult to crack using brute force.
Câu hỏi 51 What is an access control model?

Đúng
Select one:
1,00 a. A formal description of access control ID specification.
b. A formal description of a sensibility label.
c. A formal description of security policy.
Đúng altogether.

Select one:
1,00
a. terminated
b. resumed
c. recycled
d. suspended

Câu hỏi 53 Which of the following will you consider as most secure?
Đúng
Select one:
1,00 a. One time password
b. Login phrase
c. Login ID
d. Password
Câu hỏi 54 What is one advantage of deploying Role based access control in large networked applications?
Đúng
Select one:
1,00 a. User friendliness
b. Higher security
c. Lower cost
d. Higher bandwidth
Câu hỏi 55 What is a PRIMARY reason for designing the security kernel to be as small as possible?
Đúng
Select one:
1,00 a. System performance and execution are enhanced.
b. Changes to the kernel are not required as frequently.
c. The operating system cannot be easily penetrated by users.
d. Due to its compactness, the kernel is easier to formally verify.

Câu hỏi 56 Which one of the following is the MAIN goal of a security awareness program when addressing senior
Đúng management?

Select one:
1,00
a. Provide a vehicle for communicating security procedures.
b. Provide a forum for disclosing exposure and risk analysis.
c. Provide a clear understanding of potential risk and exposure.
d. Provide a forum to communicate user responsibilities.
Câu hỏi 57 Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a
Đúng system?

Select one:
1,00
a. Social engineering
b. Dictionary attack
c. Dumpster diving
d. Password sniffing
Câu hỏi 58 With _____, access decisions are based on the roles that individual users have as part of an organization.
Đúng
Select one:
1,00 a. Rule based access control
b. Token based access control
c. Role based access control
d. Server based access control

1,00
Select one:
a. The IDEAL Model
b. The total Quality Model (TQM)
c. The Spiral Model
d. The Software Capability Maturity Model
Câu hỏi 60 A department manager has read access to the salaries of the employees in his/her department but not to the
Đúng salaries of employees in other departments. A database security mechanism that enforces this policy would
typically be said to provide which of the
1,00
Select one:
a. context-dependent access control
b. least privileges access control
c. ownership-based access control
d. content-dependent access control

State Finished
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 Which one of the following entails immediately transmitting copies of on-line transactions to a remote
Đúng computer facility for backup?

Select one:
1,00
a. Archival storage management (ASM)
b. Hierarchical storage management (HSM)
c. Data compression
d. Electronic vaulting
Câu hỏi 2 Which one of the following properties of a transaction processing system ensures that once a transaction
Đúng completes successfully (commits), the update service even if there is a system failure?

Select one:
1,00
a. Consistency
b. Isolation
c. Atomicity
d. Durability

Câu hỏi 3 A storage information architecture does not address which of the following?
Đúng
Select one:
1,00 a. use of data
b. archiving of data
c. management of data
d. collection of data
Câu hỏi 4 What control is based on a specific profile for each user?
Đúng
Select one:
1,00 a. Lattice based access control.
b. ID based access control.
c. Directory based access control.
Câu hỏi 5 What represents the amount of time you hold down in a particular key?
Đúng
Select one:
1,00 a. Systems time
b. Dynamic time
c. Flight time
d. Dwell time

Câu hỏi 6 What should a company do first when disposing of personal computers that once were used to store
Đúng confidential data?

Select one:
1,00
a. Overwrite all data on the hard disk with zeroes
b. Delete all data contained on the hard disk
c. Low level format the hard disk
d. Demagnetize the hard disk
Câu hỏi 7 Which of the following can be defined as the set of allowable values that an attribute can take?
Đúng
Select one:
1,00 a. domains, in database of a relation
b. domain analysis of a relation
c. domain name service of a relation
d. domain of a relation
Câu hỏi 8 Which of the following defines the intent of a system security policy?
Đúng
Select one:
1,00 a. A listing of tools and applications that will be used to protect the system.
b. A definition of those items that must be excluded on the system.
c. A definition of the particular settings that have been determined to provide optimum
security.
d. A brief, high-level statement defining what is and is not permitted during the operation
of the system.

Câu hỏi 9 Which of the following is the most reliable authentication device?
Đúng
Select one:
1,00 a. Smart card system
b. Fixed callback system
c. Variable callback system
d. Combination of variable and fixed callback system

Đúng
Select one:
1,00 a. Passwords are not easy to remember.
b. Passwords are unbreakable.
d. Passwords are too long.
e. Password are too short.
Câu hỏi 11 Which of the following statements pertaining to the trusted computing base (TCB) is false?
Đúng
Select one:
1,00 a. A higher TCB rating will require that details of their testing procedures and
documentation be reviewed with more granularity
b. It includes hardware, firmware, and software
c. It addresses the level of security a system provides

Câu hỏi 12 Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s
Đúng identity?

Select one:
1,00
a. Iris scans
b. Skin scans
c. Palm scans
d. Retina scans
Câu hỏi 13 An active content module, which attempts to monopolize and exploits system resources is called a
Đúng
Select one:
1,00 a. Macro virus
b. Plug-in worm
c. Hostile applet
d. Cookie
Câu hỏi 14 Which one of the following is a characteristic of a penetration testing project?
Đúng
Select one:
1,00 a. The project is open-ended until all known vulnerabilities are identified.
b. The project tasks are to break into a targeted system.
c. The project plan is reviewed with the target audience.
d. The project schedule is plotted to produce a critical path.

Đúng
Select one:
1,00 a. Decrypt error
b. Human error
c. Token error
d. Encrypt error
Câu hỏi 16 Which access control model enables the owner of the resource to specify what subjects can access specific
Đúng resources?

Select one:
1,00
a. Sensitive Access Control
b. Mandatory Access Control
c. Role-based Access Control
d. Discretionary Access Control

Đúng
Select one:
1,00 a. False reject rate
b. Crossover error rate
c. Speed and throughput rate
d. False accept rate

Đúng
Select one:
1,00 a. These viruses can infect many types of environments.
b. These viruses almost exclusively affect the operating system.
c. Anti-virus software is usable to remove the viral code.
d. Floppy disks can propagate such viruses.
Câu hỏi 19 Identification usually takes the form of:

Đúng
Select one:
b. User password.
c. Passphrase
d. Login ID.
Đúng
Select one:
1,00 a. magnetically striped card
b. field-powered device
c. passive device
d. transponder

Đúng
Select one:
1,00 a. To screen out all network errors that affect network statistical information.
b. To capture only unauthorized internal/external use.
c. To monitor only unauthorized activity and use.
d. To monitor the network to gain a complete statistical picture of activity.
Đúng
Select one:
1,00 a. Employees must send in an email before obtaining a password.
c. Employees must send in a signed email before obtaining a password.
d. Employees must show up in person and present proper identification before obtaining a
password.
Câu hỏi 23 Which of the following is NOT a good password deployment guideline?
Đúng
Select one:
1,00 a. Password must be easy to memorize.
b. Passwords must be changed at least once every 60 days, depending on your
environment.
c. Passwords must not be he same as user id or login id.
d. Password aging must be enforced on all systems.

Đúng maintenance?

Select one:
1,00
a. Are system components tested, documented, and approved prior to promotion to
production?
b. Is access to all program libraries restricted and controlled?
c. Is there version control?
d. Are integrity verification programs used by applications to look for evidences of data
Đúng current timescale are referred to as

Select one:
1,00
a. Data installation controls
b. Application controls
c. Operation controls
d. Physical controls
Câu hỏi 26 What type of authentication takes advantage of an individuals unique physical characteristics in order to
Đúng authenticate that persons identity?

Select one:
1,00
a. Password
b. Ticket Granting
c. Biometric
d. Token

Câu hỏi 27 What is one disadvantage of content-dependent protection of information?
Đúng
Select one:
1,00 a. It exposes the system to data locking
b. It increases processing overhead
c. It limits the user’s individual address space
d. It requires additional password entry
Câu hỏi 28 Under (Mandatory Access Control) MAC, who can change the category of a resource?
Đúng
Select one:
1,00 a. All managers.
b. All users.
c. Administrators only.
Câu hỏi 29 When considering the IT Development Life-Cycle, security should be:
Đúng
Select one:
1,00 a. Add once the design is completed.
b. Mostly considered during the initiation phase.
c. Treated as an integral part of the overall system design.
d. Mostly considered during the development phase.
Câu hỏi 30 Which of the following can be used to protect your system against brute force password attack?
Đúng
Select one:
1,00 a. After three unsuccessful attempts to enter a password, the account will be locked.
b. Employees must send in a signed email before obtaining a password.
c. Increase the value of password age.
d. Decrease the value of password history.

Câu hỏi 31 Which one of the following is the MOST solid defense against interception of a network transmission?
Đúng
Select one:
1,00 a. Frequency hopping
b. Encryption
c. Alternate routing
d. Optical fiber
Câu hỏi 32 Which question is NOT true concerning Application Control?

Đúng
Select one:
1,00 a. Only specific records can be requested choice
b. Particular uses of application can be recorded for audit purposes
c. It limits end users use of applications in such a way that only particular screens are
visible
d. Is non-transparent to the endpoint applications so changes are needed to the
applications involved
Câu hỏi 33 Most computer attacks result in violation of which of the following security properties?
Đúng
Select one:
1,00 a. Integrity and control
c. Availability
d. Confidentiality

Đúng
Select one:
1,00 a. Preventive controls
b. Need-to-know controls
c. Mandatory adjustable controls
Câu hỏi 35 Information security is the protection of data. Information will be protected mainly based on:
Đúng
Select one:
1,00 a. Its confidentiality.
c. Its sensitivity to the company.
d. Its value.
Câu hỏi 36 Which of the following are the correct guidelines of password deployment?
Đúng
Select one:
b. Passwords must be masked.
c. Password must have a minimum of 8 characters.
d. Password must contain a mix of both alphabetic and non-alphabetic characters.
Câu hỏi 37 Which one of the following should NOT be contained within a computer policy?
Đúng
Select one:
1,00 a. Responsibilities of individuals and groups for protected information
b. Statement of senior executive support
c. Definition of management expectations
d. Definition of legal and regulatory controls

Câu hỏi 38 What can be defined as a table of subjects and objects indicating what actions individual subjects can take
Đúng upon individual objects?

Select one:
1,00
a. A capability table
b. A capacity table
c. An access control matrix
d. An access control list
Câu hỏi 39 Which of the following is an example of an active attack?

Đúng
Select one:
1,00 a. Masquerading
b. Traffic analysis
c. Shoulder surfing
d. Eavesdropping
Câu hỏi 40 To ensure integrity, a payroll application program may record transactions in the appropriate accounting
Đúng period by using

Select one:
1,00
a. Accrual journal entries
b. End of period journals
c. Application checkpoints
d. Time and date stamps

Đúng
Select one:
1,00 a. A security token.
b. Only one role.
c. One or more roles.
d. A token role.
Câu hỏi 42 In order to avoid mishandling of media or information, you should consider using:
Đúng
Select one:
1,00 a. Labeling
b. Ticket
c. Token
Câu hỏi 43 Which of the following correctly describe “good” security practice?
Đúng
Select one:
1,00 a. You should ensure that there are no accounts without passwords.
b. Accounts should be monitored regularly.
d. You should have a procedure in place to verify password strength.
Câu hỏi 44 Which one of the following is the PRIMARY objective of penetration testing?
Đúng
Select one:
1,00 a. Detection
b. Correction
c. Assessment
d. Protection

Đúng physiological or behavioral characteristics?

Select one:
1,00
a. MicroBiometrics
b. Macrometrics
c. Micrometrics
d. Biometrics
Đúng advantage?

Select one:
1,00
a. Defeat the TEMPEST safeguard
b. Bypass the system security application.
c. Undetectable active monitoring.
d. Gain system information without trespassing
Câu hỏi 47 Which one of the following is the MOST critical characteristic of a biometrics system?
Đúng
Select one:
1,00 a. Acceptability
b. Accuracy
c. Throughput
d. Reliability

Đúng
Select one:
1,00 a. In incremental backup
b. A differential backup
c. A father/son backup
d. A full backup
Câu hỏi 49 A common Limitation of information classification systems is the INABILITY to ____.
Đúng
Select one:
1,00 a. Limit the number of classifications.
b. Establish information ownership.
c. Generate internal labels on diskettes.
d. Declassify information when appropriate.
Câu hỏi 50 Which of the following defines the software that maintains and provides access to the database?
Đúng
Select one:
1,00 a. database identification system (DBIS)
b. Interface Definition Language system (IDLS)
c. database management system (DBMS)
d. relational database management systems (RDBMS)

Đúng
Select one:
1,00 a. Principle of least privilege.
c. Principle of aggregate privilege.
d. Principle of effective privilege.
Đúng
Select one:
1,00 a. Local rules imposed for some users.
b. Global rules imposed for only the local users.
c. Global rules imposed for no body.
d. Global rules imposed for all users.
Câu hỏi 53 Which of the following is most relevant to determining the maximum effective cost of access control?
Đúng
Select one:
1,00 a. The cost to replace lost data.
b. Budget planning related to base versus incremental spending.
c. Management’s perceptions regarding data importance
d. The value of information that is protected

Câu hỏi 54 Which of the following rules is less likely to support the concept of least privilege?
Đúng
Select one:
1,00 a. Only data to and from critical systems and applications should be allowed through the
firewall
b. Permissions on tools that are likely to be used by hackers should be as restrictive as
possible
c. The number of administrative accounts should be kept to a minimum
d. Administrators should use regular accounts when performing routing operations like
reading mail
Câu hỏi 55 Which of the following will you consider as a “role” under a role based access control system?
Đúng
Select one:
1,00 a. Bank network
b. Bank rules
c. Bank computer
d. Bank teller
Câu hỏi 56 Which of the following describes the major disadvantage of many SSO implementations?
Đúng
Select one:
1,00 a. Once a user obtains access to the system through the initial log-on, they only need to
logon to some applications.
b. The initial logon process is cumbersome to discourage potential intruders
c. Once a user obtains access to the system through the initial log-on, he has to logout
from all other systems
d. Once a user obtains access to the system through the initial log-on they can freely roam
the network resources without any restrictions

Đúng
Select one:
1,00 a. Increase the age of a password.
b. Increase the history of a password.
c. Increase the length of a password.
Câu hỏi 58 You may describe Mandatory Access Control (MAC) as:
Đúng
Select one:
1,00 a. Permissive
b. Opportunistic
c. Prohibitive
Câu hỏi 59 Which one of the following risk analysis terms characterizes the absence or weakness of a risk reducing
Đúng safeguard?

Select one:
1,00
a. Threat
b. Probability
c. Loss expectancy
d. Vulnerability

Đúng
Select one:
1,00 a. Identification concept that refers to the comparison of material supplied by a user with its
reference profile.
b. Audit concept that refers to monitoring and recording of all accesses to objects by
subjects.
c. Access control concept that refers to an abstract machine that mediates all accesses to
d. Network control concept that distributes the authorization of subject accesses to
objects.

State Finished
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)

Đúng
Select one:
1,00 a. It prevents low-level database users from inferring the existence of higher level data.
b. It ensures that all mechanism in a system are responsible for enforcing the database
security policy.
c. Two operations at the same layer will conflict if they operate on the same data item and
d. It confirms that all constrained data items within the system conform to integrity
specifications.
Câu hỏi 2 What are the valid types of one time password generator?
Đúng
Select one:
b. Asynchronous/PIN asynchronous
c. Synchronous/PIN synchronous
d. Transaction synchronous

Đúng
Select one:
1,00 a. Duplexing
b. Shadowing
c. Mirroring
d. Dual backbones
1,00
Select one:
a. The IDEAL Model
b. The Spiral Model
c. The Software Capability Maturity Model
Câu hỏi 5 What is called a type of access control where a central authority determines what subjects can have access to
Đúng certain objects, based on the organizational security policy?

Select one:
1,00
a. Non-discretionary Access Control
b. Rule-based access control
c. Mandatory Access Control

Câu hỏi 6 One method to simplify the administration of access controls is to group _____.
Đúng
Select one:
1,00 a. Administrators and managers
b. Objects and subjects
c. Programs and transactions
d. Capabilities and privileges
Câu hỏi 7 Cryptography does not concern itself with _____.

Đúng
Select one:
1,00 a. Authenticity
b. Availability
c. Intergrity
d. Confidentiality
Đúng instruction fetch was the longest part of the cycle?

Select one:
1,00
a. Scolar processors
b. Pipelining
c. Reduced Instruction Set Computers (RISC)
d. Complex Instruction Set Computers (CISC)

Câu hỏi 9 The type of discretionary access control that is based on an individual’s identity is called:
Đúng
Select one:
1,00 a. Identity-based access control
b. Lattice-based access control
c. Rule-based access control
d. Non-Discretionary access control
Câu hỏi 10 What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
Đúng
Select one:
1,00 a. The subject’s sensitivity label must dominate the object’s sensitivity label
b. The subject’s sensitivity label subordinates the object’s sensitivity label
c. The subject’s sensitivity label is dominated by the object’s sensitivity label
d. The subject’s sensitivity label is subordinated by the object’s sensitivity label
Câu hỏi 11 What is the MAIN purpose of a change control/management system?

Đúng
Select one:
1,00 a. Document the change for audit and management review.
b. Ensure that the change meets user specifications.
c. Ensure the orderly processing of a change request.
d. Notify all interested parties of the completion of the change.

Câu hỏi 12 A computer program used to process the weekly payroll contains an instruction that the amount of the gross
Đúng pay cannot exceed $2,500 for any one employee. This instruction is an example of a control that is referred to
as a:
1,00
Select one:
a. limit check
b. sequence check
c. check digit
d. record check
Câu hỏi 13 Which of the following methods is more microscopic and will analyze the direction of the ridges of the
Đúng fingerprints for matching?

Select one:
1,00
a. Flow direct
b. Ridge matching
d. Minutia matching
Đúng
Select one:
1,00 a. handling
b. storage
c. marking
d. clearing

Câu hỏi 15 A system uses a numeric password with 1-4 digits. How many passwords need to be tried before it is cracked?
Đúng
Select one:
1,00 a. 10000
b. 100000
c. 1000000
d. 1024
Câu hỏi 16 Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a
Đúng network entity to verify both

Select one:
1,00
a. The identity of a remote communicating entity and the level of security of the path
through which data are received.
b. The identity of a remote communicating entity and the authenticity of the source of the
data that are received.
c. The authenticity of a remote communicating entity and the path through which
communications are received.
d. The location of a remote communicating entity and the path through which

Select one:
1,00
a. System auditors
b. Seniors security analysts
c. Senior Management
d. IS security specialists

Câu hỏi 18 TEMPEST addresses
Đúng
Select one:
1,00 a. The protection of data from high energy attacks.
b. Signal emanations from electronic equipment.
c. Health hazards of electronic equipment.
d. The vulnerability of time-dependent transmissions.
Câu hỏi 19 Rotating password can be restricted by the use of:

Đúng
Select one:
1,00 a. Complex password
b. Password history
d. Password age
Câu hỏi 20 Which one of the following is the MOST crucial link in the computer security chain?
Đúng
Select one:
1,00 a. People
b. Management
c. Access Controls
d. Awareness programs

Câu hỏi 21 Which of the following statements pertaining to the security kernel is incorrect?
Đúng
Select one:
1,00 a. It is made up of mechanisms that fall under the TCB and implements and enforces the
reference monitor concept.
b. It is an access control concept, not an actual physical component
c. It must be small enough to be able to be tested and verified in a complete and
comprehensive manner
d. It must provide isolation for the processes carrying out the reference monitor concept
and they must be tamperproof
Câu hỏi 22 What type of attacks occurs when a smart card is operating under normal physical conditions, but sensitive
Đúng information is gained by examining the bytes going to and from the smart card?

Select one:
1,00
a. Trojan Horse attacks.
b. Logical attacks.
c. Social Engineering attacks.
d. Physical attacks.
Câu hỏi 23 Risk analysis is MOST useful when applied during which phase of the system development process?
Đúng
Select one:
1,00 a. Project identification
b. Requirements definition
c. Implementation planning
d. System construction

Câu hỏi 24 What are the advantages to using voice identification?
Đúng
Select one:
1,00 a. Reliability
b. Timesaving
c. Flexibility
Câu hỏi 25 Which one of the following is commonly used for retrofitting multilevel security to a Database Management
Đúng System?

Select one:
1,00
a. Front end controller
b. Kernel controller
c. Trusted front-end
d. Trusted kernel
Câu hỏi 26 Normalizing data within a database includes all of the following except which?
Đúng
Select one:
1,00 a. Eliminating duplicate key fields by putting them into separate tables
b. Eliminating attributes in a table that are not dependent on the primary key of that table
c. Eliminating repeating groups by putting them into separate tables
d. Eliminating redundant data


Select one:
1,00
a. Segmenting
b. Kerneling
c. Aggregating
d. Hardening
Đúng
Select one:
1,00 a. White-box testing is performed by an independent programmer team
b. Black-box testing uses the bottom-up approach
c. Black-box testing involves the business units
d. White-box testing examines the program internal logical structure
Câu hỏi 29 What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive
Đúng information on the smartcard?

Select one:
1,00
a. Trojan Horse attacks
b. Logical attacks
c. Physical attacks
d. Social Engineering attacks

Câu hỏi 30 Which of the following is not a component of a Operations Security “triples”?
Đúng
Select one:
1,00 a. Risk
b. Threat
c. Asset
d. Vulnerability

Đúng
Select one:
b. Grant, Revoke
c. Select, Update
d. Add, Replace

Đúng
Select one:
1,00 a. In any location on behalf of root.
b. In root.
c. In a shadow password file.
d. In the /etc/passwd file.

Đúng
Select one:
1,00 a. Large – in order to accommodate the implementation of future updates without incurring
b. Small – in order to permit it to be implemented in all critical system components without
c. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
d. Large – in order to enable it to protect the potentially large number of resources in a
Câu hỏi 34 What type of password makes use of two totally unrelated words?
Đúng
Select one:
1,00 a. Login phrase
b. Login ID
c. One time password
d. Composition
Đúng
Select one:
1,00 a. The use of profile.
b. The use of data flow diagram.
c. The use of information flow label.
d. The use of token.

Đúng
Select one:
1,00 a. Allow access to files
b. Segregate various user’s accesses
c. Authenticate the user
d. Identify the user

Select one:
1,00
a. Physical attacks
b. Social Engineering attacks
c. Trojan Horse attacks
d. Logical attacks
Câu hỏi 38 Which of the following is a type of mandatory access control?

Đúng
Select one:
1,00 a. Role-based access control
d. User-directed access control

Câu hỏi 39 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
1,00 a. Acceptance
b. Evaluation
c. Certification
d. Accreditation
Đúng
Select one:
1,00 a. Spoofing
b. Smurfing
c. Sniffing
d. Data diddling
Câu hỏi 41 Which of the following represents the best programming?

Đúng
Select one:
1,00 a. Low cohesion, low coupling
b. Low cohesion, high coupling
c. High cohesion, high coupling
d. High cohesion, low coupling

Câu hỏi 42 Which of the following are the advantages of using passphrase?
Đúng
Select one:
1,00 a. Easier to remember.
d. Difficult to crack using brute force.
Câu hỏi 43 Which of the following is not a common integrity goal?

Đúng
Select one:
1,00 a. Prevent authorized users from making improper modifications
b. Prevent unauthorized users from making modifications
c. Maintain internal and external consistency
d. Prevent paths that could lead to inappropriate disclosure
Câu hỏi 44 The access matrix model has which of the following common implementations?
Đúng
Select one:
1,00 a. Access control lists and capabilities.
b. Access control list and availability.
c. Capabilities
d. Access control lists.

Đúng a system project?

Select one:
1,00
a. Program evaluation review technique (PERT)
b. Gantt charts
c. Critical path methodology (CPM)
d. Function point analysis (FP)
Đúng
Select one:
1,00 a. Vulnerability Analysis Systems
b. Padded Cells
c. File Integrity Checker
d. Honey Pots
Câu hỏi 47 Which one of the following traits allows macro viruses to spread more effectively than other types?
Đúng
Select one:
1,00 a. They can be transported between different operating systems.
b. They spread in distributed systems without detection
c. They infect macro systems as well as micro computers.
d. They attach to executable and batch applications.

Câu hỏi 48 Role based access control is attracting increasing attention particularly for what applications?
Đúng
Select one:
1,00 a. Scientific
b. Commercial
c. Security
d. Technical
Câu hỏi 49 Which of the following statements pertaining to RADIUS is incorrect?

Đúng
Select one:
1,00 a. Most RADIUS servers have built-in database connectivity for billing and reporting
purposes
b. Most of RADIUS clients have a capability to query secondary RADIUS servers for
redundancy
c. Most RADIUS servers can work with DIAMETER servers.
d. A RADIUS server can act as a proxy server, forwarding client requests to other
authentication domains.
Câu hỏi 50 When conducting a risk assessment, which one of the following is NOT an acceptable social engineering
Đúng practice?

Select one:
1,00
a. Subversion
b. Dumpster diving
c. Misrepresentation
d. Shoulder surfing

Đúng
Select one:
1,00 a. Database Administrator
b. Operations Manager
c. Security Administrator
d. Computer Manager
Câu hỏi 52 Which of the following would be the most serious risk where a systems development life cycle methodology
Đúng is inadequate?

Select one:
1,00
a. The project will be incompatible with existing systems
b. The project will fail to meet business and user needs
c. The project will be completed late
d. The project will exceed the cost estimates
Câu hỏi 53 Which of the following computer crime is more often associated with insiders?
Đúng
Select one:
1,00 a. Denial of Service (DOS)
b. Password sniffing
c. IP spoofing
d. Data diddling
Câu hỏi 54 With Discretionary access controls, who determines who has access and what privilege they have?
Đúng
Select one:
1,00 a. Resource owners.
b. End users.
c. Only the administrators.

Câu hỏi 55 Mandatory access control (MAC) is used for:
Đúng
Select one:
1,00 a. Defining discretionary access control level.
b. Defining user preferences.
c. Defining imposed access control level.
Câu hỏi 56 Which of the following statements is incorrect?

Đúng
Select one:
1,00 a. There has never been a problem of lost keys
b. Since the early days of mankind humans have struggled with the problems of protecting
assets
c. The addition of a PIN keypad to the card reader was a solution to unreported card or lost
cards problems
d. Human guard is an inefficient and sometimes ineffective method of protecting resources
Câu hỏi 57 Which of the following refers to the number of columns in a relation?
Đúng
Select one:
1,00 a. degree
b. depth
c. breadth
d. cardinality

Câu hỏi 58 Which of the following would provide the best stress testing environment?
Đúng
Select one:
1,00 a. Test environment using live workloads
b. Production environment using test data
c. Test environment using test data
d. Production environment using live workloads
Câu hỏi 59 Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
Đúng
Select one:
1,00 a. Administrators only.
b. All users.
c. All managers.
Câu hỏi 60 A feature deliberately implemented in an operating system as a trap for intruders is called a:
Đúng
Select one:
1,00 a. Trojan horse
b. Pseudo flaw
c. Trap door
d. Logic bomb

Bắt đầu vào lúc Friday, 15 April 2022, 8:05 PM
State Finished
Kết thúc lúc Friday, 15 April 2022, 8:40 PM
Quá hạn 4 phút 38 giây
Điểm 39,00/60,00
Điểm 6,50 out of 10,00 (65%)
Sai current timescale are referred to as

Select one:
1,00
a. Data installation controls
b. Operation controls
c. Physical controls
d. Application controls
Câu hỏi 2 Why are macro viruses easy to write?

