Professional Documents
Culture Documents
Câu hỏi 1 Which of the following represent the rows of the table in a relational database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. record retention
b. records or tuples
c. attributes
d. relation
Câu hỏi 2 Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL)
Đúng database objects to specific users or groups?
Câu hỏi 3 What is an effective countermeasure against Trojan horse attack that targets smart cards?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Handprint driver architecture.
b. Singe-access device driver architecture.
c. Fingerprint driver architecture.
Câu hỏi 4 The Common Criteria (CC) represents requirements for IT security of a product or system under which
Đúng distinct categories?
Câu hỏi 5 Which of the following security modes of operation involved the highest risk?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Multilevel Security Mode
b. Compartmented Security Mode
c. System-High Security Mode
d. Dedicated Security Mode
Câu hỏi 6 Which one of the following describes a reference monitor?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Network control concept that distributes the authorization of subject accesses to
objects.
b. Access control concept that refers to an abstract machine that mediates all accesses to
objects by subjects.
c. Identification concept that refers to the comparison of material supplied by a user with its
reference profile.
d. Audit concept that refers to monitoring and recording of all accesses to objects by
subjects.
Câu hỏi 7 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. closure
b. disaster
c. disposal
d. disclosure
Câu hỏi 8 Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. When it is to be done.
b. Why is it to be done.
c. What is to be done.
d. Who is to do it.
Câu hỏi 10 The absence or weakness in a system that may possibly be exploited is called a(n)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Vulnerability
b. Threat
c. Risk
d. Exposure
Câu hỏi 11 Which of the following could illegally capture network user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Sniffing
b. Smurfing
c. Spoofing
d. Data diddling
Câu hỏi 12 Ensuring the integrity of business information is the PRIMARY concern of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. On-line Security
b. Procedural Security
c. Logical Security
d. Encryption Security
Câu hỏi 13 Which one of the following is a good defense against worms?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Keeping data objects small, simple, and obvious as to their intent.
b. Limiting connectivity by means of well-managed access controls.
c. Placing limits on sharing, writing, and executing programs.
d. Differentiating systems along the lines exploited by the attack.
Câu hỏi 14 What way could Java applets pose a security threat?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Java interpreters do not provide the ability to limit system access that an applet could
have on a client system
b. Java does not check the bytecode at runtime or provide other safety mechanisms for
program isolation from the client system.
c. Executables from the Internet may attempt an intentional attack when they are
downloaded on a client system
d. Their transport can interrupt the secure distribution of World Wide Web pages over the
Internet by removing SSL and S-HTTP
Câu hỏi 16 What process determines who is trusted for a given purpose?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Identification
b. Accounting
c. Authorization
d. Authentication
Câu hỏi 17 Under discretionary access control (DAC), a subjects rights must be _____ when it leaves an organization
Đúng altogether.
b. resumed
c. terminated
d. recycled
Câu hỏi 18 What security risk does a covert channel create?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data can be disclosed by inference.
b. A user can send data to another user.
c. It bypasses the reference monitor functions.
d. A process can signal information to another process.
Câu hỏi 19 Which of the following questions is less likely to help in assessing controls over hardware and software
Đúng maintenance?
Câu hỏi 20 Who is responsible for setting user clearances to computer-based information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data owners
b. Operators
c. Data custodians
d. Security administrators
Câu hỏi 22 A periodic review of user account management should not determine:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Whether management authorizations are up-to-date
b. Conformity with the concept of least privilege
c. Strength of user-chosen passwords
d. Whether active accounts are still being used
Câu hỏi 23 What reason would a network administrator leverage promiscuous mode?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. To capture only unauthorized internal/external use.
Câu hỏi 24 Removing unnecessary processes, segregating inter-process communications, and reducing executing
Đúng privileges to increase system security is commonly called
Câu hỏi 25 With mandatory access control (MAC), who may NOT make decisions that derive from policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All users except the administrator.
b. The administrator.
c. The guests.
d. The power users.
e. All users
Câu hỏi 27 With non-continuous backup systems, data that was entered after the last backup prior to a system crash will
Đúng have to be:
Câu hỏi 28 In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between
Đúng keys?
Câu hỏi 31 Which of the following statements pertaining to software testing approaches is correct?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Black box testing is predicated on a close examination of procedural detail
b. A bottom-up approach allows interface errors to be detected earlier
c. A top-down approach allows errors in critical modules to be detected earlier
d. The test plan and results should be retained as part of the system’s permanent
documentation
Câu hỏi 32 Which of the following is the most secure way to distribute password?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Employees must send in a signed email before obtaining a password.
b. Employees must show up in person and present proper identification before obtaining a
password.
c. None of the choices.
d. Employees must send in an email before obtaining a password.
Câu trả lời của bạn đúng
The correct answer is: Employees must show up in person and present proper identification before obtaining
a password.
Câu hỏi 33 Which of the following computer design approaches is based on the fact that in earlier technologies, the
Đúng instruction fetch was the longest part of the cycle?
Câu hỏi 34 Which of the following provide network redundancy in a local network environment?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Duplexing
b. Shadowing
c. Dual backbones
d. Mirroring
Câu hỏi 35 Which must bear the primary responsibility for determining the level of protection needed for information
Đúng systems resources?
Câu hỏi 36 The Common Criteria construct which allows prospective consumers or developers to create standardized
Đúng sets of security requirements to meet there needs is
Câu hỏi 37 Which of the following correctly describe Role based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ACL.
b. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your user profile groups.
c. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ticketing system.
d. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your organizations structure.
Câu hỏi 38 Which one of the following is a security issue related to aggregation in a database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Partitioning
b. Data swapping
c. Polyinstantiation
d. Inference
Câu trả lời của bạn đúng
The correct answer is: Inference
Câu hỏi 39 Which of the following phases of a system development life-cycle is most concerned with authenticating
Đúng users and processes to ensure appropriate access control decisions?
Câu hỏi 40 What is known as decoy system designed to lure a potential attacker away from critical systems?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Padded Cells
b. Vulnerability Analysis Systems
c. File Integrity Checker
d. Honey Pots
Câu hỏi 41 Which of the following methodologies is appropriate for planning and controlling activities and resources in
Đúng a system project?
Câu hỏi 42 What type of wiretapping involves injecting something into the communications?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Active
b. Aggressive
c. Passive
d. Captive
Câu hỏi 44 If a token and 4-digit personal identification number (PIN) are used to access a computer system and the
Đúng token performs off-line checking for the correct PIN, what type of attack is possible?
b. Smurf
c. Man-in-the-middle
d. Birthday
Câu hỏi 45 Which one of the following describes a covert timing channel?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Allows one process to signal information to another by modulating its own use of system
resources.
b. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
c. Used by a supervisor to monitor the productivity of a user without their knowledge.
d. Modulated to carry an unintended information signal that can only be detected by
special, sensitive receivers.
Câu hỏi 46 Which of the following files should the security administrator be restricted to READ only access?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. User profiles
b. User passwords
c. Security parameters
d. System log
Câu hỏi 47 Which of the following offers greater accuracy then the others?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Finger scanning
b. Iris scanning
c. Facial recognition
d. Voice recognition
Câu hỏi 49 What is an error called that causes a system to be vulnerable because of the environment in which it is
Đúng installed?
Câu hỏi 50 With Rule Based Security Policy, a security policy is based on:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Global rules imposed for only the local users.
Câu hỏi 51 Which of the following addresses cumbersome situations where users need to log on multiple times to
Đúng access different resources?
Câu hỏi 53 Qualitative loss resulting from the business interruption does not include:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Loss of competitive advantage or market share
b. Loss of revenue
c. Public embarrassment
d. Loss of public confidence and credibility
Câu hỏi 54 With role-based access control (RBAC), each user can be assigned:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A token role.
b. A security token.
c. Only one role.
d. One or more roles.
Câu hỏi 55 Which of the following is NOT a system-sensing wireless proximity card?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. passive device
b. field-powered device
c. transponder
d. magnetically striped card
Câu hỏi 56 What is the method of coordinating access to resources based on the listening of permitted IP addresses?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. ACL
b. DAC
c. MAC
d. None of the choices.
Câu hỏi 57 A smart card represents:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices.
b. Something you are.
c. Something you have.
d. Something you know.
Câu hỏi 58 What is a protocol used for carrying authentication, authorization, and configuration information between a
Đúng Network Access Server and a shared Authentication Server?
Câu hỏi 59 Under Role based access control, access rights are grouped by:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Rules
b. Policy name
c. Sensitivity label
d. Role name
Câu hỏi 60 Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched
Đúng Ethernet in a hub-and-spoke or star topology?
Introduction to Information Security
Bắt đầu vào lúc Saturday, 21 May 2022, 1:33 PM
State Finished
Kết thúc lúc Saturday, 21 May 2022, 1:51 PM
Thời gian thực hiện 18 phút 12 giây
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 Which of the following is a feature of the Rule based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The use of data flow diagram.
b. The use of profile.
c. The use of token.
d. The use of information flow label.
Câu hỏi 2 Which of the following are measures against password sniffing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices
b. Passwords must not be stored in plain text on any electronic media.
c. Passwords must not be sent through email in plain text.
d. You may store passwords electronically if it is encrypted.
Câu hỏi 3 Who is the individual permitted to add users or install trusted programs?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Operations Manager
b. Security Administrator
c. Computer Manager
d. Database Administrator
Câu hỏi 4 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00 trên
1,00
Select one:
a. The IDEAL Model
b. The Software Capability Maturity Model
c. The Spiral Model
d. The total Quality Model (TQM)
Câu hỏi 5 Which of the following attacks could be the most successful when the security technology is properly
Đúng implemented and configured?
Câu hỏi 6 What principle requires that a user be given no more privilege then necessary to perform a job?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Principle of effective privilege.
b. Principle of most privilege.
c. Principle of least privilege.
d. Principle of aggregate privilege.
Câu hỏi 7 What is the most effective means of determining how controls are functioning within an operating system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Interview with computer operator
b. Review of operating system manual
c. Review of software control features and/or parameters
d. Interview with product vendor
Câu hỏi 8 All of the following are basic components of a security policy EXCEPT the _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. statement of roles and responsibilities
b. definition of the issue and statement of relevant terms.
c. statement of applicability and compliance requirements.
d. statement of performance of characteristics and requirements.
Câu hỏi 9 In SSL/TLS protocol, what kind of authentication is supported?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Peer-to-peer authentication
b. Role based authentication scheme
c. Only server authentication (optional)
d. Server authentication (mandatory) and client authentication (optional)
Câu hỏi 10 A central authority determines what subjects can have access to certain objects based on the organizational
Đúng security policy is called:
Câu hỏi 11 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00 trên
1,00
Select one:
a. The total Quality Model (TQM)
b. The Software Capability Maturity Model
c. The IDEAL Model
d. The Spiral Model
Câu hỏi 12 Under the mandatory access control (MAC) control system, what is required?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Sensing
b. Performance monitoring
c. Labeling
Câu hỏi 13 Which of the following biometric devices has the lowest user acceptance level?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Hand geometry
b. Signature recognition
c. Fingerprint scan
d. Voice recognition
Câu hỏi 14 Which of the following is not a media viability control used to protect the viability of data storage media?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. storage
b. clearing
c. handling
d. marking
Câu hỏi 15 What is the main concern with single sign-on?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Maximum unauthorized access would be possible if a password is disclosed
b. The users’ password would be to hard to remember
c. User access rights would be increased
d. The security administrator’s workload would increase
Câu hỏi 16 Which of the following is best defined as a mode of system termination that automatically leaves system
Đúng processes and components in a secure state when a failure occurs or is detected in the system?
Câu hỏi 18 Which of the following is not a critical security aspect of Operations Controls?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data media used
b. Operations using resources
c. Controls over hardware
d. Environment controls
Câu hỏi 19 Which of the following correctly describe the features of SSO?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. More efficient log-on.
b. More costly to administer.
c. More costly to setup.
d. More key exchanging involved.
Câu hỏi 21 What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access DialIn User
Đúng System, Terminal Access Controller Access Control System) to authenticate dial-in users?
Câu hỏi 22 Which of the following does not address Database Management Systems (DBMS) Security?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Partitioning
b. Padded Cells
c. Perturbation
d. Cell suppression
Câu hỏi 23 Programmed procedures which ensure that valid transactions are processed accurately and only once in the
Đúng current timescale are referred to as
Câu hỏi 24 Which of the following would constitute the best example of a password to use for access to a system by a
Đúng network administrator?
Câu hỏi 25 In a discretionary mode, which of the following entities is authorized to grant information access to other
Đúng people?
Câu hỏi 26 What is called an automated means of identifying or authenticating the identity of a living person based on
Đúng physiological or behavioral characteristics?
Câu hỏi 27 Discretionary access control (DAC) are characterized by many organizations as:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mandatory adjustable controls
b. Need-to-know controls
c. Preventive controls
Câu hỏi 29 Tokens, as a way to identify users are subject to what type of error?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Human error
b. Token error
c. Decrypt error
d. Encrypt error
Câu hỏi 30 The alternate processing strategy in a business continuity plan can provide for required backup computing
Đúng capacity through a hot site, a cold site, or
Câu hỏi 32 What setup should an administrator use for regularly testing the strength of user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A networked workstation so that the live password database can easily be accessed by
the cracking program
b. A standalone workstation on which the password database is copied and processed by
the cracking program
c. A password-cracking program is unethical; therefore it should not be used.
d. A networked workstation so the password database can easily be copied locally and
processed by the cracking program
Câu hỏi 34 What best describes this scenario? This is a common security issue that is extremely hard to control in large
Đúng environments. It occurs when a user has more computer rights, permissions, and privileges that what is
required for the tasks the user needs to fulfill.
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Rights
b. Excessive Privileges
c. Excessive Permissions
d. Excessive Access
Câu hỏi 35 A backup of all files that are new or modified since the last full backup is
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A differential backup
b. A full backup
c. A father/son backup
d. In incremental backup
Câu hỏi 36 Which of the following does not apply to system-generated passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords are harder to remember for users
b. If the password-generating algorithm gets to be known, the entire system is in jeopardy
c. Passwords are harder to guess for attackers
d. Passwords are more vulnerable to brute force and dictionary attacks.
Câu hỏi 37 Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The attacker must have access to the target system.
b. The attacker must have write access to the password file.
c. The attacker must have read access to the password file.
d. The attacker must know the password encryption mechanism and key variable.
Câu hỏi 39 Penetration testing will typically include _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Computer Emergency Response Team (CERT) procedures.
b. Review of Public Key Infrastructure (PKI) digital certificate, and encryption.
c. Social engineering, configuration review, and vulnerability assessment.
d. Generally accepted auditing practices.
Câu hỏi 42 With Rule Based Security Policy, global rules usually rely on comparison of the _____ of the resource being
Đúng accessed.
Câu hỏi 43 In the process of facial identification, the basic underlying recognition technology of facial identification
Đúng involves:
Câu hỏi 45 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Reliability
b. Perceived intrusiveness
c. Storage requirements
d. Accuracy
Câu hỏi 46 What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of
Đúng an information system?
Câu hỏi 48 Macro viruses written in Visual Basic for Applications (VBA) are a major problem because
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Anti-virus software is usable to remove the viral code.
b. These viruses almost exclusively affect the operating system.
c. These viruses can infect many types of environments.
d. Floppy disks can propagate such viruses.
Câu hỏi 50 Which of the following tools can you use to assess your networks vulnerability?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. SATAN
b. ISS
c. All of the choices
d. Ballista
Câu hỏi 51 Which of the following forms of authentication would most likely apply a digital signature algorithm to every
Đúng bit of data that is sent from the claimant to the verifier?
Câu hỏi 53 Passwords can be required to change monthly, quarterly, or any other intervals:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. depending on the criticality of the information needing protection
b. depending on the criticality of the information needing protection and the password’s
frequency of use
c. not depending on the criticality of the information needing protection but depending on
the password’s frequency of use
d. depending on the password’s frequency of use
Câu hỏi 55 Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant
Đúng advantage?
Câu hỏi 57 Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Routers and firewalls
b. Network-based IDS systems
c. General purpose operating systems
d. Host-based IDS systems
Câu hỏi 58 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Đúng appropriately defined?
Câu hỏi 60 Which of the following would best describe the difference between white-box testing and black-box testing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Black-box testing involves the business units
b. White-box testing examines the program internal logical structure
c. Black-box testing uses the bottom-up approach
d. White-box testing is performed by an independent programmer team
Introduction to Information Security
Bắt đầu vào lúc Monday, 9 May 2022, 10:18 AM
State Finished
Kết thúc lúc Monday, 9 May 2022, 10:34 AM
Thời gian thực hiện 15 phút 40 giây
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Câu hỏi 1 What type of wiretapping involves injecting something into the communications?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Captive
b. Aggressive
c. Active
d. Passive
Câu hỏi 2 Which one of the following is a security issue related to aggregation in a database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Inference
b. Data swapping
c. Polyinstantiation
d. Partitioning
Câu hỏi 3 What tool is being used to determine whether attackers have altered system files of executables?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Honey Pots
b. Padded Cells
c. Vulnerability Analysis Systems
d. File Integrity Checker
Câu hỏi 5 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and
Đúng reduced maintenance?
Câu hỏi 6 Which one of the following should be employed to protect data against undetected corruption?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Authentication
b. Integrity
c. Non-repudiation
d. Encryption
Câu hỏi 8 The alternate processing strategy in a business continuity plan can provide for required backup computing
Đúng capacity through a hot site, a cold site, or
Câu hỏi 9 The access matrix model consists of which of the following parts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A list of subjects.
b. All of the choices
c. A list of objects.
d. A function that returns an objects type.
Câu hỏi 11 To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the
Đúng following can be implemented to mitigate the risks on a corporate network?
Câu hỏi 12 What setup should an administrator use for regularly testing the strength of user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A standalone workstation on which the password database is copied and processed by
the cracking program
b. A password-cracking program is unethical; therefore it should not be used.
c. A networked workstation so the password database can easily be copied locally and
processed by the cracking program
d. A networked workstation so that the live password database can easily be accessed by
the cracking program
Câu hỏi 14 Management can expect penetration tests to provide all of the following EXCEPT _____.
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. a method to correct the security flaws
b. demonstration of the effects of the flaws
c. identification of security flaws
d. verification of the levels of existing infiltration resistance
Câu hỏi 15 Which one of the following is a good defense against worms?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Placing limits on sharing, writing, and executing programs.
b. Differentiating systems along the lines exploited by the attack.
c. Keeping data objects small, simple, and obvious as to their intent.
d. Limiting connectivity by means of well-managed access controls.
Câu hỏi 20 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Confidentiality
b. Integrity
c. Identification
d. Authentication
Câu hỏi 21 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. disposal
b. disaster
c. closure
d. disclosure
Câu hỏi 23 Which of the following is the marriage of object-oriented and relational technologies combining the
Đúng attributes of both?
Câu hỏi 24 The absence or weakness in a system that may possibly be exploited is called a(n)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Vulnerability
b. Threat
c. Risk
d. Exposure
Câu hỏi 26 What can be accomplished by storing on each subject a list of rights the subject has for every object?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Capabilities
b. Key ring
c. Rights
d. Object
Câu hỏi 29 What ensures that attributes in a table depend only on the primary key?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Entity integrity
b. Referential integrity
c. The database management system (DBMS)
d. Data Normalization
Câu hỏi 30 Which of the following phases of a system development life-cycle is most concerned with authenticating
Đúng users and processes to ensure appropriate access control decisions?
Câu hỏi 36 What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services
Đúng are made available only to properly designated parties?
Câu hỏi 38 Which one of the following authentication mechanisms creates a problem for mobile users?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. reusable password mechanism
b. challenge response mechanism
c. address-based mechanism
d. one-time password mechanism
Câu hỏi 41 A persistent collection of interrelated data items can be defined as which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. database security
b. database management system
c. database shadowing
d. database
Câu hỏi 42 What is an effective countermeasure against Trojan horse attack that targets smart cards?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Handprint driver architecture.
b. Singe-access device driver architecture.
c. Fingerprint driver architecture.
Câu hỏi 43 Under the mandatory access control (MAC) control system, what is required?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Labeling
b. Sensing
c. Performance monitoring
Câu hỏi 45 Which of the following statements pertaining to software testing approaches is correct?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Black box testing is predicated on a close examination of procedural detail
b. A top-down approach allows errors in critical modules to be detected earlier
c. The test plan and results should be retained as part of the system’s permanent
documentation
d. A bottom-up approach allows interface errors to be detected earlier
Câu hỏi 46 In the Information Flow Model, what acts as a type of dependency?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Successive points
b. Flow
c. Transformation
d. State
Câu hỏi 48 Which of the following is an effective measure against a certain type of brute force password attack?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password history is used.
b. Password used must not be a word found in a dictionary.
c. Password reuse is not allowed.
Câu hỏi 49 Which of the following refers to the data left on the media after the media has been erased?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. semi-hidden
b. remanence
c. recovery
d. sticky bits
Câu hỏi 50 Which of the following ensures that security is not breached when a system crash or other system failure
Đúng occurs?
Câu hỏi 52 Covert channel is a communication channel that can be used for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Violating the security policy.
b. Strengthening the security policy.
c. Hardening the system.
Câu hỏi 53 What is the most effective means of determining how controls are functioning within an operating system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Interview with computer operator
b. Review of software control features and/or parameters
c. Review of operating system manual
d. Interview with product vendor
Câu hỏi 54 Under Role based access control, access rights are grouped by:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Role name
b. Rules
c. Sensitivity label
d. Policy name
Câu hỏi 56 What is the term used to describe a virus that can infect both program files and boot sectors?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Multipartite
b. Polymorphic
c. Multiple encrypting
d. Stealth
Câu hỏi 57 Which state must a computer system operate to process input/output instructions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Stateful inspection
b. Supervisor mode
c. User mode
d. Interprocess communication
Câu hỏi 59 Which of the following security modes of operation involved the highest risk?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Compartmented Security Mode
b. System-High Security Mode
c. Dedicated Security Mode
d. Multilevel Security Mode
Câu hỏi 1 Which of the following files should the security administrator be restricted to READ only access?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Security parameters
b. System log
c. User passwords
d. User profiles
Câu hỏi 2 Access controls that are not based on the policy are characterized as:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Discretionary controls
b. Secret controls
c. Mandatory controls
d. Corrective controls
Câu hỏi 3 What is the main purpose of undertaking a parallel run of a new system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Verify that the system provides required business functionality
b. Provide a backup of the old system
c. Validate the operation of the new system against its predecessor
d. Resolve any errors in the program and file interfaces
Câu hỏi 5 What best describes this scenario? This is a common security issue that is extremely hard to control in large
Đúng environments. It occurs when a user has more computer rights, permissions, and privileges that what is
required for the tasks the user needs to fulfill.
