Sec1-75
In which phase of the security systems development life cycle, Risk Management tasks begin?
Implementation
Analysis
Logical Design
Physical Design
None of the above
Which on is correct about Information Security?
Computer security began immediately after first mainframes were developed
Successful organizations have multiple layers of security in place: physical, personal, operations, communications, network, and information
Security should be considered a balance between protection and availability
Information security must be managed similarly to any major system implemented in an organization using a methodology like Security SDLC.
All of the above
Which of the following addresses the protection of information assets?
Operations Security
Network Security
Personal Security
Information Security
Confidentiality Security
€śan object, person, or other entity that represents a constant danger to an asset” is a definition for :
Vulnerability
Treat
Asset
Risk
All of the above
Which one of the following is not a treat to information security?
Forces of nature
Hackers
Human error
Intellectual property
Technical software failure
A virus or worm can have a payload that installs a(n) ____ door or trap door component in a system.
Closed
Back Â
Side
Open
Sliding
Which of the following addresses «A threat that changes its apparent shape over time, representing a new threat not detectable by techniques that are looking for a preconfigured signature.”
Trojan horses
Logic bombs
Polymorphic threats
Viruses
Worms
Which of the following is exact definition for worms?
These software components or programs are designed to damage, destroy, or deny service to the target system.
The code attaches itself to the existing program and takes control of that program’s access to the targeted computer.
Malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication
Software programs that hide their true nature and reveal their designed behavior only when activated. These software are frequently disguised as helpful, interesting, or necessary pieces of software.
All of the above
Which of the following is exact definition for Trojan?
These software components or programs are designed to damage, destroy, or deny service to the target system.
The code attaches itself to the existing program and takes control of that program’s access to the targeted computer.
Malicious programs that replicate themselves constantly without requiring another program to provide a safe environment for replication
Software programs that hide their true nature and reveal their designed behavior only when activated. These software are frequently disguised as helpful, interesting, or necessary pieces of software.
All of the above
Which one is describing a person who develops software scripts and program exploits and he or she is usually a master of many skills?
Unskilled hacker
Espionage
Trespass
Expert hacker
None of the above
Which one of the following is cause of Human Error or Failure?
Inexperience
Improper training
Incorrect assumptions
Employee mistakes
All of the above
Which one of the following occure when manufacturer distributes equipment containing flaws to users?
Sabotage or Vandalism
Technical Hardware Failures or Errors
Human Error or Failure
Deliberate Software Attacks
All of the above
Which one of the following is describing acts or actions that exploits vulnerability (i.e., an identified weakness) in controlled system?
Vulnerability
Treat
Attack
Risk
All of the above
Which one of the following is describing “use of social skills to convince people to reveal access credentials or other valuable information to attacker”?
Brute force
Mail bombing
Social engeneering
Sniffers
Pharming
Which one of the following is a definition for Pharming?
Redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information
An attempt to gain personal/financial information from individual, usually by posing as legitimate entity
Program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network
Technique used to gain unauthorized access; intruder assumes a trusted IP address
Unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks
Which one of the following is a definition for Phishing?
Redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information
An attempt to gain personal/financial information from individual, usually by posing as legitimate entity
Program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network
Technique used to gain unauthorized access; intruder assumes a trusted IP address
Unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attack
Which one of the following is a component of risk identification?
People
Procedures
Data
Software
All of the above
 ____ is a process of assigning scores for critical factors, each of which is weighted by the organization as to its importance.
Present value of an annuity
Forced ranking list  Â
Weighted factor analysis    Â
Likelihood
Statistical inferenc
 ____ information is defined as all information that has been approved by management for public release.
Confidential Â
Internal          Â
External
Private
Top Secret
Which one of the following is representing Risk Assessment?
Evaluating of the relative risk for each vulnerability
Identifying, classifying, and prioritizing an organization’s assets
Identifying existing treats for assets
Evaluating information assets and their impact
None of the above
Which one of the following is representing method by which systems determine whether and how to admit a user into a trusted area of the organization
Accountability
Access control
Identification
Authorization
Authentication
Which one of the following is representing the matching of an authenticated entity to a list of information assets and corresponding access levels?