Đúng
Select one:
1,00 a. Active contents controls can make direct system calls
b. Office templates are fully API compliant.
c. The underlying language is simple and intuitive to apply.
d. Only a few assembler instructions are needed to do damage.

Câu hỏi 3 Attacks on smartcards generally fall into what categories?
Đúng
Select one:
1,00 a. Trojan Horse attacks.
b. Social Engineering attacks.
d. Physical attacks.
e. Logical attacks.
Câu hỏi 4 What type of attacks occurs when a smart card is operating under normal physical conditions, but sensitive
Đúng information is gained by examining the bytes going to and from the smart card?

Select one:
1,00
a. Trojan Horse attacks.
b. Social Engineering attacks.
c. Physical attacks.
d. Logical attacks.
Câu hỏi 5 Risk is commonly expressed as a function of the ____.

Đúng
Select one:
1,00 a. Computer system-related assets and their costs.
b. Systems vulnerabilities and the cost to mitigate.
c. Likelihood that the harm will occur and its potential impact.
d. Types of countermeasures needed and the system’s vulnerabilities.

Câu hỏi 6 This is a common security issue that is extremely hard to control in large environments. It occurs when a user
Đúng has more computer rights, permissions, and privileges than what is required for the tasks the user needs to
fulfill. What best describes this scenario?
1,00
Select one:
a. Excessive Access
b. Excessive Rights
d. Excessive Privileges

Select one:
1,00
a. An online backup program.
b. A dial-up services program.
c. A crate and ship replacement.
d. An off-site storage replacement.
Đúng
Select one:
1,00 a. The attacker must have write access to the password file.
b. The attacker must have access to the target system.
c. The attacker must know the password encryption mechanism and key variable.
d. The attacker must have read access to the password file.

Sai
Select one:
1,00 a. Labeling
b. Performance monitoring
c. Sensing
Câu hỏi 10 Processor card contains which of the following components?

Đúng
Select one:
1,00 a. Memory and flash.
b. Memory and hard drive.
c. Memory and processor.
d. Cache and processor.
Câu hỏi 11 Which of the following is an advantage of a qualitative over quantitative risk analysis?
Đúng
Select one:
1,00 a. It provides specific quantifiable measurements of the magnitude of the impacts.
b. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
c. It makes cost-benefit analysis of recommended controls easier.
Câu hỏi 12 Which one of the following entails immediately transmitting copies of on-line transactions to a remote
Đúng computer facility for backup?

Select one:
1,00
a. Archival storage management (ASM)
b. Hierarchical storage management (HSM)

c. Data compression
d. Electronic vaulting

Câu hỏi 13 Access control techniques do not include which of the following choices?
Đúng
Select one:
1,00 a. Discretionary Access Controls
b. Lattice Based Access Controls
c. Mandatory Access Controls
d. Relevant Access Controls
Câu hỏi 14 What is called the verification that the user’s claimed identity is valid and is usually implemented through a
Đúng user password at log-on time?

Select one:
1,00
a. Authentication
b. Integrity
c. Confidentiality
d. Identification
Câu hỏi 15 With _____, access decisions are based on the roles that individual users have as part of an organization.
Đúng
Select one:
1,00 a. Rule based access control
b. Role based access control
c. Server based access control
d. Token based access control

Đúng
Select one:
b. Partitioning
c. Cell suppression
d. Perturbation
Câu hỏi 17 Which one of the following BEST describes a password cracker?
Đúng
Select one:
1,00 a. A program that provides software registration passwords or keys.
b. A program that obtains privileged access to the system.
c. A program that performs comparative analysis.
d. A program that can locate and read a password file.
Câu hỏi 18 What is one disadvantage of content-dependent protection of information?

Đúng
Select one:
1,00 a. It exposes the system to data locking
b. It limits the user’s individual address space
c. It requires additional password entry
d. It increases processing overhead


Select one:
1,00
a. Physical attacks
b. Social Engineering attacks
c. Logical attacks
d. Trojan Horse attacks
Câu hỏi 20 When considering the IT Development Life-Cycle, security should be:
Đúng
Select one:
1,00 a. Mostly considered during the development phase.
b. Add once the design is completed.
c. Treated as an integral part of the overall system design.
d. Mostly considered during the initiation phase.

Select one:
1,00
a. Encrypted authentication
b. Robust authentication
c. Continuous authentication
d. Dynamic authentication

Đúng
Select one:
1,00 a. Logical Security
c. Encryption Security
d. On-line Security
Câu hỏi 23 What was introduced for circumventing difficulties in classic approaches to computer security by limiting
Đúng damages produced by malicious programs?

Select one:
1,00
a. Integrity-monitoring
b. Reference Monitor
c. Integrity-preserving
d. Non-Interference
Câu hỏi 24 Controlled Security Mode is also known as:

Đúng
Select one:
1,00 a. Partitioned Security Mode
b. System-high Security Mode
d. Multilevel Security Mode

Câu hỏi 25 In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
Sai
Select one:
1,00 a. These factors include the enrollment time, the throughput rate, and acceptability.
b. These factors include the enrollment time and the throughput rate, but not acceptability.
c. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
d. These factors do not include the enrollment time, the throughput rate, and acceptability.
Câu hỏi 26 A security policy would include all of the following EXCEPT _____.
Đúng
Select one:
1,00 a. Enforcement
b. Scope statement
c. Audit Requirements
d. Background
Câu hỏi 27 Which of the following would be the most serious risk where a systems development life cycle methodology
Đúng is inadequate?

Select one:
1,00
a. The project will fail to meet business and user needs
b. The project will be completed late
c. The project will be incompatible with existing systems
d. The project will exceed the cost estimates

Câu hỏi 28 Which of the following is a disadvantage of a memory only card?
Đúng
Select one:
1,00 a. High cost to develop
b. High cost to operate
c. Physically infeasible
d. Easy to counterfeit
Câu hỏi 29 Which of the following measures would be the BEST deterrent to the theft of corporate information from a
Đúng laptop which was left in a hotel room?

Select one:
1,00
a. Encrypt the data on the hard drive
b. Install a cable lock on the laptop when it is unattended
c. Remove the batteries and power supply from the laptop and store them separately from
the computer
d. Store all data on disks and lock them in an in-room safe
Câu hỏi 30 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are
Đúng more suited to which of the following?

Select one:
1,00
a. Data base management systems (DBMS)
b. Object-Oriented Data Bases (OODB)
c. Object-Relational Data Bases
d. Relational Data Bases

Đúng
Select one:
1,00 a. Passwords must not be stored in plain text on any electronic media.
c. Passwords must not be sent through email in plain text.
d. You may store passwords electronically if it is encrypted.
Đúng
Select one:
1,00 a. Limiting connectivity by means of well-managed access controls.
b. Keeping data objects small, simple, and obvious as to their intent.
c. Placing limits on sharing, writing, and executing programs.
d. Differentiating systems along the lines exploited by the attack.

Đúng
Select one:
1,00 a. Identify the user
b. Allow access to files
c. Authenticate the user
d. Segregate various user’s accesses

Câu hỏi 34 The technique of skimming small amounts of money from multiple transactions is called the _____?
Đúng
Select one:
1,00 a. Scavenger technique
b. Leakage technique
c. Salami technique
d. Synchronous attack technique
Câu hỏi 35 Which of the following are the correct guidelines of password deployment?
Đúng
Select one:
1,00 a. Passwords must be masked.
b. Password must have a minimum of 8 characters.
c. Password must contain a mix of both alphabetic and non-alphabetic characters.
Câu hỏi 36 Which of the following is the correct account policy you should follow?
Sai
Select one:
1,00 a. All active accounts must have a password.
b. All inactive accounts must have a password.
d. All active accounts must have a long and complex pass phrase.

Sai
Select one:
1,00 a. Audit concept that refers to monitoring and recording of all accesses to objects by
subjects.
b. Access control concept that refers to an abstract machine that mediates all accesses to
c. Network control concept that distributes the authorization of subject accesses to
objects.
d. Identification concept that refers to the comparison of material supplied by a user with
its reference profile.
Câu hỏi 38 What is the term used to describe a virus that can infect both program files and boot sectors?
Sai
Select one:
1,00 a. Multipartite
b. Polymorphic
c. Stealth
d. Multiple encrypting
Câu hỏi 39 Which of the following is an advantage of using a high-level programming language?
Sai
Select one:
1,00 a. It allows programmers to define syntax
b. It requires programmer-controlled storage management
c. It enforces coding standards
d. It decreases the total amount of code writers

Câu hỏi 40 What is it called when a computer uses more than one CPU in parallel to execute instructions?
Đúng
Select one:
1,00 a. Multiprocessing
b. Multitasking
c. Parallel running
d. Multithreading
Câu hỏi 41 What access control methodology facilitates frequent changes to data permissions?
Đúng
Select one:
1,00 a. Role-based
b. Rule-based
c. List-based
d. Ticket-based
Câu hỏi 42 With Discretionary access controls, who determines who has access and what privilege they have?
Sai
Select one:
1,00 a. Resource owners.
b. End users.
c. Only the administrators.
Sai people?

Select one:
1,00
a. user
b. manager 
c. group leader
d. security manager

Sai
Select one:
1,00 a. Executables from the Internet may attempt an intentional attack when they are
b. Their transport can interrupt the secure distribution of World Wide Web pages over the
c. Java interpreters do not provide the ability to limit system access that an applet could
d. Java does not check the bytecode at runtime or provide other safety mechanisms for
Sai
Select one:
1,00 a. record retention
b. records or tuples
c. relation
d. attributes

Đúng
Select one:
1,00 a. Server authentication (mandatory) and client authentication (optional)
b. Only server authentication (optional)
c. Role based authentication scheme
d. Peer-to-peer authentication

Câu hỏi 47 Which one of the following tests determines whether the content of data within an application program falls
Sai within predetermined limits?

Select one:
1,00
a. Parity check
b. Mathematical accuracy check
c. Reasonableness check
d. Check digit verification
Câu hỏi 48 To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the
Sai following can be implemented to mitigate the risks on a corporate network?

Select one:
1,00
a. Ensure that only authorized trained users have access to workstations through physical
access control.
b. Implement strong centrally generated passwords to control use of the vulnerable
applications.
c. Implement a virtual private network (VPN) with controls on workstations joining the
VPN.
d. Ensure audit logging is enabled on all hosts and applications with associated frequent
log reviews.
Không trả lời
Select one:
Đạt điểm 1,00
a. Security Administrator
b. Computer Manager
c. Database Administrator
d. Operations Manager

Không trả lời instruction fetch was the longest part of the cycle?
Đạt điểm 1,00

Select one:
a. Complex Instruction Set Computers (CISC)
b. Reduced Instruction Set Computers (RISC)
c. Pipelining
d. Scolar processors
Không trả lời
Select one:
Đạt điểm 1,00
a. Policy name
b. Sensitivity label
c. Rules
d. Role name
Câu hỏi 52 The Trusted Computer Security Evaluation Criteria (TBSEC) provides
Đúng
Select one:
1,00 a. a means of restricting access to objects based on the identity of subjects and groups to
which they belong.
b. a system analysis and penetration technique where specifications and document for the
system are analyzed.
c. a formal static transition model of computer security policy that describes a set of access
control rules.
d. a basis for assessing the effectiveness of security controls built into automatic data-
processing system products

Không trả lời
Select one:
Đạt điểm 1,00
a. Subject
b. Sensitivity
c. Object
d. Privilege
Câu hỏi 54 A firewall can be classified as a:

Đúng
Select one:
1,00 a. Directory based access control.
c. Rule based access control.
d. Lattice based access control.

Không trả lời
Select one:
Đạt điểm 1,00
a. A network Access Server.
b. The end user.
c. The authentication server.

Câu hỏi 56 Which of the following biometric parameters are better suited for authentication use over a long period of
Đúng time?

Select one:
1,00
a. Iris pattern
b. Signature dynamics
c. Voice pattern
d. Retina pattern
Câu hỏi 57 Which of the following can be defined as the set of allowable values that an attribute can take?
Không trả lời
Select one:
Đạt điểm 1,00
a. domain of a relation
b. domain name service of a relation
c. domains, in database of a relation
d. domain analysis of a relation
Câu hỏi 58 In terms of the order of acceptance, which of the following technologies is the MOST accepted?
Đúng
Select one:
1,00 a. Hand geometry
b. Voice Pattern
c. Signature
d. Keystroke pattern

Câu hỏi 59 Which level of “least privilege” enables operators the right to modify data directly in it’s original location, in
Không trả lời addition to data copied from the original location?
Đạt điểm 1,00

Select one:
a. Access Rewrite
b. Access Modify
c. Read / Write
d. Access Change
Không trả lời
Select one:
Đạt điểm 1,00
a. Fingerprint driver architecture.
c. Handprint driver architecture.

Bắt đầu vào lúc Thursday, 14 April 2022, 10:59 PM
State Finished
Kết thúc lúc Thursday, 14 April 2022, 11:29 PM
Điểm 42,00/60,00
Điểm 7,00 out of 10,00 (70%)
Câu hỏi 1 What is the main responsibility of the information owner?

Đúng
Select one:
1,00 a. audit the users when they require access to the information
b. making the determination to decide what level of classification the information requires
c. running regular backups

d. periodically checking the validity and accuracy for all data in the information system
Đúng maintenance?

Select one:
1,00
a. Are system components tested, documented, and approved prior to promotion to
production?
b. Is access to all program libraries restricted and controlled?
c. Are integrity verification programs used by applications to look for evidences of data
d. Is there version control?

Đúng
Select one:
1,00 a. statement of applicability and compliance requirements.
b. definition of the issue and statement of relevant terms.
c. statement of performance of characteristics and requirements.
d. statement of roles and responsibilities
Đúng
Select one:
1,00 a. Polyinstantiation
b. Data swapping
c. Inference
d. Partitioning
Câu hỏi 5 Which of the following are the types of eye scan in use today?
Đúng
Select one:
1,00 a. Retinal scans and iris scans.
b. Reflective scans and iris scans.
c. Retinal scans and reflective scans.
d. Retinal scans and body scans.

Đúng
Select one:
1,00 a. It bypasses the reference monitor functions.
b. A process can signal information to another process.
c. Data can be disclosed by inference.
d. A user can send data to another user.
Câu hỏi 7 Access controls that are not based on the policy are characterized as:
Đúng
Select one:
1,00 a. Discretionary controls
b. Secret controls
c. Corrective controls
d. Mandatory controls
Câu hỏi 8 Which of the following focuses on the basic features and architecture of a system?
Đúng
Select one:
1,00 a. Operational assurance
b. Covert channel assurance
c. Life cycle assurance
Câu hỏi 9 What security model implies a central authority that determines what subjects can have access to what
Đúng objects?

Select one:
1,00
a. Centralized access control
b. Non-discretionary access control 
c. Mandatory access control
d. Discretionary access control

Đúng
Select one:
Sai
Select one:
1,00 a. All users except the administrator.
b. The power users.
c. The administrator.
d. The guests.
e. All users
Câu hỏi 12 Which of the following offers advantages such as the ability to use stronger passwords, easier password
Đúng administration, and faster resource access?

Select one:
1,00
a. Smart cards
b. Public Key Infrastructure (PKI)
c. Single Sign-on (SSO)
d. Kerberos

Câu hỏi 13 Which of the following are objectives of an information systems security program?
Đúng
Select one:
1,00 a. Authenticity, vulnerabilities, and costs
b. Threats, vulnerabilities, and risks
c. Security, information value, and threats
d. Integrity, confidentiality, and availability

Select one:
1,00
a. Kerneling
b. Hardening
c. Segmenting
d. Aggregating

Sai
Select one:
1,00 a. what the users privilege owns
b. what the users group is
c. what the users cost is
d. what the users job is

Câu hỏi 16 Which of the following is not used as a cost estimating technique during the project planning stage?
Đúng
Select one:
1,00 a. Expert Judgment
b. Delphi technique
c. Program Evaluation Review Technique (PERT) charts
d. Function points (FP)
Câu hỏi 17 The PRIMARY purpose of operations security is

Đúng
Select one:
1,00 a. Safeguard information assets that are resident in the system.
b. Protect the system hardware from environment damage.
c. Monitor the actions of vendor service personnel.
d. Establish thresholds for violation detection and logging.
Câu hỏi 18 Which of the following are the advantages of using passphrase?
Đúng
Select one:
b. Offers numerous characters.
c. Difficult to crack using brute force.
d. Easier to remember.

Đúng have to be:

Select one:
1,00
a. created
b. updated
c. recreated
d. deleted
Câu hỏi 20 Which of the following factors may render a token based solution unusable?
Đúng
Select one:
1,00 a. Battery lifespan
b. Token length
c. Card size

Đúng
Select one:
b. Offers numerous characters.
c. Difficult to crack using brute force.
d. Hard to remember

Câu hỏi 22 Which of the following centralized access control mechanisms is not appropriate for mobile workers access
Đúng the corporate network over analog lines?

Select one:
1,00
a. RADIUS
b. CHAP
c. Call-back
d. TACACS
Câu hỏi 23 Which of the following is a characteristic of a decision support system (DSS)?
Đúng
Select one:
1,00 a. DSS supports only structured decision-making tasks
b. DSS is aimed at solving highly structured problems
c. DSS emphasizes flexibility in the decision making approach of users
d. DSS combines the use of models with non-traditional data access and retrieval functions
1,00
Select one:
a. The Software Capability Maturity Model
b. The Spiral Model
c. The IDEAL Model

Câu hỏi 25 The default level of security established for access controls should be
Đúng
Select one:
1,00 a. No access
b. Read access
c. Update access
d. All access
Đúng
Select one:
1,00 a. transponder
b. magnetically striped card
c. passive device
d. field-powered device
Câu hỏi 27 Which question is NOT true concerning Application Control?

Đúng
Select one:
1,00 a. It limits end users use of applications in such a way that only particular screens are
visible
b. Is non-transparent to the endpoint applications so changes are needed to the
applications involved
c. Only specific records can be requested choice
d. Particular uses of application can be recorded for audit purposes

Câu hỏi 28 Which of the following can be used to protect your system against brute force password attack?
Đúng
Select one:
1,00 a. Increase the value of password age.
b. After three unsuccessful attempts to enter a password, the account will be locked.
c. Employees must send in a signed email before obtaining a password.
d. Decrease the value of password history.
Sai
Select one:
1,00 a. Need-to-know controls
b. Preventive controls
c. Mandatory adjustable controls
Câu hỏi 30 What type of authentication takes advantage of an individuals unique physical characteristics in order to
Đúng authenticate that persons identity?

Select one:
1,00
a. Password
b. Biometric
c. Token
d. Ticket Granting
Câu hỏi 31 Which of the following refers to the number of rows in a relation?
Sai
Select one:
1,00 a. breadth
b. degree 
c. cardinality
d. depth

Câu hỏi 32 In a RADIUS architecture, which of the following can act as a proxy client?
Đúng
Select one:
1,00 a. A Network Access Server.
c. The RADIUS authentication server.
d. The end user.

Đúng
Select one:
1,00 a. Assembly
b. BASIC
c. LISP
d. NATURAL

Sai
Select one:
1,00 a. So that employees will follow the policy directives.
b. So that they can be held legally accountable.
c. So that they will accept ownership for security within the organization.
d. So that external bodies will recognize the organizations commitment to security.

Câu hỏi 35 What should a company do first when disposing of personal computers that once were used to store
Đúng confidential data?

Select one:
1,00
a. Delete all data contained on the hard disk
b. Low level format the hard disk
c. Demagnetize the hard disk
d. Overwrite all data on the hard disk with zeroes
Câu hỏi 36 Which of the following rules is less likely to support the concept of least privilege?
Đúng
Select one:
1,00 a. The number of administrative accounts should be kept to a minimum
b. Administrators should use regular accounts when performing routing operations like
reading mail
c. Only data to and from critical systems and applications should be allowed through the
firewall
d. Permissions on tools that are likely to be used by hackers should be as restrictive as
possible
Câu hỏi 37 Which of the following is the marriage of object-oriented and relational technologies combining the
Đúng attributes of both?

Select one:
1,00
a. object-management database
b. object-relational database
c. object-oriented database
d. object-linking database

Câu hỏi 38 Which of the following choices is NOT part of a security policy?
Đúng
Select one:
1,00 a. Statement of management intend, supporting the goals and principles of information
security
b. Definition of general and specific responsibilities for information security management
c. Definition of overall steps of information security and the importance of security
d. Description of specific technologies used in the field of information security
Câu hỏi 39 The security planning process must define how security will be managed, who will be responsible,
Đúng
Select one:
1,00 a. What impact security will have on the intrinsic value of data.
b. Who practices are reasonable and prudent for the enterprise.
c. How security measures will be tested for effectiveness.
d. Who will work in the security department.
Đúng
Select one:
1,00 a. These viruses almost exclusively affect the operating system.
b. These viruses can infect many types of environments.
c. Floppy disks can propagate such viruses.
d. Anti-virus software is usable to remove the viral code.
Câu hỏi 41 You may describe Mandatory Access Control (MAC) as:
Sai
Select one:
1,00 a. Prohibitive 
b. Permissive
c. Opportunistic

Câu hỏi 42 Which of the following refers to the number of columns in a relation?
Đúng
Select one:
1,00 a. degree
b. breadth
c. depth
d. cardinality
Câu hỏi 43 Which of the following will you consider as a “role” under a role based access control system?
Sai
Select one:
1,00 a. Bank rules
b. Bank teller
c. Bank network
d. Bank computer
Câu hỏi 44 Which one of the following addresses the protection of computers and components from electromagnetic
Sai emissions?

Select one:
1,00
a. ISO 9000
b. TEMPEST
c. Hardening
d. IEEE 802.2

Câu hỏi 45 Which of the following is NOT a good password deployment guideline?
Đúng
Select one:
1,00 a. Password aging must be enforced on all systems.
b. Passwords must not be he same as user id or login id.
c. Password must be easy to memorize.
d. Passwords must be changed at least once every 60 days, depending on your
environment.
Câu hỏi 46 Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
Sai
Select one:
1,00 a. Why is it to be done.
b. What is to be done.
c. Who is to do it.
d. When it is to be done.
Câu hỏi 47 Data inference violations can be reduced using ____.

Sai
Select one:
1,00 a. Correct-state transformation.
b. Polyinstantiation technique.
c. Multi-level data classification.
d. Rules based meditation.

Sai
Select one:
1,00 a. Local rules imposed for some users.
b. Global rules imposed for only the local users.
c. Global rules imposed for no body.
d. Global rules imposed for all users.
Sai processes and components in a secure state when a failure occurs or is detected in the system?

Select one:
1,00
a. Fail safe
b. Fail resilient
c. Fail soft
d. Fail proof
Câu hỏi 50 A “critical application” is one that MUST _____.

Sai
Select one:
1,00 a. Undergo continual risk assessments
b. Be subject to continual program maintenance
c. Be constantly monitored by operations management
d. Remain operational for the organization to survive

Sai
Select one:
1,00 a. Following an authorized user into the computer room.
b. Recording and playing back computer transactions.
c. Attaching to a communications line and substituting data.
Đúng
Select one:
1,00 a. A bottom-up approach allows interface errors to be detected earlier
b. Black box testing is predicated on a close examination of procedural detail
c. The test plan and results should be retained as part of the system’s permanent
documentation
d. A top-down approach allows errors in critical modules to be detected earlier
Đúng altogether.

Select one:
1,00
a. resumed
b. recycled
c. terminated
d. suspended

Đúng
Select one:
1,00 a. Passwords are harder to remember for users
b. Passwords are harder to guess for attackers
c. Passwords are more vulnerable to brute force and dictionary attacks.
d. If the password-generating algorithm gets to be known, the entire system is in jeopardy
Sai
Select one:
1,00 a. Black-box testing uses the bottom-up approach
b. White-box testing examines the program internal logical structure
c. Black-box testing involves the business units
d. White-box testing is performed by an independent programmer team
Câu hỏi 56 What is the essential difference between a self-audit and an independent audit?
Đúng
Select one:
1,00 a. Tools used
b. Competence
c. Objectivity
d. Results

Câu hỏi 57 Which factor is critical in all systems to protect data integrity?
Sai
Select one:
1,00 a. Data classification
b. Information ownership
c. Change control
d. System design
Câu hỏi 58 Which of the following eye scan methods is considered to be more intrusive?
Đúng
Select one:
1,00 a. Reflective scans
b. Retinal scans
c. Iris scans
d. Body scans
Câu hỏi 59 To ensure integrity, a payroll application program may record transactions in the appropriate accounting
Sai period by using

Select one:
1,00
a. End of period journals
b. Application checkpoints
c. Accrual journal entries
d. Time and date stamps

Câu hỏi 60 Which of the following questions is less likely to help in assessing physical and environmental protection?
Sai
Select one:
1,00 a. Are entry codes changed periodically?
b. Are appropriate fire suppression and prevention devices installed and working?
c. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
d. Is physical access to data transmission lines controlled?

Bắt đầu vào lúc Thursday, 24 March 2022, 10:41 AM
State Finished
Kết thúc lúc Thursday, 24 March 2022, 10:56 AM
Điểm 57,00/60,00
Điểm 9,50 out of 10,00 (95%)
Đúng
Select one:
1,00 a. Administrator
b. Server
c. User
d. Owner
Đúng
Select one:
1,00 a. Confidentiality
b. Integrity and control
d. Availability
Đúng
Select one:
b. The subject’s sensitivity label is dominated by the object’s sensitivity label
c. The subject’s sensitivity label subordinates the object’s sensitivity label

1,00
Select one:
a. Excessive Access
b. Excessive Rights
Đúng
Select one:
1,00 a. Definition of overall steps of information security and the importance of security
b. Description of specific technologies used in the field of information security
c. Definition of general and specific responsibilities for information security management
d. Statement of management intend, supporting the goals and principles of information
security
Câu hỏi 6 Organizations develop change control procedures to ensure that _____.
Đúng
Select one:
1,00 a. Management is advised of changes made to systems.
b. All changes are requested, scheduled, and completed on time.
c. All changes are authorized, tested, and recorded.
d. Changes are controlled by the Policy Control Board (PCB).

Câu hỏi 7 Which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?
Đúng
Select one:
b. Storage channels
c. Object channels
d. Timing channels
Câu hỏi 8 Risk is commonly expressed as a function of the ____.

Đúng
Select one:
1,00 a. Types of countermeasures needed and the system’s vulnerabilities.
b. Computer system-related assets and their costs.
c. Systems vulnerabilities and the cost to mitigate.
d. Likelihood that the harm will occur and its potential impact.
Câu hỏi 9 Which of the following will you consider as the MOST secure way of authentication?
Đúng
Select one:
1,00 a. Ticket Granting
b. Biometric
c. Token
d. Password

Đúng
Select one:
1,00 a. Human error
b. Decrypt error
c. Token error
d. Encrypt error
Đúng
Select one:
1,00 a. Accuracy
b. Reliability
c. Throughput
d. Acceptability
Đúng
Select one:
1,00 a. These factors include the enrollment time and the throughput rate, but not acceptability.
b. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
c. These factors do not include the enrollment time, the throughput rate, and acceptability.
d. These factors include the enrollment time, the throughput rate, and acceptability.