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Rights
b. Excessive Privileges
c. Excessive Access
d. Excessive Permissions
Câu hỏi 7 What is an indirect way to transmit information with no explicit reading of confidential information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Covert channels
b. Timing channels
c. Overt channels
d. Backdoor
Câu hỏi 8 Which situation would TEMPEST risks and technologies be of MOST interest?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Where high availability is vital.
b. Where the consequences of disclose are very high.
c. Where countermeasures are easy to implement
d. Where data base integrity is crucial
Câu hỏi 10 What are the three fundamental principles of security?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Integrity, availability, and accountability
b. Confidentiality, integrity, and availability
c. Availability, accountability, and confidentiality
d. Accountability, confidentiality, and integrity
Câu hỏi 13 Which of the following would constitute the best example of a password to use for access to a system by a
Đúng network administrator?
Câu hỏi 14 If a token and 4-digit personal identification number (PIN) are used to access a computer system and the
Đúng token performs off-line checking for the correct PIN, what type of attack is possible?
Câu hỏi 15 In a change control environment, which one of the following REDUCES the assurance of proper changes to
Đúng source programs in production status?
Câu hỏi 16 What is an example of an individual point of verification in a computerized application?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A boundary protection.
b. A sensitive transaction.
c. An inference check.
d. A check digit.
Câu hỏi 19 What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain
Đúng access to a target computer system?
Câu hỏi 20 By far, the largest security exposure in application system development relates to
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Change control.
b. Errors and lack of training.
c. Deliberate compromise.
d. Maintenance and debugging hooks.
Câu hỏi 21 Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
Đúng incorrect?
Câu hỏi 22 What should you do immediately if the root password is compromised?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Increase the value of password age.
b. Decrease the value of password history.
c. Change the root password.
d. Change all passwords.
Câu hỏi 25 Retinal scans check for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Something you have.
b. Something you know.
c. Something you are.
d. All of the choices.
Câu hỏi 26 What type of subsystem is an application program that operates outside the operating system and carries
Đúng out functions for a group of users, maintains some common data for all users in the group, and protects the
data from improper access by users in the group?
Đạt điểm 1,00 trên
1,00
Select one:
a. Directory subsystem
b. Protected subsystem
c. Prevented subsystem
d. File subsystem
Câu hỏi 27 Which risk management methodology uses the exposure factor multiplied by the asset value to determine its
Đúng outcome?
Câu hỏi 28 A central authority determines what subjects can have access to certain objects based on the organizational
Đúng security policy is called:
Câu hỏi 29 Which of the following is a characteristic of a decision support system (DSS)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. DSS is aimed at solving highly structured problems
b. DSS combines the use of models with non-traditional data access and retrieval functions
c. DSS supports only structured decision-making tasks
d. DSS emphasizes flexibility in the decision making approach of users
Câu hỏi 30 A channel within a computer system or network that is designed for the authorized transfer of information is
Đúng identified as a(n)?
Câu hỏi 31 Which of the following is a communication mechanism that enables direct conversation between two
Đúng applications?
Câu hỏi 32 What is an error called that causes a system to be vulnerable because of the environment in which it is
Đúng installed?
Câu hỏi 34 Which of the following is a 5th Generation Language?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Assembly
b. LISP
c. BASIC
d. NATURAL
Câu hỏi 35 Which of the following is a facial feature identification product that can employ artificial intelligence and can
Đúng require the system to learn from experience?
Câu hỏi 36 A periodic review of user account management should not determine:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Conformity with the concept of least privilege
b. Whether active accounts are still being used
c. Strength of user-chosen passwords
d. Whether management authorizations are up-to-date
Câu hỏi 37 Who is responsible for setting user clearances to computer-based information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Security administrators
b. Data owners
c. Operators
d. Data custodians
Câu hỏi 39 To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These
Đúng rules are:
Câu hỏi 40 With Rule Based Security Policy, global rules usually rely on comparison of the _____ of the resource being
Đúng accessed.
Câu hỏi 41 Which of the following is an important part of database design that ensures that attributes in a table depend
Đúng only on the primary key?
Câu hỏi 42 Which of the following are measures against password sniffing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords must not be sent through email in plain text.
b. You may store passwords electronically if it is encrypted.
c. Passwords must not be stored in plain text on any electronic media.
d. All of the choices
Câu hỏi 43 Which of the following correctly describe the difference between identification and authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Identification is the child process of authentication.
b. Identification is a means to verify who you are, while authentication is what you are
authorized to perform.
c. Authentication is a means to verify who you are, while identification is what you are
authorized to perform.
d. Identification is another name of authentication.
Câu hỏi 44 An access control policy for a bank teller is an example of the implementation of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. user-based policy
b. identity-based policy
c. rule-based policy
d. role-based policy
Câu hỏi 46 Which of the following is not used as a cost estimating technique during the project planning stage?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Delphi technique
b. Program Evaluation Review Technique (PERT) charts
c. Expert Judgment
d. Function points (FP)
Câu hỏi 47 Why are macro viruses easy to write?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Only a few assembler instructions are needed to do damage.
b. Office templates are fully API compliant.
c. Active contents controls can make direct system calls
d. The underlying language is simple and intuitive to apply.
Câu hỏi 48 With mandatory access control (MAC), who may NOT make decisions that derive from policy?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. The administrator.
b. All users except the administrator.
c. The guests.
d. All users
e. The power users.
Câu hỏi 49 Discretionary access control (DAC) and mandatory access control (MAC) policies can be effectively replaced
Đúng by:
Câu hỏi 50 Why would a 16 characters password not desirable?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices.
b. Hard to remember
c. Offers numerous characters.
d. Difficult to crack using brute force.
Câu hỏi 52 Under discretionary access control (DAC), a subjects rights must be _____ when it leaves an organization
Đúng altogether.
Câu hỏi 53 Which of the following will you consider as most secure?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. One time password
b. Login phrase
c. Login ID
d. Password
Câu hỏi 54 What is one advantage of deploying Role based access control in large networked applications?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. User friendliness
b. Higher security
c. Lower cost
d. Higher bandwidth
Câu hỏi 55 What is a PRIMARY reason for designing the security kernel to be as small as possible?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. System performance and execution are enhanced.
b. Changes to the kernel are not required as frequently.
c. The operating system cannot be easily penetrated by users.
d. Due to its compactness, the kernel is easier to formally verify.
Câu hỏi 56 Which one of the following is the MAIN goal of a security awareness program when addressing senior
Đúng management?
Câu hỏi 57 Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a
Đúng system?
Câu hỏi 58 With _____, access decisions are based on the roles that individual users have as part of an organization.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Rule based access control
b. Token based access control
c. Role based access control
d. Server based access control
Câu hỏi 59 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00 trên
1,00
Select one:
a. The IDEAL Model
b. The total Quality Model (TQM)
c. The Spiral Model
d. The Software Capability Maturity Model
Câu hỏi 60 A department manager has read access to the salaries of the employees in his/her department but not to the
Đúng salaries of employees in other departments. A database security mechanism that enforces this policy would
typically be said to provide which of the
Đạt điểm 1,00 trên
1,00
Select one:
a. context-dependent access control
b. least privileges access control
c. ownership-based access control
d. content-dependent access control
Introduction to Information Security
Bắt đầu vào lúc Saturday, 16 April 2022, 9:50 PM
State Finished
Kết thúc lúc Saturday, 16 April 2022, 10:05 PM
Thời gian thực hiện 15 phút 16 giây
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 Which one of the following entails immediately transmitting copies of on-line transactions to a remote
Đúng computer facility for backup?
Câu hỏi 2 Which one of the following properties of a transaction processing system ensures that once a transaction
Đúng completes successfully (commits), the update service even if there is a system failure?
Câu hỏi 4 What control is based on a specific profile for each user?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lattice based access control.
b. ID based access control.
c. Directory based access control.
d. Rule based access control.
Câu hỏi 5 What represents the amount of time you hold down in a particular key?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Systems time
b. Dynamic time
c. Flight time
d. Dwell time
Câu hỏi 7 Which of the following can be defined as the set of allowable values that an attribute can take?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. domains, in database of a relation
b. domain analysis of a relation
c. domain name service of a relation
d. domain of a relation
Câu hỏi 8 Which of the following defines the intent of a system security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A listing of tools and applications that will be used to protect the system.
b. A definition of those items that must be excluded on the system.
c. A definition of the particular settings that have been determined to provide optimum
security.
d. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
Câu hỏi 11 Which of the following statements pertaining to the trusted computing base (TCB) is false?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A higher TCB rating will require that details of their testing procedures and
documentation be reviewed with more granularity
b. It includes hardware, firmware, and software
c. It addresses the level of security a system provides
Câu hỏi 13 An active content module, which attempts to monopolize and exploits system resources is called a
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Macro virus
b. Plug-in worm
c. Hostile applet
d. Cookie
Câu hỏi 14 Which one of the following is a characteristic of a penetration testing project?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The project is open-ended until all known vulnerabilities are identified.
b. The project tasks are to break into a targeted system.
c. The project plan is reviewed with the target audience.
d. The project schedule is plotted to produce a critical path.
Câu hỏi 16 Which access control model enables the owner of the resource to specify what subjects can access specific
Đúng resources?
Câu hỏi 20 Which of the following is NOT a system-sensing wireless proximity card?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. magnetically striped card
b. field-powered device
c. passive device
d. transponder
Câu hỏi 22 Which of the following is the most secure way to distribute password?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Employees must send in an email before obtaining a password.
b. None of the choices.
c. Employees must send in a signed email before obtaining a password.
d. Employees must show up in person and present proper identification before obtaining a
password.
Câu hỏi 23 Which of the following is NOT a good password deployment guideline?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password must be easy to memorize.
b. Passwords must be changed at least once every 60 days, depending on your
environment.
c. Passwords must not be he same as user id or login id.
d. Password aging must be enforced on all systems.
Câu hỏi 25 Programmed procedures which ensure that valid transactions are processed accurately and only once in the
Đúng current timescale are referred to as
Câu hỏi 26 What type of authentication takes advantage of an individuals unique physical characteristics in order to
Đúng authenticate that persons identity?
Câu hỏi 28 Under (Mandatory Access Control) MAC, who can change the category of a resource?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All managers.
b. All users.
c. Administrators only.
Câu hỏi 29 When considering the IT Development Life-Cycle, security should be:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Add once the design is completed.
b. Mostly considered during the initiation phase.
c. Treated as an integral part of the overall system design.
d. Mostly considered during the development phase.
Câu hỏi 30 Which of the following can be used to protect your system against brute force password attack?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. After three unsuccessful attempts to enter a password, the account will be locked.
b. Employees must send in a signed email before obtaining a password.
c. Increase the value of password age.
d. Decrease the value of password history.
Câu hỏi 33 Most computer attacks result in violation of which of the following security properties?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Integrity and control
b. All of the choices
c. Availability
d. Confidentiality
Câu hỏi 35 Information security is the protection of data. Information will be protected mainly based on:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Its confidentiality.
b. All of the choices.
c. Its sensitivity to the company.
d. Its value.
Câu hỏi 36 Which of the following are the correct guidelines of password deployment?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices.
b. Passwords must be masked.
c. Password must have a minimum of 8 characters.
d. Password must contain a mix of both alphabetic and non-alphabetic characters.
Câu hỏi 37 Which one of the following should NOT be contained within a computer policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Responsibilities of individuals and groups for protected information
b. Statement of senior executive support
c. Definition of management expectations
d. Definition of legal and regulatory controls
Câu hỏi 40 To ensure integrity, a payroll application program may record transactions in the appropriate accounting
Đúng period by using
Câu hỏi 42 In order to avoid mishandling of media or information, you should consider using:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Labeling
b. Ticket
c. Token
Câu hỏi 43 Which of the following correctly describe “good” security practice?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. You should ensure that there are no accounts without passwords.
b. Accounts should be monitored regularly.
c. All of the choices.
d. You should have a procedure in place to verify password strength.
Câu hỏi 44 Which one of the following is the PRIMARY objective of penetration testing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Detection
b. Correction
c. Assessment
d. Protection
Câu hỏi 46 Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant
Đúng advantage?
Câu hỏi 47 Which one of the following is the MOST critical characteristic of a biometrics system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Acceptability
b. Accuracy
c. Throughput
d. Reliability
Câu hỏi 49 A common Limitation of information classification systems is the INABILITY to ____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Limit the number of classifications.
b. Establish information ownership.
c. Generate internal labels on diskettes.
d. Declassify information when appropriate.
Câu hỏi 50 Which of the following defines the software that maintains and provides access to the database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. database identification system (DBIS)
b. Interface Definition Language system (IDLS)
c. database management system (DBMS)
d. relational database management systems (RDBMS)
Câu hỏi 52 With Rule Based Security Policy, a security policy is based on:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Local rules imposed for some users.
b. Global rules imposed for only the local users.
c. Global rules imposed for no body.
d. Global rules imposed for all users.
Câu hỏi 53 Which of the following is most relevant to determining the maximum effective cost of access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The cost to replace lost data.
b. Budget planning related to base versus incremental spending.
c. Management’s perceptions regarding data importance
d. The value of information that is protected
Câu hỏi 55 Which of the following will you consider as a “role” under a role based access control system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Bank network
b. Bank rules
c. Bank computer
d. Bank teller
Câu hỏi 56 Which of the following describes the major disadvantage of many SSO implementations?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Once a user obtains access to the system through the initial log-on, they only need to
logon to some applications.
b. The initial logon process is cumbersome to discourage potential intruders
c. Once a user obtains access to the system through the initial log-on, he has to logout
from all other systems
d. Once a user obtains access to the system through the initial log-on they can freely roam
the network resources without any restrictions
Câu hỏi 58 You may describe Mandatory Access Control (MAC) as:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Permissive
b. Opportunistic
c. Prohibitive
Câu hỏi 59 Which one of the following risk analysis terms characterizes the absence or weakness of a risk reducing
Đúng safeguard?
Câu hỏi 2 What are the valid types of one time password generator?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices.
b. Asynchronous/PIN asynchronous
c. Synchronous/PIN synchronous
d. Transaction synchronous
Câu hỏi 4 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00 trên
1,00
Select one:
a. The IDEAL Model
b. The Spiral Model
c. The Software Capability Maturity Model
d. The total Quality Model (TQM)
Câu hỏi 5 What is called a type of access control where a central authority determines what subjects can have access to
Đúng certain objects, based on the organizational security policy?
Câu hỏi 8 Which of the following computer design approaches is based on the fact that in earlier technologies, the
Đúng instruction fetch was the longest part of the cycle?
Câu hỏi 10 What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The subject’s sensitivity label must dominate the object’s sensitivity label
b. The subject’s sensitivity label subordinates the object’s sensitivity label
c. The subject’s sensitivity label is dominated by the object’s sensitivity label
d. The subject’s sensitivity label is subordinated by the object’s sensitivity label
Câu hỏi 13 Which of the following methods is more microscopic and will analyze the direction of the ridges of the
Đúng fingerprints for matching?
Câu hỏi 14 Which of the following is not a media viability control used to protect the viability of data storage media?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. handling
b. storage
c. marking
d. clearing
Câu hỏi 16 Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a
Đúng network entity to verify both
Câu hỏi 17 Which must bear the primary responsibility for determining the level of protection needed for information
Đúng systems resources?
Câu hỏi 20 Which one of the following is the MOST crucial link in the computer security chain?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. People
b. Management
c. Access Controls
d. Awareness programs
Câu hỏi 22 What type of attacks occurs when a smart card is operating under normal physical conditions, but sensitive
Đúng information is gained by examining the bytes going to and from the smart card?
Câu hỏi 23 Risk analysis is MOST useful when applied during which phase of the system development process?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Project identification
b. Requirements definition
c. Implementation planning
d. System construction
Câu hỏi 25 Which one of the following is commonly used for retrofitting multilevel security to a Database Management
Đúng System?
Câu hỏi 26 Normalizing data within a database includes all of the following except which?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Eliminating duplicate key fields by putting them into separate tables
b. Eliminating attributes in a table that are not dependent on the primary key of that table
c. Eliminating repeating groups by putting them into separate tables
d. Eliminating redundant data
Câu hỏi 28 Which of the following would best describe the difference between white-box testing and black-box testing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. White-box testing is performed by an independent programmer team
b. Black-box testing uses the bottom-up approach
c. Black-box testing involves the business units
d. White-box testing examines the program internal logical structure
Câu hỏi 29 What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive
Đúng information on the smartcard?
Câu hỏi 34 What type of password makes use of two totally unrelated words?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Login phrase
b. Login ID
c. One time password
d. Composition
Câu hỏi 35 Which of the following is a feature of the Rule based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The use of profile.
b. The use of data flow diagram.
c. The use of information flow label.
d. The use of token.
Câu hỏi 37 Which of the following attacks could be the most successful when the security technology is properly
Đúng implemented and configured?
Câu hỏi 40 Which of the following could illegally capture network user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Spoofing
b. Smurfing
c. Sniffing
d. Data diddling
Câu hỏi 44 The access matrix model has which of the following common implementations?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Access control lists and capabilities.
b. Access control list and availability.
c. Capabilities
d. Access control lists.
Câu hỏi 46 What is known as decoy system designed to lure a potential attacker away from critical systems?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Vulnerability Analysis Systems
b. Padded Cells
c. File Integrity Checker
d. Honey Pots
Câu hỏi 47 Which one of the following traits allows macro viruses to spread more effectively than other types?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. They can be transported between different operating systems.
b. They spread in distributed systems without detection
c. They infect macro systems as well as micro computers.
d. They attach to executable and batch applications.
Câu hỏi 50 When conducting a risk assessment, which one of the following is NOT an acceptable social engineering
Đúng practice?
Câu hỏi 52 Which of the following would be the most serious risk where a systems development life cycle methodology
Đúng is inadequate?
Câu hỏi 53 Which of the following computer crime is more often associated with insiders?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Denial of Service (DOS)
b. Password sniffing
c. IP spoofing
d. Data diddling
Câu hỏi 54 With Discretionary access controls, who determines who has access and what privilege they have?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Resource owners.
b. End users.
c. Only the administrators.
Câu hỏi 57 Which of the following refers to the number of columns in a relation?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. degree
b. depth
c. breadth
d. cardinality
Câu hỏi 59 Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Administrators only.
b. All users.
c. All managers.
d. None of the choices.
Câu hỏi 60 A feature deliberately implemented in an operating system as a trap for intruders is called a:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Trojan horse
b. Pseudo flaw
c. Trap door
d. Logic bomb
Câu hỏi 1 Programmed procedures which ensure that valid transactions are processed accurately and only once in the
Sai current timescale are referred to as
Câu hỏi 3 Attacks on smartcards generally fall into what categories?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Trojan Horse attacks.
b. Social Engineering attacks.
c. All of the choices
d. Physical attacks.
e. Logical attacks.
Câu hỏi 4 What type of attacks occurs when a smart card is operating under normal physical conditions, but sensitive
Đúng information is gained by examining the bytes going to and from the smart card?
Câu hỏi 6 This is a common security issue that is extremely hard to control in large environments. It occurs when a user
Đúng has more computer rights, permissions, and privileges than what is required for the tasks the user needs to
fulfill. What best describes this scenario?
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Access
b. Excessive Rights
c. Excessive Permissions
d. Excessive Privileges
Câu hỏi 7 The alternate processing strategy in a business continuity plan can provide for required backup computing
Đúng capacity through a hot site, a cold site, or
Câu hỏi 8 Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The attacker must have write access to the password file.
b. The attacker must have access to the target system.
c. The attacker must know the password encryption mechanism and key variable.
d. The attacker must have read access to the password file.
Câu hỏi 9 Under the mandatory access control (MAC) control system, what is required?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Labeling
b. Performance monitoring
c. Sensing
Câu hỏi 11 Which of the following is an advantage of a qualitative over quantitative risk analysis?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It provides specific quantifiable measurements of the magnitude of the impacts.
b. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
c. It makes cost-benefit analysis of recommended controls easier.
Câu hỏi 12 Which one of the following entails immediately transmitting copies of on-line transactions to a remote
Đúng computer facility for backup?
Câu hỏi 14 What is called the verification that the user’s claimed identity is valid and is usually implemented through a
Đúng user password at log-on time?
Câu hỏi 15 With _____, access decisions are based on the roles that individual users have as part of an organization.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Rule based access control
b. Role based access control
c. Server based access control
d. Token based access control
Câu hỏi 16 Which of the following does not address Database Management Systems (DBMS) Security?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Padded Cells
b. Partitioning
c. Cell suppression
d. Perturbation
Câu hỏi 17 Which one of the following BEST describes a password cracker?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A program that provides software registration passwords or keys.
b. A program that obtains privileged access to the system.
c. A program that performs comparative analysis.
d. A program that can locate and read a password file.
Câu hỏi 19 Which of the following attacks could be the most successful when the security technology is properly
Đúng implemented and configured?
Câu hỏi 20 When considering the IT Development Life-Cycle, security should be:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mostly considered during the development phase.
b. Add once the design is completed.
c. Treated as an integral part of the overall system design.
d. Mostly considered during the initiation phase.
Câu hỏi 21 Which of the following forms of authentication would most likely apply a digital signature algorithm to every
Đúng bit of data that is sent from the claimant to the verifier?
Câu hỏi 22 Ensuring the integrity of business information is the PRIMARY concern of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Logical Security
b. Procedural Security
c. Encryption Security
d. On-line Security
Câu hỏi 23 What was introduced for circumventing difficulties in classic approaches to computer security by limiting
Đúng damages produced by malicious programs?
Câu hỏi 25 In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. These factors include the enrollment time, the throughput rate, and acceptability.
b. These factors include the enrollment time and the throughput rate, but not acceptability.
c. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
d. These factors do not include the enrollment time, the throughput rate, and acceptability.
Câu hỏi 26 A security policy would include all of the following EXCEPT _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Enforcement
b. Scope statement
c. Audit Requirements
d. Background
Câu hỏi 27 Which of the following would be the most serious risk where a systems development life cycle methodology
Đúng is inadequate?
Câu hỏi 28 Which of the following is a disadvantage of a memory only card?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. High cost to develop
b. High cost to operate
c. Physically infeasible
d. Easy to counterfeit
Câu hỏi 29 Which of the following measures would be the BEST deterrent to the theft of corporate information from a
Đúng laptop which was left in a hotel room?
Câu hỏi 30 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are
Đúng more suited to which of the following?
Câu hỏi 31 Which of the following are measures against password sniffing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords must not be stored in plain text on any electronic media.
b. All of the choices
c. Passwords must not be sent through email in plain text.
d. You may store passwords electronically if it is encrypted.