Đúng
Select one:
1,00 a. Dwell time
b. Dynamic time
c. Flight time
d. Systems time

Đúng
Select one:
1,00 a. User access rights would be increased
c. Maximum unauthorized access would be possible if a password is disclosed
Đúng practice?

Select one:
1,00
a. Shoulder surfing
b. Dumpster diving
c. Misrepresentation
d. Subversion


Select one:
1,00
a. the group-dynamics as they relate to the master-slave role in the organization
b. the group-dynamics as they relate to the individual’s role in the organization
c. the society’s role in the organization
Câu hỏi 17 The purpose of information classification is to _____.

Sai
Select one:
1,00 a. Ensure separation of duties.
b. Assign access controls.
c. Define the parameters required for security labels.
d. Apply different protective measures.
Đúng installed?

Select one:
1,00
a. Access validation error
c. Configuration error
d. Exceptional condition handling error

Câu hỏi 19 Memory only cards work based on:
Đúng
Select one:
1,00 a. Something you know and something you have.
b. Something you have.
Đúng
Select one:
1,00 a. ISS
b. Ballista
d. SATAN
Sai sets of security requirements to meet there needs is

Select one:
1,00
a. a Security Functionality Component Catalog (SFCC).
b. an evaluation Assurance Level (EAL).
c. a Security Target (ST).
d. a Protection Profile (PP).

Câu hỏi 22 A method for a user to identify and present credentials only once to a system is known as:
Đúng
Select one:
1,00 a. SSL
b. SSO
c. SEC
d. IPSec
Câu hỏi 23 According to Common Criteria, what can be described as an intermediate combination of security
Đúng requirement components?

Select one:
1,00
a. Security target (ST)
b. Protection profile (PP)
c. Package
d. The Target of Evaluation (TOE)
Đúng
Select one:
1,00 a. People
b. Management
c. Access Controls
d. Awareness programs


Select one:
1,00
a. Each session has a unique (one-time) password assigned to it.
b. Audit and access information are not kept on the access server.
c. Call-back is very difficult to defeat.
d. Single user logons are easier to manage and audit.
Đúng outcome?

Select one:
1,00
a. Single Loss Expectancy
d. Annualized Loss Expectancy
Đúng
Select one:
1,00 a. Accreditation
b. Acceptance
c. Certification
d. Evaluation


Select one:
1,00
a. Public Key Infrastructure (PKI)
b. Single Sign-on (SSO)
c. Kerberos
d. Smart cards
Sai security policy is called:

Select one:
1,00
a. Rule-based Access Control
d. Non-Discretionary Access Control

Đúng
Select one:
c. Ensure the orderly processing of a change request.
d. Notify all interested parties of the completion of the change.

Câu hỏi 31 A confidential number to verify a user’s identity is called a:
Đúng
Select one:
1,00 a. PIN
b. UserID
c. Challenge
d. Password

Select one:
1,00
a. Reference Monitor
b. Integrity-monitoring
c. Non-Interference
d. Integrity-preserving
Câu hỏi 33 Which of the following is true of two-factor authentication?

Đúng
Select one:
1,00 a. It does not use single sign-on technology
b. It relies on two independent proofs of identity
c. It uses the RSA public-key signature based algorithm on integers with large prime
factors
d. It requires two measurements of hand geometry

Đúng
Select one:
1,00 a. The operating system cannot be easily penetrated by users.
b. Changes to the kernel are not required as frequently.
c. System performance and execution are enhanced.
Đúng
Select one:
1,00 a. It includes hardware, firmware, and software
b. It addresses the level of security a system provides
c. A higher TCB rating will require that details of their testing procedures and

Select one:
1,00
a. Integrity and control
b. Protocol Profile (PP) and Security Target (ST)
d. Functional and assurance

Đúng
Select one:
1,00 a. A definition of the particular settings that have been determined to provide optimum
security.
b. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
c. A definition of those items that must be excluded on the system.
d. A listing of tools and applications that will be used to protect the system.

Đúng
Select one:
1,00 a. An apparent loophole deliberately implanted in an operating system
b. An omission when generating Pseudo-code
c. A normally generated page fault causing the system halt
d. A mean for testing for bounds violations in application programming
Câu hỏi 39 In developing a security awareness program, it is MOST important to _____.

Đúng
Select one:
1,00 a. Understand employees preferences for information security.
b. Identify weakness in line management support.
c. Understand the corporate culture and how it will affect security.
d. Know what security awareness products are available.

Câu hỏi 40 What is the function of a corporate information security policy?
Đúng
Select one:
1,00 a. Issue corporate standard to be used when addressing specific security problems.
b. Issue guidelines in selecting equipment, configuration, design, and secure operations.
c. Define the specific assets to be protected and identify the specific tasks which must be
completed to secure them.
d. Define the main security objectives which must be achieved and the security framework
to meet business objectives.
Đúng
Select one:
1,00 a. The pattern of blood vessels at the back of the eye
b. The amount of light reaching the retina
c. The size, curvature, and shape of the retina
Đúng
Select one:
1,00 a. Loss of revenue
b. Loss of public confidence and credibility
c. Loss of competitive advantage or market share
d. Public embarrassment

Đúng
Select one:
1,00 a. Battery lifespan
b. Token length
d. Card size
Đúng
Select one:
b. A list of objects.
Đúng
Select one:
1,00 a. Is physical access to data transmission lines controlled?
c. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
d. Are entry codes changed periodically?

Đúng
Select one:
1,00 a. Management’s perceptions regarding data importance
b. The value of information that is protected
c. The cost to replace lost data.
d. Budget planning related to base versus incremental spending.
Đúng management?

Select one:
1,00
a. Provide a forum to communicate user responsibilities.
b. Provide a vehicle for communicating security procedures.
c. Provide a clear understanding of potential risk and exposure.
d. Provide a forum for disclosing exposure and risk analysis.
Đúng
Select one:
1,00 a. Host-based IDS systems
b. Network-based IDS systems
d. Routers and firewalls


Select one:
1,00
a. L2TP
b. IPSec
c. PPTP
d. RADIUS
Đúng
Select one:
1,00 a. role-based policy
b. identity-based policy
c. user-based policy
d. rule-based policy
Câu hỏi 51 How are memory cards and smart cards different?
Đúng
Select one:
1,00 a. Memory cards normally hold more memory than smart cards
b. Smart cards provide a two-factor authentication whereas memory cards don’t
c. Memory cards have no processing power
d. Only smart cards can be used for ATM cards

Đúng
Select one:
1,00 a. Integrity, availability, and accountability
b. Accountability, confidentiality, and integrity
d. Confidentiality, integrity, and availability
Đúng occurs?

Select one:
1,00
a. Hot swappable
b. Secure boot
c. Redundancy
d. Trusted recovery
Đúng
Select one:
1,00 a. disclosure
b. disaster
c. closure
d. disposal

Câu hỏi 55 What is the PRIMARY component of a Trusted Computer Base?
Đúng
Select one:
1,00 a. The computer hardware
b. The security subsystem
c. The operating system software
d. The reference monitor

Select one:
1,00
a. System auditors
b. Senior Management
c. Seniors security analysts
d. IS security specialists
Câu hỏi 57 Which security model introduces access to objects only through programs?
Đúng
Select one:
1,00 a. The Bell-LaPadula model
b. The Clark-Wilson model
c. The information flow model
d. The Biba model

1,00
Select one:
a. Excessive Permissions
b. Excessive Access
c. Excessive Rights
Đúng
Select one:
1,00 a. Signature
b. Keystroke pattern
c. Voice Pattern
d. Hand geometry

Select one:
1,00
a. Double Sign-On (DSO) systems
b. Dual Sign-On (DSO) systems
c. Single Sign-On (SSO) systems
d. Triple Sign-On (TSO) systems

Bắt đầu vào lúc Thursday, 24 March 2022, 11:30 AM
State Finished
Kết thúc lúc Thursday, 24 March 2022, 11:43 AM
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 What access control methodology facilitates frequent changes to data permissions?
Đúng
Select one:
1,00 a. Rule-based
b. Role-based
c. List-based
d. Ticket-based
Đúng
Select one:
1,00 a. identification of security flaws
b. verification of the levels of existing infiltration resistance
c. a method to correct the security flaws
d. demonstration of the effects of the flaws
Đúng
Select one:
1,00 a. DAC
b. ACL
d. MAC

Đúng
Select one:
b. statement of performance of characteristics and requirements.
c. statement of roles and responsibilities
d. definition of the issue and statement of relevant terms.
Đúng rules are:

Select one:
1,00
a. Integrity-bouncing rules.
b. Processing rules and enforcement rules.
c. Certification rules and general rules.
d. Certification rules and enforcement rules.
Câu hỏi 6 Which of the following is a means of restricting access to objects based on the identity of the subject to
Đúng which they belong?

Select one:
1,00
a. Mandatory access control
b. Group access control
c. User access control

Đúng
Select one:
1,00 a. Variable callback system
b. Combination of variable and fixed callback system
c. Fixed callback system
d. Smart card system
Đúng
Select one:
1,00 a. Denial of Service (DOS)
b. Password sniffing
c. IP spoofing
d. Data diddling
Câu hỏi 9 Valuable paper insurance coverage does not cover damage to which of the following?
Đúng
Select one:
1,00 a. Manuscripts
b. Records
c. Money and Securities
d. Inscribed, printed and written documents

Đúng
Select one:
d. Directory based access control.
Câu hỏi 11 Which one of the following statements describes management controls that are instituted to implement a
Đúng security policy?

Select one:
1,00
a. They are generally inexpensive to implement.
b. They eliminate the need for most auditing functions.
c. They may be administrative, procedural, or technical.
d. They prevent users from accessing any control function.
Đúng
Select one:
1,00 a. Hardening the system.
b. Violating the security policy.
c. Strengthening the security policy.
Đúng
Select one:
1,00 a. Statement of senior executive support
b. Definition of management expectations
c. Responsibilities of individuals and groups for protected information

Câu hỏi 14 Fault tolerance countermeasures are designed to combat threats to _____
Đúng
Select one:
1,00 a. design reliability
b. data integrity
c. an uninterruptible power supply
d. backup and retention capability
Đúng
Select one:
1,00 a. Body scans
b. Iris scans
c. Reflective scans
d. Retinal scans
Câu hỏi 16 What is called the access protection system that limits connections by calling back the number of a
Đúng previously authorized location?

Select one:
1,00
a. Sendback forward systems
b. Callback forward systems
c. Sendback system
d. Callback systems

Câu hỏi 17 Which of the following best explains why computerized information systems frequently fail to meet the
Đúng needs of users?

Select one:
1,00
a. Constantly changing user needs
b. Inadequate user participation in defining the system’s requirements
c. Inadequate quality assurance (QA) tools
d. Inadequate project management.

Đúng
Select one:
1,00 a. A formal description of a sensibility label.
b. A formal description of security policy.
c. A formal description of access control ID specification.
Đúng
Select one:
1,00 a. The equipment must always be available for replacement if necessary
b. The equipment can be used to reconfigure the network multiplexers
c. The equipment is susceptible to damage
d. The equipment can be used to browse information passing on a network

Đúng
Select one:
1,00 a. Accounting
b. Identification
c. Authentication
d. Authorization
Câu hỏi 21 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
1,00 a. Through data for information content.
b. Through storage to acquire information.
c. A user list to find a name.
d. Through log files for trusted path information.

Đúng
Select one:
1,00 a. Lattice-based access control
c. Role-based access control
d. User-directed access control

Câu hỏi 23 A server farm is an example of:
Đúng
Select one:
1,00 a. Server fault tolerance
b. Redundant servers
c. Multiple servers
d. Server clustering
Đúng upon individual objects?

Select one:
1,00
a. An access control list
b. An access control matrix
c. A capacity table
d. A capability table

Select one:
1,00
a. Fail soft
b. Fail proof
c. Fail safe
d. Fail resilient

Đúng involves:

Select one:
1,00
a. Scanning and recognition.
c. Eigenfeatures of eigenfaces.
d. Detection and scanning.
Đúng
Select one:
1,00 a. Authenticity, vulnerabilities, and costs
b. Security, information value, and threats
c. Integrity, confidentiality, and availability
d. Threats, vulnerabilities, and risks
Câu hỏi 28 They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used
Đúng to supply static and dynamic passwords are called:

Select one:
1,00
a. Tickets
b. Token passing networks
c. Tokens
d. Coupons

Câu hỏi 29 Which of the following are the valid categories of hand geometry scanning?
Đúng
Select one:
1,00 a. Mechanical and image-edge detection.
b. Electrical and image-edge detection.
c. Mechanical and image-ridge detection.
d. Logical and image-edge detection.
Đúng identified as a(n)?

Select one:
1,00
a. Covert channel
b. Opened channel
c. Closed channel
d. Overt channel

Đúng
Select one:
1,00 a. Leakage technique
b. Synchronous attack technique
c. Salami technique
d. Scavenger technique
Câu hỏi 32 What are the methods used in the process of facial identification?
Đúng
Select one:
1,00 a. Detection and recognition.
b. Scanning and recognition.
Câu hỏi 33 Which one of the following is an important characteristic of an information security policy?
Sai
Select one:
1,00 a. Quantifies the effect of the loss of the information.
b. Lists applications that support the business function.
c. Requires the identification of information owners.
d. Identifies major functional areas of information.

Đúng
Select one:
b. Exposure
c. Threat
d. Risk
Sai systems resources?

Select one:
1,00
a. Seniors security analysts
b. Senior Management
c. IS security specialists
d. System auditors
Sai
Select one:
1,00 a. Purchase of security access control software
b. Development of a security awareness-training program
c. Adoption of a corporate information security policy statement
d. Development and implementation of an information security standards manual

Đúng
Select one:
1,00 a. The security administrator’s workload would increase
c. User access rights would be increased
d. Maximum unauthorized access would be possible if a password is disclosed
Câu hỏi 38 Which one of the following is a KEY responsibility for the “Custodian of Data”?
Sai
Select one:
1,00 a. Data content and backup
b. Integrity and security of data
c. Authentication of user access
d. Classification of data elements
Sai fingerprints for matching?

Select one:
1,00
a. None of the choices.
b. Ridge matching
c. Flow direct
d. Minutia matching

Sai rules are:

Select one:
1,00
a. Certification rules and enforcement rules.
b. Certification rules and general rules.
c. Integrity-bouncing rules.
d. Processing rules and enforcement rules.
Sai
Select one:
1,00 a. Signature
b. Voice pattern
c. Keystroke pattern
d. Hand geometry
Sai appropriately defined?

Select one:
1,00
a. Program manual
b. Security policy
c. Enforcement guidelines

Câu hỏi 43 Which of the following department managers would be best suited to oversee the development of an
Sai information security policy?

Select one:
1,00
a. Business operations
b. Information Systems
c. Security administration
d. Human Resources
Đúng
Select one:
1,00 a. Identification
b. Accounting
c. Authentication
d. Authorization
Sai identified as a(n)?

Select one:
1,00
a. Overt channel
b. Covert channel
c. Closed channel
d. Opened channel

Câu hỏi 46 Which one of the following is true about information that is designated with the highest of confidentiality in
Đúng a private sector organization?

Select one:
1,00
a. It is available to anyone in the organization whose work relates to the subject and
requires authorization for each access.
b. It is limited to named individuals and creates an audit trail.
c. It is restricted to those in the department of origin for the information.
d. It is classified only by the information security officer and restricted to those who have
made formal requests for access.
Sai requirement components?

Select one:
1,00
a. Protection profile (PP)
b. Package
c. Security target (ST)
Sai
Select one:
1,00 a. Dwell time
b. Systems time
c. Flight time
d. Dynamic time


Select one:
1,00
a. Callback forward systems
b. Sendback forward systems
c. Sendback system
d. Callback systems
Sai
Select one:
1,00 a. A definition of the particular settings that have been determined to provide optimum
security.
b. A listing of tools and applications that will be used to protect the system.
c. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
d. A definition of those items that must be excluded on the system.
Sai laptop which was left in a hotel room?

Select one:
1,00
a. Store all data on disks and lock them in an in-room safe
b. Encrypt the data on the hard drive
c. Remove the batteries and power supply from the laptop and store them separately from
the computer
d. Install a cable lock on the laptop when it is unattended

Câu hỏi 52 What is an indirect way to transmit information with no explicit reading of confidential information?
Sai
Select one:
1,00 a. Timing channels
b. Backdoor
c. Covert channels
d. Overt channels
Đúng identity?

Select one:
1,00
a. Palm scans
b. Retina scans
c. Iris scans
d. Skin scans
Câu hỏi 54 Which of the following focuses on the basic features and architecture of a system?
Đúng
Select one:
1,00 a. Covert channel assurance
b. Operational assurance
c. Life cycle assurance
Sai
Select one:
1,00 a. Establish information ownership.
b. Generate internal labels on diskettes. 
c. Limit the number of classifications.

Sai
Select one:
1,00 a. Physically infeasible
b. High cost to operate
c. Easy to counterfeit
d. High cost to develop
Sai objects based on the organizational security policy. The access controls may be based on:

Select one:
1,00
c. the group-dynamics as they relate to the master-slave role in the organization
Câu hỏi 58 What can best be described as an abstract machine which must mediate all access to subjects to objects?
Sai
Select one:
1,00 a. A security domain
b. The security perimeter
c. The reference monitor
d. The security kernel

Câu hỏi 59 Which of the following is a communication path that is not protected by the system’s normal security
Sai mechanisms?

Select one:
1,00
a. A trusted path
b. A covert channel
c. A maintenance hook
d. A protection domain
Sai
Select one:
1,00 a. It is less secure than DAC (Discretionary Access Control).
c. It is more secure than DAC.(Discretionary Access Control).

Bắt đầu vào lúc Tuesday, 15 March 2022, 7:07 PM
State Finished
Kết thúc lúc Tuesday, 15 March 2022, 7:30 PM
Điểm 35,00/60,00
Điểm 5,83 out of 10,00 (58%)
Đúng
Select one:
1,00 a. Reliability
b. Accuracy
c. Storage requirements
d. Perceived intrusiveness
Câu hỏi 2 What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
Sai depositing the funds into his own bank account?

Select one:
1,00
a. Trojan horses
b. Data diddling
c. Data fiddling
d. Salami techniques

Đúng
Select one:
b. Directory based access control. 
c. ID based access control.

Câu hỏi 4 What is the Maximum Tolerable Downtime (MTD)?
Đúng
Select one:
1,00 a. Maximum elapsed time required to complete recovery of application data
b. It is maximum delay businesses that can tolerate and still remain viable
c. Minimum elapsed time required to complete recovery of application data
d. Maximum elapsed time required to move back to primary site a major disruption
Đúng
Select one:
1,00 a. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
b. Modulated to carry an unintended information signal that can only be detected by
c. Used by a supervisor to monitor the productivity of a user without their knowledge.
d. Allows one process to signal information to another by modulating its own use of system
resources.
Đúng
Select one:
1,00 a. Data diddling
b. Denial of Service (DOS)
c. IP spoofing
d. Password sniffing

Đúng
Select one:
b. Its sensitivity to the company.
d. Its value.
Câu hỏi 8 Which of the following statements pertaining to ethical hacking is incorrect?
Đúng
Select one:
1,00 a. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in
the organizations IT system.
b. An organization should use ethical hackers who do not sell auditing, consulting,
hardware, software, firewall, hosting, and/or networking services
c. Ethical hacking should not involve writing to or modifying the target systems
d. Testing should be done remotely
Sai
Select one:
1,00 a. Encrypt error
b. Decrypt error
c. Human error
d. Token error

Câu hỏi 10 Which of the following is the MOST secure network access control procedure to adopt when using a callback
Đúng device?

Select one:
1,00
a. The user enters the telephone number, and the device verifies that the number exists in
its database before calling back.
b. The user enters a userid and PIN, and the device calls back the telephone number that
corresponds to the userID.
c. The user enters a userID, PIN, and telephone number, and the device calls back the
telephone number entered.
d. The user enters the telephone number, and the device responds with a challenge.

Select one:
1,00
a. They eliminate the need for most auditing functions.
b. They may be administrative, procedural, or technical.
c. They are generally inexpensive to implement.
d. They prevent users from accessing any control function.

Đúng
Select one:
1,00 a. The security subsystem
b. The reference monitor
c. The computer hardware
d. The operating system software

Đúng
Select one:
1,00 a. The size, curvature, and shape of the retina
b. The pattern of blood vessels at the back of the eye
c. The amount of light reaching the retina
Câu hỏi 14 The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the
Đúng concept of

Select one:
1,00
a. Security locking
b. Security kernel
c. Secure model
d. Secure state
Đúng
Select one:
1,00 a. Through storage to acquire information.
b. Through log files for trusted path information.
d. Through data for information content.

Đúng
Select one:
1,00 a. The equipment is susceptible to damage
b. The equipment must always be available for replacement if necessary
c. The equipment can be used to browse information passing on a network
d. The equipment can be used to reconfigure the network multiplexers
Đúng
Select one:
b. a method to correct the security flaws
c. verification of the levels of existing infiltration resistance
d. demonstration of the effects of the flaws
Đúng
Select one:
1,00 a. Encryption
b. Authentication
c. Integrity
d. Non-repudiation

Đúng
Select one:
1,00 a. Variable callback system
b. Fixed callback system
c. Smart card system
d. Combination of variable and fixed callback system
Đúng safeguard?

Select one:
1,00
a. Loss expectancy
b. Vulnerability
c. Threat
d. Probability

Đúng
Select one:
1,00 a. An omission when generating Pseudo-code
b. An apparent loophole deliberately implanted in an operating system
c. A mean for testing for bounds violations in application programming
d. A normally generated page fault causing the system halt

Đúng
Select one:
1,00 a. Voice recognition
b. Fingerprint scan
c. Hand geometry
d. Signature recognition
Câu hỏi 23 Which one of the following is a characteristic of a penetration testing project?
Sai
Select one:
1,00 a. The project is open-ended until all known vulnerabilities are identified.
b. The project tasks are to break into a targeted system.
c. The project plan is reviewed with the target audience.
d. The project schedule is plotted to produce a critical path.
Đúng
Select one:
1,00 a. ID based access control.
b. Lattice based access control.
d. Directory based access control.

Câu hỏi 25 Which of the following is true regarding a secure access model?
Đúng
Select one:
1,00 a. Secure information can flow to a less secure user.
b. Secure information cannot flow to a less secure user.
c. Secure information cannot flow to a more secure user.
Câu hỏi 26 What tool do you use to determine whether a host is vulnerable to known attacks?
Đúng
Select one:
b. Honey Pots
c. IDS
d. Vulnerability analysis
Đúng
Select one:
1,00 a. Integrity and control
c. Availability
d. Confidentiality

Đúng
Select one:
b. Host-based IDS systems
c. Network-based IDS systems
d. General purpose operating systems
Đúng
Select one:
1,00 a. Smart cards provide a two-factor authentication whereas memory cards don’t
b. Only smart cards can be used for ATM cards
c. Memory cards have no processing power
d. Memory cards normally hold more memory than smart cards

Sai
Select one:
c. User-directed access control
d. Rule-based access control

Bắt đầu vào lúc Friday, 18 March 2022, 11:39 PM
State Finished
Kết thúc lúc Friday, 18 March 2022, 11:47 PM
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Đúng
Select one:
b. Evaluation
c. Acceptance
d. Certification
Câu hỏi 2 What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
Đúng
Select one:
1,00 a. Zephyr Chart
b. Zapper Chart
c. Cipher Chart
d. Decipher Chart
Đúng
Select one:
b. Host-based IDS systems
c. Network-based IDS systems
d. General purpose operating systems


Select one:
1,00
a. Inadequate user participation in defining the system’s requirements
b. Inadequate quality assurance (QA) tools
c. Constantly changing user needs
d. Inadequate project management.

Đúng
Select one:
1,00 a. Accountability, confidentiality, and integrity
b. Confidentiality, integrity, and availability
d. Integrity, availability, and accountability
Đúng
Select one:
1,00 a. Strengthening the security policy.
b. Hardening the system.
c. Violating the security policy.
Đúng
Select one:
1,00 a. Audit Requirements
b. Background
c. Enforcement
d. Scope statement

Đúng
Select one:
1,00 a. Vulnerability analysis
b. IDS
c. Honey Pots
d. Padded Cells

Select one:
1,00
a. Remote Procedure Call Service
d. Authentication and Control Service
Đúng
Select one:
b. It makes cost-benefit analysis of recommended controls easier.
c. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.

Đúng
Select one:
1,00 a. Encrypt error
b. Token error
c. Human error
d. Decrypt error
1,00
Select one:
a. Excessive Privileges
b. Excessive Rights
d. Excessive Access
Đúng
Select one:
1,00 a. Scanning and recognition.
b. Detection and recognition.

Đúng
Select one:
1,00 a. Management’s perceptions regarding data importance
b. The cost to replace lost data.
c. Budget planning related to base versus incremental spending.
d. The value of information that is protected

Select one:
1,00
c. Single Sign-On (SSO) systems
d. Triple Sign-On (TSO) systems
Câu hỏi 16 The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity
Đúng level, or different need-to-know, is called data _____.

Select one:
1,00
a. Contamination
b. Aggregation
c. Commingling
d. Seepage

Câu hỏi 17 Which of the following implements the authorized access relationship between subjects and objects of a
Đúng system?

Select one:
1,00
a. Security model
b. Security kernel
c. Reference kernel
d. Information flow model
Đúng
Select one:
1,00 a. Are appropriate fire suppression and prevention devices installed and working?
b. Are entry codes changed periodically?
c. Is physical access to data transmission lines controlled?
d. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
Đúng
Select one:
1,00 a. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
b. A listing of tools and applications that will be used to protect the system.
c. A definition of the particular settings that have been determined to provide optimum
security.
d. A definition of those items that must be excluded on the system.


Select one:
1,00
a. They may be administrative, procedural, or technical.
b. They are generally inexpensive to implement.
c. They prevent users from accessing any control function.
d. They eliminate the need for most auditing functions.
Đúng management?

Select one:
1,00
a. Provide a forum for disclosing exposure and risk analysis.
b. Provide a clear understanding of potential risk and exposure.
c. Provide a vehicle for communicating security procedures.
d. Provide a forum to communicate user responsibilities.
Đúng safeguard?

Select one:
1,00
a. Loss expectancy
b. Probability
c. Vulnerability
d. Threat

Đúng
Select one:
1,00 a. a formal static transition model of computer security policy that describes a set of access
control rules.
c. a basis for assessing the effectiveness of security controls built into automatic data-
d. a means of restricting access to objects based on the identity of subjects and groups to
which they belong.
Đúng objects?