Câu hỏi 32 Which one of the following is a good defense against worms?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Limiting connectivity by means of well-managed access controls.
b. Keeping data objects small, simple, and obvious as to their intent.
c. Placing limits on sharing, writing, and executing programs.
d. Differentiating systems along the lines exploited by the attack.
Câu hỏi 34 The technique of skimming small amounts of money from multiple transactions is called the _____?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Scavenger technique
b. Leakage technique
c. Salami technique
d. Synchronous attack technique
Câu hỏi 35 Which of the following are the correct guidelines of password deployment?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords must be masked.
b. Password must have a minimum of 8 characters.
c. Password must contain a mix of both alphabetic and non-alphabetic characters.
d. All of the choices.
Câu hỏi 36 Which of the following is the correct account policy you should follow?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. All active accounts must have a password.
b. All inactive accounts must have a password.
c. All of the choices.
d. All active accounts must have a long and complex pass phrase.
Câu hỏi 37 Which one of the following describes a reference monitor?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Audit concept that refers to monitoring and recording of all accesses to objects by
subjects.
b. Access control concept that refers to an abstract machine that mediates all accesses to
objects by subjects.
c. Network control concept that distributes the authorization of subject accesses to
objects.
d. Identification concept that refers to the comparison of material supplied by a user with
its reference profile.
Câu hỏi 38 What is the term used to describe a virus that can infect both program files and boot sectors?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Multipartite
b. Polymorphic
c. Stealth
d. Multiple encrypting
Câu hỏi 39 Which of the following is an advantage of using a high-level programming language?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. It allows programmers to define syntax
b. It requires programmer-controlled storage management
c. It enforces coding standards
d. It decreases the total amount of code writers
Câu hỏi 40 What is it called when a computer uses more than one CPU in parallel to execute instructions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Multiprocessing
b. Multitasking
c. Parallel running
d. Multithreading
Câu hỏi 41 What access control methodology facilitates frequent changes to data permissions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Role-based
b. Rule-based
c. List-based
d. Ticket-based
Câu hỏi 42 With Discretionary access controls, who determines who has access and what privilege they have?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Resource owners.
b. End users.
c. Only the administrators.
Câu hỏi 43 In a discretionary mode, which of the following entities is authorized to grant information access to other
Sai people?
Câu hỏi 45 Which of the following represent the rows of the table in a relational database?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. record retention
b. records or tuples
c. relation
d. attributes
Câu hỏi 47 Which one of the following tests determines whether the content of data within an application program falls
Sai within predetermined limits?
Câu hỏi 48 To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the
Sai following can be implemented to mitigate the risks on a corporate network?
Câu hỏi 49 Who is the individual permitted to add users or install trusted programs?
Không trả lời
Select one:
Đạt điểm 1,00
a. Security Administrator
b. Computer Manager
c. Database Administrator
d. Operations Manager
Câu hỏi 50 Which of the following computer design approaches is based on the fact that in earlier technologies, the
Không trả lời instruction fetch was the longest part of the cycle?
Câu hỏi 51 Under Role based access control, access rights are grouped by:
Không trả lời
Select one:
Đạt điểm 1,00
a. Policy name
b. Sensitivity label
c. Rules
d. Role name
Câu hỏi 52 The Trusted Computer Security Evaluation Criteria (TBSEC) provides
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. a means of restricting access to objects based on the identity of subjects and groups to
which they belong.
b. a system analysis and penetration technique where specifications and document for the
system are analyzed.
c. a formal static transition model of computer security policy that describes a set of access
control rules.
d. a basis for assessing the effectiveness of security controls built into automatic data-
processing system products
Câu hỏi 53 Under mandatory access control (MAC), a file is a(n):
Không trả lời
Select one:
Đạt điểm 1,00
a. Subject
b. Sensitivity
c. Object
d. Privilege
Câu hỏi 56 Which of the following biometric parameters are better suited for authentication use over a long period of
Đúng time?
Câu hỏi 57 Which of the following can be defined as the set of allowable values that an attribute can take?
Không trả lời
Select one:
Đạt điểm 1,00
a. domain of a relation
b. domain name service of a relation
c. domains, in database of a relation
d. domain analysis of a relation
Câu hỏi 58 In terms of the order of acceptance, which of the following technologies is the MOST accepted?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Hand geometry
b. Voice Pattern
c. Signature
d. Keystroke pattern
Câu hỏi 59 Which level of “least privilege” enables operators the right to modify data directly in it’s original location, in
Không trả lời addition to data copied from the original location?
Câu hỏi 60 What is an effective countermeasure against Trojan horse attack that targets smart cards?
Không trả lời
Select one:
Đạt điểm 1,00
a. Fingerprint driver architecture.
b. Singe-access device driver architecture.
c. Handprint driver architecture.
Introduction to Information Security
Bắt đầu vào lúc Thursday, 14 April 2022, 10:59 PM
State Finished
Kết thúc lúc Thursday, 14 April 2022, 11:29 PM
Thời gian thực hiện 30 phút 1 giây
Điểm 42,00/60,00
Điểm 7,00 out of 10,00 (70%)
Câu hỏi 2 Which of the following questions is less likely to help in assessing controls over hardware and software
Đúng maintenance?
Câu hỏi 3 All of the following are basic components of a security policy EXCEPT the _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. statement of applicability and compliance requirements.
b. definition of the issue and statement of relevant terms.
c. statement of performance of characteristics and requirements.
d. statement of roles and responsibilities
Câu hỏi 4 Which one of the following is a security issue related to aggregation in a database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Polyinstantiation
b. Data swapping
c. Inference
d. Partitioning
Câu hỏi 5 Which of the following are the types of eye scan in use today?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Retinal scans and iris scans.
b. Reflective scans and iris scans.
c. Retinal scans and reflective scans.
d. Retinal scans and body scans.
Câu hỏi 6 What security risk does a covert channel create?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It bypasses the reference monitor functions.
b. A process can signal information to another process.
c. Data can be disclosed by inference.
d. A user can send data to another user.
Câu hỏi 7 Access controls that are not based on the policy are characterized as:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Discretionary controls
b. Secret controls
c. Corrective controls
d. Mandatory controls
Câu hỏi 8 Which of the following focuses on the basic features and architecture of a system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Operational assurance
b. Covert channel assurance
c. Life cycle assurance
Câu hỏi 9 What security model implies a central authority that determines what subjects can have access to what
Đúng objects?
Câu hỏi 11 With mandatory access control (MAC), who may NOT make decisions that derive from policy?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. All users except the administrator.
b. The power users.
c. The administrator.
d. The guests.
e. All users
Câu hỏi 12 Which of the following offers advantages such as the ability to use stronger passwords, easier password
Đúng administration, and faster resource access?
Câu hỏi 13 Which of the following are objectives of an information systems security program?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Authenticity, vulnerabilities, and costs
b. Threats, vulnerabilities, and risks
c. Security, information value, and threats
d. Integrity, confidentiality, and availability
Câu hỏi 14 Removing unnecessary processes, segregating inter-process communications, and reducing executing
Đúng privileges to increase system security is commonly called
Câu hỏi 16 Which of the following is not used as a cost estimating technique during the project planning stage?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Expert Judgment
b. Delphi technique
c. Program Evaluation Review Technique (PERT) charts
d. Function points (FP)
Câu hỏi 18 Which of the following are the advantages of using passphrase?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices
b. Offers numerous characters.
c. Difficult to crack using brute force.
d. Easier to remember.
Câu hỏi 19 With non-continuous backup systems, data that was entered after the last backup prior to a system crash will
Đúng have to be:
Câu hỏi 20 Which of the following factors may render a token based solution unusable?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Battery lifespan
b. Token length
c. Card size
d. None of the choices.
Câu hỏi 22 Which of the following centralized access control mechanisms is not appropriate for mobile workers access
Đúng the corporate network over analog lines?
Câu hỏi 23 Which of the following is a characteristic of a decision support system (DSS)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. DSS supports only structured decision-making tasks
b. DSS is aimed at solving highly structured problems
c. DSS emphasizes flexibility in the decision making approach of users
d. DSS combines the use of models with non-traditional data access and retrieval functions
Câu hỏi 24 Which model, based on the premise that the quality of a software product is a direct function of the quality
Đúng of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00 trên
1,00
Select one:
a. The Software Capability Maturity Model
b. The Spiral Model
c. The IDEAL Model
d. The total Quality Model (TQM)
Câu hỏi 25 The default level of security established for access controls should be
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. No access
b. Read access
c. Update access
d. All access
Câu hỏi 26 Which of the following is NOT a system-sensing wireless proximity card?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. transponder
b. magnetically striped card
c. passive device
d. field-powered device
Câu hỏi 28 Which of the following can be used to protect your system against brute force password attack?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Increase the value of password age.
b. After three unsuccessful attempts to enter a password, the account will be locked.
c. Employees must send in a signed email before obtaining a password.
d. Decrease the value of password history.
Câu hỏi 29 Discretionary access control (DAC) are characterized by many organizations as:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Need-to-know controls
b. Preventive controls
c. Mandatory adjustable controls
Câu hỏi 30 What type of authentication takes advantage of an individuals unique physical characteristics in order to
Đúng authenticate that persons identity?
Câu hỏi 31 Which of the following refers to the number of rows in a relation?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. breadth
b. degree
c. cardinality
d. depth
Câu hỏi 35 What should a company do first when disposing of personal computers that once were used to store
Đúng confidential data?
Câu hỏi 36 Which of the following rules is less likely to support the concept of least privilege?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The number of administrative accounts should be kept to a minimum
b. Administrators should use regular accounts when performing routing operations like
reading mail
c. Only data to and from critical systems and applications should be allowed through the
firewall
d. Permissions on tools that are likely to be used by hackers should be as restrictive as
possible
Câu hỏi 37 Which of the following is the marriage of object-oriented and relational technologies combining the
Đúng attributes of both?
Câu hỏi 38 Which of the following choices is NOT part of a security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Statement of management intend, supporting the goals and principles of information
security
b. Definition of general and specific responsibilities for information security management
c. Definition of overall steps of information security and the importance of security
d. Description of specific technologies used in the field of information security
Câu hỏi 39 The security planning process must define how security will be managed, who will be responsible,
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. What impact security will have on the intrinsic value of data.
b. Who practices are reasonable and prudent for the enterprise.
c. How security measures will be tested for effectiveness.
d. Who will work in the security department.
Câu hỏi 40 Macro viruses written in Visual Basic for Applications (VBA) are a major problem because
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. These viruses almost exclusively affect the operating system.
b. These viruses can infect many types of environments.
c. Floppy disks can propagate such viruses.
d. Anti-virus software is usable to remove the viral code.
Câu hỏi 41 You may describe Mandatory Access Control (MAC) as:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Prohibitive
b. Permissive
c. Opportunistic
Câu hỏi 43 Which of the following will you consider as a “role” under a role based access control system?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Bank rules
b. Bank teller
c. Bank network
d. Bank computer
Câu hỏi 44 Which one of the following addresses the protection of computers and components from electromagnetic
Sai emissions?
Câu hỏi 45 Which of the following is NOT a good password deployment guideline?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password aging must be enforced on all systems.
b. Passwords must not be he same as user id or login id.
c. Password must be easy to memorize.
d. Passwords must be changed at least once every 60 days, depending on your
environment.
Câu hỏi 46 Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Why is it to be done.
b. What is to be done.
c. Who is to do it.
d. When it is to be done.
Câu hỏi 48 With Rule Based Security Policy, a security policy is based on:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Local rules imposed for some users.
b. Global rules imposed for only the local users.
c. Global rules imposed for no body.
d. Global rules imposed for all users.
Câu hỏi 49 Which of the following is best defined as a mode of system termination that automatically leaves system
Sai processes and components in a secure state when a failure occurs or is detected in the system?
Câu hỏi 51 Which one of the following is an example of electronic piggybacking?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Following an authorized user into the computer room.
b. Recording and playing back computer transactions.
c. Attaching to a communications line and substituting data.
d. Abruptly terminating a dial-up or direct-connect session.
Câu hỏi 52 Which of the following statements pertaining to software testing approaches is correct?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A bottom-up approach allows interface errors to be detected earlier
b. Black box testing is predicated on a close examination of procedural detail
c. The test plan and results should be retained as part of the system’s permanent
documentation
d. A top-down approach allows errors in critical modules to be detected earlier
Câu hỏi 53 Under discretionary access control (DAC), a subjects rights must be _____ when it leaves an organization
Đúng altogether.
Câu hỏi 54 Which of the following does not apply to system-generated passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords are harder to remember for users
b. Passwords are harder to guess for attackers
c. Passwords are more vulnerable to brute force and dictionary attacks.
d. If the password-generating algorithm gets to be known, the entire system is in jeopardy
Câu hỏi 55 Which of the following would best describe the difference between white-box testing and black-box testing?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Black-box testing uses the bottom-up approach
b. White-box testing examines the program internal logical structure
c. Black-box testing involves the business units
d. White-box testing is performed by an independent programmer team
Câu hỏi 56 What is the essential difference between a self-audit and an independent audit?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Tools used
b. Competence
c. Objectivity
d. Results
Câu hỏi 57 Which factor is critical in all systems to protect data integrity?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Data classification
b. Information ownership
c. Change control
d. System design
Câu hỏi 58 Which of the following eye scan methods is considered to be more intrusive?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Reflective scans
b. Retinal scans
c. Iris scans
d. Body scans
Câu hỏi 59 To ensure integrity, a payroll application program may record transactions in the appropriate accounting
Sai period by using
Câu hỏi 60 Which of the following questions is less likely to help in assessing physical and environmental protection?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Are entry codes changed periodically?
b. Are appropriate fire suppression and prevention devices installed and working?
c. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
d. Is physical access to data transmission lines controlled?
Introduction to Information Security
Bắt đầu vào lúc Thursday, 24 March 2022, 10:41 AM
State Finished
Kết thúc lúc Thursday, 24 March 2022, 10:56 AM
Thời gian thực hiện 15 phút 28 giây
Điểm 57,00/60,00
Điểm 9,50 out of 10,00 (95%)
Câu hỏi 1 Who should determine the appropriate access control of information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Administrator
b. Server
c. User
d. Owner
Câu hỏi 2 Most computer attacks result in violation of which of the following security properties?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Confidentiality
b. Integrity and control
c. All of the choices
d. Availability
Câu hỏi 3 What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The subject’s sensitivity label must dominate the object’s sensitivity label
b. The subject’s sensitivity label is dominated by the object’s sensitivity label
c. The subject’s sensitivity label subordinates the object’s sensitivity label
d. The subject’s sensitivity label is subordinated by the object’s sensitivity label
Câu hỏi 5 Which of the following choices is NOT part of a security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Definition of overall steps of information security and the importance of security
b. Description of specific technologies used in the field of information security
c. Definition of general and specific responsibilities for information security management
d. Statement of management intend, supporting the goals and principles of information
security
Câu hỏi 6 Organizations develop change control procedures to ensure that _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Management is advised of changes made to systems.
b. All changes are requested, scheduled, and completed on time.
c. All changes are authorized, tested, and recorded.
d. Changes are controlled by the Policy Control Board (PCB).
Câu hỏi 9 Which of the following will you consider as the MOST secure way of authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Ticket Granting
b. Biometric
c. Token
d. Password
Câu hỏi 11 Which one of the following is the MOST critical characteristic of a biometrics system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Accuracy
b. Reliability
c. Throughput
d. Acceptability
Câu hỏi 12 In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. These factors include the enrollment time and the throughput rate, but not acceptability.
b. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
c. These factors do not include the enrollment time, the throughput rate, and acceptability.
d. These factors include the enrollment time, the throughput rate, and acceptability.
Câu hỏi 15 When conducting a risk assessment, which one of the following is NOT an acceptable social engineering
Đúng practice?
Câu hỏi 18 What is an error called that causes a system to be vulnerable because of the environment in which it is
Đúng installed?
Câu hỏi 20 Which of the following tools can you use to assess your networks vulnerability?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. ISS
b. Ballista
c. All of the choices
d. SATAN
Câu hỏi 21 The Common Criteria construct which allows prospective consumers or developers to create standardized
Sai sets of security requirements to meet there needs is
Câu hỏi 23 According to Common Criteria, what can be described as an intermediate combination of security
Đúng requirement components?
Câu hỏi 24 Which one of the following is the MOST crucial link in the computer security chain?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. People
b. Management
c. Access Controls
d. Awareness programs
Câu hỏi 26 Which risk management methodology uses the exposure factor multiplied by the asset value to determine its
Đúng outcome?
Câu hỏi 27 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Accreditation
b. Acceptance
c. Certification
d. Evaluation
Câu hỏi 29 A central authority determines what subjects can have access to certain objects based on the organizational
Sai security policy is called:
Câu hỏi 32 What was introduced for circumventing difficulties in classic approaches to computer security by limiting
Đúng damages produced by malicious programs?
Câu hỏi 35 Which of the following statements pertaining to the trusted computing base (TCB) is false?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It includes hardware, firmware, and software
b. It addresses the level of security a system provides
c. A higher TCB rating will require that details of their testing procedures and
documentation be reviewed with more granularity
Câu hỏi 36 The Common Criteria (CC) represents requirements for IT security of a product or system under which
Đúng distinct categories?
Câu hỏi 41 What physical characteristics does a retinal scan biometric device measure?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The pattern of blood vessels at the back of the eye
b. The amount of light reaching the retina
c. The size, curvature, and shape of the retina
d. The amount of light reflected by the retina
Câu hỏi 42 Qualitative loss resulting from the business interruption does not include:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Loss of revenue
b. Loss of public confidence and credibility
c. Loss of competitive advantage or market share
d. Public embarrassment
Câu hỏi 44 The access matrix model consists of which of the following parts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A list of subjects.
b. A list of objects.
c. All of the choices
d. A function that returns an objects type.
Câu hỏi 45 Which of the following questions is less likely to help in assessing physical and environmental protection?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Is physical access to data transmission lines controlled?
b. Are appropriate fire suppression and prevention devices installed and working?
c. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
d. Are entry codes changed periodically?
Câu hỏi 47 Which one of the following is the MAIN goal of a security awareness program when addressing senior
Đúng management?
Câu hỏi 48 Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Host-based IDS systems
b. Network-based IDS systems
c. General purpose operating systems
d. Routers and firewalls
Câu hỏi 50 An access control policy for a bank teller is an example of the implementation of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. role-based policy
b. identity-based policy
c. user-based policy
d. rule-based policy
Câu hỏi 51 How are memory cards and smart cards different?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Memory cards normally hold more memory than smart cards
b. Smart cards provide a two-factor authentication whereas memory cards don’t
c. Memory cards have no processing power
d. Only smart cards can be used for ATM cards
Câu hỏi 53 Which of the following ensures that security is not breached when a system crash or other system failure
Đúng occurs?
Câu hỏi 54 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. disclosure
b. disaster
c. closure
d. disposal
Câu hỏi 56 Which must bear the primary responsibility for determining the level of protection needed for information
Đúng systems resources?
Câu hỏi 57 Which security model introduces access to objects only through programs?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The Bell-LaPadula model
b. The Clark-Wilson model
c. The information flow model
d. The Biba model
Câu hỏi 59 In terms of the order of acceptance, which of the following technologies is the MOST accepted?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Signature
b. Keystroke pattern
c. Voice Pattern
d. Hand geometry
Câu hỏi 60 Which of the following addresses cumbersome situations where users need to log on multiple times to
Đúng access different resources?
Câu hỏi 1 What access control methodology facilitates frequent changes to data permissions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Rule-based
b. Role-based
c. List-based
d. Ticket-based
Câu hỏi 2 Management can expect penetration tests to provide all of the following EXCEPT _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. identification of security flaws
b. verification of the levels of existing infiltration resistance
c. a method to correct the security flaws
d. demonstration of the effects of the flaws
Câu hỏi 3 What is the method of coordinating access to resources based on the listening of permitted IP addresses?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. DAC
b. ACL
c. None of the choices.
d. MAC
Câu hỏi 5 To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These
Đúng rules are:
Câu hỏi 6 Which of the following is a means of restricting access to objects based on the identity of the subject to
Đúng which they belong?
Câu hỏi 8 Which of the following computer crime is more often associated with insiders?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Denial of Service (DOS)
b. Password sniffing
c. IP spoofing
d. Data diddling
Câu hỏi 9 Valuable paper insurance coverage does not cover damage to which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Manuscripts
b. Records
c. Money and Securities
d. Inscribed, printed and written documents
Câu hỏi 11 Which one of the following statements describes management controls that are instituted to implement a
Đúng security policy?
Câu hỏi 12 Covert channel is a communication channel that can be used for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Hardening the system.
b. Violating the security policy.
c. Strengthening the security policy.
Câu hỏi 13 Which one of the following should NOT be contained within a computer policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Statement of senior executive support
b. Definition of management expectations
c. Responsibilities of individuals and groups for protected information
d. Definition of legal and regulatory controls
Câu hỏi 15 Which of the following eye scan methods is considered to be more intrusive?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Body scans
b. Iris scans
c. Reflective scans
d. Retinal scans
Câu hỏi 16 What is called the access protection system that limits connections by calling back the number of a
Đúng previously authorized location?
Câu hỏi 19 Why would an information security policy require that communications test equipment be controlled?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The equipment must always be available for replacement if necessary
b. The equipment can be used to reconfigure the network multiplexers
c. The equipment is susceptible to damage
d. The equipment can be used to browse information passing on a network
Câu hỏi 21 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Through data for information content.
b. Through storage to acquire information.
c. A user list to find a name.
d. Through log files for trusted path information.
Câu hỏi 24 What can be defined as a table of subjects and objects indicating what actions individual subjects can take
Đúng upon individual objects?
Câu hỏi 25 Which of the following is best defined as a mode of system termination that automatically leaves system
Đúng processes and components in a secure state when a failure occurs or is detected in the system?
Câu hỏi 27 Which of the following are objectives of an information systems security program?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Authenticity, vulnerabilities, and costs
b. Security, information value, and threats
c. Integrity, confidentiality, and availability
d. Threats, vulnerabilities, and risks
Câu hỏi 28 They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used
Đúng to supply static and dynamic passwords are called:
Câu hỏi 30 A channel within a computer system or network that is designed for the authorized transfer of information is
Đúng identified as a(n)?
Câu hỏi 32 What are the methods used in the process of facial identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Detection and recognition.
b. Scanning and recognition.
c. None of the choices.
d. Detection and scanning.
Câu hỏi 33 Which one of the following is an important characteristic of an information security policy?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Quantifies the effect of the loss of the information.
b. Lists applications that support the business function.
c. Requires the identification of information owners.
d. Identifies major functional areas of information.
Câu hỏi 34 The absence or weakness in a system that may possibly be exploited is called a(n)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Vulnerability
b. Exposure
c. Threat
d. Risk
Câu hỏi 35 Which must bear the primary responsibility for determining the level of protection needed for information
Sai systems resources?
Câu hỏi 36 Which of the following would be the first step in establishing an information security program?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Purchase of security access control software
b. Development of a security awareness-training program
c. Adoption of a corporate information security policy statement
d. Development and implementation of an information security standards manual
Câu hỏi 37 What is the main concern with single sign-on?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The security administrator’s workload would increase
b. The users’ password would be to hard to remember
c. User access rights would be increased
d. Maximum unauthorized access would be possible if a password is disclosed
Câu hỏi 38 Which one of the following is a KEY responsibility for the “Custodian of Data”?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Data content and backup
b. Integrity and security of data
c. Authentication of user access
d. Classification of data elements
Câu hỏi 39 Which of the following methods is more microscopic and will analyze the direction of the ridges of the
Sai fingerprints for matching?
Câu hỏi 40 To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These
Sai rules are:
Câu hỏi 41 In terms of the order of effectiveness, which of the following technologies is the least effective?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Signature
b. Voice pattern
c. Keystroke pattern
d. Hand geometry
Câu hỏi 42 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Sai appropriately defined?
Câu hỏi 43 Which of the following department managers would be best suited to oversee the development of an
Sai information security policy?
Câu hỏi 44 What process determines who is trusted for a given purpose?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Identification
b. Accounting
c. Authentication
d. Authorization
Câu hỏi 45 A channel within a computer system or network that is designed for the authorized transfer of information is
Sai identified as a(n)?
Câu hỏi 46 Which one of the following is true about information that is designated with the highest of confidentiality in
Đúng a private sector organization?
Câu hỏi 47 According to Common Criteria, what can be described as an intermediate combination of security
Sai requirement components?
Câu hỏi 48 What represents the amount of time you hold down in a particular key?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Dwell time
b. Systems time
c. Flight time
d. Dynamic time
Câu hỏi 49 What is called the access protection system that limits connections by calling back the number of a
Đúng previously authorized location?
Câu hỏi 50 Which of the following defines the intent of a system security policy?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. A definition of the particular settings that have been determined to provide optimum
security.
b. A listing of tools and applications that will be used to protect the system.
c. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
d. A definition of those items that must be excluded on the system.
Câu hỏi 51 Which of the following measures would be the BEST deterrent to the theft of corporate information from a
Sai laptop which was left in a hotel room?
Câu hỏi 52 What is an indirect way to transmit information with no explicit reading of confidential information?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Timing channels
b. Backdoor
c. Covert channels
d. Overt channels
Câu hỏi 53 Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s
Đúng identity?
Câu hỏi 54 Which of the following focuses on the basic features and architecture of a system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Covert channel assurance
b. Operational assurance
c. Life cycle assurance
Câu hỏi 55 A common Limitation of information classification systems is the INABILITY to ____.
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Establish information ownership.
b. Generate internal labels on diskettes.
c. Limit the number of classifications.
d. Declassify information when appropriate.
Câu hỏi 57 In non-discretionary access control, a central authority determines what subjects can have access to certain
Sai objects based on the organizational security policy. The access controls may be based on:
Câu hỏi 58 What can best be described as an abstract machine which must mediate all access to subjects to objects?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. A security domain
b. The security perimeter
c. The reference monitor
d. The security kernel
Câu hỏi 59 Which of the following is a communication path that is not protected by the system’s normal security
Sai mechanisms?
Câu hỏi 60 Which of the following is true about Mandatory Access Control (MAC)?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. It is less secure than DAC (Discretionary Access Control).
b. It is more scalable than DAC (Discretionary Access Control).
c. It is more secure than DAC.(Discretionary Access Control).
d. It is more flexible than DAC (Discretionary Access Control).
Introduction to Information Security
Bắt đầu vào lúc Tuesday, 15 March 2022, 7:07 PM
State Finished
Kết thúc lúc Tuesday, 15 March 2022, 7:30 PM
Thời gian thực hiện 22 phút 30 giây
Điểm 35,00/60,00
Điểm 5,83 out of 10,00 (58%)
Câu hỏi 1 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Reliability
b. Accuracy
c. Storage requirements
d. Perceived intrusiveness
Câu hỏi 2 What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
Sai depositing the funds into his own bank account?
Câu hỏi 5 Which one of the following describes a covert timing channel?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
b. Modulated to carry an unintended information signal that can only be detected by
special, sensitive receivers.
c. Used by a supervisor to monitor the productivity of a user without their knowledge.
d. Allows one process to signal information to another by modulating its own use of system
resources.
Câu hỏi 6 Which of the following computer crime is more often associated with insiders?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data diddling
b. Denial of Service (DOS)
c. IP spoofing
d. Password sniffing
Câu hỏi 7 Information security is the protection of data. Information will be protected mainly based on:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Its confidentiality.
b. Its sensitivity to the company.
c. All of the choices.
d. Its value.
Câu hỏi 8 Which of the following statements pertaining to ethical hacking is incorrect?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in
the organizations IT system.
b. An organization should use ethical hackers who do not sell auditing, consulting,
hardware, software, firewall, hosting, and/or networking services
c. Ethical hacking should not involve writing to or modifying the target systems
d. Testing should be done remotely
Câu hỏi 9 Tokens, as a way to identify users are subject to what type of error?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Encrypt error
b. Decrypt error
c. Human error
d. Token error
Câu hỏi 10 Which of the following is the MOST secure network access control procedure to adopt when using a callback
Đúng device?
Câu hỏi 11 Which one of the following statements describes management controls that are instituted to implement a
Đúng security policy?
Câu hỏi 13 What physical characteristics does a retinal scan biometric device measure?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The size, curvature, and shape of the retina
b. The pattern of blood vessels at the back of the eye
c. The amount of light reaching the retina
d. The amount of light reflected by the retina
Câu hỏi 14 The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the
Đúng concept of
Câu hỏi 15 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Through storage to acquire information.
b. Through log files for trusted path information.
c. A user list to find a name.
d. Through data for information content.
Câu hỏi 16 Why would an information security policy require that communications test equipment be controlled?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The equipment is susceptible to damage
b. The equipment must always be available for replacement if necessary
c. The equipment can be used to browse information passing on a network
d. The equipment can be used to reconfigure the network multiplexers
Câu hỏi 17 Management can expect penetration tests to provide all of the following EXCEPT _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. identification of security flaws
b. a method to correct the security flaws
c. verification of the levels of existing infiltration resistance
d. demonstration of the effects of the flaws
Câu hỏi 18 Which one of the following should be employed to protect data against undetected corruption?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Encryption
b. Authentication
c. Integrity
d. Non-repudiation
Câu hỏi 19 Which of the following is the most reliable authentication device?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Variable callback system
b. Fixed callback system
c. Smart card system
d. Combination of variable and fixed callback system
Câu hỏi 20 Which one of the following risk analysis terms characterizes the absence or weakness of a risk reducing
Đúng safeguard?
Câu hỏi 22 Which of the following biometric devices has the lowest user acceptance level?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Voice recognition
b. Fingerprint scan
c. Hand geometry
d. Signature recognition
Câu hỏi 23 Which one of the following is a characteristic of a penetration testing project?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. The project is open-ended until all known vulnerabilities are identified.
b. The project tasks are to break into a targeted system.
c. The project plan is reviewed with the target audience.
d. The project schedule is plotted to produce a critical path.
Câu hỏi 24 What control is based on a specific profile for each user?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. ID based access control.
b. Lattice based access control.
c. Rule based access control.
d. Directory based access control.
Câu hỏi 25 Which of the following is true regarding a secure access model?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Secure information can flow to a less secure user.
b. Secure information cannot flow to a less secure user.
c. Secure information cannot flow to a more secure user.
d. None of the choices.
Câu hỏi 26 What tool do you use to determine whether a host is vulnerable to known attacks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Padded Cells
b. Honey Pots
c. IDS
d. Vulnerability analysis
Câu hỏi 27 Most computer attacks result in violation of which of the following security properties?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Integrity and control
b. All of the choices
c. Availability
d. Confidentiality
Câu hỏi 28 Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Routers and firewalls
b. Host-based IDS systems
c. Network-based IDS systems
d. General purpose operating systems
Câu hỏi 29 How are memory cards and smart cards different?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Smart cards provide a two-factor authentication whereas memory cards don’t
b. Only smart cards can be used for ATM cards
c. Memory cards have no processing power
d. Memory cards normally hold more memory than smart cards
Introduction to Information Security
Bắt đầu vào lúc Friday, 18 March 2022, 11:39 PM
State Finished
Kết thúc lúc Friday, 18 March 2022, 11:47 PM
Thời gian thực hiện 7 phút 43 giây
Điểm 60,00/60,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Accreditation
b. Evaluation
c. Acceptance
d. Certification
Câu hỏi 2 What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Zephyr Chart
b. Zapper Chart
c. Cipher Chart
d. Decipher Chart
Câu hỏi 3 Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Routers and firewalls
b. Host-based IDS systems
c. Network-based IDS systems
d. General purpose operating systems
Câu hỏi 6 Covert channel is a communication channel that can be used for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Strengthening the security policy.
b. Hardening the system.
c. Violating the security policy.
Câu hỏi 7 A security policy would include all of the following EXCEPT _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Audit Requirements
b. Background
c. Enforcement
d. Scope statement
Câu hỏi 9 What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services
Đúng are made available only to properly designated parties?
Câu hỏi 10 Which of the following is an advantage of a qualitative over quantitative risk analysis?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It provides specific quantifiable measurements of the magnitude of the impacts.
b. It makes cost-benefit analysis of recommended controls easier.
c. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
Câu hỏi 12 This is a common security issue that is extremely hard to control in large environments. It occurs when a user
Đúng has more computer rights, permissions, and privileges than what is required for the tasks the user needs to
fulfill. What best describes this scenario?
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Privileges
b. Excessive Rights
c. Excessive Permissions
d. Excessive Access
Câu hỏi 13 What are the methods used in the process of facial identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Scanning and recognition.
b. Detection and recognition.
c. Detection and scanning.
d. None of the choices.
Câu hỏi 15 Which of the following addresses cumbersome situations where users need to log on multiple times to
Đúng access different resources?
Câu hỏi 16 The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity
Đúng level, or different need-to-know, is called data _____.
Câu hỏi 18 Which of the following questions is less likely to help in assessing physical and environmental protection?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Are appropriate fire suppression and prevention devices installed and working?
b. Are entry codes changed periodically?
c. Is physical access to data transmission lines controlled?
d. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
Câu hỏi 19 Which of the following defines the intent of a system security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A brief, high-level statement defining what is and is not permitted during the operation
of the system.
b. A listing of tools and applications that will be used to protect the system.
c. A definition of the particular settings that have been determined to provide optimum
security.
d. A definition of those items that must be excluded on the system.
Câu hỏi 21 Which one of the following is the MAIN goal of a security awareness program when addressing senior
Đúng management?
Câu hỏi 22 Which one of the following risk analysis terms characterizes the absence or weakness of a risk reducing
Đúng safeguard?
Câu hỏi 24 What security model implies a central authority that determines what subjects can have access to what
Đúng objects?
Câu hỏi 25 Which security model introduces access to objects only through programs?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The Clark-Wilson model
b. The information flow model
c. The Bell-LaPadula model
d. The Biba model
Câu hỏi 27 Which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Object channels
b. Timing channels
c. Covert channels
d. Storage channels
Câu hỏi 30 In non-discretionary access control, a central authority determines what subjects can have access to certain
Đúng objects based on the organizational security policy. The access controls may be based on:
Câu hỏi 33 Which of the following implements the authorized access relationship between subjects and objects of a
Đúng system?
Câu hỏi 34 Which of the following offers advantages such as the ability to use stronger passwords, easier password
Đúng administration, and faster resource access?
Câu hỏi 35 Which of the following are objectives of an information systems security program?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Integrity, confidentiality, and availability
b. Authenticity, vulnerabilities, and costs
c. Threats, vulnerabilities, and risks
d. Security, information value, and threats
Câu hỏi 37 Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
Đúng incorrect?
Câu hỏi 38 Which level of “least privilege” enables operators the right to modify data directly in it’s original location, in
Đúng addition to data copied from the original location?
Câu hỏi 39 A feature deliberately implemented in an operating system as a trap for intruders is called a:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Pseudo flaw
b. Logic bomb
c. Trojan horse
d. Trap door
Câu hỏi 40 Which of the following is best defined as a mode of system termination that automatically leaves system
Đúng processes and components in a secure state when a failure occurs or is detected in the system?
Câu hỏi 41 What is the main purpose of undertaking a parallel run of a new system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Provide a backup of the old system
b. Validate the operation of the new system against its predecessor
c. Resolve any errors in the program and file interfaces
d. Verify that the system provides required business functionality
Câu hỏi 42 Which of the following prevents, detects, and corrects errors so that the integrity, availability, and
Đúng confidentiality of transactions over networks may be maintained?
Câu hỏi 43 Which of the following is not a part of risk analysis?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Quantify the impact of potential threats
b. Choose the best countermeasure
c. Provide an economic balance between the impact of the risk and the cost of the
associated countermeasures
d. Identify risks
Câu hỏi 44 Which one of the following is the PRIMARY objective of penetration testing?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Correction
b. Detection
c. Assessment
d. Protection
Câu hỏi 45 Access control techniques do not include which of the following choices?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lattice Based Access Controls
b. Discretionary Access Controls
c. Relevant Access Controls
d. Mandatory Access Controls
Câu hỏi 46 Which of the following will you consider as the MOST secure way of authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password
b. Ticket Granting
c. Token
d. Biometric
Câu hỏi 47 Which one of the following is the MAIN goal of a security awareness program when addressing senior
Đúng management?
Câu hỏi 48 Organizations develop change control procedures to ensure that _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All changes are requested, scheduled, and completed on time.
b. All changes are authorized, tested, and recorded.
c. Changes are controlled by the Policy Control Board (PCB).
d. Management is advised of changes made to systems.
Câu hỏi 49 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification
Đúng could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:
Câu hỏi 51 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. disaster
b. disclosure
c. disposal
d. closure
Câu hỏi 52 In terms of the order of acceptance, which of the following technologies is the MOST accepted?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Signature
b. Voice Pattern
c. Hand geometry
d. Keystroke pattern
Câu hỏi 53 Which of the following best explains why computerized information systems frequently fail to meet the
Đúng needs of users?
Câu hỏi 54 Which of the following is a means of restricting access to objects based on the identity of the subject to
Không trả lời which they belong?
Câu hỏi 55 In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between
Không trả lời keys?
Câu hỏi 56 The Common Criteria construct which allows prospective consumers or developers to create standardized
Không trả lời sets of security requirements to meet there needs is
Câu hỏi 57 What is it called when a computer uses more than one CPU in parallel to execute instructions?
Không trả lời
Select one:
Đạt điểm 1,00
a. Parallel running
b. Multithreading
c. Multitasking
d. Multiprocessing
Câu hỏi 58 Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a
Không trả lời network entity to verify both
Câu hỏi 59 Which of the following describes elements that create reliability and stability in networks and systems and
Không trả lời which assures that connectivity is accessible when needed?
Câu hỏi 60 What is an error called that causes a system to be vulnerable because of the environment in which it is
Không trả lời installed?
Câu hỏi 3 Which of the following choices is NOT part of a security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Statement of management intend, supporting the goals and principles of information
security
b. Definition of overall steps of information security and the importance of security
c. Description of specific technologies used in the field of information security
d. Definition of general and specific responsibilities for information security management
Câu hỏi 4 Which of the following offers greater accuracy then the others?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Voice recognition
b. Finger scanning
c. Iris scanning
d. Facial recognition
Câu hỏi 5 What is the essential difference between a self-audit and an independent audit?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Results
b. Objectivity
c. Tools used
d. Competence
Câu hỏi 6 Which of the following security modes of operation involved the highest risk?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Compartmented Security Mode
b. Multilevel Security Mode
c. System-High Security Mode
d. Dedicated Security Mode
Câu hỏi 7 Which access control would a lattice-based access control be an example of?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mandatory access control
b. Rule-based access control
c. Discretionary access control
d. Non-discretionary access control
Câu hỏi 8 What can be accomplished by storing on each subject a list of rights the subject has for every object?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Key ring
b. Capabilities
c. Rights
d. Object
Câu hỏi 9 Which of the following are the benefits of Keystroke dynamics?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices
b. Low cost
c. Unintrusive device
d. Transparent
Câu hỏi 11 Which one of the following is the MOST critical characteristic of a biometrics system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Throughput
b. Reliability
c. Acceptability
d. Accuracy
Câu hỏi 12 Which of the following biometric system rates is high?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Crossover error rate
b. False accept rate
c. Speed and throughput rate
d. False reject rate
Câu hỏi 13 What is the act of willfully changing data, using fraudulent input or removal of controls called?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data contaminating
b. Data capturing
c. Data trashing
d. Data diddling
Câu hỏi 14 What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Zephyr Chart
b. Zapper Chart
c. Cipher Chart
d. Decipher Chart
Câu hỏi 15 What is called a type of access control where a central authority determines what subjects can have access to
Đúng certain objects, based on the organizational security policy?
Câu hỏi 16 Which of the following questions is less likely to help in assessing physical and environmental protection?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
b. Is physical access to data transmission lines controlled?
c. Are entry codes changed periodically?
d. Are appropriate fire suppression and prevention devices installed and working?
Câu hỏi 18 Risk analysis is MOST useful when applied during which phase of the system development process?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. System construction
b. Requirements definition
c. Implementation planning
d. Project identification
Câu hỏi 19 Which of the following biometric parameters are better suited for authentication use over a long period of
Đúng time?
Câu hỏi 20 A method for a user to identify and present credentials only once to a system is known as:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. SSO
b. IPSec
c. SSL
d. SEC
Câu hỏi 21 What should be the size of a Trusted Computer Base?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
b. Large – in order to enable it to protect the potentially large number of resources in a
typical commercial system environment.
c. Small – in order to permit it to be implemented in all critical system components without
using excessive resources.
d. Large – in order to accommodate the implementation of future updates without incurring
the time and expense of recertification.
Câu hỏi 23 They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used
Đúng to supply static and dynamic passwords are called:
Câu hỏi 24 What best describes this scenario? This is a common security issue that is extremely hard to control in large
Đúng environments. It occurs when a user has more computer rights, permissions, and privileges that what is
required for the tasks the user needs to fulfill.
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Permissions
b. Excessive Rights
c. Excessive Privileges
d. Excessive Access
Câu hỏi 26 The Common Criteria (CC) represents requirements for IT security of a product or system under which
Đúng distinct categories?
Câu hỏi 27 Which one of the following are examples of security and controls that would be found in a “trusted”
Đúng application system?
Câu hỏi 28 Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s
Đúng identity?
Câu hỏi 29 The access matrix model consists of which of the following parts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A list of subjects.
b. A list of objects.
c. All of the choices
d. A function that returns an objects type.
Câu hỏi 30 Which of the following addresses cumbersome situations where users need to log on multiple times to
Đúng access different resources?
Introduction to Information Security
Bắt đầu vào lúc Wednesday, 23 March 2022, 12:05 AM
State Finished
Kết thúc lúc Wednesday, 23 March 2022, 12:35 AM
Thời gian thực hiện 29 phút 57 giây
Điểm 57,00/60,00
Điểm 9,50 out of 10,00 (95%)
Câu hỏi 1 What was introduced for circumventing difficulties in classic approaches to computer security by limiting
Đúng damages produced by malicious programs?
Câu hỏi 2 Which of the following is an advantage of a qualitative over quantitative risk analysis?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It makes cost-benefit analysis of recommended controls easier.
b. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
c. It provides specific quantifiable measurements of the magnitude of the impacts.
Câu hỏi 3 All of the following are basic components of a security policy EXCEPT the _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. statement of applicability and compliance requirements.
b. statement of performance of characteristics and requirements.
c. statement of roles and responsibilities
d. definition of the issue and statement of relevant terms.
Câu hỏi 5 What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The subject’s sensitivity label must dominate the object’s sensitivity label
b. The subject’s sensitivity label is dominated by the object’s sensitivity label
c. The subject’s sensitivity label subordinates the object’s sensitivity label
d. The subject’s sensitivity label is subordinated by the object’s sensitivity label
Câu hỏi 6 What security model implies a central authority that determines what subjects can have access to what
Đúng objects?
Câu hỏi 8 What principle requires that a user be given no more privilege then necessary to perform a job?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Principle of least privilege.
b. Principle of aggregate privilege.
c. Principle of effective privilege.
d. Principle of most privilege.
Câu hỏi 9 Which of the following factors may render a token based solution unusable?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Card size
b. Battery lifespan
c. Token length
d. None of the choices.
Câu hỏi 12 Who should determine the appropriate access control of information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. User
b. Server
c. Owner
d. Administrator
Câu hỏi 14 The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity
Đúng level, or different need-to-know, is called data _____.
Câu hỏi 15 In the Information Flow Model, what acts as a type of dependency?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Transformation
b. Flow
c. Successive points
d. State
Câu hỏi 17 When conducting a risk assessment, which one of the following is NOT an acceptable social engineering
Sai practice?
Câu hỏi 20 Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of
Sai occurrence and _____.
Câu hỏi 21 Which one of the following is the MOST crucial link in the computer security chain?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. People
b. Management
c. Awareness programs
d. Access Controls
Câu hỏi 23 Which risk management methodology uses the exposure factor multiplied by the asset value to determine its
Đúng outcome?
Câu hỏi 24 Which of the following statements pertaining to the trusted computing base (TCB) is false?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A higher TCB rating will require that details of their testing procedures and
documentation be reviewed with more granularity
b. It includes hardware, firmware, and software
c. It addresses the level of security a system provides
Câu hỏi 27 Which of the following correctly describe the features of SSO?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. More efficient log-on.
b. More costly to administer.
c. More key exchanging involved.
d. More costly to setup.
Câu hỏi 30 What type of subsystem is an application program that operates outside the operating system and carries
Đúng out functions for a group of users, maintains some common data for all users in the group, and protects the
data from improper access by users in the group?
Đạt điểm 1,00 trên
1,00
Select one:
a. Prevented subsystem
b. File subsystem
c. Protected subsystem
d. Directory subsystem
Câu hỏi 35 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Acceptance
b. Certification
c. Evaluation
d. Accreditation
Câu hỏi 36 What can be defined as a table of subjects and objects indicating what actions individual subjects can take
Sai upon individual objects?
Câu hỏi 38 Which of the following ensures that security is not breached when a system crash or other system failure
Đúng occurs?