Select one:
1,00
a. Centralized access control
b. Mandatory access control
c. Discretionary access control
d. Non-discretionary access control
Đúng
Select one:
1,00 a. The Clark-Wilson model
b. The information flow model
c. The Bell-LaPadula model
d. The Biba model

Đúng
Select one:
1,00 a. Availability
b. Intergrity
c. Confidentiality
d. Authenticity
Đúng
Select one:
1,00 a. Object channels
b. Timing channels
c. Covert channels
d. Storage channels

Đúng
Select one:
1,00 a. An omission when generating Pseudo-code
b. A normally generated page fault causing the system halt
c. An apparent loophole deliberately implanted in an operating system

Câu hỏi 29 In the Information Flow Model, what relates two versions of the same object?
Đúng
Select one:
1,00 a. Flow
b. Transformation
c. State
d. Successive points

Select one:
1,00
c. the individual’s role in the organization
d. the group-dynamics as they relate to the master-slave role in the organization

Câu hỏi 31 Processor card contains which of the following components?
Đúng
Select one:
1,00 a. Cache and processor.
b. Memory and flash.
c. Memory and hard drive.
d. Memory and processor.

Đúng
Select one:
1,00 a. A sensitive transaction.
b. An inference check.
c. A check digit.
d. A boundary protection.
Đúng system?

Select one:
1,00
a. Reference kernel
b. Information flow model
c. Security kernel
d. Security model


Select one:
1,00
a. Public Key Infrastructure (PKI)
b. Single Sign-on (SSO)
c. Kerberos
d. Smart cards
Đúng
Select one:
1,00 a. Integrity, confidentiality, and availability
b. Authenticity, vulnerabilities, and costs
c. Threats, vulnerabilities, and risks
d. Security, information value, and threats

Đúng
Select one:
1,00 a. Social engineering, configuration review, and vulnerability assessment.
b. Computer Emergency Response Team (CERT) procedures.
c. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.

Đúng incorrect?

Select one:
1,00
a. TCSEC provides a means to evaluate the trustworthiness of an information system
b. Database management systems are not covered by the TCSEC
c. With TCSEC, functionality and assurance are evaluated separately.
Đúng addition to data copied from the original location?

Select one:
1,00
a. Access Change
b. Access Modify
c. Read / Write
d. Access Rewrite
Câu hỏi 39 A feature deliberately implemented in an operating system as a trap for intruders is called a:
Đúng
Select one:
1,00 a. Pseudo flaw
b. Logic bomb
c. Trojan horse
d. Trap door


Select one:
1,00
a. Fail soft
b. Fail safe
c. Fail resilient
d. Fail proof
Câu hỏi 41 What is the main purpose of undertaking a parallel run of a new system?
Đúng
Select one:
1,00 a. Provide a backup of the old system
b. Validate the operation of the new system against its predecessor
c. Resolve any errors in the program and file interfaces
d. Verify that the system provides required business functionality
Câu hỏi 42 Which of the following prevents, detects, and corrects errors so that the integrity, availability, and
Đúng confidentiality of transactions over networks may be maintained?

Select one:
1,00
a. Networks security management and techniques
b. Clients security management and techniques
c. Communications security management and techniques
d. Servers security management and techniques

Câu hỏi 43 Which of the following is not a part of risk analysis?
Đúng
Select one:
1,00 a. Quantify the impact of potential threats
b. Choose the best countermeasure
c. Provide an economic balance between the impact of the risk and the cost of the
associated countermeasures
d. Identify risks
Câu hỏi 44 Which one of the following is the PRIMARY objective of penetration testing?
Đúng
Select one:
1,00 a. Correction
b. Detection
c. Assessment
d. Protection
Đúng
Select one:
1,00 a. Lattice Based Access Controls
b. Discretionary Access Controls
c. Relevant Access Controls
d. Mandatory Access Controls

Đúng
Select one:
1,00 a. Password
b. Ticket Granting
c. Token
d. Biometric
Đúng management?

Select one:
1,00
a. Provide a clear understanding of potential risk and exposure.
b. Provide a forum to communicate user responsibilities.
c. Provide a forum for disclosing exposure and risk analysis.
d. Provide a vehicle for communicating security procedures.
Đúng
Select one:
1,00 a. All changes are requested, scheduled, and completed on time.
b. All changes are authorized, tested, and recorded.
c. Changes are controlled by the Policy Control Board (PCB).
d. Management is advised of changes made to systems.

Câu hỏi 49 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification
Đúng could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:

Select one:
1,00
a. what was the age of a person and his income level
b. what was the sex of a person and his age
c. what part of the body to be used and how to accomplish identification to be viable
d. what was the tone of the voice of a person and his habits

Sai
Select one:
1,00 a. A formal description of a sensibility label.
b. A formal description of access control ID specification.
c. A formal description of security policy.
Đúng
Select one:
1,00 a. disaster
b. disclosure
c. disposal
d. closure

Đúng
Select one:
1,00 a. Signature
b. Voice Pattern
c. Hand geometry
d. Keystroke pattern

Select one:
1,00
a. Inadequate quality assurance (QA) tools
b. Inadequate project management.
d. Inadequate user participation in defining the system’s requirements
Không trả lời which they belong?
Đạt điểm 1,00

Select one:
b. Discretionary access control
c. User access control
d. Group access control

Không trả lời keys?
Đạt điểm 1,00

Select one:
a. Dynamic time
b. Dwell time
c. Systems time
d. Flight time
Không trả lời sets of security requirements to meet there needs is
Đạt điểm 1,00

Select one:
a. a Security Target (ST).
b. a Security Functionality Component Catalog (SFCC).
c. a Protection Profile (PP).
d. an evaluation Assurance Level (EAL).
Không trả lời
Select one:
Đạt điểm 1,00
a. Parallel running
b. Multithreading
c. Multitasking
d. Multiprocessing

Câu hỏi 58 Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a
Không trả lời network entity to verify both
Đạt điểm 1,00

Select one:
a. The authenticity of a remote communicating entity and the path through which
b. The identity of a remote communicating entity and the authenticity of the source of the
data that are received.
c. The identity of a remote communicating entity and the level of security of the path
through which data are received.
d. The location of a remote communicating entity and the path through which
Câu hỏi 59 Which of the following describes elements that create reliability and stability in networks and systems and
Không trả lời which assures that connectivity is accessible when needed?
Đạt điểm 1,00

Select one:
a. Availability
b. Confidentiality
c. Integrity
d. Acceptability
Không trả lời installed?
Đạt điểm 1,00

Select one:
a. Configuration error
c. Exceptional condition handling error


State Finished
Điểm 52,00/60,00
Điểm 8,67 out of 10,00 (87%)

Đúng
Select one:
1,00 a. Maintain internal and external consistency
b. Prevent authorized users from making improper modifications
c. Prevent paths that could lead to inappropriate disclosure
d. Prevent unauthorized users from making modifications

Đúng
Select one:
1,00 a. Know what security awareness products are available.
b. Identify weakness in line management support.
c. Understand the corporate culture and how it will affect security.
d. Understand employees preferences for information security.

Đúng
Select one:
1,00 a. Statement of management intend, supporting the goals and principles of information
security
b. Definition of overall steps of information security and the importance of security
c. Description of specific technologies used in the field of information security
d. Definition of general and specific responsibilities for information security management
Đúng
Select one:
b. Finger scanning
c. Iris scanning
d. Facial recognition
Đúng
Select one:
1,00 a. Results
b. Objectivity
c. Tools used
d. Competence

Đúng
Select one:
1,00 a. Compartmented Security Mode
b. Multilevel Security Mode
c. System-High Security Mode
Câu hỏi 7 Which access control would a lattice-based access control be an example of?
Đúng
Select one:
1,00 a. Mandatory access control
d. Non-discretionary access control
Câu hỏi 8 What can be accomplished by storing on each subject a list of rights the subject has for every object?
Đúng
Select one:
1,00 a. Key ring
b. Capabilities
c. Rights
d. Object

Câu hỏi 9 Which of the following are the benefits of Keystroke dynamics?
Đúng
Select one:
b. Low cost
c. Unintrusive device
d. Transparent
Câu hỏi 10 What is the main responsibility of the information owner?

Đúng
Select one:
1,00 a. periodically checking the validity and accuracy for all data in the information system
b. making the determination to decide what level of classification the information requires
c. running regular backups

d. audit the users when they require access to the information
Đúng
Select one:
1,00 a. Throughput
b. Reliability
c. Acceptability
d. Accuracy

Đúng
Select one:
1,00 a. Crossover error rate
b. False accept rate
c. Speed and throughput rate
d. False reject rate
Câu hỏi 13 What is the act of willfully changing data, using fraudulent input or removal of controls called?
Đúng
Select one:
1,00 a. Data contaminating
b. Data capturing
c. Data trashing
d. Data diddling
Đúng
Select one:
b. Zapper Chart
c. Cipher Chart
d. Decipher Chart

Đúng certain objects, based on the organizational security policy?

Select one:
1,00
a. Non-discretionary Access Control
Đúng
Select one:
1,00 a. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
b. Is physical access to data transmission lines controlled?
c. Are entry codes changed periodically?
d. Are appropriate fire suppression and prevention devices installed and working?
Câu hỏi 17 Access control techniques do not include:

Đúng
Select one:
1,00 a. Rule-Based Access Controls
b. Role-Based Access Controls
c. Mandatory Access Controls
d. Random Number Based Access Control

Đúng
Select one:
1,00 a. System construction
b. Requirements definition
c. Implementation planning
d. Project identification
Đúng time?

Select one:
1,00
a. Iris pattern
c. Retina pattern
d. Voice pattern
Đúng
Select one:
1,00 a. SSO
b. IPSec
c. SSL
d. SEC

Đúng
Select one:
1,00 a. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
b. Large – in order to enable it to protect the potentially large number of resources in a
c. Small – in order to permit it to be implemented in all critical system components without
d. Large – in order to accommodate the implementation of future updates without incurring

Đúng
Select one:
1,00 a. what the users privilege owns
b. what the users cost is
c. what the users job is
d. what the users group is

Select one:
1,00
a. Token passing networks
b. Tickets
c. Tokens
d. Coupons

1,00
Select one:
a. Excessive Permissions
b. Excessive Rights
c. Excessive Privileges
d. Excessive Access
Câu hỏi 25 Which of the following are proprietarily implemented by CISCO?

Đúng
Select one:
1,00 a. RADIUS+
b. XTACACS and TACACS+
c. TACACS
d. RADIUS

Select one:
1,00
d. Integrity and control

Câu hỏi 27 Which one of the following are examples of security and controls that would be found in a “trusted”
Đúng application system?

Select one:
1,00
a. File integrity routines and audit trail
b. Correction routines and reliability
c. Data validation and reliability
d. Reconciliation routines and data labels
Đúng identity?

Select one:
1,00
a. Retina scans
b. Palm scans
c. Skin scans
d. Iris scans
Đúng
Select one:
b. A list of objects.


Select one:
1,00
a. Single Sign-On (SSO) systems
b. Triple Sign-On (TSO) systems
c. Dual Sign-On (DSO) systems
d. Double Sign-On (DSO) systems

Bắt đầu vào lúc Wednesday, 23 March 2022, 12:05 AM
State Finished
Kết thúc lúc Wednesday, 23 March 2022, 12:35 AM
Điểm 57,00/60,00
Điểm 9,50 out of 10,00 (95%)

Select one:
1,00
a. Integrity-preserving
b. Integrity-monitoring
c. Non-Interference
d. Reference Monitor
Đúng
Select one:
1,00 a. It makes cost-benefit analysis of recommended controls easier.
vulnerabilities.
c. It provides specific quantifiable measurements of the magnitude of the impacts.
Đúng
Select one:
b. statement of performance of characteristics and requirements.
c. statement of roles and responsibilities
d. definition of the issue and statement of relevant terms.

Đúng
Select one:
b. It bypasses the reference monitor functions.
c. A process can signal information to another process.
Đúng
Select one:
b. The subject’s sensitivity label is dominated by the object’s sensitivity label
c. The subject’s sensitivity label subordinates the object’s sensitivity label
Đúng objects?

Select one:
1,00
b. Centralized access control
c. Non-discretionary access control

Đúng
Select one:
1,00 a. Background
b. Enforcement
c. Scope statement
d. Audit Requirements
Đúng
Select one:
b. Principle of aggregate privilege.
c. Principle of effective privilege.
d. Principle of most privilege.
Đúng
Select one:
1,00 a. Card size
b. Battery lifespan
c. Token length

Đúng
Select one:
1,00 a. Retinal scans and reflective scans.
c. Retinal scans and iris scans.
d. Retinal scans and body scans.

Đúng
Select one:
1,00 a. Multiple servers
b. Server fault tolerance
c. Server clustering
d. Redundant servers
Đúng
Select one:
1,00 a. User
b. Server
c. Owner
d. Administrator

Đúng
Select one:
b. Multilevel Security Mode
d. System-high Security Mode

Select one:
1,00
a. Aggregation
b. Commingling
c. Seepage
d. Contamination
Đúng
Select one:
1,00 a. Transformation
b. Flow
c. Successive points
d. State

Đúng
Select one:
1,00 a. Encryption Security
c. Logical Security
d. On-line Security
Sai practice?

Select one:
1,00
a. Subversion
b. Shoulder surfing
c. Dumpster diving
d. Misrepresentation

Đúng
Select one:
1,00 a. Challenge
b. Password
c. PIN
d. UserID

Câu hỏi 19 What is a security requirement that is unique to Compartmented Mode Workstations (CMW)?
Đúng
Select one:
1,00 a. Reference Monitors
b. Object Labels
c. Information Labels
d. Sensitivity Labels
Câu hỏi 20 Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of
Sai occurrence and _____.

Select one:
1,00
a. Cost of all losses expected
b. Average of previous losses
c. Single loss expectancy
d. Previous year’s actual loss
Đúng
Select one:
1,00 a. People
b. Management
c. Awareness programs
d. Access Controls

Đúng
Select one:
1,00 a. Capabilities
b. Access control list and availability.
c. Access control lists and capabilities.
d. Access control lists.
Đúng outcome?

Select one:
1,00
a. Single Loss Expectancy
d. Annualized Loss Expectancy
Đúng
Select one:
1,00 a. A higher TCB rating will require that details of their testing procedures and
b. It includes hardware, firmware, and software
c. It addresses the level of security a system provides

Câu hỏi 25 In terms of the order of acceptance, which of the following technologies is the LEAST accepted?
Đúng
Select one:
1,00 a. Retina patterns
b. Fingerprint
c. Iris
d. Handprint

Đúng
Select one:
b. Flexibility
c. Reliability
d. Timesaving
Đúng
Select one:
1,00 a. More efficient log-on.
b. More costly to administer.
c. More key exchanging involved.
d. More costly to setup.

Đúng
Select one:
c. Notify all interested parties of the completion of the change.
d. Ensure the orderly processing of a change request.

Đúng
Select one:
1,00 a. Define the main security objectives which must be achieved and the security framework
b. Define the specific assets to be protected and identify the specific tasks which must be
c. Issue guidelines in selecting equipment, configuration, design, and secure operations.
d. Issue corporate standard to be used when addressing specific security problems.
1,00
Select one:
a. Prevented subsystem
b. File subsystem
c. Protected subsystem
d. Directory subsystem

Đúng
Select one:
b. Storage channels
c. Object channels
d. Timing channels

Đúng
Select one:
b. Shoulder surfing
c. Scavenging
d. Sniffing

Đúng
Select one:
1,00 a. It requires two measurements of hand geometry
b. It uses the RSA public-key signature based algorithm on integers with large prime
factors
c. It does not use single sign-on technology
d. It relies on two independent proofs of identity

Đúng
Select one:
1,00 a. Public embarrassment
b. Loss of competitive advantage or market share
c. Loss of public confidence and credibility
d. Loss of revenue
Đúng
Select one:
1,00 a. Acceptance
b. Certification
c. Evaluation
d. Accreditation
Sai upon individual objects?

Select one:
1,00
a. An access control matrix
b. A capability table
c. A capacity table
d. An access control list

Đúng
Select one:
1,00 a. DAC
b. ACL
d. MAC
Đúng occurs?

Select one:
1,00
a. Trusted recovery
b. Redundancy
c. Secure boot
d. Hot swappable
Đúng
Select one:
1,00 a. The Bell-LaPadula model
b. The Biba model
c. The information flow model
d. The Clark-Wilson model

Câu hỏi 40 Making sure that the data is accessible when and where it is needed is which of the following?
Đúng
Select one:
b. Acceptability
c. Confidentiality
d. Integrity
Đúng
Select one:
1,00 a. Information ownership
b. Change control
c. Data classification
d. System design
Đúng
Select one:
1,00 a. These factors include the enrollment time and the throughput rate, but not acceptability.
b. These factors do not include the enrollment time, the throughput rate, and acceptability.
c. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
d. These factors include the enrollment time, the throughput rate, and acceptability.

Đúng
Select one:
b. Something you know and something you have.
c. Something you know.
Câu hỏi 44 What is the FIRST step that should be considered in a penetration test?
Đúng
Select one:
1,00 a. The formulation of specific management objectives.
b. The approval of change control management.
c. The communication process among team members.
d. The development of a detailed test plan.
Đúng
Select one:
1,00 a. The value of information that is protected
b. The cost to replace lost data.
c. Budget planning related to base versus incremental spending.
d. Management’s perceptions regarding data importance

Đúng
Select one:
1,00 a. a basis for assessing the effectiveness of security controls built into automatic data-
c. a formal static transition model of computer security policy that describes a set of access
control rules.
which they belong.
Đúng
Select one:
1,00 a. Retinal scans
b. Body scans
c. Reflective scans
d. Iris scans
Đúng
Select one:
b. The use of token.
c. The use of information flow label.
d. The use of data flow diagram.

Đúng
Select one:
1,00 a. Responsibilities of individuals and groups for protected information
b. Statement of senior executive support
c. Definition of management expectations

Select one:
1,00
a. Remote Procedure Call Service
d. Authentication and Control Service
Câu hỏi 51 Which of the following is being considered as the most reliable kind of personal identification?
Đúng
Select one:
1,00 a. Token
b. Ticket Granting
c. Password
d. Finger print

Câu hỏi 52 Which security program exists if a user accessing low-level data is able to draw conclusions about high-level
Đúng information?

Select one:
1,00
a. Interference
b. Under-classification
c. Inference
d. Polyinstatiation

Đúng
Select one:
1,00 a. Intergrity
b. Confidentiality
c. Authenticity
d. Availability

Đúng
Select one:
1,00 a. Multi-level data classification.
b. Correct-state transformation.
c. Rules based meditation.
d. Polyinstantiation technique.

Đúng involves:

Select one:
1,00
b. Eigenfeatures of eigenfaces.
c. Scanning and recognition.
Đúng
Select one:
1,00 a. Hardening the system.
Đúng
Select one:
1,00 a. role-based policy
b. rule-based policy
c. identity-based policy
d. user-based policy

Đúng
Select one:
1,00 a. Availability, accountability, and confidentiality
b. Accountability, confidentiality, and integrity
c. Integrity, availability, and accountability

Đúng
Select one:
b. Programs and transactions
c. Objects and subjects
d. Capabilities and privileges
Câu hỏi 60 The default level of security established for access controls should be
Đúng
Select one:
1,00 a. Read access
b. No access
c. Update access
d. All access

3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
This repository has been archived by the owner. It is now read-only.
jgamblin / 44CONQuiz Public archive
Code Issues Pull requests Actions Projects Wiki Security
master
44CONQuiz / questions.json
jgamblin Files … History
1 contributor
1548 lines (1544 sloc) 54.3 KB
1 {
2 "games" : [
3 {
4 "questions" : [
5 {
6 "question" : "Defcon in 2016 will be what version?",
7 "content" : [
8 "0x18",
9 "Veintiuno",
10 "0b10010",
11 "XXVI"
12 ],
13 "correct" : 0
14 },
15 {
16 "question" : "The Maximum decimal value that can be represented in a b
17 "content" : [
18 "255",
19 "64",
20 "32",
21 "2"
22 ],
23 "correct" : 0
24 },
25 {
26 "question" : "What process is used by a Cisco switch to prevent or det
27 "content" : [
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 1/33
28 "IPSEC",
29 "ARP WATCH",
30 "VLANS",
31 "Dynamic ARP Inspection"
32 ],
33 "correct" : 3
34 },
35 {
36 "question" : "Which of the following protocols sends data in clear tex
37 "content" : [
38 "POP3",
39 "SNMP V3",
40 "SSH",
41 "WEP"
42 ],
43 "correct" : 0
44 },
45 {
46 "question" : "What is the decimal number for the hexadecimal value of
47 "content" : [
48 "08",
49 "12",
50 "16",
51 "69"
52 ],
53 "correct" : 1
54 },
55 {
56 "question" : "How does traceroute map the route that a packet travels
57 "content" : [
58 "It uses TCP Timestamp packet that will elicit a time exceeded in
59 "It uses a protocol that will be rejected at the gateways on its w
60 "It manipulates the values of TTL parameter packet to elicit a tim
61 "It manipulates flags within packets to force gateways into genera
62 ],
63 "correct" : 2
64 },
65 {
66 "question" : "In What Year Was NMAP Released?",
67 "content" : [
68 "1997",
69 "1994",
70 "2001",
71 "1991"
72 ],
73 "correct" : 0
74 },
75
76 {
77 "question" : "What was BackTrack Linux Renamed?",

78 "content" : [
79 "KALI",
80 "BUSYBOX",
81 "PWNBOX",
82 "NSA1"
83 ],
84 "correct" : 0
85 },
86 {
87 "question" : "Network Security is a?",
88 "content" : [
89 "Product",
90 "Protocol",
91 "Ever evolving Process",
92 "Quick-Fix Solution"
93 ],
94 "correct" : 2
95 },
96 {
97 "question" : "In reviewing the IS short-range (tactical) plan, an IS a
98 "content" : [
99 "There is an integration of IS and business staffs within projects
100 "There is a clear definition of the IS mission and vision.",
101 "A strategic information technology planning methodology is in pla
102 "The plan correlates business objectives to IS goals and objective
103 ],
104 "correct" : 1
105 },
106 {
107 "question" : "Which security model introduces access to objects only t
108 "content" : [
109 "The Biba model.",
110 "The BellLa-Padula model.",
111 "The Clark-Wilson model.",
112 "The information flow model."
113 ],
114 "correct" : 2
115 },
116 {
117 "question" : "In reviewing the IS short-range (tactical) plan, an IS a
118 "content" : [
119 "There is an integration of IS and business staffs within projects
120 "There is a clear definition of the IS mission and vision.",
121 "A strategic information technology planning methodology is in pla
122 "The plan correlates business objectives to IS goals and objective
123 ],
124 "correct" : 1
125 },
126 {
127 "question" : "Which of the following department managers would be best
128 "content" : [
129 "Information Systems",
130 "Human Resources",
131 "Business operations",
132 "Security administration "
133 ],
134 "correct" : 2
135 },
136 {
137 "question" : "Why must senior management endorse a security policy?",
138 "content" : [
139 "So that they will accept ownership for security within the organi
140 "So that employees will follow the policy directives.",
141 "So that external bodies will recognize the organizations commitme
142 "So that they can be held legally accountable."
143 ],
144 "correct" : 0
145 },
146 {
147 "question" : "Which of the following defines the intent of a system se
148 "content" : [
149 "A definition of the particular settings that have been determined
150 "A brief, high-level statement defining what is and is not permitt
151 "A definition of those items that must be excluded on the system."
152 "A listing of tools and applications that will be used to protect
153 ],
154 "correct" : 0
155 }
156 ]
157 },
158
159
160 {
161 "questions" : [
162 {
163 "question" : "Which one of the following is the MOST crucial link in t
164 "content" : [
165 "Access controls",
166 "People",
167 "Management",
168 "Hardware"
169 ],
170 "correct" : 1
171 },
172 {
173 "question" : "The extent to which data will be collected during an IS
174 "content" : [
175 "Availability of critical and required information.",

176 "Auditor's familiarity with the circumstances.",
177 "Auditee's ability to find relevant evidence.",
178 "Purpose and scope of the audit being done."
179 ],
180 "correct" : 3
181 },
182 {
183 "question" : "What type of password makes use of two totally unrelated
184 "content" : [
185 "Login phrase",
186 "One time password ",
187 "Composition",
188 "Login ID "
189 ],
190 "correct" : 2
191 },
192 {
193 "question" : "Which of the following is the GREATEST advantage of elli
194 "content" : [
195 "Computation speed.",
196 "Ability to support digital signatures.",
197 "Simpler key distribution.",
198 "Greater strength for a given key length."
199 ],
200 "correct" : 0
201 },
202 {
203 "question" : "Which of the following controls would provide the GREATE
204 "content" : [
205 "Audit log procedures.",
206 "Table link and reference checks.",
207 "Query and table access time checks.",
208 "Rollback and rollforward database features."
209 ],
210 "correct" : 1
211 },
212 {
213 "question" : "What are the three fundamental principles of security?",
214 "content" : [
215 "Accountability and confidentiality and integrity.",
216 "Confidentiality and integrity and availability.",
217 "Integrity and availability and accountability.",
218 "Steve Lord and Gin and Beer"
219 ],
220 "correct" : 1
221 },
222 {
223 "question" : "Which one of the following should NOT be contained withi
224 "content" : [
225 "Definition of management expectations.",
226 "Responsibilities of individuals and groups for protected informat
227 "Statement of senior executive support.",
228 "Definition of legal and regulatory controls. "
229 ],
230 "correct" : 1
231 },
232 {
233 "question" : "Which one of the following is NOT a fundamental componen
234 "content" : [
235 "What is to be done.",
236 "When it is to be done.",
237 "Who is to do it.",
238 "Why is it to be done."
239 ],
240 "correct" : 2
241 },
242 {
243 "question" : "Which statements describes management controls that are
244 "content" : [
245 "They prevent users from accessing any control function.",
246 "They eliminate the need for most auditing functions. ",
247 "They may be administrative, procedural, or technical.",
248 "They are generally inexpensive to implement."
249 ],
250 "correct" : 2
251 },
252 {
253 "question" : "A security policy would include all of the following EXC
254 "content" : [
255 "Background",
256 "Scope statement",
257 "Audit requirements",
258 "Enforcement"
259 ],
260 "correct" : 1
261 },
262 {
263 "question" : "Which one of the following is an important characteristi
264 "content" : [
265 "Identifies major functional areas of information. ",
266 "Quantifies the effect of the loss of the information.",
267 "Requires the identification of information owners. ",
268 "Lists applications that support the business function."
269 ],
270 "correct" : 0
271 },
272 {
273 "question" : "Which of the following would be the first step in establ
274 "content" : [
275 "Adoption of a corporate information security policy statement",
276 "Development and implementation of an information security standar
277 "Development of a security awareness-training program",
278 "Purchase of security access control software "
279 ],
280 "correct" : 0
281 },
282 {
283 "question" : "Which of the following is not a part of risk analysis? "
284 "content" : [
285 "Identify risks",
286 "Quantify the impact of potential threats",
287 "Provide an economic balance between the impact of the risk and th
288 "Choose the best countermeasure"
289 ],
290 "correct" : 3
291 },
292 {
293 "question" : "Which one of the following is not one of the outcomes of
294 "content" : [
295 "Quantitative loss assessment",
296 "Qualitative loss assessment",
297 "Formal approval of BCP scope and initiation document",
298 "Defining critical support areas."
299 ],
300 "correct" : 2
301 },
302 {
303 "question" : "Which of the following is not a compensating measure for
304 "content" : [
305 "Backups",
306 "Business Continuity Planning",
307 "Insurance",
308 "Security awareness."
309 ],
310 "correct" : 3
311 }
312 ]
313 },
314
315 {
316 "questions" : [
317 {
318 "question" : "What is the MAIN purpose of a change control/management
319 "content" : [
320 "Notify all interested parties of the completion of the change.",
321 "Ensure that the change meets user specifications.",
322 "Document the change for audit and management review.",