Câu hỏi 39 Which security model introduces access to objects only through programs?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The Bell-LaPadula model
b. The Biba model
c. The information flow model
d. The Clark-Wilson model
Câu hỏi 41 Which factor is critical in all systems to protect data integrity?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Information ownership
b. Change control
c. Data classification
d. System design
Câu hỏi 42 In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. These factors include the enrollment time and the throughput rate, but not acceptability.
b. These factors do not include the enrollment time, the throughput rate, and acceptability.
c. These factors include the enrollment time, but not the throughput rate, neither the
acceptability.
d. These factors include the enrollment time, the throughput rate, and acceptability.
Câu hỏi 44 What is the FIRST step that should be considered in a penetration test?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The formulation of specific management objectives.
b. The approval of change control management.
c. The communication process among team members.
d. The development of a detailed test plan.
Câu hỏi 45 Which of the following is most relevant to determining the maximum effective cost of access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The value of information that is protected
b. The cost to replace lost data.
c. Budget planning related to base versus incremental spending.
d. Management’s perceptions regarding data importance
Câu hỏi 47 Which of the following eye scan methods is considered to be more intrusive?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Retinal scans
b. Body scans
c. Reflective scans
d. Iris scans
Câu hỏi 48 Which of the following is a feature of the Rule based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The use of profile.
b. The use of token.
c. The use of information flow label.
d. The use of data flow diagram.
Câu hỏi 50 What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services
Đúng are made available only to properly designated parties?
Câu hỏi 51 Which of the following is being considered as the most reliable kind of personal identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Token
b. Ticket Granting
c. Password
d. Finger print
Câu hỏi 56 Covert channel is a communication channel that can be used for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Hardening the system.
b. Violating the security policy.
c. Strengthening the security policy.
Câu hỏi 57 An access control policy for a bank teller is an example of the implementation of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. role-based policy
b. rule-based policy
c. identity-based policy
d. user-based policy
Câu hỏi 60 The default level of security established for access controls should be
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Read access
b. No access
c. Update access
d. All access
master
44CONQuiz / questions.json
1 contributor
1 {
2 "games" : [
3 {
4 "questions" : [
5 {
6 "question" : "Defcon in 2016 will be what version?",
7 "content" : [
8 "0x18",
9 "Veintiuno",
10 "0b10010",
11 "XXVI"
12 ],
13 "correct" : 0
14 },
15 {
16 "question" : "The Maximum decimal value that can be represented in a b
17 "content" : [
18 "255",
19 "64",
20 "32",
21 "2"
22 ],
23 "correct" : 0
24 },
25 {
26 "question" : "What process is used by a Cisco switch to prevent or det
27 "content" : [
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 1/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
28 "IPSEC",
29 "ARP WATCH",
30 "VLANS",
31 "Dynamic ARP Inspection"
32 ],
33 "correct" : 3
34 },
35 {
36 "question" : "Which of the following protocols sends data in clear tex
37 "content" : [
38 "POP3",
39 "SNMP V3",
40 "SSH",
41 "WEP"
42 ],
43 "correct" : 0
44 },
45 {
46 "question" : "What is the decimal number for the hexadecimal value of
47 "content" : [
48 "08",
49 "12",
50 "16",
51 "69"
52 ],
53 "correct" : 1
54 },
55 {
56 "question" : "How does traceroute map the route that a packet travels
57 "content" : [
58 "It uses TCP Timestamp packet that will elicit a time exceeded in
59 "It uses a protocol that will be rejected at the gateways on its w
60 "It manipulates the values of TTL parameter packet to elicit a tim
61 "It manipulates flags within packets to force gateways into genera
62 ],
63 "correct" : 2
64 },
65 {
66 "question" : "In What Year Was NMAP Released?",
67 "content" : [
68 "1997",
69 "1994",
70 "2001",
71 "1991"
72 ],
73 "correct" : 0
74 },
75
76 {
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 2/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
126 {
127 "question" : "Which of the following department managers would be best
128 "content" : [
129 "Information Systems",
130 "Human Resources",
131 "Business operations",
132 "Security administration "
133 ],
134 "correct" : 2
135 },
136 {
137 "question" : "Why must senior management endorse a security policy?",
138 "content" : [
139 "So that they will accept ownership for security within the organi
140 "So that employees will follow the policy directives.",
141 "So that external bodies will recognize the organizations commitme
142 "So that they can be held legally accountable."
143 ],
144 "correct" : 0
145 },
146 {
147 "question" : "Which of the following defines the intent of a system se
148 "content" : [
149 "A definition of the particular settings that have been determined
150 "A brief, high-level statement defining what is and is not permitt
151 "A definition of those items that must be excluded on the system."
152 "A listing of tools and applications that will be used to protect
153 ],
154 "correct" : 0
155 }
156 ]
157 },
158
159
160 {
161 "questions" : [
162 {
163 "question" : "Which one of the following is the MOST crucial link in t
164 "content" : [
165 "Access controls",
166 "People",
167 "Management",
168 "Hardware"
169 ],
170 "correct" : 1
171 },
172 {
173 "question" : "The extent to which data will be collected during an IS
174 "content" : [
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 4/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
224 "content" : [
225 "Definition of management expectations.",
226 "Responsibilities of individuals and groups for protected informat
227 "Statement of senior executive support.",
228 "Definition of legal and regulatory controls. "
229 ],
230 "correct" : 1
231 },
232 {
233 "question" : "Which one of the following is NOT a fundamental componen
234 "content" : [
235 "What is to be done.",
236 "When it is to be done.",
237 "Who is to do it.",
238 "Why is it to be done."
239 ],
240 "correct" : 2
241 },
242 {
243 "question" : "Which statements describes management controls that are
244 "content" : [
245 "They prevent users from accessing any control function.",
246 "They eliminate the need for most auditing functions. ",
247 "They may be administrative, procedural, or technical.",
248 "They are generally inexpensive to implement."
249 ],
250 "correct" : 2
251 },
252 {
253 "question" : "A security policy would include all of the following EXC
254 "content" : [
255 "Background",
256 "Scope statement",
257 "Audit requirements",
258 "Enforcement"
259 ],
260 "correct" : 1
261 },
262 {
263 "question" : "Which one of the following is an important characteristi
264 "content" : [
265 "Identifies major functional areas of information. ",
266 "Quantifies the effect of the loss of the information.",
267 "Requires the identification of information owners. ",
268 "Lists applications that support the business function."
269 ],
270 "correct" : 0
271 },
272 {
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 6/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
273 "question" : "Which of the following would be the first step in establ
274 "content" : [
275 "Adoption of a corporate information security policy statement",
276 "Development and implementation of an information security standar
277 "Development of a security awareness-training program",
278 "Purchase of security access control software "
279 ],
280 "correct" : 0
281 },
282 {
283 "question" : "Which of the following is not a part of risk analysis? "
284 "content" : [
285 "Identify risks",
286 "Quantify the impact of potential threats",
287 "Provide an economic balance between the impact of the risk and th
288 "Choose the best countermeasure"
289 ],
290 "correct" : 3
291 },
292 {
293 "question" : "Which one of the following is not one of the outcomes of
294 "content" : [
295 "Quantitative loss assessment",
296 "Qualitative loss assessment",
297 "Formal approval of BCP scope and initiation document",
298 "Defining critical support areas."
299 ],
300 "correct" : 2
301 },
302 {
303 "question" : "Which of the following is not a compensating measure for
304 "content" : [
305 "Backups",
306 "Business Continuity Planning",
307 "Insurance",
308 "Security awareness."
309 ],
310 "correct" : 3
311 }
312 ]
313 },
314
315 {
316 "questions" : [
317 {
318 "question" : "What is the MAIN purpose of a change control/management
319 "content" : [
320 "Notify all interested parties of the completion of the change.",
321 "Ensure that the change meets user specifications.",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 7/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
469 {
470 "questions" : [
471 {
472 "question" : "What is the FIRST step that should be considered in a pe
473 "content" : [
474 "The approval of change control management.",
475 "The development of a detailed test plan.",
476 "The formulation of specific management objectives.",
477 "The communication process among team members."
478 ],
479 "correct" : 2
480 },
481 {
482 "question" : "What is the Maximum Tolerable Downtime (MTD)",
483 "content" : [
484 "Maximum elapsed time required to complete recovery of application
485 "Maximum elapsed time required to complete recovery of application
486 "Maximum elapsed time required to move back to primary site a majo
487 "The maximum delay businesses that can tolerate and still remain v
488 ],
489 "correct" : 3
490 },
491 {
492 "question" : "A critical application is one that MUST",
493 "content" : [
494 "Remain operational for the organization to survive.",
495 "Be subject to continual program maintenance.",
496 "Undergo continual risk assessments.",
497 "Be constantly monitored by operations management. "
498 ],
499 "correct" : 0
500 },
501 {
502 "question" : "Which of the following measures would be the BEST deterr
503 "content" : [
504 "Store all data on disks and lock them in an in-room safe",
505 "Remove the batteries and power supply from the laptop and store t
506 "Install a cable lock on the laptop when it is unattended",
507 "Encrypt the data on the hard drive"
508 ],
509 "correct" : 3
510 },
511 {
512 "question" : "Which of the following computer crime is more often asso
513 "content" : [
514 "IP spoofing",
515 "Password sniffing",
516 "Data diddling",
517 "Denial of Service (DOS)"
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 11/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
518 ],
519 "correct" : 2
520 },
521 {
522 "question" : "Which of the following is not a form of a passive attack
523 "content" : [
524 "Scavenging",
525 "Data diddling",
526 "Shoulder surfing",
527 "Sniffing"
528 ],
529 "correct" : 1
530 },
531 {
532 "question" : "Which of the following ensures that security is not brea
533 "content" : [
534 "trusted recovery",
535 "hot swappable",
536 "redundancy",
537 "secure boot"
538 ],
539 "correct" : 0
540 },
541 {
542 "question" : "A 'Pseudo flaw' is which of the following?",
543 "content" : [
544 "An apparent loophole deliberately implanted in an operating syste
545 "An omission when generating Pseudo-code",
546 "Used for testing for bounds violations in application programming
547 "A Normally generated page fault causing the system halt"
548 ],
549 "correct" : 0
550 },
551 {
552 "question" : "What is the PRIMARY component of a Trusted Computer Base
553 "content" : [
554 "The computer hardware",
555 "The security subsystem",
556 "The operating system software",
557 "The reference monitor"
558 ],
559 "correct" : 3
560 },
561 {
562 "question" : "LOMAC uses what Access Control method to protect the int
563 "content" : [
564 "Linux based EFS.",
565 "Low Water-Mark Mandatory Access Control.",
566 "Linux based NFS.",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 12/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
665 {
666 "question" : "What security model implies a central authority that det
667 "content" : [
668 "Centralized access control",
669 "Discretionary access control",
670 "Mandatory access control",
671 "Non-discretionary access control"
672 ],
673 "correct" : 3
674 },
675 {
676 "question" : "Which of the following is a straightforward approach tha
677 "content" : [
678 "Access Matrix model",
679 "Take-Grant Model",
680 "Bell-LaPadula Model",
681 "Biba Model "
682 ],
683 "correct" : 0
684 },
685 {
686 "question" : "Which of the following was the first mathematical model
687 "content" : [
688 "Biba",
689 "Take-Grant",
690 "Bell-La Padula",
691 "Clark Wilson"
692 ],
693 "correct" : 2
694 },
695 {
696 "question" : "Which security model allows the data custodian to grant
697 "content" : [
698 "Mandatory",
699 "Bell-LaPadula",
700 "Discretionary",
701 "Clark-Wilson"
702 ],
703 "correct" : 2
704 },
705 {
706 "question" : "The access matrix model has which of the following commo
707 "content" : [
708 "Access control lists and capabilities.",
709 "Access control lists.",
710 "Capabilities.",
711 "Access control list and availability."
712 ],
713 "correct" : 0
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 15/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
714 },
715 {
716 "question" : "Enforcing minimum privileges for general system users ca
717 "content" : [
718 "Shark",
719 "RBAC",
720 "TBAC",
721 "ITSEC"
722 ],
723 "correct" : 1
724 },
725 {
726 "question" : "The unauthorized mixing of data of one sensitivity level
727 "content" : [
728 "Contamination",
729 "Seepage",
730 "Aggregation",
731 "Commingling"
732 ],
733 "correct" : 0
734 },
735 {
736 "question" : "Covert channel is a communication channel that can be us
737 "content" : [
738 "Hardening the system.",
739 "Violating the security policy.",
740 "Protecting the DMZ.",
741 "Strengthening the security policy."
742 ],
743 "correct" : 1
744 },
745 {
746 "question" : "What is an indirect way to transmit information with no
747 "content" : [
748 "Covert channels",
749 "Backdoor",
750 "Timing channels",
751 "Overt channels "
752 ],
753 "correct" : 0
754 },
755 {
756 "question" : "What security risk does a covert channel create?",
757 "content" : [
758 "A process can signal information to another process. ",
759 "It bypasses the reference monitor functions.",
760 "A user can send data to another user.",
761 "Data can be disclosed by inference."
762 ],
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 16/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
763 "correct" : 1
764 },
765 {
766 "question" : "FIPS-140 is a standard for the security of:",
767 "content" : [
768 "Cryptographic service providers",
769 "Smartcards",
770 "Hardware and software cryptographic modules",
771 "Hardware security modules"
772 ],
773 "correct" : 2
774 }
775 ]
776 },
777 {
778 "questions" : [
779 {
780 "question" : "What is Kerberos?",
781 "content" : [
782 "A three-headed dog from Egyptian Mythology",
783 "A trusted third-party authentication protocol",
784 "A security model",
785 "A remote authentication dial in user server"
786 ],
787 "correct" : 1
788 },
789 {
790 "question" : "Which of the following is true about Kerberos?",
791 "content" : [
792 "It utilized public key cryptography",
793 "It encrypts data after a ticket is granted, but passwords are exc
794 "It depends upon symmetric ciphers",
795 "It is a second party authentication system"
796 ],
797 "correct" : 2
798 },
799 {
800 "question" : "Kerberos depends upon what encryption method?",
801 "content" : [
802 "Public Key cryptography",
803 "Private Key cryptography",
804 "El Gamal cryptography",
805 "Blowfish cryptography"
806 ],
807 "correct" : 1
808 },
809 {
810 "question" : "The primary service provided by Kerberos is which of the
811 "content" : [
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 17/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
812 "non-repudiation",
813 "confidentiality",
814 "authentication",
815 "authorization"
816 ],
817 "correct" : 2
818 },
819 {
820 "question" : "Which of the following is true about Kerberos?",
821 "content" : [
822 "It utilizes public key cryptography",
823 "It encrypts data after a ticket is granted, but passwords are exc
824 "It depends upon symmetric ciphers",
825 "It is a second party authentication system"
826 ],
827 "correct" : 2
828 },
829 {
830 "question" : "One of the differences between Kerberos and KryptoKnight
831 "content" : [
832 "A mapped relationship among the parties takes place",
833 "There is a peer-to-peer relationship among the parties with thems
834 "There is no peer-to-peer relationship among the parties and the K
835 "A peer-to-peer relationship among the parties and the KDC"
836 ],
837 "correct" : 3
838 },
839 {
840 "question" : "A confidential number to verify a user's identity is cal
841 "content" : [
842 "PIN",
843 "UserID",
844 "Password",
845 "Pinword"
846 ],
847 "correct" : 0
848 },
849 {
850 "question" : "Tokens, as a way to identify users are subject to what t
851 "content" : [
852 "Token error",
853 "Decrypt error",
854 "Human error ",
855 "Encrypt error"
856 ],
857 "correct" : 2
858 },
859 {
860 "question" : "Memory only cards work based on:",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 18/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
861 "content" : [
862 "Something you have.",
863 "Something you know.",
864 "Something you know and something you have.",
865 "None of the choices."
866 ],
867 "correct" : 2
868 },
869 {
870 "question" : "The word smart card has meanings of:",
871 "content" : [
872 "Personal identity token containing IC-s.",
873 "Processor IC card",
874 "IC card with ISO 7816 interface.",
875 "All of the choices."
876 ],
877 "correct" : 3
878 },
879 {
880 "question" : "Which of the following offers advantages such as the abi
881 "content" : [
882 "Smart cards",
883 "Single Sign-on (SSO) ",
884 "Kerberos",
885 "Public Key Infrastructure (PKI) "
886 ],
887 "correct" : 0
888 },
889 {
890 "question" : "What is a protocol used for carrying authentication, aut
891 "content" : [
892 "IPSec",
893 "RADIUS",
894 "L2TP",
895 "PPTP"
896 ],
897 "correct" : 1
898 },
899 {
900 "question" : "Which of the following are proprietarily implemented by
901 "content" : [
902 "Radius+",
903 "TACACS",
904 "TACACS+ and XTACACS+",
905 "OKTA"
906 ],
907 "correct" : 2
908 },
909 {
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 19/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
959 "MDA"
960 ],
961 "correct" : 2
962 },
963 {
964 "question" : "MD5 is quite fast and produces ________ message digests.
965 "content" : [
966 "512 bits",
967 "1024 bits",
968 "128 bits",
969 "64 bits"
970 ],
971 "correct" : 2
972 },
973 {
974 "question" : "The first step of MD5 is __________",
975 "content" : [
976 "add padding bits to original message",
977 "adding append length bits",
978 "divide the input into 512 bit blocks",
979 "compression"
980 ],
981 "correct" : 0
982 },
983 {
984 "question" : "In MD5, the process block divides the 512 bits into ____
985 "content" : [
986 "16",
987 "24",
988 "32",
989 "64"
990 ],
991 "correct" : 0
992 },
993 {
994 "question" : "What helps in ensuring non-fraudulent transactions on th
995 "content" : [
996 "Certificate authority",
997 "Digital authority",
998 "Dual authority",
999 "Digital signature"
1000 ],
1001 "correct" : 0
1002 },
1003 {
1004 "question" : "TLS is placed in between the ________ layers.",
1005 "content" : [
1006 "transport & datalink",
1007 "application & presentation",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 21/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1106 },
1107 {
1108 "question" : "The cryptography algorithms used in S/MIME are _________
1109 "content" : [
1110 "IDEA",
1111 "RC4",
1112 "RSA,DES-3",
1113 "RC5"
1114 ],
1115 "correct" : 2
1116 },
1117 {
1118 "question" : "_________ is a block cipher.",
1119 "content" : [
1120 "DES",
1121 "IDEA",
1122 "AES",
1123 "RSA"
1124 ],
1125 "correct" : 0
1126 },
1127 {
1128 "question" : "DES encrypts data in block size of __________ bits each.
1129 "content" : [
1130 "128",
1131 "64",
1132 "256",
1133 "512"
1134 ],
1135 "correct" : 1
1136 },
1137 {
1138 "question" : "Merkle and Hellman introduced the concept of ________",
1139 "content" : [
1140 "meet in middle attack",
1141 "guy in the middle attack",
1142 "hijack",
1143 "DDOS"
1144 ],
1145 "correct" : 0
1146 },
1147 {
1148 "question" : "Data Encryption Standard also called as __________.",
1149 "content" : [
1150 "Data Encryption Algorithm",
1151 "Double DES",
1152 "AES",
1153 "RSA"
1154 ],
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 24/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1155 "correct" : 0
1156 },
1157 {
1158 "question" : "What type of wiretapping involves injecting something in
1159 "content" : [
1160 "Passive",
1161 "Active",
1162 "Captive",
1163 "Aggressive"
1164 ],
1165 "correct" : 1
1166 },
1167 {
1168 "question" : "What attack involves actions to mimic one's identity?",
1169 "content" : [
1170 "Social engineering",
1171 "Brute force",
1172 "Spoofing",
1173 "Exhaustive"
1174 ],
1175 "correct" : 2
1176 },
1177 {
1178 "question" : "__________ is generally used in ECB,CBC, or CFB mode.",
1179 "content" : [
1180 "RSA",
1181 "AES",
1182 "Tuna",
1183 "DES"
1184 ],
1185 "correct" : 3
1186 },
1187 {
1188 "question" : "DES consists of __________ rounds to perform the substit
1189 "content" : [
1190 "32",
1191 "4",
1192 "16",
1193 "8"
1194 ],
1195 "correct" : 2
1196 },
1197 {
1198 "question" : "_________is the first step in DES.",
1199 "content" : [
1200 "Key transformation",
1201 "Expansion permutation clerical cap",
1202 "S-box substitution",
1203 "R-box substitution"
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 25/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1204 ],
1205 "correct" : 0
1206 },
1207 {
1208 "question" : "___________ substitution is a process that accepts 48 bi
1209 "content" : [
1210 "S-box",
1211 "P-box",
1212 "K-box",
1213 "G-box"
1214 ],
1215 "correct" : 0
1216 },
1217 {
1218 "question" : "__________ refers more to asymmetric key cryptography.",
1219 "content" : [
1220 "Timing attack.",
1221 "Meet in middle attack",
1222 "Virus attack",
1223 "Worm attack"
1224 ],
1225 "correct" : 0
1226 },
1227 {
1228 "question" : "Eli Biham & Adi Shamir introduced ___________",
1229 "content" : [
1230 "DES",
1231 "RSA",
1232 "differential & linear cryptoanalysis",
1233 "Double DES"
1234 ],
1235 "correct" : 2
1236 }
1237 ]
1238 },
1239 {
1240 "questions" : [
1241 {
1242 "question" : "In what children's game are participants chased by someo
1243 "content" : [
1244 "Tag",
1245 "Simon Says",
1246 "Charades",
1247 "Hopscotch"
1248 ],
1249 "correct" : 0
1250 },
1251 {
1252 "question" : "On a radio, stations are changed by using what control?"