323 "Ensure the orderly processing of a change request."
324 ],
325 "correct" : 2
326 },
327 {
328 "question" : "When conducting a risk assessment, which one of the foll
329 "content" : [
330 "Shoulder surfing",
331 "Misrepresentation",
332 "Subversion",
333 "Dumpster diving"
334 ],
335 "correct" : 0
336 },
337 {
338 "question" : "Risk is commonly expressed as a function of the",
339 "content" : [
340 "Systems vulnerabilities and the cost to mitigate.",
341 "Types of countermeasures needed and the system's vulnerabilities.
342 "Likelihood that the harm will occur and its potential impact.",
343 "Computer system-related assets and their costs."
344 ],
345 "correct" : 2
346 },
347 {
348 "question" : "The absence or weakness in a system that may possibly be
349 "content" : [
350 "Threat",
351 "Exposure",
352 "Vulnerability",
353 "Risk"
354 ],
355 "correct" : 2
356 },
357 {
358 "question" : "What tool do you use to determine whether a host is vuln
359 "content" : [
360 "Padded Cells",
361 "Vulnerability analysis",
362 "Honey Pots",
363 "IDS"
364 ],
365 "correct" : 1
366 },
367 {
368 "question" : "Management can expect penetration tests to provide all o
369 "content" : [
370 "Identification of security flaws",
371 "Demonstration of the effects of the flaws",

372 "A method to correct the security flaws",
373 "Verification of the levels of existing infiltration resistance"
374 ],
375 "correct" : 2
376 },
377 {
378 "question" : "Which one of the following is the PRIMARY objective of p
379 "content" : [
380 "Assessment",
381 "Correction",
382 "Pancreas",
383 "Heart"
384 ],
385 "correct" : 0
386 },
387 {
388 "question" : "What is the main responsibility of the information owner
389 "content" : [
390 "Making the determination to decide what level of classification t
391 "Running regular backups ",
392 "Audit the users when they require access to the information.",
393 "Periodically checking the validity and accuracy for all data in t
394 ],
395 "correct" : 0
396 },
397 {
398 "question" : "Which of the following is not a valid reason to use exte
399 "content" : [
400 "They are more cost-effective.",
401 "They offer a lack of corporate bias",
402 "They use highly talented ex-hackers",
403 "They insure a more complete reporting "
404 ],
405 "correct" : 2
406 },
407 {
408 "question" : "How is Annualized Loss Expectancy (ALE) derived from a t
409 "content" : [
410 "ARO x (SLE - EF)",
411 "SLE x ARO",
412 "SLE/EF",
413 "Magic"
414 ],
415 "correct" : 1
416 },
417 {
418 "question" : "What is the window of time for recovery of information p
419 "content" : [
420 "Quality of the data to be processed",

421 "Nature of the disaster",
422 "Criticality of the operations affected",
423 "Applications that are mainframe based"
424 ],
425 "correct" : 2
426 },
427 {
428 "question" : "A common Limitation of information classification system
429 "content" : [
430 "Limit the number of classifications.",
431 "Generate internal labels on diskettes.",
432 "Declassify information when appropriate.",
433 "Establish information ownership."
434 ],
435 "correct" : 2
436 },
437 {
438 "question" : "The purpose of information classification is to?",
439 "content" : [
440 "Assign access controls.",
441 "Apply different protective measures.",
442 "Define the parameters required for security labels.",
443 "Ensure separation of duties."
444 ],
445 "correct" : 2
446 },
447 {
448 "question" : "What principle requires that a user be given no more pri
449 "content" : [
450 "Principle of aggregate privilege.",
451 "Principle of most privilege.",
452 "Principle of effective privilege.",
453 "Principle of least privilege."
454 ],
455 "correct" : 3
456 },
457 {
458 "question" : "The concept of least privilege currently exists within t
459 "content" : [
460 "ISO",
461 "TCSEC",
462 "OSI",
463 "IETF"
464 ],
465 "correct" : 1
466 }
467 ]
468 },
469 {
470 "questions" : [
471 {
472 "question" : "What is the FIRST step that should be considered in a pe
473 "content" : [
474 "The approval of change control management.",
475 "The development of a detailed test plan.",
476 "The formulation of specific management objectives.",
477 "The communication process among team members."
478 ],
479 "correct" : 2
480 },
481 {
482 "question" : "What is the Maximum Tolerable Downtime (MTD)",
483 "content" : [
484 "Maximum elapsed time required to complete recovery of application
485 "Maximum elapsed time required to complete recovery of application
486 "Maximum elapsed time required to move back to primary site a majo
487 "The maximum delay businesses that can tolerate and still remain v
488 ],
489 "correct" : 3
490 },
491 {
492 "question" : "A critical application is one that MUST",
493 "content" : [
494 "Remain operational for the organization to survive.",
495 "Be subject to continual program maintenance.",
496 "Undergo continual risk assessments.",
497 "Be constantly monitored by operations management. "
498 ],
499 "correct" : 0
500 },
501 {
502 "question" : "Which of the following measures would be the BEST deterr
503 "content" : [
504 "Store all data on disks and lock them in an in-room safe",
505 "Remove the batteries and power supply from the laptop and store t
506 "Install a cable lock on the laptop when it is unattended",
507 "Encrypt the data on the hard drive"
508 ],
509 "correct" : 3
510 },
511 {
512 "question" : "Which of the following computer crime is more often asso
513 "content" : [
514 "IP spoofing",
515 "Password sniffing",
516 "Data diddling",
517 "Denial of Service (DOS)"
518 ],
519 "correct" : 2
520 },
521 {
522 "question" : "Which of the following is not a form of a passive attack
523 "content" : [
524 "Scavenging",
525 "Data diddling",
526 "Shoulder surfing",
527 "Sniffing"
528 ],
529 "correct" : 1
530 },
531 {
532 "question" : "Which of the following ensures that security is not brea
533 "content" : [
534 "trusted recovery",
535 "hot swappable",
536 "redundancy",
537 "secure boot"
538 ],
539 "correct" : 0
540 },
541 {
542 "question" : "A 'Pseudo flaw' is which of the following?",
543 "content" : [
544 "An apparent loophole deliberately implanted in an operating syste
545 "An omission when generating Pseudo-code",
546 "Used for testing for bounds violations in application programming
547 "A Normally generated page fault causing the system halt"
548 ],
549 "correct" : 0
550 },
551 {
552 "question" : "What is the PRIMARY component of a Trusted Computer Base
553 "content" : [
554 "The computer hardware",
555 "The security subsystem",
556 "The operating system software",
557 "The reference monitor"
558 ],
559 "correct" : 3
560 },
561 {
562 "question" : "LOMAC uses what Access Control method to protect the int
563 "content" : [
564 "Linux based EFS.",
565 "Low Water-Mark Mandatory Access Control.",
566 "Linux based NFS.",
567 "High Water-Mark Mandatory Access Control."

568 ],
569 "correct" : 1
570 },
571 {
572 "question" : "What is the main concern of the Bell-LaPadula security m
573 "content" : [
574 "Accountability",
575 "Integrity",
576 "Confidentiality",
577 "Availability "
578 ],
579 "correct" : 2
580 },
581 {
582 "question" : "The Lattice Based Access Control model was developed MAI
583 "content" : [
584 "Affinity",
585 "None of the choices.",
586 "Confidentiality",
587 "Integrity"
588 ],
589 "correct" : 3
590 },
591 {
592 "question" : "Access control techniques do not include which of the fo
593 "content" : [
594 "Relevant Access Controls",
595 "Discretionary Access Controls",
596 "Mandatory Access Controls",
597 "Lattice Based Access Controls"
598 ],
599 "correct" : 3
600 },
601 {
602 "question" : "The default level of security established for access con
603 "content" : [
604 "All access",
605 "Update access",
606 "Read access",
607 "No access"
608 ],
609 "correct" : 3
610 },
611 {
612 "question" : "What is called a type of access control where a central
613 "content" : [
614 "Mandatory Access Control",
615 "Discretionary Access Control",
616 "Non-discretionary Access Control",

617 "Rule-based access control "
618 ],
619 "correct" : 2
620 }
621 ]
622 },
623 {
624 "questions" : [
625 {
626 "question" : "What control is based on a specific profile for each use
627 "content" : [
628 "Lattice based access control.",
629 "Directory based access control.",
630 "Rule based access control.",
631 "ID based access control."
632 ],
633 "correct" : 2
634 },
635 {
636 "question" : "What is the method of coordinating access to resources b
637 "content" : [
638 "MAC",
639 "ACL",
640 "DAC",
641 "WAC"
642 ],
643 "correct" : 1
644 },
645 {
646 "question" : "A firewall can be classified as a:",
647 "content" : [
648 "Directory based access control.",
649 "Rule based access control.",
650 "Lattice based access control.",
651 "ID based access control. "
652 ],
653 "correct" : 1
654 },
655 {
656 "question" : "Which of the following are the two most well known acces
657 "content" : [
658 "Lattice and Biba",
659 "Bell LaPadula and Biba",
660 "Bell LaPadula and Chinese war",
661 "Bell LaPadula and Info Flow"
662 ],
663 "correct" : 1
664 },
665 {
666 "question" : "What security model implies a central authority that det
667 "content" : [
668 "Centralized access control",
669 "Discretionary access control",
670 "Mandatory access control",
671 "Non-discretionary access control"
672 ],
673 "correct" : 3
674 },
675 {
676 "question" : "Which of the following is a straightforward approach tha
677 "content" : [
678 "Access Matrix model",
679 "Take-Grant Model",
680 "Bell-LaPadula Model",
681 "Biba Model "
682 ],
683 "correct" : 0
684 },
685 {
686 "question" : "Which of the following was the first mathematical model
687 "content" : [
688 "Biba",
689 "Take-Grant",
690 "Bell-La Padula",
691 "Clark Wilson"
692 ],
693 "correct" : 2
694 },
695 {
696 "question" : "Which security model allows the data custodian to grant
697 "content" : [
698 "Mandatory",
699 "Bell-LaPadula",
700 "Discretionary",
701 "Clark-Wilson"
702 ],
703 "correct" : 2
704 },
705 {
706 "question" : "The access matrix model has which of the following commo
707 "content" : [
708 "Access control lists and capabilities.",
709 "Access control lists.",
710 "Capabilities.",
711 "Access control list and availability."
712 ],
713 "correct" : 0
714 },
715 {
716 "question" : "Enforcing minimum privileges for general system users ca
717 "content" : [
718 "Shark",
719 "RBAC",
720 "TBAC",
721 "ITSEC"
722 ],
723 "correct" : 1
724 },
725 {
726 "question" : "The unauthorized mixing of data of one sensitivity level
727 "content" : [
728 "Contamination",
729 "Seepage",
730 "Aggregation",
731 "Commingling"
732 ],
733 "correct" : 0
734 },
735 {
736 "question" : "Covert channel is a communication channel that can be us
737 "content" : [
738 "Hardening the system.",
739 "Violating the security policy.",
740 "Protecting the DMZ.",
741 "Strengthening the security policy."
742 ],
743 "correct" : 1
744 },
745 {
746 "question" : "What is an indirect way to transmit information with no
747 "content" : [
748 "Covert channels",
749 "Backdoor",
750 "Timing channels",
751 "Overt channels "
752 ],
753 "correct" : 0
754 },
755 {
756 "question" : "What security risk does a covert channel create?",
757 "content" : [
758 "A process can signal information to another process. ",
759 "It bypasses the reference monitor functions.",
760 "A user can send data to another user.",
761 "Data can be disclosed by inference."
762 ],
763 "correct" : 1
764 },
765 {
766 "question" : "FIPS-140 is a standard for the security of:",
767 "content" : [
768 "Cryptographic service providers",
769 "Smartcards",
770 "Hardware and software cryptographic modules",
771 "Hardware security modules"
772 ],
773 "correct" : 2
774 }
775 ]
776 },
777 {
778 "questions" : [
779 {
780 "question" : "What is Kerberos?",
781 "content" : [
782 "A three-headed dog from Egyptian Mythology",
783 "A trusted third-party authentication protocol",
784 "A security model",
785 "A remote authentication dial in user server"
786 ],
787 "correct" : 1
788 },
789 {
790 "question" : "Which of the following is true about Kerberos?",
791 "content" : [
792 "It utilized public key cryptography",
793 "It encrypts data after a ticket is granted, but passwords are exc
794 "It depends upon symmetric ciphers",
795 "It is a second party authentication system"
796 ],
797 "correct" : 2
798 },
799 {
800 "question" : "Kerberos depends upon what encryption method?",
801 "content" : [
802 "Public Key cryptography",
803 "Private Key cryptography",
804 "El Gamal cryptography",
805 "Blowfish cryptography"
806 ],
807 "correct" : 1
808 },
809 {
810 "question" : "The primary service provided by Kerberos is which of the
811 "content" : [
812 "non-repudiation",
813 "confidentiality",
814 "authentication",
815 "authorization"
816 ],
817 "correct" : 2
818 },
819 {
820 "question" : "Which of the following is true about Kerberos?",
821 "content" : [
822 "It utilizes public key cryptography",
823 "It encrypts data after a ticket is granted, but passwords are exc
824 "It depends upon symmetric ciphers",
825 "It is a second party authentication system"
826 ],
827 "correct" : 2
828 },
829 {
830 "question" : "One of the differences between Kerberos and KryptoKnight
831 "content" : [
832 "A mapped relationship among the parties takes place",
833 "There is a peer-to-peer relationship among the parties with thems
834 "There is no peer-to-peer relationship among the parties and the K
835 "A peer-to-peer relationship among the parties and the KDC"
836 ],
837 "correct" : 3
838 },
839 {
840 "question" : "A confidential number to verify a user's identity is cal
841 "content" : [
842 "PIN",
843 "UserID",
844 "Password",
845 "Pinword"
846 ],
847 "correct" : 0
848 },
849 {
850 "question" : "Tokens, as a way to identify users are subject to what t
851 "content" : [
852 "Token error",
853 "Decrypt error",
854 "Human error ",
855 "Encrypt error"
856 ],
857 "correct" : 2
858 },
859 {
860 "question" : "Memory only cards work based on:",
861 "content" : [
862 "Something you have.",
863 "Something you know.",
864 "Something you know and something you have.",
865 "None of the choices."
866 ],
867 "correct" : 2
868 },
869 {
870 "question" : "The word smart card has meanings of:",
871 "content" : [
872 "Personal identity token containing IC-s.",
873 "Processor IC card",
874 "IC card with ISO 7816 interface.",
875 "All of the choices."
876 ],
877 "correct" : 3
878 },
879 {
880 "question" : "Which of the following offers advantages such as the abi
881 "content" : [
882 "Smart cards",
883 "Single Sign-on (SSO) ",
884 "Kerberos",
885 "Public Key Infrastructure (PKI) "
886 ],
887 "correct" : 0
888 },
889 {
890 "question" : "What is a protocol used for carrying authentication, aut
891 "content" : [
892 "IPSec",
893 "RADIUS",
894 "L2TP",
895 "PPTP"
896 ],
897 "correct" : 1
898 },
899 {
900 "question" : "Which of the following are proprietarily implemented by
901 "content" : [
902 "Radius+",
903 "TACACS",
904 "TACACS+ and XTACACS+",
905 "OKTA"
906 ],
907 "correct" : 2
908 },
909 {
910 "question" : "Which of the following media is MOST resistant to tappin

911 "content" : [
912 "Twisted pair ",
913 "WiFi",
914 "Coax",
915 "Fiber Optic"
916 ],
917 "correct" : 3
918 },
919 {
920 "question" : "RADIUS is defined by which RFC?",
921 "content" : [
922 "2168",
923 "2148",
924 "2138",
925 "2178"
926 ],
927 "correct" : 2
928 }
929 ]
930 },
931 {
932 "questions" : [
933 {
934 "question" : "How many digits of the DNIC (Data Network Identification
935 "content" : [
936 "3",
937 "8",
938 "5",
939 "0"
940 ],
941 "correct" : 0
942 },
943 {
944 "question" : "The MD5 is a message digest algorithm developed by:",
945 "content" : [
946 "Ron Rivest",
947 "WhiteField Diffie.",
948 "Martin Hellman",
949 "Diffie-Hellman"
950 ],
951 "correct" : 0
952 },
953 {
954 "question" : "The original message digest algorithm is called as _____
955 "content" : [
956 "MAC",
957 "SHA",
958 "MD",
959 "MDA"
960 ],
961 "correct" : 2
962 },
963 {
964 "question" : "MD5 is quite fast and produces ________ message digests.
965 "content" : [
966 "512 bits",
967 "1024 bits",
968 "128 bits",
969 "64 bits"
970 ],
971 "correct" : 2
972 },
973 {
974 "question" : "The first step of MD5 is __________",
975 "content" : [
976 "add padding bits to original message",
977 "adding append length bits",
978 "divide the input into 512 bit blocks",
979 "compression"
980 ],
981 "correct" : 0
982 },
983 {
984 "question" : "In MD5, the process block divides the 512 bits into ____
985 "content" : [
986 "16",
987 "24",
988 "32",
989 "64"
990 ],
991 "correct" : 0
992 },
993 {
994 "question" : "What helps in ensuring non-fraudulent transactions on th
995 "content" : [
996 "Certificate authority",
997 "Digital authority",
998 "Dual authority",
999 "Digital signature"
1000 ],
1001 "correct" : 0
1002 },
1003 {
1004 "question" : "TLS is placed in between the ________ layers.",
1005 "content" : [
1006 "transport & datalink",
1007 "application & presentation",
1008 "application & transport",

1009 "application & session"
1010 ],
1011 "correct" : 2
1012 },
1013 {
1014 "question" : "TLS is used to encrypt the ___________.",
1015 "content" : [
1016 "L2 data",
1017 "L4 data",
1018 "L69 data",
1019 "L5 data"
1020 ],
1021 "correct" : 3
1022 },
1023 {
1024 "question" : "TLS provides only ___________.",
1025 "content" : [
1026 "authentication",
1027 "confidentiality",
1028 "integrity",
1029 "durability"
1030 ],
1031 "correct" : 0
1032 },
1033 {
1034 "question" : "___________are very crucial for success of RSA algorithm
1035 "content" : [
1036 "Integers",
1037 "Prime numbers",
1038 "Negative number",
1039 "Fractions"
1040 ],
1041 "correct" : 1
1042 },
1043 {
1044 "question" : "In the basic TCP/IP protocol suite, the number of layers
1045 "content" : [
1046 "5",
1047 "6",
1048 "3",
1049 "4"
1050 ],
1051 "correct" : 3
1052 },
1053 {
1054 "question" : "Physical layer transmits the data in TCP/IP as _________
1055 "content" : [
1056 "Packets",
1057 "Pulse Codes",

1058 "Data",
1059 "Bits"
1060 ],
1061 "correct" : 1
1062 },
1063 {
1064 "question" : "S/MIME stands for ____________.",
1065 "content" : [
1066 "Standard multipurpose internet mail extensions.",
1067 "Secure multipurpose internet mail extensions",
1068 "Secure multipurpose international mail extensions",
1069 "Standard multipurpose international mail extensions"
1070 ],
1071 "correct" : 1
1072 },
1073 {
1074 "question" : "_________ uniquely identifies the MIME entities uniquely
1075 "content" : [
1076 "Content description",
1077 "Content-id",
1078 "Content type",
1079 "Content transfer encoding"
1080 ],
1081 "correct" : 1
1082 }
1083 ]
1084 },
1085 {
1086 "questions" : [
1087 {
1088 "question" : "The processed S/MIME along with security related data is
1089 "content" : [
1090 "public key cryptography standard",
1091 "private key cryptography standard",
1092 "S/MIME",
1093 "MIME"
1094 ],
1095 "correct" : 0
1096 },
1097 {
1098 "question" : "In S/MIME MLA stands for __________.",
1099 "content" : [
1100 "mailing list agent.",
1101 "multipurpose list agent",
1102 "mail lock agent",
1103 "message link agent"
1104 ],
1105 "correct" : 0
1106 },
1107 {
1108 "question" : "The cryptography algorithms used in S/MIME are _________
1109 "content" : [
1110 "IDEA",
1111 "RC4",
1112 "RSA,DES-3",
1113 "RC5"
1114 ],
1115 "correct" : 2
1116 },
1117 {
1118 "question" : "_________ is a block cipher.",
1119 "content" : [
1120 "DES",
1121 "IDEA",
1122 "AES",
1123 "RSA"
1124 ],
1125 "correct" : 0
1126 },
1127 {
1128 "question" : "DES encrypts data in block size of __________ bits each.
1129 "content" : [
1130 "128",
1131 "64",
1132 "256",
1133 "512"
1134 ],
1135 "correct" : 1
1136 },
1137 {
1138 "question" : "Merkle and Hellman introduced the concept of ________",
1139 "content" : [
1140 "meet in middle attack",
1141 "guy in the middle attack",
1142 "hijack",
1143 "DDOS"
1144 ],
1145 "correct" : 0
1146 },
1147 {
1148 "question" : "Data Encryption Standard also called as __________.",
1149 "content" : [
1150 "Data Encryption Algorithm",
1151 "Double DES",
1152 "AES",
1153 "RSA"
1154 ],
1155 "correct" : 0
1156 },
1157 {
1158 "question" : "What type of wiretapping involves injecting something in
1159 "content" : [
1160 "Passive",
1161 "Active",
1162 "Captive",
1163 "Aggressive"
1164 ],
1165 "correct" : 1
1166 },
1167 {
1168 "question" : "What attack involves actions to mimic one's identity?",
1169 "content" : [
1170 "Social engineering",
1171 "Brute force",
1172 "Spoofing",
1173 "Exhaustive"
1174 ],
1175 "correct" : 2
1176 },
1177 {
1178 "question" : "__________ is generally used in ECB,CBC, or CFB mode.",
1179 "content" : [
1180 "RSA",
1181 "AES",
1182 "Tuna",
1183 "DES"
1184 ],
1185 "correct" : 3
1186 },
1187 {
1188 "question" : "DES consists of __________ rounds to perform the substit
1189 "content" : [
1190 "32",
1191 "4",
1192 "16",
1193 "8"
1194 ],
1195 "correct" : 2
1196 },
1197 {
1198 "question" : "_________is the first step in DES.",
1199 "content" : [
1200 "Key transformation",
1201 "Expansion permutation clerical cap",
1202 "S-box substitution",
1203 "R-box substitution"
1204 ],
1205 "correct" : 0
1206 },
1207 {
1208 "question" : "___________ substitution is a process that accepts 48 bi
1209 "content" : [
1210 "S-box",
1211 "P-box",
1212 "K-box",
1213 "G-box"
1214 ],
1215 "correct" : 0
1216 },
1217 {
1218 "question" : "__________ refers more to asymmetric key cryptography.",
1219 "content" : [
1220 "Timing attack.",
1221 "Meet in middle attack",
1222 "Virus attack",
1223 "Worm attack"
1224 ],
1225 "correct" : 0
1226 },
1227 {
1228 "question" : "Eli Biham & Adi Shamir introduced ___________",
1229 "content" : [
1230 "DES",
1231 "RSA",
1232 "differential & linear cryptoanalysis",
1233 "Double DES"
1234 ],
1235 "correct" : 2
1236 }
1237 ]
1238 },
1239 {
1241 {
1242 "question" : "In what children's game are participants chased by someo
1243 "content" : [
1244 "Tag",
1245 "Simon Says",
1246 "Charades",
1247 "Hopscotch"
1248 ],
1249 "correct" : 0
1250 },
1251 {
1252 "question" : "On a radio, stations are changed by using what control?"
1253 "content" : [
1254 "Tuning",
1255 "Volume",
1256 "Bass",
1257 "Treble"
1258 ],
1259 "correct" : 0
1260 },
1261 {
1262 "question" : "A college graduate who receives a B.S. degree holds what
1263 "content" : [
1264 "Bachelor of science",
1265 "Business scholar",
1266 "Baccalaureate staff",
1267 "Brainy student"
1268 ],
1269 "correct" : 0
1270 },
1271 {
1272 "question" : "Which of the following telephone area codes is not a tol
1273 "content" : [
1274 "800",
1275 "828",
1276 "877",
1277 "888"
1278 ],
1279 "correct" : 1
1280 },
1281 {
1282 "question" : "What part of the human body does glaucoma directly affec
1283 "content" : [
1284 "Ear",
1285 "Nose",
1286 "Throat",
1287 "Eye"
1288 ],
1289 "correct" : 3
1290 },
1291 {
1292 "question" : "What is the name of Tom Cruise's character in the \"Miss
1293 "content" : [
1294 "Frank Mackey",
1295 "Mitch McDeere",
1296 "Joel Goodson",
1297 "Ethan Hunt"
1298 ],
1299 "correct" : 3
1300 },
1301 {
1302 "question" : "Which of these materials is used to make vests bulletpro

1303 "content" : [
1304 "Kevlar",
1305 "Lycra",
1306 "Gore-tex",
1307 "Polystyrene"
1308 ],
1309 "correct" : 0
1310 },
1311 {
1312 "question" : "What animal's name means \"river horse\" in Greek?",
1313 "content" : [
1314 "Platypus",
1315 "Hippopotamus",
1316 "Rhinoceros",
1317 "Manatee"
1318 ],
1319 "correct" : 1
1320 },
1321 {
1322 "question" : "To take advantage of the earth's rotation, NASA launches
1323 "content" : [
1324 "North",
1325 "East",
1326 "South",
1327 "West"
1328 ],
1329 "correct" : 1
1330 },
1331 {
1332 "question" : "College football's Independence Bowl is played in what c
1333 "content" : [
1334 "Philadelphia",
1335 "Memphis",
1336 "Shreveport",
1337 "Tucson"
1338 ],
1339 "correct" : 2
1340 },
1341 {
1342 "question" : "Which of these best describes music that is played \"pia
1343 "content" : [
1344 "Very soft",
1345 "Very fast",
1346 "Moderately loud",
1347 "Loud"
1348 ],
1349 "correct" : 0
1350 },
1351 {
1352 "question" : "In Greek mythology, what is the relationship between Oed
1353 "content" : [
1354 "Husband and wife",
1355 "Mentor and student",
1356 "Father and daughter",
1357 "Mother and son"
1358 ],
1359 "correct" : 2
1360 },
1361 {
1362 "question" : "The rococo style of art originated in what country?",
1363 "content" : [
1364 "France",
1365 "Italy",
1366 "Austria",
1367 "Spain"
1368 ],
1369 "correct" : 0
1370 },
1371 {
1372 "question" : "In Norse mythology, Mjolnir was the name of what?",
1373 "content" : [
1374 "Thor's hammer",
1375 "Odin's horse",
1376 "Sigmund's sword",
1377 "Loki's magic necklace"
1378 ],
1379 "correct" : 0
1380 },
1381 {
1382 "question" : "On July 12, 2000, Russia launched a rocket into space be
1383 "content" : [
1384 "Intel",
1385 "Reebok",
1386 "Budweiser",
1387 "Pizza Hut"
1388 ],
1389 "correct" : 3
1390 }
1391 ]
1392 },
1393 {
1395 {
1396 "question" : "What kind of animal traditionally lives in a sty?",
1397 "content" : [
1398 "Cow",
1399 "Pig",
1400 "Fox",
1401 "Teenager"
1402 ],
1403 "correct" : 1
1404 },
1405 {
1406 "question" : "What name is legally used to indicate a woman whose name
1407 "content" : [
1408 "Joan Doe",
1409 "Jane Doe",
1410 "Jean Doe",
1411 "Lotta Doe"
1412 ],
1413 "correct" : 1
1414 },
1415 {
1416 "question" : "The EPA urges people to produce less waste by engaging i
1417 "content" : [
1418 "Recycle",
1419 "Rewrap",
1420 "Repossess",
1421 "Retire"
1422 ],
1423 "correct" : 0
1424 },
1425 {
1426 "question" : "For 10 years, Cape Canaveral was renamed for which Ameri
1427 "content" : [
1428 "Dwight D. Eisenhower",
1429 "John F. Kennedy",
1430 "Richard M. Nixon",
1431 "Lyndon B. Johnson"
1432 ],
1433 "correct" : 1
1434 },
1435 {
1436 "question" : "People who advocate war are commonly referred to as what
1437 "content" : [
1438 "Doves",
1439 "Hawks",
1440 "Rams",
1441 "Gorillas"
1442 ],
1443 "correct" : 1
1444 },
1445 {
1446 "question" : "In nautical terms, a fathom is equivalent to how many fe
1447 "content" : [
1448 "4",
1449 "6",
1450 "10",
1451 "20"
1452 ],
1453 "correct" : 1
1454 },
1455 {
1456 "question" : "Which of the following comedians was never a regular cas
1457 "content" : [
1458 "Steve Martin",
1459 "Julia Louis-Dreyfus",
1460 "Martin Short",
1461 "Jim Belushi"
1462 ],
1463 "correct" : 0
1464 },
1465 {
1466 "question" : "What part of a goose or duck is fattened to produce \"fo
1467 "content" : [
1468 "Kidney",
1469 "Liver",
1470 "Stomach",
1471 "Tongue"
1472 ],
1473 "correct" : 1
1474 },
1475 {
1476 "question" : "What components of blood are responsible for blood clott
1477 "content" : [
1478 "White blood cells",
1479 "Red blood cells",
1480 "Platelets",
1481 "Lymphocytes"
1482 ],
1483 "correct" : 2
1484 },
1485 {
1486 "question" : "In Ernest Hemingway's novella \"The Old Man and the Sea,
1487 "content" : [
1488 "Shark",
1489 "Marlin",
1490 "Tuna",
1491 "Whale"
1492 ],
1493 "correct" : 1
1494 },
1495 {
1496 "question" : "CREEP was an organization to aid the re-election of what
1497 "content" : [
1498 "Richard Nixon",

1499 "Ronald Reagan",
1500 "George Bush",
1501 "Bill Clinton"
1502 ],
1503 "correct" : 0
1504 },
1505 {
1506 "question" : "What is a biretta?",
1507 "content" : [
1508 "Firearm",
1509 "Clerical cap",
1510 "Tropical bird",
1511 "Lumberjack's tool"
1512 ],
1513 "correct" : 1
1514 },
1515 {
1516 "question" : "The highest mountain in South America is located in what
1517 "content" : [
1518 "Brazil",
1519 "Peru",
1520 "Ecuador",
1521 "Argentina"
1522 ],
1523 "correct" : 3
1524 },
1525 {
1526 "question" : "The shortest distance between two points lying on a curv
1527 "content" : [
1528 "Stochastic",
1529 "Isometric",
1530 "Discrete",
1531 "Geodesic"
1532 ],
1533 "correct" : 3
1534 },
1535 {
1536 "question" : "In 1893, what country was the first to grant women the r
1537 "content" : [
1538 "Canada",
1539 "Sweden",
1540 "New Zealand",
1541 "Denmark"
1542 ],
1543 "correct" : 2
1544 }
1545 ]
1546 }
1547 ]
1548 }
Đúng
Select one:
b. Scavenging
c. Shoulder surfing
d. Sniffing

Select one:
1,00
a. Inadequate project management.
b. Inadequate quality assurance (QA) tools
Đúng
Select one:
1,00 a. Body scans
b. Iris scans
c. Retinal scans
d. Reflective scans


Select one:
1,00
a. Directory Service
b. Authentication and Control Service
d. Remote Procedure Call Service

Select one:
1,00
a. Acceptable use policy
b. Program manual
c. Security policy
d. Enforcement guidelines

Đúng
Select one:
1,00 a. A normally generated page fault causing the system halt
b. An omission when generating Pseudo-code
c. An apparent loophole deliberately implanted in an operating system

Đúng keys?

Select one:
1,00
a. Dynamic time
b. Flight time
c. Dwell time
d. Systems time
Đúng
Select one:
1,00 a. Results
b. Tools used
c. Objectivity
d. Competence
Đúng
Select one:
1,00 a. Lists applications that support the business function.
b. Quantifies the effect of the loss of the information.
c. Identifies major functional areas of information.
d. Requires the identification of information owners.

Đúng
Select one:
1,00 a. Scanning and recognition.
b. Detection and recognition.
Đúng
Select one:
1,00 a. Keystroke pattern
b. Signature
c. Voice pattern
d. Hand geometry

Select one:
1,00
a. Correction routines and reliability
b. Data validation and reliability
c. Reconciliation routines and data labels
d. File integrity routines and audit trail

Đúng safeguard?

Select one:
1,00
a. Vulnerability
b. Threat
c. Loss expectancy
d. Probability
Đúng
Select one:
1,00 a. Password
b. Finger print
c. Token
d. Ticket Granting
Đúng
Select one:
1,00 a. Scavenger technique
b. Salami technique
c. Leakage technique
d. Synchronous attack technique

Đúng
Select one:
1,00 a. a system analysis and penetration technique where specifications and document for the
b. a means of restricting access to objects based on the identity of subjects and groups to
which they belong.
d. a formal static transition model of computer security policy that describes a set of access
control rules.
1,00
Select one:
a. Excessive Access
b. Excessive Rights
c. Excessive Privileges
d. Excessive Permissions
Đúng
Select one:
1,00 a. Perceived intrusiveness
b. Accuracy
c. Reliability
d. Storage requirements

Đúng
Select one:
1,00 a. Access control lists.
b. Capabilities
c. Access control list and availability.
d. Access control lists and capabilities.
Đúng
Select one:
Đúng
Select one:
1,00 a. Non-repudiation
b. Authentication
c. Integrity
d. Encryption

Đúng
Select one:
1,00 a. Logical Security
b. On-line Security
c. Encryption Security
d. Procedural Security
Đúng
Select one:
1,00 a. It is less secure than DAC (Discretionary Access Control).
Đúng
Select one:
1,00 a. The development of a detailed test plan.
b. The formulation of specific management objectives.
c. The approval of change control management.
d. The communication process among team members.

Đúng
Select one:
1,00 a. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in
b. Ethical hacking should not involve writing to or modifying the target systems
c. Testing should be done remotely
d. An organization should use ethical hackers who do not sell auditing, consulting,

Select one:
1,00
a. Communications security management and techniques
b. Servers security management and techniques
c. Networks security management and techniques
d. Clients security management and techniques

Select one:
1,00
a. It is available to anyone in the organization whose work relates to the subject and
b. It is classified only by the information security officer and restricted to those who have
d. It is limited to named individuals and creates an audit trail.

Đúng identity?

Select one:
1,00
a. Retina scans
b. Iris scans
c. Palm scans
d. Skin scans
Đúng fingerprints for matching?

Select one:
1,00
a. Ridge matching
b. Minutia matching
c. Flow direct
Đúng
Select one:
b. Evaluation
c. Certification
d. Acceptance

Bắt đầu vào lúc Thursday, 24 March 2022, 12:04 PM
State Finished
Kết thúc lúc Thursday, 24 March 2022, 12:14 PM
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)

Đúng
Select one:
1,00 a. what the users job is
b. what the users privilege owns
c. what the users group is
d. what the users cost is

Đúng
Select one:
1,00 a. Maximum elapsed time required to complete recovery of application data
b. Minimum elapsed time required to complete recovery of application data
c. Maximum elapsed time required to move back to primary site a major disruption
d. It is maximum delay businesses that can tolerate and still remain viable
Đúng
Select one:
1,00 a. The security perimeter
b. A security domain


Câu hỏi 4 If your property insurance has Actual Cost Evaluation (ACV) clause your damaged property will be
Đúng compensated:

Select one:
1,00
a. Based on the value of the item on the date of loss
b. Based on value of item on the date of loss plus 10 percent
c. Based on new item for old regardless of condition of lost item
d. Based on value of item one month before loss
Đúng
Select one:
b. Its sensitivity to the company.
c. Its value.
Đúng mechanisms?

Select one:
1,00
a. A covert channel
b. A maintenance hook
c. A trusted path

Đúng
Select one:
1,00 a. Small – in order to permit it to be implemented in all critical system components without
b. Large – in order to accommodate the implementation of future updates without incurring
c. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
d. Large – in order to enable it to protect the potentially large number of resources in a
Đúng
Select one:
1,00 a. Data content and backup
b. Integrity and security of data
c. Classification of data elements
d. Authentication of user access

Đúng
Select one:
1,00 a. Reliability

c. Flexibility
d. Timesaving

Đúng
Select one:
b. User-directed access control
c. Lattice-based access control
Câu hỏi 11 In a very large environment, which of the following is an administrative burden?
Đúng
Select one:
1,00 a. Lattice based access control
b. ID bases access control
c. Directory based access control.
Đúng
Select one:
b. Integrity
c. Confidentiality
d. Acceptability

Đúng
Select one:
1,00 a. Information ownership
b. Data classification
c. Change control
d. System design
Đúng
Select one:
1,00 a. Reflective scans and iris scans.
b. Retinal scans and body scans.
c. Retinal scans and reflective scans.
d. Retinal scans and iris scans.

Đúng
Select one:
b. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.

Đúng
Select one:
1,00 a. A check digit.
b. A sensitive transaction.
c. A boundary protection.
d. An inference check.

Select one:
1,00
b. Package
c. Security target (ST)

Đúng
Select one:
1,00 a. A formal description of access control ID specification.
c. A formal description of a sensibility label.

Đúng
Select one:
1,00 a. Easy to counterfeit
b. High cost to develop
c. Physically infeasible
d. High cost to operate
Đúng
Select one:
1,00 a. More key exchanging involved.
b. More efficient log-on.
d. More costly to administer.
Đúng
Select one:
vulnerabilities.
c. It makes cost-benefit analysis of recommended controls easier.

Đúng
Select one:
b. System-high Security Mode 
c. Multilevel Security Mode


Đúng
Select one:
1,00 a. Threats, vulnerabilities, and risks
b. Authenticity, vulnerabilities, and costs
c. Integrity, confidentiality, and availability
d. Security, information value, and threats

Đúng
Select one:
1,00 a. TACACS
b. RADIUS+
c. RADIUS
d. XTACACS and TACACS+
Đúng
Select one:
b. Decipher Chart
c. Zapper Chart
d. Cipher Chart

Đúng
Select one:
b. Objects and subjects
c. Capabilities and privileges
d. Programs and transactions

Đúng
Select one:
1,00 a. Apply different protective measures.
b. Define the parameters required for security labels.
c. Assign access controls.
d. Ensure separation of duties.

Đúng
Select one:
1,00 a. Speed and throughput rate
b. False accept rate
c. False reject rate
d. Crossover error rate

Câu hỏi 29 The security planning process must define how security will be managed, who will be responsible,
Đúng
Select one:
1,00 a. Who will work in the security department.
b. Who practices are reasonable and prudent for the enterprise.
c. What impact security will have on the intrinsic value of data.
d. How security measures will be tested for effectiveness.
Đúng time?

Select one:
1,00
a. Voice pattern
c. Iris pattern
d. Retina pattern

Bắt đầu vào lúc Friday, 25 February 2022, 10:10 PM
State Finished
Kết thúc lúc Friday, 25 February 2022, 10:18 PM
Điểm 20,00/20,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 You are given an Network: 10.0.0.0/8. What is the IP Range of this Network? 10.0.0.0 - ___________.
Đúng
Select one:
1,00 a. 10.255.255.254
b. 10.255.255.255
c. 10.0.255.254
d. 10.0.0.255
e. 10.0.0.254
f. 10.255.0.0
g. 10.0.255.0
h. 10.0.255.255
Câu hỏi 2 When there is an excessive amount of data flow, which the system cannot handle, _____ attack takes place.
Đúng
Select one:
1,00 a. Data overflow Attack
b. DoS (Denial of Service) attack
c. Buffer Overflow attack
d. Database crash attack

Câu hỏi 3 The full form of Malware is ________.
Đúng
Select one:
1,00 a. Malfunctioned Software
b. Marvelous Software
c. Malfunctioning of Security
d. Malicious Software
e. Multipurpose Software
Câu hỏi 4 Convert this IP Address to Decimal Notation: 11001011.10001000.10111100.00011100

Đúng
Select one:
1,00 a. 203.136.188.28
b. 222.168.141.133
c. 226.159.226.215
d. 135.109.38.62
e. 51.213.182.31
f. 122.242.117.99
g. 146.156.244.135
h. 87.162.10.234
Câu hỏi 5 _________ are the special type of programs used for recording and tracking user’s keystroke.
Đúng
Select one:
1,00 a. Virus
b. Bugs
c. Trojans
d. Worms
e. Keylogger

Câu hỏi 6 How many host addresses can be assigned to this network: 222.168.141.133/27
Đúng
Select one:
1,00 a. 64
b. 30
c. 126
d. 62
e. 14
f. 32
g. 128
h. 16
Câu hỏi 7 Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s
Đúng credentials is called ___________

Select one:
1,00
a. Cookie stuffing
b. Session Fixation
c. Session Hijacking
d. Session Spying

Câu hỏi 8 What is the First IP Address of this network: 167.192.154.34/16 ?
Đúng
Select one:
1,00 a. 167.0.0.1
b. 167.192.154.34
c. 167.192.0.1
d. 167.192.0.254
e. 167.0.0.0
f. 167.192.154.30
g. 167.192.0.0
h. 167.192.0.255
i. 167.192.154.1
j. 167.192.154.0
k. 167.192.255.254
Câu hỏi 9 Who deploy Malwares to a system or network?

Đúng
Select one:
1,00 a. Criminal organizations, gray hat hackers, Malware developers, Penetration testers
b. Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c. Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
d. Criminal organizations, Black hat hackers, software developers, cyber-terrorists
Câu hỏi 10 Stuxnet is a _________

Đúng
Select one:
1,00 a. Virus
b. Operating System
c. Worm
d. Trojan

e. Antivirus

Câu hỏi 11 In IPv4 Classful Addressing, what class does 172.15.193.227 belong to?
Đúng
Select one:
1,00 a. B
b. E
c. C
d. A
e. D
Câu hỏi 12 This attack can be deployed by infusing a malicious code in a website’s comment section. What is “this”
Đúng attack referred to here?

Select one:
1,00
a. Cross Site Request Forgery (XSRF)
b. HTML Injection
c. Cross Site Scripting
d. SQL injection
Câu hỏi 13 Are these 2 IP addresses in the same network? 12.1.3.5/8 & 12.55.66.254/8
Đúng
Select one:
1,00 a. No
b. Yes
Câu hỏi 14 Are these 2 IP addresses in the same network? 192.168.1.54/25 & 192.168.1.129/25
Đúng
Select one:
1,00 a. No
b. Yes 

Câu hỏi 15 Convert this IP Address to Binary Notation: 172.152.98.194
Đúng
Select one:
1,00 a. 10101100.10011100.00000010.11000010
b. 10001110.10011100.00100010.11001010
c. 10001110.11011100.10100010.11001011
d. 10101100.10011000.01100010.11000010
e. 11101110.11011100.10110010.11101011
Câu hỏi 16 ___________ is a violent act done using the Internet, which either threatens any technology user or leads to loss
Đúng of life or otherwise harms anyone in order to accomplish political gain.

Select one:
1,00
a. Cyber-terrorism
b. Cyber campaign
c. Cyber attack
d. Cyber-warfare
Câu hỏi 17 An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
Đúng
Select one:
1,00 a. Cyber Attack
b. Cyber-crime
c. System hijacking
d. Digital crime

Câu hỏi 18 What is the Last IP Address of this network: 200.215.33.66/27
Đúng
Select one:
1,00 a. 200.215.33.90
b. 200.215.33.100
c. 200.215.255.255
d. 200.215.33.255
e. 200.215.33.105
f. 200.215.34.0
g. 200.215.33.107
h. 200.215.33.95
Câu hỏi 19 How many IP Addresses are there in this network: 12.23.34.45/9?
Đúng
Select one:
1,00 a. 262144
b. 2097152
c. 8388608
d. 1048576
e. 4194304
f. 16777216
g. 524288
h. 33554432
Câu hỏi 20 XSS is abbreviated as __________

Đúng
Select one:
1,00 a. Cross Site Scripting
b. X Site Scripting
c. Extreme Secure Scripting

d. Cross Site Security

State Finished
Điểm 58,00/60,00
Điểm 9,67 out of 10,00 (97%)

Đúng
Select one:
1,00 a. UserID
b. PIN
c. Challenge
d. Password

Đúng
Select one:
c. A formal description of a sensibility label.
d. A formal description of access control ID specification.
Đúng
Select one:
1,00 a. Multiprocessing
b. Parallel running

c. Multithreading
d. Multitasking

Đúng compensated:

Select one:
1,00
a. Based on new item for old regardless of condition of lost item
b. Based on value of item on the date of loss plus 10 percent
c. Based on the value of the item on the date of loss
d. Based on value of item one month before loss
Đúng
Select one:
1,00 a. Password
b. Biometric
c. Ticket Granting
d. Token
Câu hỏi 6 What is the Last IP Address of this network: 200.215.33.66/27

Đúng
Select one:
1,00 a. 200.215.255.255
b. 200.215.33.105
c. 200.215.33.107
d. 200.215.33.90
e. 200.215.33.255
f. 200.215.34.0
g. 200.215.33.100
h. 200.215.33.95


Đúng
Select one:
1,00 a. Retinal scans and iris scans.
c. Retinal scans and body scans.
d. Retinal scans and reflective scans.
Đúng
Select one:
b. a method to correct the security flaws
c. demonstration of the effects of the flaws
d. verification of the levels of existing infiltration resistance
Câu hỏi 9 You want to apply an access list of 198 to an interface to filter traffic into the interface. Which command will
Đúng achieve this?

Select one:
1,00
a. Router(config)#ip access-list 198 in fast 0/1
b. Router(config-if)#ip access-group 198 in
c. Router(config-if)#ip access-list 198 in
d. Router(config-if)#ip access-class 198 in


Select one:
1,00
a. Senior Management
b. System auditors
c. IS security specialists
d. Seniors security analysts
Đúng
Select one:
1,00 a. Definition of legal and regulatory controls
b. Definition of management expectations
c. Responsibilities of individuals and groups for protected information
d. Statement of senior executive support
Đúng
Select one:
1,00 a. rule-based policy
b. role-based policy
c. identity-based policy
d. user-based policy

Đúng
Select one:
1,00 a. The users’ password would be to hard to remember
b. User access rights would be increased
c. Maximum unauthorized access would be possible if a password is disclosed

Đúng
Select one:
1,00 a. 203.136.188.28
b. 146.156.244.135
c. 122.242.117.99
d. 51.213.182.31
e. 87.162.10.234
f. 226.159.226.215
g. 135.109.38.62
h. 222.168.141.133
Đúng
Select one:
1,00 a. Strengthening the security policy.
c. Hardening the system.

Câu hỏi 16 Which identification number is valid for an standard ACL?
Đúng
Select one:
1,00 a. 299
b. 150
c. 99
d. 2000
Đúng
Select one:
1,00 a. The reference monitor
b. The security perimeter
c. A security domain
Đúng identity?

Select one:
1,00
a. Iris scans
b. Retina scans
c. Palm scans
d. Skin scans

Đúng
Select one:
b. Logical and image-edge detection.
c. Electrical and image-edge detection.
d. Mechanical and image-ridge detection.
Đúng
Select one:
1,00 a. Authorization
b. Authentication
c. Accounting
d. Identification

Đúng
Select one:
1,00 a. Choose the best countermeasure
b. Provide an economic balance between the impact of the risk and the cost of the
c. Quantify the impact of potential threats
d. Identify risks

Đúng
Select one:
b. Flow
c. State
d. Transformation
Đúng
Select one:
c. Integrity and control
d. Confidentiality
Đúng
Select one:
1,00 a. disclosure
b. closure
c. disposal
d. disaster

Đúng
Select one:
1,00 a. Is physical access to data transmission lines controlled?
b. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
d. Are appropriate fire suppression and prevention devices installed and working?
Đúng occurs?

Select one:
1,00
a. Hot swappable
b. Redundancy
c. Secure boot
d. Trusted recovery
Đúng
Select one:
1,00 a. Accuracy
c. Reliability
d. Storage requirements


Select one:
1,00
a. Callback forward systems
b. Callback systems
c. Sendback system
d. Sendback forward systems

Đúng
Select one:
1,00 a. Large – in order to accommodate the implementation of future updates without incurring
b. Small – in order to permit it to be implemented in all critical system components without
c. Large – in order to enable it to protect the potentially large number of resources in a
d. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
Câu hỏi 30 In IPv4 Classful Addressing, what class does 172.15.193.227 belong to?
Đúng
Select one:
1,00 a. D
b. C
c. B
d. E
e. A


Đúng
Select one:
b. State
c. Transformation
d. Flow
Đúng
Select one:
1,00 a. Handprint
b. Fingerprint
c. Iris
d. Retina patterns

Đúng
Select one:
1,00 a. Maintain internal and external consistency
b. Prevent paths that could lead to inappropriate disclosure
c. Prevent unauthorized users from making modifications
d. Prevent authorized users from making improper modifications

Đúng
Select one:
1,00 a. Define the specific assets to be protected and identify the specific tasks which must be
c. Issue corporate standard to be used when addressing specific security problems.
d. Define the main security objectives which must be achieved and the security framework
Đúng laptop which was left in a hotel room?

Select one:
1,00
a. Store all data on disks and lock them in an in-room safe
b. Remove the batteries and power supply from the laptop and store them separately from
the computer
c. Install a cable lock on the laptop when it is unattended
d. Encrypt the data on the hard drive
Đúng
Select one:
1,00 a. Server
b. Administrator
c. Owner
d. User

Đúng
Select one:
1,00 a. Redundant servers
b. Multiple servers
c. Server clustering
d. Server fault tolerance
Câu hỏi 38 Which command will allow you to verify matching statistics for an access control list?
Sai
Select one:
1,00 a. Router#show ip interface fast 0/1
b. Router#show ip access-list 2
c. Router#show access-list
d. Router#debug ip access-list 2
Đúng
Select one:
1,00 a. Requirements definition
b. System construction
c. Project identification
d. Implementation planning

Đúng
Select one:
1,00 a. The equipment must always be available for replacement if necessary
b. The equipment is susceptible to damage
c. The equipment can be used to reconfigure the network multiplexers
d. The equipment can be used to browse information passing on a network

Đúng
Select one:
1,00 a. 10101100.10011000.01100010.11000010
b. 10001110.10011100.00100010.11001010
c. 10101100.10011100.00000010.11000010
d. 11101110.11011100.10110010.11101011
e. 10001110.11011100.10100010.11001011
Đúng keys?

Select one:
1,00
a. Flight time
b. Systems time
c. Dwell time
d. Dynamic time

Đúng
Select one:
1,00 a. Tools used
b. Objectivity
c. Competence
d. Results
Đúng incorrect?

Select one:
1,00
a. Database management systems are not covered by the TCSEC
b. TCSEC provides a means to evaluate the trustworthiness of an information system
c. With TCSEC, functionality and assurance are evaluated separately.
Câu hỏi 45 Which command can be used to apply the named access control list called named_list to the interface in an
Đúng inbound direction?

Select one:
1,00
a. Router(config-if)#ip access-group named_list in
b. Router(config-if)#ip access-class named_list in
c. Router(config-if)#ip access-list named_list in
d. Router(config)#ip access-list named_list in fast 0/1


Select one:
1,00
a. Package
b. Protection profile (PP)
c. The Target of Evaluation (TOE)
d. Security target (ST)

Select one:
1,00
a. Aggregation
b. Commingling
c. Contamination
d. Seepage
Câu hỏi 48 Which command will allow notes to be added to an access control list?
Đúng
Select one:
1,00 a. Router(config-nacl)#remark This is a note about the ACL
b. Router(config-nacl)#note This is a note about the ACL
c. Router(config-nacl)#banner ^This is a note about the ACL^
d. Router(config-nacl)#info This is a note about the ACL

Đúng
Select one:
1,00 a. Unintrusive device
b. Low cost
d. Transparent
Đúng
Select one:
b. Honey Pots
c. IDS
d. Vulnerability analysis
Sai certain objects, based on the organizational security policy?

Select one:
1,00
a. Rule-based access control
d. Non-discretionary Access Control

Đúng
Select one:
1,00 a. a system analysis and penetration technique where specifications and document for the
b. a formal static transition model of computer security policy that describes a set of access
control rules.
which they belong.

Đúng
Select one:
1,00 a. Rule based access control.
b. Directory based access control.
c. ID based access control.

Đúng
Select one:
1,00 a. TACACS
b. XTACACS and TACACS+
c. RADIUS
d. RADIUS+

Đúng
Select one:
1,00 a. Budget planning related to base versus incremental spending.
b. The value of information that is protected
c. Management’s perceptions regarding data importance
d. The cost to replace lost data.
Câu hỏi 56 Which statement about ACLs is true?

Đúng
Select one:
1,00 a. ACLs go bottom-up through the entries looking for a match
b. ACLs will check the packet against all entries looking for a match.
c. An ACL has a an implicit permit at the end of ACL.
d. An ACL have must at least one permit action, else it just blocks all traffic.
Đúng
Select one:
1,00 a. Definition of general and specific responsibilities for information security management
b. Description of specific technologies used in the field of information security
c. Definition of overall steps of information security and the importance of security
d. Statement of management intend, supporting the goals and principles of information
security


Select one:
1,00
a. IPSec
b. L2TP
c. PPTP
d. RADIUS
Đúng
Select one:
1,00 a. Smart cards provide a two-factor authentication whereas memory cards don’t
b. Memory cards have no processing power
c. Memory cards normally hold more memory than smart cards
d. Only smart cards can be used for ATM cards
Đúng
Select one:
1,00 a. A user list to find a name.
b. Through storage to acquire information.
c. Through log files for trusted path information.