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 26/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1253 "content" : [
1254 "Tuning",
1255 "Volume",
1256 "Bass",
1257 "Treble"
1258 ],
1259 "correct" : 0
1260 },
1261 {
1262 "question" : "A college graduate who receives a B.S. degree holds what
1263 "content" : [
1264 "Bachelor of science",
1265 "Business scholar",
1266 "Baccalaureate staff",
1267 "Brainy student"
1268 ],
1269 "correct" : 0
1270 },
1271 {
1272 "question" : "Which of the following telephone area codes is not a tol
1273 "content" : [
1274 "800",
1275 "828",
1276 "877",
1277 "888"
1278 ],
1279 "correct" : 1
1280 },
1281 {
1282 "question" : "What part of the human body does glaucoma directly affec
1283 "content" : [
1284 "Ear",
1285 "Nose",
1286 "Throat",
1287 "Eye"
1288 ],
1289 "correct" : 3
1290 },
1291 {
1292 "question" : "What is the name of Tom Cruise's character in the \"Miss
1293 "content" : [
1294 "Frank Mackey",
1295 "Mitch McDeere",
1296 "Joel Goodson",
1297 "Ethan Hunt"
1298 ],
1299 "correct" : 3
1300 },
1301 {
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 27/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1351 {
1352 "question" : "In Greek mythology, what is the relationship between Oed
1353 "content" : [
1354 "Husband and wife",
1355 "Mentor and student",
1356 "Father and daughter",
1357 "Mother and son"
1358 ],
1359 "correct" : 2
1360 },
1361 {
1362 "question" : "The rococo style of art originated in what country?",
1363 "content" : [
1364 "France",
1365 "Italy",
1366 "Austria",
1367 "Spain"
1368 ],
1369 "correct" : 0
1370 },
1371 {
1372 "question" : "In Norse mythology, Mjolnir was the name of what?",
1373 "content" : [
1374 "Thor's hammer",
1375 "Odin's horse",
1376 "Sigmund's sword",
1377 "Loki's magic necklace"
1378 ],
1379 "correct" : 0
1380 },
1381 {
1382 "question" : "On July 12, 2000, Russia launched a rocket into space be
1383 "content" : [
1384 "Intel",
1385 "Reebok",
1386 "Budweiser",
1387 "Pizza Hut"
1388 ],
1389 "correct" : 3
1390 }
1391 ]
1392 },
1393 {
1394 "questions" : [
1395 {
1396 "question" : "What kind of animal traditionally lives in a sty?",
1397 "content" : [
1398 "Cow",
1399 "Pig",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 29/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1400 "Fox",
1401 "Teenager"
1402 ],
1403 "correct" : 1
1404 },
1405 {
1406 "question" : "What name is legally used to indicate a woman whose name
1407 "content" : [
1408 "Joan Doe",
1409 "Jane Doe",
1410 "Jean Doe",
1411 "Lotta Doe"
1412 ],
1413 "correct" : 1
1414 },
1415 {
1416 "question" : "The EPA urges people to produce less waste by engaging i
1417 "content" : [
1418 "Recycle",
1419 "Rewrap",
1420 "Repossess",
1421 "Retire"
1422 ],
1423 "correct" : 0
1424 },
1425 {
1426 "question" : "For 10 years, Cape Canaveral was renamed for which Ameri
1427 "content" : [
1428 "Dwight D. Eisenhower",
1429 "John F. Kennedy",
1430 "Richard M. Nixon",
1431 "Lyndon B. Johnson"
1432 ],
1433 "correct" : 1
1434 },
1435 {
1436 "question" : "People who advocate war are commonly referred to as what
1437 "content" : [
1438 "Doves",
1439 "Hawks",
1440 "Rams",
1441 "Gorillas"
1442 ],
1443 "correct" : 1
1444 },
1445 {
1446 "question" : "In nautical terms, a fathom is equivalent to how many fe
1447 "content" : [
1448 "4",
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 30/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1449 "6",
1450 "10",
1451 "20"
1452 ],
1453 "correct" : 1
1454 },
1455 {
1456 "question" : "Which of the following comedians was never a regular cas
1457 "content" : [
1458 "Steve Martin",
1459 "Julia Louis-Dreyfus",
1460 "Martin Short",
1461 "Jim Belushi"
1462 ],
1463 "correct" : 0
1464 },
1465 {
1466 "question" : "What part of a goose or duck is fattened to produce \"fo
1467 "content" : [
1468 "Kidney",
1469 "Liver",
1470 "Stomach",
1471 "Tongue"
1472 ],
1473 "correct" : 1
1474 },
1475 {
1476 "question" : "What components of blood are responsible for blood clott
1477 "content" : [
1478 "White blood cells",
1479 "Red blood cells",
1480 "Platelets",
1481 "Lymphocytes"
1482 ],
1483 "correct" : 2
1484 },
1485 {
1486 "question" : "In Ernest Hemingway's novella \"The Old Man and the Sea,
1487 "content" : [
1488 "Shark",
1489 "Marlin",
1490 "Tuna",
1491 "Whale"
1492 ],
1493 "correct" : 1
1494 },
1495 {
1496 "question" : "CREEP was an organization to aid the re-election of what
1497 "content" : [
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 31/33
3/23/22, 12:46 AM 44CONQuiz/questions.json at master · jgamblin/44CONQuiz · GitHub
1547 ]
1548 }
https://github.com/jgamblin/44CONQuiz/blob/master/questions.json 33/33
Introduction to Information Security
Câu hỏi 31 Which of the following is not a form of a passive attack?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data diddling
b. Scavenging
c. Shoulder surfing
d. Sniffing
Câu hỏi 32 Which of the following best explains why computerized information systems frequently fail to meet the
Đúng needs of users?
Câu hỏi 33 Which of the following eye scan methods is considered to be more intrusive?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Body scans
b. Iris scans
c. Retinal scans
d. Reflective scans
Câu hỏi 35 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Đúng appropriately defined?
Câu hỏi 38 What is the essential difference between a self-audit and an independent audit?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Results
b. Tools used
c. Objectivity
d. Competence
Câu hỏi 39 Which one of the following is an important characteristic of an information security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lists applications that support the business function.
b. Quantifies the effect of the loss of the information.
c. Identifies major functional areas of information.
d. Requires the identification of information owners.
Câu hỏi 41 In terms of the order of effectiveness, which of the following technologies is the least effective?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Keystroke pattern
b. Signature
c. Voice pattern
d. Hand geometry
Câu hỏi 42 Which one of the following are examples of security and controls that would be found in a “trusted”
Đúng application system?
Câu hỏi 44 Which of the following is being considered as the most reliable kind of personal identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password
b. Finger print
c. Token
d. Ticket Granting
Câu hỏi 45 The technique of skimming small amounts of money from multiple transactions is called the _____?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Scavenger technique
b. Salami technique
c. Leakage technique
d. Synchronous attack technique
Câu hỏi 47 This is a common security issue that is extremely hard to control in large environments. It occurs when a user
Đúng has more computer rights, permissions, and privileges than what is required for the tasks the user needs to
fulfill. What best describes this scenario?
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Access
b. Excessive Rights
c. Excessive Privileges
d. Excessive Permissions
Câu hỏi 48 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Perceived intrusiveness
b. Accuracy
c. Reliability
d. Storage requirements
Câu hỏi 50 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Through storage to acquire information.
b. Through log files for trusted path information.
c. A user list to find a name.
d. Through data for information content.
Câu hỏi 51 Which one of the following should be employed to protect data against undetected corruption?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Non-repudiation
b. Authentication
c. Integrity
d. Encryption
Câu hỏi 53 Which of the following is true about Mandatory Access Control (MAC)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It is less secure than DAC (Discretionary Access Control).
b. It is more scalable than DAC (Discretionary Access Control).
c. It is more secure than DAC.(Discretionary Access Control).
d. It is more flexible than DAC (Discretionary Access Control).
Câu hỏi 54 What is the FIRST step that should be considered in a penetration test?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The development of a detailed test plan.
b. The formulation of specific management objectives.
c. The approval of change control management.
d. The communication process among team members.
Câu hỏi 56 Which of the following prevents, detects, and corrects errors so that the integrity, availability, and
Đúng confidentiality of transactions over networks may be maintained?
Câu hỏi 57 Which one of the following is true about information that is designated with the highest of confidentiality in
Đúng a private sector organization?
Câu hỏi 59 Which of the following methods is more microscopic and will analyze the direction of the ridges of the
Đúng fingerprints for matching?
Câu hỏi 60 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Accreditation
b. Evaluation
c. Certification
d. Acceptance
Câu hỏi 3 What can best be described as an abstract machine which must mediate all access to subjects to objects?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The security perimeter
b. A security domain
c. The reference monitor
d. The security kernel
Câu hỏi 5 Information security is the protection of data. Information will be protected mainly based on:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Its confidentiality.
b. Its sensitivity to the company.
c. Its value.
d. All of the choices.
Câu hỏi 6 Which of the following is a communication path that is not protected by the system’s normal security
Đúng mechanisms?
Câu hỏi 7 What should be the size of a Trusted Computer Base?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Small – in order to permit it to be implemented in all critical system components without
using excessive resources.
b. Large – in order to accommodate the implementation of future updates without incurring
the time and expense of recertification.
c. Small – in order to facilitate the detailed analysis necessary to prove that it meets design
requirements.
d. Large – in order to enable it to protect the potentially large number of resources in a
typical commercial system environment.
Câu hỏi 8 Which one of the following is a KEY responsibility for the “Custodian of Data”?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data content and backup
b. Integrity and security of data
c. Classification of data elements
d. Authentication of user access
Câu hỏi 10 Which of the following is a type of mandatory access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Role-based access control
b. User-directed access control
c. Lattice-based access control
d. Rule-based access control
Câu hỏi 11 In a very large environment, which of the following is an administrative burden?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lattice based access control
b. ID bases access control
c. Directory based access control.
d. Rule based access control.
Câu hỏi 12 Making sure that the data is accessible when and where it is needed is which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Availability
b. Integrity
c. Confidentiality
d. Acceptability
Câu hỏi 13 Which factor is critical in all systems to protect data integrity?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Information ownership
b. Data classification
c. Change control
d. System design
Câu hỏi 14 Which of the following are the types of eye scan in use today?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Reflective scans and iris scans.
b. Retinal scans and body scans.
c. Retinal scans and reflective scans.
d. Retinal scans and iris scans.
Câu hỏi 16 What is an example of an individual point of verification in a computerized application?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A check digit.
b. A sensitive transaction.
c. A boundary protection.
d. An inference check.
Câu hỏi 17 According to Common Criteria, what can be described as an intermediate combination of security
Đúng requirement components?
Câu hỏi 19 Which of the following is a disadvantage of a memory only card?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Easy to counterfeit
b. High cost to develop
c. Physically infeasible
d. High cost to operate
Câu hỏi 20 Which of the following correctly describe the features of SSO?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. More key exchanging involved.
b. More efficient log-on.
c. More costly to setup.
d. More costly to administer.
Câu hỏi 21 Which of the following is an advantage of a qualitative over quantitative risk analysis?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It provides specific quantifiable measurements of the magnitude of the impacts.
b. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
c. It makes cost-benefit analysis of recommended controls easier.
Câu hỏi 25 What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Zephyr Chart
b. Decipher Chart
c. Zapper Chart
d. Cipher Chart
Câu hỏi 26 One method to simplify the administration of access controls is to group _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Administrators and managers
b. Objects and subjects
c. Capabilities and privileges
d. Programs and transactions
Câu hỏi 29 The security planning process must define how security will be managed, who will be responsible,
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Who will work in the security department.
b. Who practices are reasonable and prudent for the enterprise.
c. What impact security will have on the intrinsic value of data.
d. How security measures will be tested for effectiveness.
Câu hỏi 30 Which of the following biometric parameters are better suited for authentication use over a long period of
Đúng time?
Introduction to Information Security
Bắt đầu vào lúc Friday, 25 February 2022, 10:10 PM
State Finished
Kết thúc lúc Friday, 25 February 2022, 10:18 PM
Thời gian thực hiện 7 phút 55 giây
Điểm 20,00/20,00
Điểm 10,00 out of 10,00 (100%)
Câu hỏi 1 You are given an Network: 10.0.0.0/8. What is the IP Range of this Network? 10.0.0.0 - ___________.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 10.255.255.254
b. 10.255.255.255
c. 10.0.255.254
d. 10.0.0.255
e. 10.0.0.254
f. 10.255.0.0
g. 10.0.255.0
h. 10.0.255.255
Câu hỏi 2 When there is an excessive amount of data flow, which the system cannot handle, _____ attack takes place.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data overflow Attack
b. DoS (Denial of Service) attack
c. Buffer Overflow attack
d. Database crash attack
Câu hỏi 3 The full form of Malware is ________.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Malfunctioned Software
b. Marvelous Software
c. Malfunctioning of Security
d. Malicious Software
e. Multipurpose Software
Câu hỏi 5 _________ are the special type of programs used for recording and tracking user’s keystroke.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Virus
b. Bugs
c. Trojans
d. Worms
e. Keylogger
Câu hỏi 7 Compromising a user’s session for exploiting the user’s data and do malicious activities or misuse user’s
Đúng credentials is called ___________
Câu hỏi 8 What is the First IP Address of this network: 167.192.154.34/16 ?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 167.0.0.1
b. 167.192.154.34
c. 167.192.0.1
d. 167.192.0.254
e. 167.0.0.0
f. 167.192.154.30
g. 167.192.0.0
h. 167.192.0.255
i. 167.192.154.1
j. 167.192.154.0
k. 167.192.255.254
Câu hỏi 12 This attack can be deployed by infusing a malicious code in a website’s comment section. What is “this”
Đúng attack referred to here?
Câu hỏi 13 Are these 2 IP addresses in the same network? 12.1.3.5/8 & 12.55.66.254/8
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. No
b. Yes
Câu hỏi 14 Are these 2 IP addresses in the same network? 192.168.1.54/25 & 192.168.1.129/25
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. No
b. Yes
Câu hỏi 16 ___________ is a violent act done using the Internet, which either threatens any technology user or leads to loss
Đúng of life or otherwise harms anyone in order to accomplish political gain.
Câu hỏi 17 An attempt to harm, damage or cause threat to a system or network is broadly termed as ______
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Cyber Attack
b. Cyber-crime
c. System hijacking
d. Digital crime
Câu hỏi 18 What is the Last IP Address of this network: 200.215.33.66/27
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 200.215.33.90
b. 200.215.33.100
c. 200.215.255.255
d. 200.215.33.255
e. 200.215.33.105
f. 200.215.34.0
g. 200.215.33.107
h. 200.215.33.95
Câu hỏi 19 How many IP Addresses are there in this network: 12.23.34.45/9?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 262144
b. 2097152
c. 8388608
d. 1048576
e. 4194304
f. 16777216
g. 524288
h. 33554432
Câu hỏi 3 What is it called when a computer uses more than one CPU in parallel to execute instructions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Multiprocessing
b. Parallel running
c. Multithreading
d. Multitasking
Câu hỏi 5 Which of the following will you consider as the MOST secure way of authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password
b. Biometric
c. Ticket Granting
d. Token
Câu hỏi 8 Management can expect penetration tests to provide all of the following EXCEPT _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. identification of security flaws
b. a method to correct the security flaws
c. demonstration of the effects of the flaws
d. verification of the levels of existing infiltration resistance
Câu hỏi 9 You want to apply an access list of 198 to an interface to filter traffic into the interface. Which command will
Đúng achieve this?
Câu hỏi 10 Which must bear the primary responsibility for determining the level of protection needed for information
Đúng systems resources?
Câu hỏi 11 Which one of the following should NOT be contained within a computer policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Definition of legal and regulatory controls
b. Definition of management expectations
c. Responsibilities of individuals and groups for protected information
d. Statement of senior executive support
Câu hỏi 12 An access control policy for a bank teller is an example of the implementation of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. rule-based policy
b. role-based policy
c. identity-based policy
d. user-based policy
Câu hỏi 13 What is the main concern with single sign-on?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The users’ password would be to hard to remember
b. User access rights would be increased
c. Maximum unauthorized access would be possible if a password is disclosed
d. The security administrator’s workload would increase
Câu hỏi 15 Covert channel is a communication channel that can be used for:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Strengthening the security policy.
b. Violating the security policy.
c. Hardening the system.
Câu hỏi 16 Which identification number is valid for an standard ACL?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 299
b. 150
c. 99
d. 2000
Câu hỏi 17 What can best be described as an abstract machine which must mediate all access to subjects to objects?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The reference monitor
b. The security perimeter
c. A security domain
d. The security kernel
Câu hỏi 18 Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s
Đúng identity?
Câu hỏi 19 Which of the following are the valid categories of hand geometry scanning?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mechanical and image-edge detection.
b. Logical and image-edge detection.
c. Electrical and image-edge detection.
d. Mechanical and image-ridge detection.
Câu hỏi 20 What process determines who is trusted for a given purpose?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Authorization
b. Authentication
c. Accounting
d. Identification
Câu hỏi 22 In the Information Flow Model, what acts as a type of dependency?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Successive points
b. Flow
c. State
d. Transformation
Câu hỏi 23 Most computer attacks result in violation of which of the following security properties?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Availability
b. All of the choices
c. Integrity and control
d. Confidentiality
Câu hỏi 24 Related to information security, confidentiality is the opposite of which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. disclosure
b. closure
c. disposal
d. disaster
Câu hỏi 25 Which of the following questions is less likely to help in assessing physical and environmental protection?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Is physical access to data transmission lines controlled?
b. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
c. Are entry codes changed periodically?
d. Are appropriate fire suppression and prevention devices installed and working?
Câu hỏi 26 Which of the following ensures that security is not breached when a system crash or other system failure
Đúng occurs?
Câu hỏi 27 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Accuracy
b. Perceived intrusiveness
c. Reliability
d. Storage requirements
Câu hỏi 28 What is called the access protection system that limits connections by calling back the number of a
Đúng previously authorized location?
Câu hỏi 30 In IPv4 Classful Addressing, what class does 172.15.193.227 belong to?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. D
b. C
c. B
d. E
e. A
Câu hỏi 32 In terms of the order of acceptance, which of the following technologies is the LEAST accepted?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Handprint
b. Fingerprint
c. Iris
d. Retina patterns
Câu hỏi 34 What is the function of a corporate information security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Define the specific assets to be protected and identify the specific tasks which must be
completed to secure them.
b. Issue guidelines in selecting equipment, configuration, design, and secure operations.
c. Issue corporate standard to be used when addressing specific security problems.
d. Define the main security objectives which must be achieved and the security framework
to meet business objectives.
Câu hỏi 35 Which of the following measures would be the BEST deterrent to the theft of corporate information from a
Đúng laptop which was left in a hotel room?
Câu hỏi 36 Who should determine the appropriate access control of information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Server
b. Administrator
c. Owner
d. User
Câu hỏi 37 A server farm is an example of:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Redundant servers
b. Multiple servers
c. Server clustering
d. Server fault tolerance
Câu hỏi 38 Which command will allow you to verify matching statistics for an access control list?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Router#show ip interface fast 0/1
b. Router#show ip access-list 2
c. Router#show access-list
d. Router#debug ip access-list 2
Câu hỏi 39 Risk analysis is MOST useful when applied during which phase of the system development process?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Requirements definition
b. System construction
c. Project identification
d. Implementation planning
Câu hỏi 40 Why would an information security policy require that communications test equipment be controlled?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The equipment must always be available for replacement if necessary
b. The equipment is susceptible to damage
c. The equipment can be used to reconfigure the network multiplexers
d. The equipment can be used to browse information passing on a network
Câu hỏi 42 In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between
Đúng keys?
Câu hỏi 43 What is the essential difference between a self-audit and an independent audit?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Tools used
b. Objectivity
c. Competence
d. Results
Câu hỏi 44 Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
Đúng incorrect?
Câu hỏi 45 Which command can be used to apply the named access control list called named_list to the interface in an
Đúng inbound direction?
Câu hỏi 46 According to Common Criteria, what can be described as an intermediate combination of security
Đúng requirement components?
Câu hỏi 47 The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity
Đúng level, or different need-to-know, is called data _____.
Câu hỏi 48 Which command will allow notes to be added to an access control list?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Router(config-nacl)#remark This is a note about the ACL
b. Router(config-nacl)#note This is a note about the ACL
c. Router(config-nacl)#banner ^This is a note about the ACL^
d. Router(config-nacl)#info This is a note about the ACL
Câu hỏi 49 Which of the following are the benefits of Keystroke dynamics?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Unintrusive device
b. Low cost
c. All of the choices
d. Transparent
Câu hỏi 50 What tool do you use to determine whether a host is vulnerable to known attacks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Padded Cells
b. Honey Pots
c. IDS
d. Vulnerability analysis
Câu hỏi 51 What is called a type of access control where a central authority determines what subjects can have access to
Sai certain objects, based on the organizational security policy?
Câu hỏi 52 The Trusted Computer Security Evaluation Criteria (TBSEC) provides
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. a system analysis and penetration technique where specifications and document for the
system are analyzed.
b. a formal static transition model of computer security policy that describes a set of access
control rules.
c. a basis for assessing the effectiveness of security controls built into automatic data-
processing system products
d. a means of restricting access to objects based on the identity of subjects and groups to
which they belong.
Câu hỏi 55 Which of the following is most relevant to determining the maximum effective cost of access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Budget planning related to base versus incremental spending.
b. The value of information that is protected
c. Management’s perceptions regarding data importance
d. The cost to replace lost data.
Câu hỏi 57 Which of the following choices is NOT part of a security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Definition of general and specific responsibilities for information security management
b. Description of specific technologies used in the field of information security
c. Definition of overall steps of information security and the importance of security
d. Statement of management intend, supporting the goals and principles of information
security
Câu hỏi 58 What is a protocol used for carrying authentication, authorization, and configuration information between a
Đúng Network Access Server and a shared Authentication Server?
Câu hỏi 59 How are memory cards and smart cards different?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Smart cards provide a two-factor authentication whereas memory cards don’t
b. Memory cards have no processing power
c. Memory cards normally hold more memory than smart cards
d. Only smart cards can be used for ATM cards
Câu hỏi 60 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A user list to find a name.
b. Through storage to acquire information.
c. Through log files for trusted path information.
d. Through data for information content.
Introduction to Information Security
Bắt đầu vào lúc Tuesday, 29 March 2022, 1:19 PM
State Finished
Kết thúc lúc Tuesday, 29 March 2022, 1:34 PM
Thời gian thực hiện 15 phút 23 giây
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Câu hỏi 3 The technique of skimming small amounts of money from multiple transactions is called the _____?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Synchronous attack technique
b. Scavenger technique
c. Salami technique
d. Leakage technique
Câu hỏi 5 Which of the following would be the first step in establishing an information security program?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Development and implementation of an information security standards manual
b. Development of a security awareness-training program
c. Purchase of security access control software
d. Adoption of a corporate information security policy statement
Câu hỏi 6 What is it called when a computer uses more than one CPU in parallel to execute instructions?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Multithreading
b. Multiprocessing
c. Parallel running
d. Multitasking
Câu hỏi 7 Which of the following implements the authorized access relationship between subjects and objects of a
Đúng system?
Câu hỏi 9 Ensuring the integrity of business information is the PRIMARY concern of _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Procedural Security
b. On-line Security
c. Logical Security
d. Encryption Security
Câu hỏi 10 Which of the following questions is less likely to help in assessing physical and environmental protection?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or
steal printed or electronic information?
b. Are appropriate fire suppression and prevention devices installed and working?
c. Are entry codes changed periodically?
d. Is physical access to data transmission lines controlled?
Câu hỏi 11 What type of subsystem is an application program that operates outside the operating system and carries
Đúng out functions for a group of users, maintains some common data for all users in the group, and protects the
data from improper access by users in the group?