State Finished
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Câu hỏi 1 Which identification number is valid for an standard ACL?

Đúng
Select one:
1,00 a. 299
b. 99
c. 2000
d. 150

Đúng
Select one:
b. User-directed access control
c. Lattice-based access control
Đúng
Select one:
1,00 a. Synchronous attack technique
b. Scavenger technique

c. Salami technique
d. Leakage technique

Đúng
Select one:
1,00 a. Violating the security policy.
b. Hardening the system.
Đúng
Select one:
1,00 a. Development and implementation of an information security standards manual
b. Development of a security awareness-training program
c. Purchase of security access control software
d. Adoption of a corporate information security policy statement
Đúng
Select one:
1,00 a. Multithreading
b. Multiprocessing
c. Parallel running
d. Multitasking
Đúng system?

Select one:
1,00
a. Security model
b. Security kernel 
c. Reference kernel
d. Information flow model

Đúng
Select one:
1,00 a. Ballista
b. SATAN
d. ISS
Đúng
Select one:
1,00 a. Procedural Security
b. On-line Security
c. Logical Security
d. Encryption Security
Đúng
Select one:
1,00 a. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
d. Is physical access to data transmission lines controlled?

1,00
Select one:
a. Directory subsystem
b. File subsystem
c. Protected subsystem
d. Prevented subsystem
Đúng
Select one:
1,00 a. The pattern of blood vessels at the back of the eye
b. The amount of light reflected by the retina
c. The size, curvature, and shape of the retina
d. The amount of light reaching the retina

Đúng
Select one:
b. It uses the RSA public-key signature based algorithm on integers with large prime
factors
c. It relies on two independent proofs of identity
d. It does not use single sign-on technology


Select one:
1,00
a. Acceptable use policy
b. Enforcement guidelines
c. Program manual
d. Security policy

Đúng
Select one:
1,00 a. Crossover error rate
b. Speed and throughput rate
c. False reject rate
d. False accept rate
Đúng
Select one:
1,00 a. System performance and execution are enhanced.
b. The operating system cannot be easily penetrated by users.
c. Changes to the kernel are not required as frequently.


Select one:
1,00
a. Networks security management and techniques
b. Clients security management and techniques
c. Servers security management and techniques
d. Communications security management and techniques
Câu hỏi 18 Which identification number is valid for an extended ACL?

Đúng
Select one:
1,00 a. 99
b. 64
c. 100
d. 299
e. 1099
f. 1
Câu hỏi 19 Which type of ACL should be placed closest to the destination of traffic?
Đúng
Select one:
1,00 a. Standard
b. Dynamic
c. Extended
d. Expanded

Đúng
Select one:
b. It bypasses the reference monitor functions.
c. A process can signal information to another process.
Đúng objects?

Select one:
1,00
b. Non-discretionary access control
d. Centralized access control
Đúng
Select one:
b. Public embarrassment
c. Loss of public confidence and credibility
d. Loss of revenue

Đúng
Select one:
1,00 a. Programs and transactions
b. Administrators and managers
c. Capabilities and privileges
d. Objects and subjects
Đúng
Select one:
1,00 a. Limit the number of classifications.
b. Establish information ownership.
c. Generate internal labels on diskettes.
Đúng
Select one:
1,00 a. Acceptance
b. Evaluation
c. Certification
d. Accreditation

Đúng involves:

Select one:
1,00
b. Detection and scanning.
c. Eigenfeatures of eigenfaces.
d. Scanning and recognition.
Đúng
Select one:
d. Electrical and image-edge detection.
Đúng
Select one:
1,00 a. Object Labels
b. Information Labels
c. Reference Monitors
d. Sensitivity Labels

Đúng
Select one:
1,00 a. 11101110.11011100.10110010.11101011
b. 10001110.10011100.00100010.11001010
c. 10101100.10011000.01100010.11000010
d. 10101100.10011100.00000010.11000010
e. 10001110.11011100.10100010.11001011
Đúng
Select one:
1,00 a. Throughput
b. Accuracy
c. Reliability
d. Acceptability
Đúng outcome?

Select one:
1,00
a. Annualized Rate of Occurrence
b. Information Risk Management
c. Annualized Loss Expectancy
d. Single Loss Expectancy

Đúng
Select one:
1,00 a. Rules based meditation.
b. Correct-state transformation.
c. Polyinstantiation technique.
d. Multi-level data classification.
Đúng mechanisms?

Select one:
1,00
a. A maintenance hook
b. A covert channel
c. A trusted path
Câu hỏi 34 Which command will allow you to verify matching statistics for an access control list?
Đúng
Select one:
1,00 a. Router#show ip interface fast 0/1
b. Router#debug ip access-list 2
c. Router#show ip access-list 2
d. Router#show access-list

Đúng
Select one:
1,00 a. A sensitive transaction.
b. An inference check.
c. A check digit.
d. A boundary protection.
Đúng incorrect?

Select one:
1,00
a. Database management systems are not covered by the TCSEC
b. With TCSEC, functionality and assurance are evaluated separately.
c. TCSEC provides a means to evaluate the trustworthiness of an information system

Select one:
1,00
a. an evaluation Assurance Level (EAL).
c. a Security Functionality Component Catalog (SFCC).
d. a Security Target (ST).

Đúng
Select one:
1,00 a. Flight time
b. Dynamic time
c. Systems time
d. Dwell time
Đúng
Select one:
1,00 a. Retinal scans and body scans.
b. Retinal scans and reflective scans.
c. Reflective scans and iris scans.
d. Retinal scans and iris scans.
1,00
Select one:
a. Excessive Rights
d. Excessive Access

Câu hỏi 41 What is the First IP Address of this network: 167.192.154.34/16 ?
Đúng
Select one:
1,00 a. 167.192.0.1
b. 167.0.0.0
c. 167.0.0.1
d. 167.192.255.254
e. 167.192.0.254
f. 167.192.154.34
g. 167.192.154.30
h. 167.192.0.0
i. 167.192.154.1
j. 167.192.0.255
k. 167.192.154.0
Đúng
Select one:
b. A function that returns an objects type.
d. A list of objects.
Câu hỏi 43 You want to apply an access list of 198 to an interface to filter traffic into the interface. Which command will
Đúng achieve this?

Select one:
1,00
a. Router(config-if)#ip access-group 198 in
b. Router(config-if)#ip access-list 198 in
c. Router(config-if)#ip access-class 198 in
d. Router(config)#ip access-list 198 in fast 0/1 

Đúng
Select one:
1,00 a. Accountability, confidentiality, and integrity
b. Integrity, availability, and accountability

Select one:
1,00
b. Tokens
c. Tickets
d. Coupons

Select one:
1,00
a. Data validation and reliability
b. File integrity routines and audit trail
d. Correction routines and reliability

Đúng
Select one:
b. The use of token.
c. The use of data flow diagram.
d. The use of information flow label.
Câu hỏi 48 How many host addresses can be assigned to this network: 222.168.141.133/27
Đúng
Select one:
1,00 a. 126
b. 32
c. 14
d. 62
e. 16
f. 128
g. 64
h. 30
Đúng
Select one:
1,00 a. statement of roles and responsibilities
b. statement of applicability and compliance requirements.
c. definition of the issue and statement of relevant terms.
d. statement of performance of characteristics and requirements.

Đúng
Select one:
1,00 a. Mandatory Access Controls
b. Relevant Access Controls
c. Lattice Based Access Controls
d. Discretionary Access Controls
Đúng
Select one:
1,00 a. Unintrusive device
b. Low cost
c. Transparent
Câu hỏi 52 Which of the following describes the major disadvantage of many SSO implementations?
Đúng
Select one:
1,00 a. Once a user obtains access to the system through the initial log-on, they only need to
logon to some applications.
b. The initial logon process is cumbersome to discourage potential intruders
c. Once a user obtains access to the system through the initial log-on they can freely roam
the network resources without any restrictions
d. Once a user obtains access to the system through the initial log-on, he has to logout
from all other systems

Đúng
Select one:
1,00 a. Lattice based access control
c. ID bases access control
Đúng
Select one:
c. Principle of aggregate privilege.
d. Principle of effective privilege.
Câu hỏi 55 Which command can be used to apply the named access control list called named_list to the interface in an
Đúng inbound direction?

Select one:
1,00
a. Router(config)#ip access-list named_list in fast 0/1
b. Router(config-if)#ip access-class named_list in
c. Router(config-if)#ip access-list named_list in
d. Router(config-if)#ip access-group named_list in


Select one:
1,00
a. Single Sign-on (SSO)
b. Kerberos
c. Public Key Infrastructure (PKI)
d. Smart cards

Select one:
1,00
a. Rule-based Access Control
c. Non-Discretionary Access Control
d. Mandatory Access Control
Đúng addition to data copied from the original location?

Select one:
1,00
a. Read / Write
b. Access Modify
c. Access Rewrite
d. Access Change

Đúng
Select one:
1,00 a. 222.168.141.133
b. 135.109.38.62
c. 226.159.226.215
d. 87.162.10.234
e. 122.242.117.99
f. 51.213.182.31
g. 203.136.188.28
h. 146.156.244.135

Đúng
Select one:
1,00 a. ID based access control.

Bắt đầu vào lúc Thursday, 14 April 2022, 9:57 PM
State Finished
Kết thúc lúc Thursday, 14 April 2022, 10:27 PM
Điểm 49,00/60,00
Điểm 8,17 out of 10,00 (82%)
Đúng
Select one:
1,00 a. Lists applications that support the business function.
b. Identifies major functional areas of information.
c. Quantifies the effect of the loss of the information.
d. Requires the identification of information owners.
Câu hỏi 2 A storage information architecture does not address which of the following?
Đúng
Select one:
1,00 a. management of data
b. use of data
c. archiving of data
d. collection of data
Câu hỏi 3 A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?
Đúng
Select one:
1,00 a. Phreaking
b. Trojan horse

c. SYN flood
d. Spoofing

Đúng
Select one:
1,00 a. To monitor only unauthorized activity and use.
b. To capture only unauthorized internal/external use.
c. To screen out all network errors that affect network statistical information.
d. To monitor the network to gain a complete statistical picture of activity.
Đúng
Select one:
1,00 a. Sniffing
b. Spoofing
c. Data diddling
d. Smurfing

Đúng
Select one:
b. Select, Update
c. Grant, Revoke
d. Add, Replace

Đúng
Select one:
1,00 a. Coaxial cable
b. Fiber optic
c. Microwave
d. Twisted pair
Đúng
Select one:
1,00 a. Dual backbones
b. Shadowing
c. Mirroring
d. Duplexing
Câu hỏi 9 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and
Đúng reduced maintenance?

Select one:
1,00
a. Object-Relational Data Bases (ORDB)
b. Object-Oriented Data Bases (OODB)
c. Relational Data Bases
d. Data Base management systems (DBMS)

Đúng
Select one:
1,00 a. In incremental backup
b. A father/son backup
c. A full backup
d. A differential backup
Câu hỏi 11 Which of the following refers to the data left on the media after the media has been erased?
Đúng
Select one:
1,00 a. remanence
b. sticky bits
c. recovery
d. semi-hidden
Đúng involves:

Select one:
1,00
a. Eigenfeatures of eigenfaces.

Đúng
Select one:
1,00 a. Authentication
b. Authorization
c. Identification
d. Accounting
Đúng
Select one:
1,00 a. Token
b. Password
c. Ticket Granting
d. Biometric
Câu hỏi 15 Which of the following will you consider as a program that monitors data traveling over a network?
Đúng
Select one:
1,00 a. Fragmenter
b. Smurfer
c. Spoofer
d. Sniffer

Đúng
Select one:
1,00 a. The development of a detailed test plan.
b. The communication process among team members.
c. The approval of change control management.
d. The formulation of specific management objectives.
Đúng advantage?

Select one:
1,00
a. Bypass the system security application.
b. Defeat the TEMPEST safeguard
c. Gain system information without trespassing
d. Undetectable active monitoring.

Sai
Select one:
1,00 a. Password
b. UserID
c. Challenge
d. PIN

Đúng
Select one:
1,00 a. Memory cards have no processing power
b. Only smart cards can be used for ATM cards
c. Smart cards provide a two-factor authentication whereas memory cards don’t
d. Memory cards normally hold more memory than smart cards
Đúng
Select one:
1,00 a. Changes are controlled by the Policy Control Board (PCB).
b. Management is advised of changes made to systems.
c. All changes are authorized, tested, and recorded.
d. All changes are requested, scheduled, and completed on time.
Câu hỏi 21 Under Mandatory Access Control (MAC), which of the following is true?
Sai
Select one:
1,00 a. All that is not expressly permitted is forbidden.
b. All that is expressly permitted is forbidden.
c. All that is not expressly permitted is not forbidden.
Câu hỏi 22 By far, the largest security exposure in application system development relates to
Đúng
Select one:
1,00 a. Maintenance and debugging hooks.
b. Change control.

c. Errors and lack of training.
d. Deliberate compromise.

Câu hỏi 23 Which of the following is an important part of database design that ensures that attributes in a table depend
Đúng only on the primary key?

Select one:
1,00
a. Assimilation
b. Normalization
c. Reduction
d. Compaction
Đúng
Select one:
1,00 a. marking
b. storage
c. clearing
d. handling
Câu hỏi 25 Identification establishes:

Đúng
Select one:
b. Accountability
c. Authorization
d. Authentication

Câu hỏi 26 Which of the following is a facial feature identification product that can employ artificial intelligence and can
Đúng require the system to learn from experience?

Select one:
1,00
a. Digital nervous system.
b. Neural networking
c. Dynamic signature verification (DSV)
Đúng which they belong?

Select one:
1,00
b. Group access control
d. User access control
Câu hỏi 28 Role based access control is attracting increasing attention particularly for what applications?
Đúng
Select one:
1,00 a. Technical
b. Security
c. Commercial
d. Scientific

Câu hỏi 29 Discretionary access control (DAC) and mandatory access control (MAC) policies can be effectively replaced
Đúng by:

Select one:
1,00
a. Role based access control.
b. Rule based access control.
c. Token based access control.
d. Server based access control.

Đúng
Select one:
1,00 a. Maximum elapsed time required to move back to primary site a major disruption
b. Minimum elapsed time required to complete recovery of application data
c. Maximum elapsed time required to complete recovery of application data
d. It is maximum delay businesses that can tolerate and still remain viable
Câu hỏi 31 Which of the following will you consider as most secure?
Đúng
Select one:
1,00 a. Login phrase
b. Password
c. One time password
d. Login ID

Sai keys?

Select one:
1,00
a. Systems time
b. Dynamic time
c. Flight time
d. Dwell time
Câu hỏi 33 Which one of the following authentication mechanisms creates a problem for mobile users?
Đúng
Select one:
1,00 a. reusable password mechanism
b. address-based mechanism
c. one-time password mechanism
d. challenge response mechanism
Câu hỏi 34 Retinal scans check for:

Đúng
Select one:
1,00 a. Something you know.

Câu hỏi 35 Which of the following statements pertaining to the security kernel is incorrect?
Đúng
Select one:
1,00 a. It must provide isolation for the processes carrying out the reference monitor concept
and they must be tamperproof
b. It is an access control concept, not an actual physical component
c. It must be small enough to be able to be tested and verified in a complete and
comprehensive manner
d. It is made up of mechanisms that fall under the TCB and implements and enforces the
reference monitor concept.
Câu hỏi 36 Operations Security seeks to primarily protect against which of the following?
Đúng
Select one:
1,00 a. asset threats
b. object reuse
c. compromising emanations
d. facility disaster
Câu hỏi 37 Which one of the following is the MOST solid defense against interception of a network transmission?
Đúng
Select one:
1,00 a. Encryption
b. Frequency hopping
c. Optical fiber
d. Alternate routing

Câu hỏi 38 Under (Mandatory Access Control) MAC, who can change the category of a resource?
Đúng
Select one:
1,00 a. All managers.
b. Administrators only.
c. All users.
Câu hỏi 39 Which of the following represents the best programming?

Đúng
Select one:
1,00 a. High cohesion, low coupling
b. Low cohesion, high coupling
c. High cohesion, high coupling
d. Low cohesion, low coupling
Câu hỏi 40 In a change control environment, which one of the following REDUCES the assurance of proper changes to
Đúng source programs in production status?

Select one:
1,00
a. Testing of the change.
b. Documentation of the change.
c. Authorization of the change.
d. Programmer access.
Đúng
Select one:
1,00 a. System log
b. User passwords 
c. User profiles
d. Security parameters

Đúng
Select one:
1,00 a. Host-based IDS systems
b. Routers and firewalls
d. Network-based IDS systems
Câu hỏi 43 Under Mandatory Access Control (MAC), a clearance is a:

Đúng
Select one:
1,00 a. Privilege
b. Subject
c. Object
d. Sensitivity
Đúng
Select one:
b. Review of operating system manual
c. Review of software control features and/or parameters
Câu hỏi 45 Which of the following is an effective measure against a certain type of brute force password attack?
Đúng
Select one:
1,00 a. Password reuse is not allowed.

b. Password used must not be a word found in a dictionary.
c. Password history is used.


Select one:
1,00
a. They may be administrative, procedural, or technical.
b. They prevent users from accessing any control function.
c. They are generally inexpensive to implement.
d. They eliminate the need for most auditing functions.
Câu hỏi 47 The type of discretionary access control that is based on an individual’s identity is called:
Đúng
Select one:
1,00 a. Non-Discretionary access control
d. Identity-based access control
Đúng
Select one:
b. Timing channels
c. Storage channels
d. Object channels

Đúng
Select one:
1,00 a. A security domain
b. The security kernel
d. The security perimeter
Câu hỏi 50 What attack involves actions to mimic one’s identity?

Đúng
Select one:
1,00 a. Brute force
b. Exhaustive
c. Spoofing
d. Social engineering
Câu hỏi 51 The design phase in a system development life cycle includes all of the following EXCEPT
Sai
Select one:
1,00 a. Developing an operations and maintenance manual.
b. Determining sufficient security controls.
c. Conducting a detailed design review.
d. Developing a validation, verification, and testing plan.


Select one:
1,00
a. Clients security management and techniques
b. Servers security management and techniques
c. Communications security management and techniques
d. Networks security management and techniques
Câu hỏi 53 Which of the following statements pertaining to RADIUS is incorrect?

Sai
Select one:
1,00 a. Most RADIUS servers can work with DIAMETER servers.
b. A RADIUS server can act as a proxy server, forwarding client requests to other
authentication domains.
c. Most of RADIUS clients have a capability to query secondary RADIUS servers for
redundancy
d. Most RADIUS servers have built-in database connectivity for billing and reporting
purposes
Sai
Select one:
1,00 a. SSL
b. SSO
c. IPSec
d. SEC

Đúng
Select one:
1,00 a. Issue corporate standard to be used when addressing specific security problems.
c. Define the main security objectives which must be achieved and the security framework
d. Define the specific assets to be protected and identify the specific tasks which must be
Câu hỏi 56 What ensures that attributes in a table depend only on the primary key?
Không trả lời
Select one:
Đạt điểm 1,00
a. Entity integrity
b. The database management system (DBMS)
c. Data Normalization
d. Referential integrity
Câu hỏi 57 A password represents:

Không trả lời
Select one:
Đạt điểm 1,00
a. All of the choices.

Không trả lời
Select one:
Đạt điểm 1,00
a. Something you know.
c. Something you know and something you have.
Câu hỏi 59 What is one advantage of deploying Role based access control in large networked applications?
Không trả lời
Select one:
Đạt điểm 1,00
a. Higher security
b. User friendliness
c. Higher bandwidth
d. Lower cost
Không trả lời mechanisms?
Đạt điểm 1,00

Select one:
a. A covert channel
b. A maintenance hook
c. A trusted path

State Finished
Kết thúc lúc Friday, 15 April 2022, 6:35 PM
Điểm 34,00/60,00
Điểm 5,67 out of 10,00 (57%)
Câu hỏi 1 Identification and authentication are the keystones of most access control systems. Identification establishes:
Đúng
Select one:
1,00 a. top management accountability for the actions on the system
b. EDP department accountability for the actions of users on the system
c. user accountability for the actions on the system
d. authentication for actions on the system
Câu hỏi 2 What is called the type of access control where there are pairs of elements that have the least upper bound
Đúng of values and greatest lower bound of values?

Select one:
1,00
a. Rule model
b. Lattice model
c. Mandatory model
d. Discretionary model


Select one:
1,00
a. TrZc&45g
b. Jenny&30
c. Christmas12
d. holiday
Câu hỏi 4 Which of the following functions is less likely to be performed by a typical security administrator?
Đúng
Select one:
1,00 a. Adding and removing system users
b. Setting or changing file sensitivity labels
c. Setting user clearances and initial passwords
d. Reviewing audit data
Đúng
Select one:
1,00 a. The Clark-Wilson model
b. The Biba model
c. The Bell-LaPadula model
d. The information flow model

Câu hỏi 6 What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive
Đúng information on the smartcard?

Select one:
1,00
a. Logical attacks
b. Trojan Horse attacks
c. Social Engineering attacks
d. Physical attacks
Câu hỏi 7 Which of the following is the MOST secure network access control procedure to adopt when using a callback
Đúng device?

Select one:
1,00
a. The user enters the telephone number, and the device responds with a challenge.
b. The user enters the telephone number, and the device verifies that the number exists in
its database before calling back.
c. The user enters a userID, PIN, and telephone number, and the device calls back the
telephone number entered.
d. The user enters a userid and PIN, and the device calls back the telephone number that
corresponds to the userID.

Select one:
1,00
a. Accountability controls
b. Mandatory access controls
c. Administrative controls
d. Assurance procedures

Đúng
Select one:
b. It does not use single sign-on technology
c. It relies on two independent proofs of identity
d. It uses the RSA public-key signature based algorithm on integers with large prime
factors
Đúng
Select one:
1,00 a. IDS
b. Vulnerability analysis
c. Padded Cells
d. Honey Pots
Câu hỏi 11 What defines an imposed access control level?

Đúng
Select one:
1,00 a. SAC
b. MAC
c. DAC
d. CAC


Select one:
1,00
b. Tokens
c. Tickets
d. Coupons
Đúng compensated:

Select one:
1,00
a. Based on value of item on the date of loss plus 10 percent
b. Based on new item for old regardless of condition of lost item
c. Based on value of item one month before loss
d. Based on the value of the item on the date of loss

Select one:
1,00
a. Initiation
b. Implementation
c. Development/acquisition
d. Operation/Maintenance

Câu hỏi 15 Which of the following department managers would be best suited to oversee the development of an
Đúng information security policy?

Select one:
1,00
a. Information Systems
b. Human Resources
c. Security administration
d. Business operations

Đúng
Select one:
1,00 a. Users can’t tamper with processes they do not own
b. Design specifications have been verified against the formal top-level specification
c. Hardware and firmware have undergone periodic testing to verify that they are
d. The software of the system has been implemented as designed.
Đúng
Select one:
1,00 a. A password-cracking program is unethical; therefore it should not be used.
b. A networked workstation so the password database can easily be copied locally and
c. A standalone workstation on which the password database is copied and processed by
d. A networked workstation so that the live password database can easily be accessed by

Câu hỏi 18 Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a
Đúng system?

Select one:
1,00
a. Dictionary attack
b. Social engineering
c. Password sniffing
d. Dumpster diving

Sai
Select one:
1,00 a. Understand the corporate culture and how it will affect security.
b. Understand employees preferences for information security.
c. Know what security awareness products are available.
d. Identify weakness in line management support.
Đúng
Select one:
maps to your ACL.

Đúng
Select one:
c. Through data for information content.
d. A user list to find a name.
Đúng
Select one:
1,00 a. A token role.
b. A security token.
c. One or more roles.
d. Only one role.
Câu hỏi 23 What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain
Sai access to a target computer system?

Select one:
1,00
a. Processing speed of the system executing the attack.
b. Expertise of the person performing the attack.
c. Encryption algorithm used for password transfer.
d. Keyspace for the password.


Select one:
1,00
a. Man-in-the-middle
b. Smurf
c. Brute force
d. Birthday
Câu hỏi 25 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification
Sai could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:

Select one:
1,00
a. what was the sex of a person and his age
b. what part of the body to be used and how to accomplish identification to be viable
c. what was the tone of the voice of a person and his habits
d. what was the age of a person and his income level
Câu hỏi 26 Which of the following is a communication mechanism that enables direct conversation between two
Đúng applications?

Select one:
1,00
a. Open Library Environment (OLE)
b. Distributed Component Object Model (DCOM)
c. Dynamic Data Exchange (DDE)
d. Open Database Connectivity (ODBC)

Câu hỏi 27 The INITIAL phase of the system development life cycle would normally include
Sai
Select one:
1,00 a. Project status summary
b. Executive project approval
c. Cost-benefit analysis
d. System design review

Đúng
Select one:
1,00 a. The security subsystem
b. The operating system software
d. The computer hardware
Đúng
Select one:
b. Low cost
c. Transparent
d. Unintrusive device

Câu hỏi 30 Which of the following would provide the best stress testing environment?
Sai
Select one:
1,00 a. Production environment using test data
b. Test environment using live workloads
c. Production environment using live workloads
d. Test environment using test data
Sai
Select one:
1,00 a. Active
b. Passive
c. Captive
d. Aggressive
Câu hỏi 32 Which of the following correctly describe discretionary access control (DAC)?
Đúng
Select one:
1,00 a. It can extend beyond limiting which subjects can gain what type of access to which
objects.
b. It is the most secure method.
c. It is the least secure method.

Câu hỏi 33 Which of the following statements is incorrect?
Sai
Select one:
1,00 a. Since the early days of mankind humans have struggled with the problems of protecting
assets
b. There has never been a problem of lost keys
c. The addition of a PIN keypad to the card reader was a solution to unreported card or lost
cards problems
d. Human guard is an inefficient and sometimes ineffective method of protecting resources
Sai Ethernet in a hub-and-spoke or star topology?

Select one:
1,00
a. IEEE 802.5 protocol for Ethernet cannot support encryption.
b. Hub and spoke connections are highly multiplexed.
c. TCP/IP is an insecure protocol.
d. Ethernet is a broadcast technology.
Sai previously authorized location?

Select one:
1,00
a. Sendback system
b. Sendback forward systems
c. Callback forward systems
d. Callback systems

Sai
Select one:
1,00 a. Conformity with the concept of least privilege
b. Whether management authorizations are up-to-date
c. Whether active accounts are still being used
d. Strength of user-chosen passwords
Sai database objects to specific users or groups?

Select one:
1,00
a. Mandatory
b. Discretionary
c. System
d. Supplemental
Câu hỏi 38 Mandatory access control (MAC) is used for:

Sai
Select one:
1,00 a. Defining user preferences.
b. Defining imposed access control level.
c. Defining discretionary access control level.


Select one:
1,00
a. a Security Target (ST).
c. a Security Functionality Component Catalog (SFCC).
d. an evaluation Assurance Level (EAL).
Sai
Select one:
b. Hand geometry
c. Signature recognition
d. Fingerprint scan
Câu hỏi 41 A system uses a numeric password with 1-4 digits. How many passwords need to be tried before it is cracked?
Sai
Select one:
1,00 a. 1000000
b. 100000
c. 10000 tu 0000 den 9999
d. 1024

Câu hỏi 42 Which of the following is commonly used for retrofitting multilevel security to a database management
Sai system?