Đạt điểm 1,00 trên
1,00
Select one:
a. Directory subsystem
b. File subsystem
c. Protected subsystem
d. Prevented subsystem
Câu hỏi 12 What physical characteristics does a retinal scan biometric device measure?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The pattern of blood vessels at the back of the eye
b. The amount of light reflected by the retina
c. The size, curvature, and shape of the retina
d. The amount of light reaching the retina
Câu hỏi 14 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Đúng appropriately defined?
Câu hỏi 16 What is a PRIMARY reason for designing the security kernel to be as small as possible?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. System performance and execution are enhanced.
b. The operating system cannot be easily penetrated by users.
c. Changes to the kernel are not required as frequently.
d. Due to its compactness, the kernel is easier to formally verify.
Câu hỏi 17 Which of the following prevents, detects, and corrects errors so that the integrity, availability, and
Đúng confidentiality of transactions over networks may be maintained?
Câu hỏi 19 Which type of ACL should be placed closest to the destination of traffic?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Standard
b. Dynamic
c. Extended
d. Expanded
Câu hỏi 20 What security risk does a covert channel create?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data can be disclosed by inference.
b. It bypasses the reference monitor functions.
c. A process can signal information to another process.
d. A user can send data to another user.
Câu hỏi 21 What security model implies a central authority that determines what subjects can have access to what
Đúng objects?
Câu hỏi 22 Qualitative loss resulting from the business interruption does not include:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Loss of competitive advantage or market share
b. Public embarrassment
c. Loss of public confidence and credibility
d. Loss of revenue
Câu hỏi 23 One method to simplify the administration of access controls is to group _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Programs and transactions
b. Administrators and managers
c. Capabilities and privileges
d. Objects and subjects
Câu hỏi 24 A common Limitation of information classification systems is the INABILITY to ____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Limit the number of classifications.
b. Establish information ownership.
c. Generate internal labels on diskettes.
d. Declassify information when appropriate.
Câu hỏi 25 What is called the formal acceptance of the adequacy of a system’s overall security by the management?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Acceptance
b. Evaluation
c. Certification
d. Accreditation
Câu hỏi 26 In the process of facial identification, the basic underlying recognition technology of facial identification
Đúng involves:
Câu hỏi 27 Which of the following are the valid categories of hand geometry scanning?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mechanical and image-edge detection.
b. Logical and image-edge detection.
c. Mechanical and image-ridge detection.
d. Electrical and image-edge detection.
Câu hỏi 28 What is a security requirement that is unique to Compartmented Mode Workstations (CMW)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Object Labels
b. Information Labels
c. Reference Monitors
d. Sensitivity Labels
Câu hỏi 29 Convert this IP Address to Binary Notation: 172.152.98.194
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 11101110.11011100.10110010.11101011
b. 10001110.10011100.00100010.11001010
c. 10101100.10011000.01100010.11000010
d. 10101100.10011100.00000010.11000010
e. 10001110.11011100.10100010.11001011
Câu hỏi 30 Which one of the following is the MOST critical characteristic of a biometrics system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Throughput
b. Accuracy
c. Reliability
d. Acceptability
Câu hỏi 31 Which risk management methodology uses the exposure factor multiplied by the asset value to determine its
Đúng outcome?
Câu hỏi 32 Data inference violations can be reduced using ____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Rules based meditation.
b. Correct-state transformation.
c. Polyinstantiation technique.
d. Multi-level data classification.
Câu hỏi 33 Which of the following is a communication path that is not protected by the system’s normal security
Đúng mechanisms?
Câu hỏi 34 Which command will allow you to verify matching statistics for an access control list?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Router#show ip interface fast 0/1
b. Router#debug ip access-list 2
c. Router#show ip access-list 2
d. Router#show access-list
Câu hỏi 35 What is an example of an individual point of verification in a computerized application?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A sensitive transaction.
b. An inference check.
c. A check digit.
d. A boundary protection.
Câu hỏi 36 Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
Đúng incorrect?
Câu hỏi 37 The Common Criteria construct which allows prospective consumers or developers to create standardized
Sai sets of security requirements to meet there needs is
Câu hỏi 38 What represents the amount of time you hold down in a particular key?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Flight time
b. Dynamic time
c. Systems time
d. Dwell time
Câu hỏi 39 Which of the following are the types of eye scan in use today?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Retinal scans and body scans.
b. Retinal scans and reflective scans.
c. Reflective scans and iris scans.
d. Retinal scans and iris scans.
Câu hỏi 40 What best describes this scenario? This is a common security issue that is extremely hard to control in large
Đúng environments. It occurs when a user has more computer rights, permissions, and privileges that what is
required for the tasks the user needs to fulfill.
Đạt điểm 1,00 trên
1,00
Select one:
a. Excessive Rights
b. Excessive Privileges
c. Excessive Permissions
d. Excessive Access
Câu hỏi 41 What is the First IP Address of this network: 167.192.154.34/16 ?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 167.192.0.1
b. 167.0.0.0
c. 167.0.0.1
d. 167.192.255.254
e. 167.192.0.254
f. 167.192.154.34
g. 167.192.154.30
h. 167.192.0.0
i. 167.192.154.1
j. 167.192.0.255
k. 167.192.154.0
Câu hỏi 42 The access matrix model consists of which of the following parts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A list of subjects.
b. A function that returns an objects type.
c. All of the choices
d. A list of objects.
Câu hỏi 43 You want to apply an access list of 198 to an interface to filter traffic into the interface. Which command will
Đúng achieve this?
Câu hỏi 45 They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used
Đúng to supply static and dynamic passwords are called:
Câu hỏi 46 Which one of the following are examples of security and controls that would be found in a “trusted”
Đúng application system?
Câu hỏi 47 Which of the following is a feature of the Rule based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The use of profile.
b. The use of token.
c. The use of data flow diagram.
d. The use of information flow label.
Câu hỏi 48 How many host addresses can be assigned to this network: 222.168.141.133/27
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 126
b. 32
c. 14
d. 62
e. 16
f. 128
g. 64
h. 30
Câu hỏi 49 All of the following are basic components of a security policy EXCEPT the _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. statement of roles and responsibilities
b. statement of applicability and compliance requirements.
c. definition of the issue and statement of relevant terms.
d. statement of performance of characteristics and requirements.
Câu hỏi 50 Access control techniques do not include which of the following choices?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Mandatory Access Controls
b. Relevant Access Controls
c. Lattice Based Access Controls
d. Discretionary Access Controls
Câu hỏi 51 Which of the following are the benefits of Keystroke dynamics?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Unintrusive device
b. Low cost
c. Transparent
d. All of the choices
Câu hỏi 52 Which of the following describes the major disadvantage of many SSO implementations?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Once a user obtains access to the system through the initial log-on, they only need to
logon to some applications.
b. The initial logon process is cumbersome to discourage potential intruders
c. Once a user obtains access to the system through the initial log-on they can freely roam
the network resources without any restrictions
d. Once a user obtains access to the system through the initial log-on, he has to logout
from all other systems
Câu hỏi 53 In a very large environment, which of the following is an administrative burden?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lattice based access control
b. Directory based access control.
c. ID bases access control
d. Rule based access control.
Câu hỏi 54 What principle requires that a user be given no more privilege then necessary to perform a job?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Principle of least privilege.
b. Principle of most privilege.
c. Principle of aggregate privilege.
d. Principle of effective privilege.
Câu hỏi 55 Which command can be used to apply the named access control list called named_list to the interface in an
Đúng inbound direction?
Câu hỏi 56 Which of the following offers advantages such as the ability to use stronger passwords, easier password
Đúng administration, and faster resource access?
Câu hỏi 57 A central authority determines what subjects can have access to certain objects based on the organizational
Đúng security policy is called:
Câu hỏi 58 Which level of “least privilege” enables operators the right to modify data directly in it’s original location, in
Đúng addition to data copied from the original location?
Câu hỏi 59 Convert this IP Address to Decimal Notation: 11001011.10001000.10111100.00011100
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. 222.168.141.133
b. 135.109.38.62
c. 226.159.226.215
d. 87.162.10.234
e. 122.242.117.99
f. 51.213.182.31
g. 203.136.188.28
h. 146.156.244.135
Introduction to Information Security
Bắt đầu vào lúc Thursday, 14 April 2022, 9:57 PM
State Finished
Kết thúc lúc Thursday, 14 April 2022, 10:27 PM
Thời gian thực hiện 30 phút 1 giây
Điểm 49,00/60,00
Điểm 8,17 out of 10,00 (82%)
Câu hỏi 1 Which one of the following is an important characteristic of an information security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Lists applications that support the business function.
b. Identifies major functional areas of information.
c. Quantifies the effect of the loss of the information.
d. Requires the identification of information owners.
Câu hỏi 2 A storage information architecture does not address which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. management of data
b. use of data
c. archiving of data
d. collection of data
Câu hỏi 3 A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Phreaking
b. Trojan horse
c. SYN flood
d. Spoofing
Câu hỏi 5 Which of the following could illegally capture network user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Sniffing
b. Spoofing
c. Data diddling
d. Smurfing
Câu hỏi 7 Which of the following media is MOST resistant to tapping?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Coaxial cable
b. Fiber optic
c. Microwave
d. Twisted pair
Câu hỏi 8 Which of the following provide network redundancy in a local network environment?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Dual backbones
b. Shadowing
c. Mirroring
d. Duplexing
Câu hỏi 9 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and
Đúng reduced maintenance?
Câu hỏi 10 A backup of all files that are new or modified since the last full backup is
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. In incremental backup
b. A father/son backup
c. A full backup
d. A differential backup
Câu hỏi 11 Which of the following refers to the data left on the media after the media has been erased?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. remanence
b. sticky bits
c. recovery
d. semi-hidden
Câu hỏi 12 In the process of facial identification, the basic underlying recognition technology of facial identification
Đúng involves:
Câu hỏi 13 What process determines who is trusted for a given purpose?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Authentication
b. Authorization
c. Identification
d. Accounting
Câu hỏi 14 Which of the following will you consider as the MOST secure way of authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Token
b. Password
c. Ticket Granting
d. Biometric
Câu hỏi 15 Which of the following will you consider as a program that monitors data traveling over a network?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Fragmenter
b. Smurfer
c. Spoofer
d. Sniffer
Câu hỏi 16 What is the FIRST step that should be considered in a penetration test?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The development of a detailed test plan.
b. The communication process among team members.
c. The approval of change control management.
d. The formulation of specific management objectives.
Câu hỏi 17 Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant
Đúng advantage?
Câu hỏi 19 How are memory cards and smart cards different?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Memory cards have no processing power
b. Only smart cards can be used for ATM cards
c. Smart cards provide a two-factor authentication whereas memory cards don’t
d. Memory cards normally hold more memory than smart cards
Câu hỏi 20 Organizations develop change control procedures to ensure that _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Changes are controlled by the Policy Control Board (PCB).
b. Management is advised of changes made to systems.
c. All changes are authorized, tested, and recorded.
d. All changes are requested, scheduled, and completed on time.
Câu hỏi 21 Under Mandatory Access Control (MAC), which of the following is true?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. All that is not expressly permitted is forbidden.
b. All that is expressly permitted is forbidden.
c. All that is not expressly permitted is not forbidden.
Câu hỏi 22 By far, the largest security exposure in application system development relates to
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Maintenance and debugging hooks.
b. Change control.
c. Errors and lack of training.
d. Deliberate compromise.
Câu hỏi 24 Which of the following is not a media viability control used to protect the viability of data storage media?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. marking
b. storage
c. clearing
d. handling
Câu hỏi 26 Which of the following is a facial feature identification product that can employ artificial intelligence and can
Đúng require the system to learn from experience?
Câu hỏi 27 Which of the following is a means of restricting access to objects based on the identity of the subject to
Đúng which they belong?
Câu hỏi 28 Role based access control is attracting increasing attention particularly for what applications?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Technical
b. Security
c. Commercial
d. Scientific
Câu hỏi 29 Discretionary access control (DAC) and mandatory access control (MAC) policies can be effectively replaced
Đúng by:
Câu hỏi 31 Which of the following will you consider as most secure?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Login phrase
b. Password
c. One time password
d. Login ID
Câu hỏi 32 In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between
Sai keys?
Câu hỏi 33 Which one of the following authentication mechanisms creates a problem for mobile users?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. reusable password mechanism
b. address-based mechanism
c. one-time password mechanism
d. challenge response mechanism
Câu hỏi 35 Which of the following statements pertaining to the security kernel is incorrect?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It must provide isolation for the processes carrying out the reference monitor concept
and they must be tamperproof
b. It is an access control concept, not an actual physical component
c. It must be small enough to be able to be tested and verified in a complete and
comprehensive manner
d. It is made up of mechanisms that fall under the TCB and implements and enforces the
reference monitor concept.
Câu hỏi 36 Operations Security seeks to primarily protect against which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. asset threats
b. object reuse
c. compromising emanations
d. facility disaster
Câu hỏi 37 Which one of the following is the MOST solid defense against interception of a network transmission?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Encryption
b. Frequency hopping
c. Optical fiber
d. Alternate routing
Câu hỏi 38 Under (Mandatory Access Control) MAC, who can change the category of a resource?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All managers.
b. Administrators only.
c. All users.
Câu hỏi 40 In a change control environment, which one of the following REDUCES the assurance of proper changes to
Đúng source programs in production status?
Câu hỏi 41 Which of the following files should the security administrator be restricted to READ only access?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. System log
b. User passwords
c. User profiles
d. Security parameters
Câu hỏi 44 What is the most effective means of determining how controls are functioning within an operating system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Interview with computer operator
b. Review of operating system manual
c. Review of software control features and/or parameters
d. Interview with product vendor
Câu hỏi 45 Which of the following is an effective measure against a certain type of brute force password attack?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password reuse is not allowed.
b. Password used must not be a word found in a dictionary.
c. Password history is used.
Câu hỏi 47 The type of discretionary access control that is based on an individual’s identity is called:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Non-Discretionary access control
b. Lattice-based access control
c. Rule-based access control
d. Identity-based access control
Câu hỏi 48 Which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Covert channels
b. Timing channels
c. Storage channels
d. Object channels
Câu hỏi 49 What can best be described as an abstract machine which must mediate all access to subjects to objects?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A security domain
b. The security kernel
c. The reference monitor
d. The security perimeter
Câu hỏi 51 The design phase in a system development life cycle includes all of the following EXCEPT
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Developing an operations and maintenance manual.
b. Determining sufficient security controls.
c. Conducting a detailed design review.
d. Developing a validation, verification, and testing plan.
Câu hỏi 52 Which of the following prevents, detects, and corrects errors so that the integrity, availability, and
Đúng confidentiality of transactions over networks may be maintained?
Câu hỏi 54 A method for a user to identify and present credentials only once to a system is known as:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. SSL
b. SSO
c. IPSec
d. SEC
Câu hỏi 55 What is the function of a corporate information security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Issue corporate standard to be used when addressing specific security problems.
b. Issue guidelines in selecting equipment, configuration, design, and secure operations.
c. Define the main security objectives which must be achieved and the security framework
to meet business objectives.
d. Define the specific assets to be protected and identify the specific tasks which must be
completed to secure them.
Câu hỏi 56 What ensures that attributes in a table depend only on the primary key?
Không trả lời
Select one:
Đạt điểm 1,00
a. Entity integrity
b. The database management system (DBMS)
c. Data Normalization
d. Referential integrity
Câu hỏi 58 Memory only cards work based on:
Không trả lời
Select one:
Đạt điểm 1,00
a. Something you know.
b. Something you have.
c. Something you know and something you have.
d. None of the choices.
Câu hỏi 59 What is one advantage of deploying Role based access control in large networked applications?
Không trả lời
Select one:
Đạt điểm 1,00
a. Higher security
b. User friendliness
c. Higher bandwidth
d. Lower cost
Câu hỏi 60 Which of the following is a communication path that is not protected by the system’s normal security
Không trả lời mechanisms?
Introduction to Information Security
Bắt đầu vào lúc Friday, 15 April 2022, 6:06 PM
State Finished
Kết thúc lúc Friday, 15 April 2022, 6:35 PM
Thời gian thực hiện 28 phút 31 giây
Điểm 34,00/60,00
Điểm 5,67 out of 10,00 (57%)
Câu hỏi 1 Identification and authentication are the keystones of most access control systems. Identification establishes:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. top management accountability for the actions on the system
b. EDP department accountability for the actions of users on the system
c. user accountability for the actions on the system
d. authentication for actions on the system
Câu hỏi 2 What is called the type of access control where there are pairs of elements that have the least upper bound
Đúng of values and greatest lower bound of values?
Câu hỏi 3 Which of the following would constitute the best example of a password to use for access to a system by a
Đúng network administrator?
Câu hỏi 4 Which of the following functions is less likely to be performed by a typical security administrator?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Adding and removing system users
b. Setting or changing file sensitivity labels
c. Setting user clearances and initial passwords
d. Reviewing audit data
Câu hỏi 5 Which security model introduces access to objects only through programs?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The Clark-Wilson model
b. The Biba model
c. The Bell-LaPadula model
d. The information flow model
Câu hỏi 6 What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive
Đúng information on the smartcard?
Câu hỏi 7 Which of the following is the MOST secure network access control procedure to adopt when using a callback
Đúng device?
Câu hỏi 8 What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of
Đúng an information system?
Câu hỏi 9 Which of the following is true of two-factor authentication?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It requires two measurements of hand geometry
b. It does not use single sign-on technology
c. It relies on two independent proofs of identity
d. It uses the RSA public-key signature based algorithm on integers with large prime
factors
Câu hỏi 10 What tool do you use to determine whether a host is vulnerable to known attacks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. IDS
b. Vulnerability analysis
c. Padded Cells
d. Honey Pots
Câu hỏi 12 They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used
Đúng to supply static and dynamic passwords are called:
Câu hỏi 13 If your property insurance has Actual Cost Evaluation (ACV) clause your damaged property will be
Đúng compensated:
Câu hỏi 14 Which of the following phases of a system development life-cycle is most concerned with authenticating
Đúng users and processes to ensure appropriate access control decisions?
Câu hỏi 15 Which of the following department managers would be best suited to oversee the development of an
Đúng information security policy?
Câu hỏi 17 What setup should an administrator use for regularly testing the strength of user passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A password-cracking program is unethical; therefore it should not be used.
b. A networked workstation so the password database can easily be copied locally and
processed by the cracking program
c. A standalone workstation on which the password database is copied and processed by
the cracking program
d. A networked workstation so that the live password database can easily be accessed by
the cracking program
Câu hỏi 18 Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a
Đúng system?
Câu hỏi 20 Which of the following correctly describe Role based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ticketing system.
b. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your organizations structure.
c. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your user profile groups.
d. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ACL.
Câu hỏi 21 In the context of computer security, “scavenging” refers to searching _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Through storage to acquire information.
b. Through log files for trusted path information.
c. Through data for information content.
d. A user list to find a name.
Câu hỏi 22 With role-based access control (RBAC), each user can be assigned:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A token role.
b. A security token.
c. One or more roles.
d. Only one role.
Câu hỏi 23 What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain
Sai access to a target computer system?
Câu hỏi 24 If a token and 4-digit personal identification number (PIN) are used to access a computer system and the
Đúng token performs off-line checking for the correct PIN, what type of attack is possible?
Câu hỏi 25 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification
Sai could only be based on physical attributes of a person. This raised the necessicity of answering 2 questions:
Câu hỏi 26 Which of the following is a communication mechanism that enables direct conversation between two
Đúng applications?
Câu hỏi 27 The INITIAL phase of the system development life cycle would normally include
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Project status summary
b. Executive project approval
c. Cost-benefit analysis
d. System design review
Câu hỏi 29 Which of the following are the benefits of Keystroke dynamics?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices
b. Low cost
c. Transparent
d. Unintrusive device
Câu hỏi 30 Which of the following would provide the best stress testing environment?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Production environment using test data
b. Test environment using live workloads
c. Production environment using live workloads
d. Test environment using test data
Câu hỏi 31 What type of wiretapping involves injecting something into the communications?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Active
b. Passive
c. Captive
d. Aggressive
Câu hỏi 32 Which of the following correctly describe discretionary access control (DAC)?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It can extend beyond limiting which subjects can gain what type of access to which
objects.
b. It is the most secure method.
c. It is the least secure method.
Câu hỏi 33 Which of the following statements is incorrect?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Since the early days of mankind humans have struggled with the problems of protecting
assets
b. There has never been a problem of lost keys
c. The addition of a PIN keypad to the card reader was a solution to unreported card or lost
cards problems
d. Human guard is an inefficient and sometimes ineffective method of protecting resources
Câu hỏi 34 Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched
Sai Ethernet in a hub-and-spoke or star topology?
Câu hỏi 35 What is called the access protection system that limits connections by calling back the number of a
Sai previously authorized location?
Câu hỏi 36 A periodic review of user account management should not determine:
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Conformity with the concept of least privilege
b. Whether management authorizations are up-to-date
c. Whether active accounts are still being used
d. Strength of user-chosen passwords
Câu hỏi 37 Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL)
Sai database objects to specific users or groups?
Câu hỏi 39 The Common Criteria construct which allows prospective consumers or developers to create standardized
Sai sets of security requirements to meet there needs is
Câu hỏi 40 Which of the following biometric devices has the lowest user acceptance level?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Voice recognition
b. Hand geometry
c. Signature recognition
d. Fingerprint scan
Câu hỏi 41 A system uses a numeric password with 1-4 digits. How many passwords need to be tried before it is cracked?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. 1000000
b. 100000
c. 10000 tu 0000 den 9999
d. 1024
Câu hỏi 42 Which of the following is commonly used for retrofitting multilevel security to a database management
Sai system?
Câu hỏi 43 A persistent collection of interrelated data items can be defined as which of the following?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. database security
b. database
c. database management system
d. database shadowing
Câu hỏi 44 Which one of the following properties of a transaction processing system ensures that once a transaction
Sai completes successfully (commits), the update service even if there is a system failure?
Câu hỏi 45 Which one of the following documents is the assignment of individual roles and responsibilities MOST
Sai appropriately defined?
Câu hỏi 46 Which of the following best explains why computerized information systems frequently fail to meet the
Đúng needs of users?
Câu hỏi 47 Which access control model enables the owner of the resource to specify what subjects can access specific
Sai resources?
Câu hỏi 48 What should you do immediately if the root password is compromised?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Decrease the value of password history.
b. Increase the value of password age.
c. Change all passwords.
d. Change the root password.
Câu hỏi 49 Which one of the following traits allows macro viruses to spread more effectively than other types?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. They attach to executable and batch applications.
b. They infect macro systems as well as micro computers.
c. They spread in distributed systems without detection
d. They can be transported between different operating systems.
Câu hỏi 50 Program change controls must ensure that all changes are
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Within established performance criteria.
b. Audited to verify intent.
c. Tested to ensure correctness.
d. Implemented into production systems.