Select one:
1,00
a. trusted back-end
b. trusted front-end
c. controller
d. kernel
Câu hỏi 43 A persistent collection of interrelated data items can be defined as which of the following?
Sai
Select one:
1,00 a. database security
b. database
c. database management system
d. database shadowing
Câu hỏi 44 Which one of the following properties of a transaction processing system ensures that once a transaction
Sai completes successfully (commits), the update service even if there is a system failure?

Select one:
1,00
a. Consistency
b. Durability
c. Isolation
d. Atomicity

Sai appropriately defined?

Select one:
1,00
a. Program manual
b. Security policy
c. Enforcement guidelines

Select one:
1,00
a. Inadequate quality assurance (QA) tools
b. Inadequate project management.
Câu hỏi 47 Which access control model enables the owner of the resource to specify what subjects can access specific
Sai resources?

Select one:
1,00
a. Role-based Access Control
b. Mandatory Access Control
c. Sensitive Access Control

Sai
Select one:
1,00 a. Decrease the value of password history.
b. Increase the value of password age.
c. Change all passwords.
d. Change the root password.
Câu hỏi 49 Which one of the following traits allows macro viruses to spread more effectively than other types?
Đúng
Select one:
1,00 a. They attach to executable and batch applications.
b. They infect macro systems as well as micro computers.
c. They spread in distributed systems without detection
d. They can be transported between different operating systems.
Câu hỏi 50 Program change controls must ensure that all changes are
Sai
Select one:
1,00 a. Within established performance criteria.
b. Audited to verify intent.
c. Tested to ensure correctness.
d. Implemented into production systems.

Đúng
Select one:
1,00 a. Operators
b. Data custodians
c. Data owners
d. Security administrators
Câu hỏi 52 Which access control would a lattice-based access control be an example of?
Đúng
Select one:
1,00 a. Non-discretionary access control
b. Mandatory access control
Đúng
Select one:
1,00 a. An organization should use ethical hackers who do not sell auditing, consulting,
b. Testing should be done remotely
c. Ethical hacking should not involve writing to or modifying the target systems
d. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in

Câu hỏi 54 Which of the following refers to the work product satisfying the real-world requirements and concepts?
Đúng
Select one:
1,00 a. verification
b. validation
c. accuracy
d. concurrence

Đúng
Select one:
1,00 a. Passwords are too long.
b. Passwords are unbreakable.
d. Password are too short.
e. Passwords are not easy to remember.
Câu hỏi 56 Which of the following correctly describe the difference between identification and authentication?
Sai
Select one:
1,00 a. Identification is the child process of authentication.
b. Identification is another name of authentication.
c. Identification is a means to verify who you are, while authentication is what you are
d. Authentication is a means to verify who you are, while identification is what you are

Đúng
Select one:
1,00 a. Something you are.
Sai a system project?

Select one:
1,00
a. Program evaluation review technique (PERT)
b. Function point analysis (FP)
c. Critical path methodology (CPM)
d. Gantt charts
Câu hỏi 59 What are the valid types of one time password generator?
Sai
Select one:
1,00 a. Transaction synchronous
b. Asynchronous/PIN asynchronous
d. Synchronous/PIN synchronous

Sai
Select one:
1,00 a. Data media used
b. Controls over hardware
c. Operations using resources
d. Environment controls

State Finished
Thời gian thực hiện 18 giờ 39 phút
Quá hạn 18 giờ 9 phút
Điểm 4,00/60,00
Điểm 0,67 out of 10,00 (7%)
Đúng
Select one:
1,00 a. Directory based access control.
b. ID bases access control
c. Lattice based access control
Không trả lời system?
Đạt điểm 1,00

Select one:
a. Security kernel
b. Information flow model
c. Security model
d. Reference kernel

Không trả lời of it’s associated software development and maintenance processes, introduced five levels with which the
Đạt điểm 1,00
Select one:
a. The Software Capability Maturity Model
b. The IDEAL Model
c. The total Quality Model (TQM)
d. The Spiral Model
Câu hỏi 4 Which of the following defines the software that maintains and provides access to the database?
Không trả lời
Select one:
Đạt điểm 1,00
a. Interface Definition Language system (IDLS)
b. relational database management systems (RDBMS)
c. database management system (DBMS)
d. database identification system (DBIS)
Câu hỏi 5 Under mandatory access control (MAC), classification reflects:

Không trả lời
Select one:
Đạt điểm 1,00
a. Privilege
b. Sensitivity
c. Subject
d. Object


Select one:
1,00
a. Data validation and reliability
b. File integrity routines and audit trail
d. Correction routines and reliability
Không trả lời
Select one:
Đạt điểm 1,00
a. File Integrity Checker
b. Honey Pots
c. Vulnerability Analysis Systems
d. Padded Cells
Không trả lời
Select one:
Đạt điểm 1,00
a. Interprocess communication
b. Stateful inspection
c. Supervisor mode
d. User mode

Đúng
Select one:
1,00 a. Finger print
b. Password
c. Ticket Granting
d. Token
Đúng
Select one:
1,00 a. Storage requirements
c. Accuracy
d. Reliability
Câu hỏi 11 Which of the following is an example of an active attack? Scanning is another true option
Không trả lời
Select one:
Đạt điểm 1,00
a. Shoulder surfing
some examples about active attacks:
b. Masquerading +) masquerade
+) Modification of messages
c. Traffic analysis +) Repudiation
+) Replay
d. Eavesdropping +) Denial of Service

Không trả lời
Select one:
Đạt điểm 1,00
a. depending on the criticality of the information needing protection and the password’s
frequency of use
b. not depending on the criticality of the information needing protection but depending on
c. depending on the criticality of the information needing protection
d. depending on the password’s frequency of use

Không trả lời
Select one:
Đạt điểm 1,00
a. In root.
b. In any location on behalf of root.
c. In the /etc/passwd file.
d. In a shadow password file.
Câu hỏi 14 Which of the following correctly describe “good” security practice?
Không trả lời
Select one:
Đạt điểm 1,00
a. You should ensure that there are no accounts without passwords.
b. You should have a procedure in place to verify password strength.
d. Accounts should be monitored regularly.

Câu hỏi 15 Which one of the following is commonly used for retrofitting multilevel security to a Database Management
Không trả lời System?
Đạt điểm 1,00

Select one:
a. Trusted front-end
b. Trusted kernel
c. Kernel controller
d. Front end controller
Câu hỏi 16 Which one of the following control steps is usually NOT performed in data warehousing applications?
Không trả lời
Select one:
Đạt điểm 1,00
a. Reconcile data moved between the operations environment and data warehouse.
b. Control meta data from being used interactively.
c. Monitor the data purging plan.
d. Monitor summary tables for regular use.
Câu hỏi 17 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
Không trả lời
Select one:
Đạt điểm 1,00
a. Authentication
b. Identification
c. Confidentiality
d. Integrity

Câu hỏi 18 Normalizing data within a database includes all of the following except which?
Không trả lời
Select one:
Đạt điểm 1,00
a. Eliminating duplicate key fields by putting them into separate tables
b. Eliminating repeating groups by putting them into separate tables
c. Eliminating attributes in a table that are not dependent on the primary key of that table
d. Eliminating redundant data
Câu hỏi 19 TEMPEST addresses

Không trả lời
Select one:
Đạt điểm 1,00
a. Signal emanations from electronic equipment.
b. The protection of data from high energy attacks.
c. The vulnerability of time-dependent transmissions.
d. Health hazards of electronic equipment.
Không trả lời Network Access Server and a shared Authentication Server?
Đạt điểm 1,00

Select one:
a. L2TP
b. RADIUS
c. IPSec
d. PPTP

Không trả lời
Select one:
Đạt điểm 1,00
a. It is more scalable than DAC (Discretionary Access Control).
b. It is more flexible than DAC (Discretionary Access Control).
d. It is less secure than DAC (Discretionary Access Control).
Câu hỏi 22 Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
Không trả lời
Select one:
Đạt điểm 1,00
a. All managers.
c. All users.
d. Administrators only.
Câu hỏi 23 Which of the following refers to the number of columns in a table?
Không trả lời
Select one:
Đạt điểm 1,00
a. Schema
b. Cardinality
c. Relation
d. Degree

Câu hỏi 24 What type of password makes use of two totally unrelated words?
Không trả lời
Select one:
Đạt điểm 1,00
a. Login phrase
b. Login ID
c. Composition
d. One time password
Câu hỏi 25 Fault tolerance countermeasures are designed to combat threats to _____
Không trả lời
Select one:
Đạt điểm 1,00
a. backup and retention capability
b. data integrity
c. design reliability
d. an uninterruptible power supply
Câu hỏi 26 What tool is being used to determine whether attackers have altered system files of executables?
Không trả lời
Select one:
Đạt điểm 1,00
a. Vulnerability Analysis Systems
b. File Integrity Checker
c. Padded Cells
d. Honey Pots

Câu hỏi 27 A department manager has read access to the salaries of the employees in his/her department but not to the
Không trả lời salaries of employees in other departments. A database security mechanism that enforces this policy would
typically be said to provide which of the
Đạt điểm 1,00
Select one:
a. least privileges access control
b. ownership-based access control
c. context-dependent access control
d. content-dependent access control
Câu hỏi 28 Which of the following is the weakest authentication mechanism?

Không trả lời
Select one:
Đạt điểm 1,00
a. Passphrases
b. Token devices
c. One-time passwords
d. Passwords

Không trả lời
Select one:
Đạt điểm 1,00
a. It ensures that all mechanism in a system are responsible for enforcing the database
security policy.
b. It confirms that all constrained data items within the system conform to integrity
specifications.
c. Two operations at the same layer will conflict if they operate on the same data item and
d. It prevents low-level database users from inferring the existence of higher level data.

Không trả lời
Select one:
Đạt điểm 1,00
a. Classification of data elements
b. Data content and backup
c. Authentication of user access
d. Integrity and security of data
Câu hỏi 31 What is the window of time for recovery of information processing capabilities based on?
Không trả lời
Select one:
Đạt điểm 1,00
a. Applications that are mainframe based
b. Criticality of the operations affected
c. Quality of the data to be processed
d. Nature of the disaster
Câu hỏi 32 Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of
Không trả lời occurrence and _____.
Đạt điểm 1,00

Select one:
a. Single loss expectancy
b. Previous year’s actual loss
c. Average of previous losses
d. Cost of all losses expected
Câu hỏi 33 In order to avoid mishandling of media or information, you should consider using:
Không trả lời
Select one:
Đạt điểm 1,00
a. Ticket 
b. Token
c. Labeling

Câu hỏi 34 Which of the following is the most commonly used check on something you know?
Không trả lời
Select one:
Đạt điểm 1,00
a. Password
b. Retinal
c. Login phrase
Câu hỏi 35 Rotating password can be restricted by the use of:

Không trả lời
Select one:
Đạt điểm 1,00
a. All of the choices
b. Password age
c. Password history
d. Complex password
Câu hỏi 36 What is the main issue with media reuse?

Không trả lời
Select one:
Đạt điểm 1,00
a. Media destruction
b. Degaussing
c. Purging
d. Data remanence

Không trả lời
Select one:
Đạt điểm 1,00
a. Information Labels
b. Sensitivity Labels
c. Reference Monitors
d. Object Labels
Câu hỏi 38 Which of the following is not a responsibility of a database administrator?

Không trả lời
Select one:
Đạt điểm 1,00
a. Reorganizing databases
b. Providing access authorization to databases
c. Maintaining databases
d. Implementing access rules to databases
Không trả lời
Select one:
Đạt điểm 1,00
a. Increase the length of a password.
b. Increase the age of a password.
c. Increase the history of a password.
Câu hỏi 40 Which option is NOT a benefit derived from the use of neural networks?
Không trả lời
Select one:
Đạt điểm 1,00
a. Input-Output Mapping
b. Linearity
c. Fault Tolerance 
d. Adaptivity

Không trả lời
Select one:
Đạt điểm 1,00
a. MAC
b. DAC
c. ACL
Không trả lời access different resources?
Đạt điểm 1,00

Select one:
c. Triple Sign-On (TSO) systems
d. Single Sign-On (SSO) systems
Câu hỏi 43 A computer program used to process the weekly payroll contains an instruction that the amount of the gross
Không trả lời pay cannot exceed $2,500 for any one employee. This instruction is an example of a control that is referred to
as a:
Đạt điểm 1,00
Select one:
a. record check
b. limit check
c. sequence check
d. check digit

Không trả lời physiological or behavioral characteristics?
Đạt điểm 1,00

Select one:
a. Macrometrics
b. Biometrics
c. MicroBiometrics
d. Micrometrics
Câu hỏi 45 Identification usually takes the form of:

Không trả lời
Select one:
Đạt điểm 1,00
b. Passphrase
c. User password.
d. Login ID.
Không trả lời
Select one:
Đạt điểm 1,00 note: "MOST accepted"
a. Fingerprint answer is "voice pattern"
b. Retina patterns
c. Handprint
d. Iris

Không trả lời
Select one:
Đạt điểm 1,00
a. More costly to administer.
b. More efficient log-on.
d. More key exchanging involved.

Không trả lời
Select one:
Đạt điểm 1,00
a. SMURF
b. Dictionary
c. Spamming
d. Teardrop
Câu hỏi 49 Valuable paper insurance coverage does not cover damage to which of the following?
Không trả lời
Select one:
Đạt điểm 1,00
a. Records
b. Money and Securities
c. Manuscripts
d. Inscribed, printed and written documents

Không trả lời requirement components?
Đạt điểm 1,00

Select one:
b. Package
c. The Target of Evaluation (TOE)
d. Security target (ST)
Không trả lời
Select one:
Đạt điểm 1,00
a. Employees must send in a signed email before obtaining a password.
b. Employees must show up in person and present proper identification before obtaining a
password.
c. Employees must send in an email before obtaining a password.

Không trả lời
Select one:
Đạt điểm 1,00
a. Quantify the impact of potential threats
b. Provide an economic balance between the impact of the risk and the cost of the
c. Choose the best countermeasure
d. Identify risks

Không trả lời another correct answer: "Develop the security plan"
Select one:
Đạt điểm 1,00
a. Development of a security awareness-training program
b. Purchase of security access control software
c. Adoption of a corporate information security policy statement
d. Development and implementation of an information security standards manual
Câu hỏi 54 An active content module, which attempts to monopolize and exploits system resources is called a
Không trả lời
Select one:
Đạt điểm 1,00
a. Macro virus
b. Hostile applet
c. Plug-in worm
d. Cookie
Câu hỏi 55 With mandatory access control (MAC), who may make decisions that bear on policy?
Không trả lời
Select one:
Đạt điểm 1,00
a. Manager
b. All users.
c. Administrator
d. Guest

Câu hỏi 56 Which situation would TEMPEST risks and technologies be of MOST interest?
Không trả lời
Select one:
Đạt điểm 1,00
a. Where the consequences of disclose are very high.
b. Where data base integrity is crucial
c. Where high availability is vital.
d. Where countermeasures are easy to implement
Câu hỏi 57 Which of the following is not a component of a Operations Security “triples”?
Không trả lời
Select one:
Đạt điểm 1,00
a. Threat
b. Asset
c. Risk
d. Vulnerability
Không trả lời accessed.
Đạt điểm 1,00

Select one:
a. Entities
b. A group of users.
c. Sensitivity
d. Users

Không trả lời
Select one:
Đạt điểm 1,00
a. Based on labels
b. All equal
c. Based on flows.
d. Hierarchical
Không trả lời
Select one:
Đạt điểm 1,00
a. Confidentiality
b. Acceptability
c. Availability
d. Integrity

State Finished
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Đúng
Select one:
b. Public embarrassment
c. Loss of revenue
d. Loss of public confidence and credibility
Đúng
Select one:
1,00 a. Detection and recognition.

Select one:
1,00
a. Commingling
b. Seepage 
c. Aggregation
d. Contamination

Đúng
Select one:
b. Flow
c. Transformation
d. State
Câu hỏi 5 What is the window of time for recovery of information processing capabilities based on?
Đúng
Select one:
1,00 a. Applications that are mainframe based
b. Criticality of the operations affected
c. Quality of the data to be processed
d. Nature of the disaster
Đúng
Select one:
b. Cipher Chart
c. Decipher Chart
d. Zapper Chart

Đúng
Select one:
1,00 a. So that they will accept ownership for security within the organization.
b. So that external bodies will recognize the organizations commitment to security.
c. So that employees will follow the policy directives.
d. So that they can be held legally accountable.
Câu hỏi 8 Which of the following is the correct account policy you should follow?
Đúng
Select one:
1,00 a. All active accounts must have a long and complex pass phrase.
c. All inactive accounts must have a password.
d. All active accounts must have a password.
Câu hỏi 9 Which of the following is an advantage of using a high-level programming language?
Sai
Select one:
1,00 a. It requires programmer-controlled storage management
b. It allows programmers to define syntax
c. It decreases the total amount of code writers
d. It enforces coding standards

Câu hỏi 10 Which of the following describes elements that create reliability and stability in networks and systems and
Đúng which assures that connectivity is accessible when needed?

Select one:
1,00
a. Acceptability
b. Integrity
c. Availability
d. Confidentiality
Câu hỏi 11 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are
Đúng more suited to which of the following?

Select one:
1,00
a. Data base management systems (DBMS)
b. Relational Data Bases
c. Object-Oriented Data Bases (OODB)
d. Object-Relational Data Bases
Câu hỏi 12 Which of the following refers to the work product satisfying the real-world requirements and concepts?
Đúng
Select one:
1,00 a. accuracy
b. validation
c. concurrence
d. verification


Select one:
1,00
c. Integrity and control
d. Targets of Evaluation (TOE) and Protection Profile (PP)
Câu hỏi 14 The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the
Đúng concept of

Select one:
1,00
a. Security locking
b. Security kernel
c. Secure state
d. Secure model
Câu hỏi 15 Under Mandatory Access Control (MAC), which of the following is true?
Đúng
Select one:
1,00 a. All that is not expressly permitted is not forbidden.
b. All that is not expressly permitted is forbidden.
c. All that is expressly permitted is forbidden.

Đúng
Select one:
maps to your ACL.
Đúng
Select one:
1,00 a. Executables from the Internet may attempt an intentional attack when they are
b. Java does not check the bytecode at runtime or provide other safety mechanisms for
c. Java interpreters do not provide the ability to limit system access that an applet could
d. Their transport can interrupt the secure distribution of World Wide Web pages over the
Câu hỏi 18 Which of the following is true regarding a secure access model?
Đúng
Select one:
1,00 a. Secure information cannot flow to a more secure user.
b. Secure information cannot flow to a less secure user.
d. Secure information can flow to a less secure user.

Câu hỏi 19 Which of the following is commonly used for retrofitting multilevel security to a database management
Đúng system?

Select one:
1,00
a. controller
b. trusted back-end
c. kernel
d. trusted front-end
Đúng
Select one:
1,00 a. Electrical and image-edge detection.
d. Mechanical and image-edge detection.
Câu hỏi 21 Which of the following centralized access control mechanisms is not appropriate for mobile workers access
Đúng the corporate network over analog lines?

Select one:
1,00
a. RADIUS
b. CHAP
c. TACACS
d. Call-back

Câu hỏi 22 With mandatory access control (MAC), who may make decisions that bear on policy?
Đúng
Select one:
1,00 a. All users.
b. Administrator
c. Guest
d. Manager

Đúng
Select one:
1,00 a. Redundant servers
b. Multiple servers
c. Server fault tolerance
d. Server clustering
Câu hỏi 24 A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?
Đúng
Select one:
1,00 a. Trojan horse
b. Spoofing
c. Phreaking
d. SYN flood

Đúng
Select one:
1,00 a. The attacker must have read access to the password file.
b. The attacker must have write access to the password file.
c. The attacker must know the password encryption mechanism and key variable.
d. The attacker must have access to the target system.
Đúng
Select one:
1,00 a. attributes
b. relation
c. record retention
d. records or tuples
Câu hỏi 27 Identification and authentication are the keystones of most access control systems. Identification establishes:
Đúng
Select one:
1,00 a. top management accountability for the actions on the system
b. authentication for actions on the system
c. user accountability for the actions on the system
d. EDP department accountability for the actions of users on the system


Select one:
1,00
a. It is limited to named individuals and creates an audit trail.
b. It is classified only by the information security officer and restricted to those who have
d. It is available to anyone in the organization whose work relates to the subject and
Câu hỏi 29 Operations Security seeks to primarily protect against which of the following?
Đúng
Select one:
1,00 a. compromising emanations
b. asset threats
c. facility disaster
d. object reuse
Câu hỏi 30 Which one of the following tests determines whether the content of data within an application program falls
Đúng within predetermined limits?

Select one:
1,00
a. Mathematical accuracy check
b. Reasonableness check
c. Check digit verification
d. Parity check

Câu hỏi 31 What is the act of willfully changing data, using fraudulent input or removal of controls called?
Đúng
Select one:
b. Data trashing
c. Data contaminating
d. Data capturing
Câu hỏi 32 Which of the following is the most commonly used check on something you know?
Đúng
Select one:
1,00 a. Password
b. Retinal
c. Login phrase
Câu hỏi 33 The PRIMARY purpose of operations security is

Đúng
Select one:
1,00 a. Safeguard information assets that are resident in the system.
b. Protect the system hardware from environment damage.
c. Establish thresholds for violation detection and logging.
d. Monitor the actions of vendor service personnel.

Đúng
Select one:
1,00 a. depending on the criticality of the information needing protection and the password’s
frequency of use
b. not depending on the criticality of the information needing protection but depending on
c. depending on the password’s frequency of use
d. depending on the criticality of the information needing protection
Câu hỏi 35 The INITIAL phase of the system development life cycle would normally include
Đúng
Select one:
1,00 a. System design review
b. Project status summary
c. Cost-benefit analysis
d. Executive project approval
Đúng
Select one:
1,00 a. Allows one process to signal information to another by modulating its own use of system
resources.
b. Used by a supervisor to monitor the productivity of a user without their knowledge.
c. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
d. Modulated to carry an unintended information signal that can only be detected by

Đúng
Select one:
1,00 a. Ensure separation of duties.
b. Define the parameters required for security labels.
c. Assign access controls.
d. Apply different protective measures.
Câu hỏi 38 What defines an imposed access control level?

Đúng
Select one:
1,00 a. MAC
b. SAC
c. DAC
d. CAC
Câu hỏi 39 Which one of the following BEST describes a password cracker?
Đúng
Select one:
1,00 a. A program that provides software registration passwords or keys.
b. A program that performs comparative analysis.
c. A program that can locate and read a password file.
d. A program that obtains privileged access to the system.

Câu hỏi 40 A password represents:
Đúng
Select one:
d. Something you are.
Câu hỏi 41 Which one of the following control steps is usually NOT performed in data warehousing applications?
Đúng
Select one:
1,00 a. Control meta data from being used interactively.
b. Monitor the data purging plan.
c. Reconcile data moved between the operations environment and data warehouse.
d. Monitor summary tables for regular use.
Câu hỏi 42 Which security program exists if a user accessing low-level data is able to draw conclusions about high-level
Đúng information?

Select one:
1,00
a. Under-classification
b. Polyinstatiation
c. Inference
d. Interference

Câu hỏi 43 Which one of the following addresses the protection of computers and components from electromagnetic
Đúng emissions?

Select one:
1,00
a. TEMPEST
b. Hardening
c. ISO 9000
d. IEEE 802.2
Đúng
Select one:
1,00 a. Environment controls
b. Data media used
c. Controls over hardware
d. Operations using resources
Đúng database objects to specific users or groups?

Select one:
1,00
a. Mandatory
b. System
c. Discretionary
d. Supplemental

Câu hỏi 46 Program change controls must ensure that all changes are
Đúng
Select one:
1,00 a. Audited to verify intent.
b. Tested to ensure correctness.
c. Within established performance criteria.
d. Implemented into production systems.
Đúng
Select one:
1,00 a. Passwords are more vulnerable to brute force and dictionary attacks.
b. Passwords are harder to guess for attackers
c. Passwords are harder to remember for users
d. If the password-generating algorithm gets to be known, the entire system is in jeopardy
Đúng have to be:

Select one:
1,00
a. recreated
b. deleted
c. updated
d. created

Đúng
Select one:
1,00 a. Design specifications have been verified against the formal top-level specification
b. Hardware and firmware have undergone periodic testing to verify that they are
c. The software of the system has been implemented as designed.
d. Users can’t tamper with processes they do not own
Đúng identity?

Select one:
1,00
a. Iris scans
b. Retina scans
c. Skin scans
d. Palm scans
Đúng
Select one:
1,00 a. Iris scanning
b. Facial recognition
c. Finger scanning

Đúng
Select one:
1,00 a. Cell suppression
b. Partitioning
c. Padded Cells
d. Perturbation
Câu hỏi 53 Which of the following refers to the number of rows in a relation?
Đúng
Select one:
1,00 a. cardinality
b. degree
c. breadth
d. depth
Câu hỏi 54 In a RADIUS architecture, which of the following can act as a proxy client?
Đúng
Select one:
1,00 a. The RADIUS authentication server.
c. A Network Access Server.
d. The end user.

Câu hỏi 55 The design phase in a system development life cycle includes all of the following EXCEPT
Đúng
Select one:
1,00 a. Determining sufficient security controls.
b. Developing a validation, verification, and testing plan.
c. Developing an operations and maintenance manual.
d. Conducting a detailed design review.
Đúng
Select one:
1,00 a. SATAN
b. ISS
c. Ballista
Câu hỏi 57 What is called the verification that the user’s claimed identity is valid and is usually implemented through a
Đúng user password at log-on time?

Select one:
1,00
a. Authentication
b. Integrity
c. Confidentiality
d. Identification

Câu hỏi 58 Which option is NOT a benefit derived from the use of neural networks?
Đúng
Select one:
1,00 a. Linearity
b. Adaptivity
c. Fault Tolerance
d. Input-Output Mapping
Đúng Ethernet in a hub-and-spoke or star topology?

Select one:
1,00
a. TCP/IP is an insecure protocol.
b. Ethernet is a broadcast technology.
c. IEEE 802.5 protocol for Ethernet cannot support encryption.
d. Hub and spoke connections are highly multiplexed.

Đúng
Select one:
1,00 a. RADIUS
b. RADIUS+
c. XTACACS and TACACS+
d. TACACS

Key IIS Final VIP David Hai 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Key IIS Final VIP David Hai 1

Uploaded by

Copyright:

Available Formats

Introduction to Information Security

Bắt đầu vào lúc Saturday, 21 May 2022, 1:56 PM

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng 

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

b. To monitor the network to gain a complete statistical picture of activity.

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu hỏi 26 Which of the following attacks focus on cracking passwords?

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu hỏi 29 What does "System Integrity" mean?

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu hỏi 43 Why must senior management endorse a security policy?

Câu trả lời của bạn đúng

Đạt điểm 1,00 trên

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng

Câu trả lời của bạn đúng