Câu hỏi 51 Who is responsible for setting user clearances to computer-based information?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Operators
b. Data custodians
c. Data owners
d. Security administrators
Câu hỏi 52 Which access control would a lattice-based access control be an example of?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Non-discretionary access control
b. Mandatory access control
c. Discretionary access control
d. Rule-based access control
Câu hỏi 53 Which of the following statements pertaining to ethical hacking is incorrect?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. An organization should use ethical hackers who do not sell auditing, consulting,
hardware, software, firewall, hosting, and/or networking services
b. Testing should be done remotely
c. Ethical hacking should not involve writing to or modifying the target systems
d. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in
the organizations IT system.
Câu hỏi 54 Which of the following refers to the work product satisfying the real-world requirements and concepts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. verification
b. validation
c. accuracy
d. concurrence
Câu hỏi 56 Which of the following correctly describe the difference between identification and authentication?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Identification is the child process of authentication.
b. Identification is another name of authentication.
c. Identification is a means to verify who you are, while authentication is what you are
authorized to perform.
d. Authentication is a means to verify who you are, while identification is what you are
authorized to perform.
Câu hỏi 57 Authentication is typically based upon:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Something you are.
b. Something you have.
c. All of the choices.
d. Something you know.
Câu hỏi 58 Which of the following methodologies is appropriate for planning and controlling activities and resources in
Sai a system project?
Câu hỏi 59 What are the valid types of one time password generator?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Transaction synchronous
b. Asynchronous/PIN asynchronous
c. All of the choices.
d. Synchronous/PIN synchronous
Câu hỏi 60 Which of the following is not a critical security aspect of Operations Controls?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. Data media used
b. Controls over hardware
c. Operations using resources
d. Environment controls
Introduction to Information Security
Bắt đầu vào lúc Friday, 15 April 2022, 9:32 PM
State Finished
Kết thúc lúc Saturday, 16 April 2022, 4:11 PM
Thời gian thực hiện 18 giờ 39 phút
Quá hạn 18 giờ 9 phút
Điểm 4,00/60,00
Điểm 0,67 out of 10,00 (7%)
Câu hỏi 1 In a very large environment, which of the following is an administrative burden?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Directory based access control.
b. ID bases access control
c. Lattice based access control
d. Rule based access control.
Câu hỏi 2 Which of the following implements the authorized access relationship between subjects and objects of a
Không trả lời system?
Câu hỏi 3 Which model, based on the premise that the quality of a software product is a direct function of the quality
Không trả lời of it’s associated software development and maintenance processes, introduced five levels with which the
maturity of an organization involved in the software process is evaluated?
Đạt điểm 1,00
Select one:
a. The Software Capability Maturity Model
b. The IDEAL Model
c. The total Quality Model (TQM)
d. The Spiral Model
Câu hỏi 4 Which of the following defines the software that maintains and provides access to the database?
Không trả lời
Select one:
Đạt điểm 1,00
a. Interface Definition Language system (IDLS)
b. relational database management systems (RDBMS)
c. database management system (DBMS)
d. database identification system (DBIS)
Câu hỏi 6 Which one of the following are examples of security and controls that would be found in a “trusted”
Đúng application system?
Câu hỏi 7 What is known as decoy system designed to lure a potential attacker away from critical systems?
Không trả lời
Select one:
Đạt điểm 1,00
a. File Integrity Checker
b. Honey Pots
c. Vulnerability Analysis Systems
d. Padded Cells
Câu hỏi 8 Which state must a computer system operate to process input/output instructions?
Không trả lời
Select one:
Đạt điểm 1,00
a. Interprocess communication
b. Stateful inspection
c. Supervisor mode
d. User mode
Câu hỏi 9 Which of the following is being considered as the most reliable kind of personal identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Finger print
b. Password
c. Ticket Granting
d. Token
Câu hỏi 10 What is the most critical characteristic of a biometric identifying system?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Storage requirements
b. Perceived intrusiveness
c. Accuracy
d. Reliability
Câu hỏi 11 Which of the following is an example of an active attack? Scanning is another true option
Không trả lời
Select one:
Đạt điểm 1,00
a. Shoulder surfing
some examples about active attacks:
b. Masquerading +) masquerade
+) Modification of messages
c. Traffic analysis +) Repudiation
+) Replay
d. Eavesdropping +) Denial of Service
Câu hỏi 12 Passwords can be required to change monthly, quarterly, or any other intervals:
Không trả lời
Select one:
Đạt điểm 1,00
a. depending on the criticality of the information needing protection and the password’s
frequency of use
b. not depending on the criticality of the information needing protection but depending on
the password’s frequency of use
c. depending on the criticality of the information needing protection
d. depending on the password’s frequency of use
Câu hỏi 14 Which of the following correctly describe “good” security practice?
Không trả lời
Select one:
Đạt điểm 1,00
a. You should ensure that there are no accounts without passwords.
b. You should have a procedure in place to verify password strength.
c. All of the choices.
d. Accounts should be monitored regularly.
Câu hỏi 15 Which one of the following is commonly used for retrofitting multilevel security to a Database Management
Không trả lời System?
Câu hỏi 16 Which one of the following control steps is usually NOT performed in data warehousing applications?
Không trả lời
Select one:
Đạt điểm 1,00
a. Reconcile data moved between the operations environment and data warehouse.
b. Control meta data from being used interactively.
c. Monitor the data purging plan.
d. Monitor summary tables for regular use.
Câu hỏi 17 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
Không trả lời
Select one:
Đạt điểm 1,00
a. Authentication
b. Identification
c. Confidentiality
d. Integrity
Câu hỏi 18 Normalizing data within a database includes all of the following except which?
Không trả lời
Select one:
Đạt điểm 1,00
a. Eliminating duplicate key fields by putting them into separate tables
b. Eliminating repeating groups by putting them into separate tables
c. Eliminating attributes in a table that are not dependent on the primary key of that table
d. Eliminating redundant data
Câu hỏi 20 What is a protocol used for carrying authentication, authorization, and configuration information between a
Không trả lời Network Access Server and a shared Authentication Server?
Câu hỏi 21 Which of the following is true about Mandatory Access Control (MAC)?
Không trả lời
Select one:
Đạt điểm 1,00
a. It is more scalable than DAC (Discretionary Access Control).
b. It is more flexible than DAC (Discretionary Access Control).
c. It is more secure than DAC.(Discretionary Access Control).
d. It is less secure than DAC (Discretionary Access Control).
Câu hỏi 22 Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
Không trả lời
Select one:
Đạt điểm 1,00
a. All managers.
b. None of the choices.
c. All users.
d. Administrators only.
Câu hỏi 23 Which of the following refers to the number of columns in a table?
Không trả lời
Select one:
Đạt điểm 1,00
a. Schema
b. Cardinality
c. Relation
d. Degree
Câu hỏi 24 What type of password makes use of two totally unrelated words?
Không trả lời
Select one:
Đạt điểm 1,00
a. Login phrase
b. Login ID
c. Composition
d. One time password
Câu hỏi 25 Fault tolerance countermeasures are designed to combat threats to _____
Không trả lời
Select one:
Đạt điểm 1,00
a. backup and retention capability
b. data integrity
c. design reliability
d. an uninterruptible power supply
Câu hỏi 26 What tool is being used to determine whether attackers have altered system files of executables?
Không trả lời
Select one:
Đạt điểm 1,00
a. Vulnerability Analysis Systems
b. File Integrity Checker
c. Padded Cells
d. Honey Pots
Câu hỏi 27 A department manager has read access to the salaries of the employees in his/her department but not to the
Không trả lời salaries of employees in other departments. A database security mechanism that enforces this policy would
typically be said to provide which of the
Đạt điểm 1,00
Select one:
a. least privileges access control
b. ownership-based access control
c. context-dependent access control
d. content-dependent access control
Câu hỏi 30 Which one of the following is a KEY responsibility for the “Custodian of Data”?
Không trả lời
Select one:
Đạt điểm 1,00
a. Classification of data elements
b. Data content and backup
c. Authentication of user access
d. Integrity and security of data
Câu hỏi 31 What is the window of time for recovery of information processing capabilities based on?
Không trả lời
Select one:
Đạt điểm 1,00
a. Applications that are mainframe based
b. Criticality of the operations affected
c. Quality of the data to be processed
d. Nature of the disaster
Câu hỏi 32 Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of
Không trả lời occurrence and _____.
Câu hỏi 33 In order to avoid mishandling of media or information, you should consider using:
Không trả lời
Select one:
Đạt điểm 1,00
a. Ticket
b. Token
c. Labeling
Câu hỏi 37 What is a security requirement that is unique to Compartmented Mode Workstations (CMW)?
Không trả lời
Select one:
Đạt điểm 1,00
a. Information Labels
b. Sensitivity Labels
c. Reference Monitors
d. Object Labels
Câu hỏi 39 Which of the following actions can increase the cost of an exhaustive attack?
Không trả lời
Select one:
Đạt điểm 1,00
a. Increase the length of a password.
b. Increase the age of a password.
c. Increase the history of a password.
Câu hỏi 40 Which option is NOT a benefit derived from the use of neural networks?
Không trả lời
Select one:
Đạt điểm 1,00
a. Input-Output Mapping
b. Linearity
c. Fault Tolerance
d. Adaptivity
Câu hỏi 42 Which of the following addresses cumbersome situations where users need to log on multiple times to
Không trả lời access different resources?
Câu hỏi 43 A computer program used to process the weekly payroll contains an instruction that the amount of the gross
Không trả lời pay cannot exceed $2,500 for any one employee. This instruction is an example of a control that is referred to
as a:
Đạt điểm 1,00
Select one:
a. record check
b. limit check
c. sequence check
d. check digit
Câu hỏi 44 What is called an automated means of identifying or authenticating the identity of a living person based on
Không trả lời physiological or behavioral characteristics?
Câu hỏi 46 In terms of the order of acceptance, which of the following technologies is the LEAST accepted?
Không trả lời
Select one:
Đạt điểm 1,00 note: "MOST accepted"
a. Fingerprint answer is "voice pattern"
b. Retina patterns
c. Handprint
d. Iris
Câu hỏi 47 Which of the following correctly describe the features of SSO?
Không trả lời
Select one:
Đạt điểm 1,00
a. More costly to administer.
b. More efficient log-on.
c. More costly to setup.
d. More key exchanging involved.
Câu hỏi 49 Valuable paper insurance coverage does not cover damage to which of the following?
Không trả lời
Select one:
Đạt điểm 1,00
a. Records
b. Money and Securities
c. Manuscripts
d. Inscribed, printed and written documents
Câu hỏi 50 According to Common Criteria, what can be described as an intermediate combination of security
Không trả lời requirement components?
Câu hỏi 51 Which of the following is the most secure way to distribute password?
Không trả lời
Select one:
Đạt điểm 1,00
a. Employees must send in a signed email before obtaining a password.
b. Employees must show up in person and present proper identification before obtaining a
password.
c. Employees must send in an email before obtaining a password.
d. None of the choices.
Câu hỏi 53 Which of the following would be the first step in establishing an information security program?
Không trả lời another correct answer: "Develop the security plan"
Select one:
Đạt điểm 1,00
a. Development of a security awareness-training program
b. Purchase of security access control software
c. Adoption of a corporate information security policy statement
d. Development and implementation of an information security standards manual
Câu hỏi 54 An active content module, which attempts to monopolize and exploits system resources is called a
Không trả lời
Select one:
Đạt điểm 1,00
a. Macro virus
b. Hostile applet
c. Plug-in worm
d. Cookie
Câu hỏi 55 With mandatory access control (MAC), who may make decisions that bear on policy?
Không trả lời
Select one:
Đạt điểm 1,00
a. Manager
b. All users.
c. Administrator
d. Guest
Câu hỏi 56 Which situation would TEMPEST risks and technologies be of MOST interest?
Không trả lời
Select one:
Đạt điểm 1,00
a. Where the consequences of disclose are very high.
b. Where data base integrity is crucial
c. Where high availability is vital.
d. Where countermeasures are easy to implement
Câu hỏi 57 Which of the following is not a component of a Operations Security “triples”?
Không trả lời
Select one:
Đạt điểm 1,00
a. Threat
b. Asset
c. Risk
d. Vulnerability
Câu hỏi 58 With Rule Based Security Policy, global rules usually rely on comparison of the _____ of the resource being
Không trả lời accessed.
Câu hỏi 59 With role-based access control (RBAC), roles are:
Không trả lời
Select one:
Đạt điểm 1,00
a. Based on labels
b. All equal
c. Based on flows.
d. Hierarchical
Câu hỏi 60 Making sure that the data is accessible when and where it is needed is which of the following?
Không trả lời
Select one:
Đạt điểm 1,00
a. Confidentiality
b. Acceptability
c. Availability
d. Integrity
Introduction to Information Security
Bắt đầu vào lúc Saturday, 16 April 2022, 10:14 PM
State Finished
Kết thúc lúc Saturday, 16 April 2022, 10:38 PM
Thời gian thực hiện 24 phút 3 giây
Điểm 59,00/60,00
Điểm 9,83 out of 10,00 (98%)
Câu hỏi 1 Qualitative loss resulting from the business interruption does not include:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Loss of competitive advantage or market share
b. Public embarrassment
c. Loss of revenue
d. Loss of public confidence and credibility
Câu hỏi 2 What are the methods used in the process of facial identification?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Detection and recognition.
b. Scanning and recognition.
c. Detection and scanning.
d. None of the choices.
Câu hỏi 3 The unauthorized mixing of data of one sensitivity level and need-to-know with data of a lower sensitivity
Đúng level, or different need-to-know, is called data _____.
Câu hỏi 5 What is the window of time for recovery of information processing capabilities based on?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Applications that are mainframe based
b. Criticality of the operations affected
c. Quality of the data to be processed
d. Nature of the disaster
Câu hỏi 6 What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Zephyr Chart
b. Cipher Chart
c. Decipher Chart
d. Zapper Chart
Câu hỏi 7 Why must senior management endorse a security policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. So that they will accept ownership for security within the organization.
b. So that external bodies will recognize the organizations commitment to security.
c. So that employees will follow the policy directives.
d. So that they can be held legally accountable.
Câu hỏi 8 Which of the following is the correct account policy you should follow?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All active accounts must have a long and complex pass phrase.
b. All of the choices.
c. All inactive accounts must have a password.
d. All active accounts must have a password.
Câu hỏi 9 Which of the following is an advantage of using a high-level programming language?
Sai
Select one:
Đạt điểm 0,00 trên
1,00 a. It requires programmer-controlled storage management
b. It allows programmers to define syntax
c. It decreases the total amount of code writers
d. It enforces coding standards
Câu hỏi 10 Which of the following describes elements that create reliability and stability in networks and systems and
Đúng which assures that connectivity is accessible when needed?
Câu hỏi 11 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are
Đúng more suited to which of the following?
Câu hỏi 12 Which of the following refers to the work product satisfying the real-world requirements and concepts?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. accuracy
b. validation
c. concurrence
d. verification
Câu hỏi 13 The Common Criteria (CC) represents requirements for IT security of a product or system under which
Đúng distinct categories?
Câu hỏi 14 The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the
Đúng concept of
Câu hỏi 15 Under Mandatory Access Control (MAC), which of the following is true?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All that is not expressly permitted is not forbidden.
b. All that is not expressly permitted is forbidden.
c. All that is expressly permitted is forbidden.
Câu hỏi 16 Which of the following correctly describe Role based access control?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your user profile groups.
b. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ACL.
c. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your ticketing system.
d. It allows you to specify and enforce enterprise-specific security policies in a way that
maps to your organizations structure.
Câu hỏi 17 What way could Java applets pose a security threat?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Executables from the Internet may attempt an intentional attack when they are
downloaded on a client system
b. Java does not check the bytecode at runtime or provide other safety mechanisms for
program isolation from the client system.
c. Java interpreters do not provide the ability to limit system access that an applet could
have on a client system
d. Their transport can interrupt the secure distribution of World Wide Web pages over the
Internet by removing SSL and S-HTTP
Câu hỏi 18 Which of the following is true regarding a secure access model?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Secure information cannot flow to a more secure user.
b. Secure information cannot flow to a less secure user.
c. None of the choices.
d. Secure information can flow to a less secure user.
Câu trả lời của bạn đúng
Câu hỏi 19 Which of the following is commonly used for retrofitting multilevel security to a database management
Đúng system?
Câu hỏi 20 Which of the following are the valid categories of hand geometry scanning?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Electrical and image-edge detection.
b. Logical and image-edge detection.
c. Mechanical and image-ridge detection.
d. Mechanical and image-edge detection.
Câu hỏi 21 Which of the following centralized access control mechanisms is not appropriate for mobile workers access
Đúng the corporate network over analog lines?
Câu hỏi 22 With mandatory access control (MAC), who may make decisions that bear on policy?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All users.
b. Administrator
c. Guest
d. Manager
Câu hỏi 24 A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Trojan horse
b. Spoofing
c. Phreaking
d. SYN flood
Câu hỏi 25 Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The attacker must have read access to the password file.
b. The attacker must have write access to the password file.
c. The attacker must know the password encryption mechanism and key variable.
d. The attacker must have access to the target system.
Câu hỏi 26 Which of the following represent the rows of the table in a relational database?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. attributes
b. relation
c. record retention
d. records or tuples
Câu hỏi 27 Identification and authentication are the keystones of most access control systems. Identification establishes:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. top management accountability for the actions on the system
b. authentication for actions on the system
c. user accountability for the actions on the system
d. EDP department accountability for the actions of users on the system
Câu hỏi 28 Which one of the following is true about information that is designated with the highest of confidentiality in
Đúng a private sector organization?
Câu hỏi 29 Operations Security seeks to primarily protect against which of the following?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. compromising emanations
b. asset threats
c. facility disaster
d. object reuse
Câu hỏi 30 Which one of the following tests determines whether the content of data within an application program falls
Đúng within predetermined limits?
Câu hỏi 31 What is the act of willfully changing data, using fraudulent input or removal of controls called?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Data diddling
b. Data trashing
c. Data contaminating
d. Data capturing
Câu hỏi 32 Which of the following is the most commonly used check on something you know?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Password
b. Retinal
c. Login phrase
d. One time password
Câu hỏi 34 Passwords can be required to change monthly, quarterly, or any other intervals:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. depending on the criticality of the information needing protection and the password’s
frequency of use
b. not depending on the criticality of the information needing protection but depending on
the password’s frequency of use
c. depending on the password’s frequency of use
d. depending on the criticality of the information needing protection
Câu hỏi 35 The INITIAL phase of the system development life cycle would normally include
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. System design review
b. Project status summary
c. Cost-benefit analysis
d. Executive project approval
Câu hỏi 36 Which one of the following describes a covert timing channel?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Allows one process to signal information to another by modulating its own use of system
resources.
b. Used by a supervisor to monitor the productivity of a user without their knowledge.
c. Provides the timing trigger to activate a malicious program disguised as a legitimate
function.
d. Modulated to carry an unintended information signal that can only be detected by
special, sensitive receivers.
Câu hỏi 37 The purpose of information classification is to _____.
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Ensure separation of duties.
b. Define the parameters required for security labels.
c. Assign access controls.
d. Apply different protective measures.
Câu hỏi 39 Which one of the following BEST describes a password cracker?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. A program that provides software registration passwords or keys.
b. A program that performs comparative analysis.
c. A program that can locate and read a password file.
d. A program that obtains privileged access to the system.
Câu hỏi 40 A password represents:
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. All of the choices.
b. Something you know.
c. Something you have.
d. Something you are.
Câu hỏi 41 Which one of the following control steps is usually NOT performed in data warehousing applications?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Control meta data from being used interactively.
b. Monitor the data purging plan.
c. Reconcile data moved between the operations environment and data warehouse.
d. Monitor summary tables for regular use.
Câu hỏi 42 Which security program exists if a user accessing low-level data is able to draw conclusions about high-level
Đúng information?
Câu hỏi 43 Which one of the following addresses the protection of computers and components from electromagnetic
Đúng emissions?
Câu hỏi 44 Which of the following is not a critical security aspect of Operations Controls?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Environment controls
b. Data media used
c. Controls over hardware
d. Operations using resources
Câu hỏi 45 Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL)
Đúng database objects to specific users or groups?
Câu hỏi 46 Program change controls must ensure that all changes are
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Audited to verify intent.
b. Tested to ensure correctness.
c. Within established performance criteria.
d. Implemented into production systems.
Câu hỏi 47 Which of the following does not apply to system-generated passwords?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Passwords are more vulnerable to brute force and dictionary attacks.
b. Passwords are harder to guess for attackers
c. Passwords are harder to remember for users
d. If the password-generating algorithm gets to be known, the entire system is in jeopardy
Câu hỏi 48 With non-continuous backup systems, data that was entered after the last backup prior to a system crash will
Đúng have to be:
Câu hỏi 49 What does "System Integrity" mean?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Design specifications have been verified against the formal top-level specification
b. Hardware and firmware have undergone periodic testing to verify that they are
functioning properly
c. The software of the system has been implemented as designed.
d. Users can’t tamper with processes they do not own
Câu hỏi 50 Which of the following biometric characteristics cannot be used to uniquely authenticate an individual’s
Đúng identity?
Câu hỏi 51 Which of the following offers greater accuracy then the others?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Iris scanning
b. Facial recognition
c. Finger scanning
d. Voice recognition
Câu hỏi 52 Which of the following does not address Database Management Systems (DBMS) Security?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Cell suppression
b. Partitioning
c. Padded Cells
d. Perturbation
Câu hỏi 53 Which of the following refers to the number of rows in a relation?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. cardinality
b. degree
c. breadth
d. depth
Câu hỏi 54 In a RADIUS architecture, which of the following can act as a proxy client?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. The RADIUS authentication server.
b. None of the choices.
c. A Network Access Server.
d. The end user.
Câu hỏi 55 The design phase in a system development life cycle includes all of the following EXCEPT
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Determining sufficient security controls.
b. Developing a validation, verification, and testing plan.
c. Developing an operations and maintenance manual.
d. Conducting a detailed design review.
Câu hỏi 56 Which of the following tools can you use to assess your networks vulnerability?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. SATAN
b. ISS
c. Ballista
d. All of the choices
Câu hỏi 57 What is called the verification that the user’s claimed identity is valid and is usually implemented through a
Đúng user password at log-on time?
Câu hỏi 58 Which option is NOT a benefit derived from the use of neural networks?
Đúng
Select one:
Đạt điểm 1,00 trên
1,00 a. Linearity
b. Adaptivity
c. Fault Tolerance
d. Input-Output Mapping
Câu hỏi 59 Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched
Đúng Ethernet in a hub-and-spoke or star topology?