Accountability
Access control
Identification
Authorization
Authentication
Which one of the following is representing process mode for a firewall?
Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
All of the above
Which one of the following is representing process mode for a firewall that work with network layer of network?
Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
All of the above
Which one of the following is representing process mode for a firewall that work with application layer of network?
Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
All of the above
Which kind of the following firewall contains two network interface cards (NICs): one connected to external network, one connected to internal network
SOHO) firewall
Stand-alone
Dual host and Bastion host
Intrusion Detection System
None of the above
Which kind of the following is describing private and secure network connection between systems; uses data communication capability of unsecured and public network
Virtual Private Networks
Firewall
Intrusion Detection System
Intrusion Prevention System
None of the above
Which one of the following is describing IPS?
Intrusion Detection System
Intrusion Prevention System
Intrusion Detelivery Survey
Intrusion Prevention Survey
None of the above
Which one of the following occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system, almost always with the intent to do harm?
Intrusion
Firewall
VPN
Volnurabality
None of the above
Which one of the following is describing “Intrusion detection”?
It consists of procedures and systems created and operated to detect system intrusions
It encompasses actions an organization undertakes when intrusion event is detected
It consists of activities: finalize restoration of operations to a normal state
It consists of filtering packets
None of the above
Which one of the following is describing “Intrusion reaction”?
It consists of procedures and systems created and operated to detect system intrusions
It encompasses actions an organization undertakes when intrusion event is detected
It consists of activities: finalize restoration of operations to a normal state
It consists of filtering packets
None of the above
Which one of the following is describing “Attack protocol”?
It is series of steps or processes used by an attacker, in a logical sequence, to launch attack against a target system or network
The organized research of Internet addresses owned or controlled by a target organization
Systematic survey of all of target organization’s Internet addresses collected during the footprinting phase
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
None of the above
Which one of the following is describing Footprinting?
It is series of steps or processes used by an attacker, in a logical sequence, to launch attack against a target system or network
The organized research of Internet addresses owned or controlled by a target organization
Systematic survey of all of target organization’s Internet addresses collected during the footprinting phase
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
None of the above
Which one of the following is describing Fingerprinting?
It is series of steps or processes used by an attacker, in a logical sequence, to launch attack against a target system or network
The organized research of Internet addresses owned or controlled by a target organization
Systematic survey of all of target organization’s Internet addresses collected during the footprinting phase
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
All of the above
Which one of the following is about Firewall analyzer?
It is series of steps or processes used by an attacker, in a logical sequence, to launch attack against a target system or network
The organized research of Internet addresses owned or controlled by a target organization
Systematic survey of all of target organization’s Internet addresses collected during the footprinting phase
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
All of the above
Which one of the following is correct about Packet Sniffers?
Network tool that collects copies of packets from network and analyzes them
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
Tools for detecting a target computer’s operating system that is very valuable to an attacker
Softwares for finding malware
None of the above
Which one of the following is correct about Operating System Detection Tools?
Network tool that collects copies of packets from network and analyzes them
Several tools automate remote discovery of firewall rules and assist the administrator in analyzing them
Tools for detecting a target computer’s operating system thay is very valuable to an attacker
Softwares for finding malware
None of the above
Which one of the following is definition for Cryptology?
Science of encryption; combines cryptography and cryptanalysis
Process of making and using codes to secure transmission of information
Process of obtaining original message from encrypted message without knowing algorithms
Converting original message into a form unreadable by unauthorized individuals
The process of converting the ciphertext message back into plaintext
Which one of the following is definition for Cryptography?
Science of encryption; combines cryptography and cryptanalysis
Process of making and using codes to secure transmission of information
Process of obtaining original message from encrypted message without knowing algorithms
Converting original message into a form unreadable by unauthorized individuals
The process of converting the ciphertext message back into plaintext
Which one of the following is definition for Cryptanalysis?
Science of encryption; combines cryptography and cryptanalysis
Process of making and using codes to secure transmission of information
Process of obtaining original message from encrypted message without knowing algorithms
Converting original message into a form unreadable by unauthorized individuals
The process of converting the ciphertext message back into plaintext
Which one of the following is definition for Encryption?
Science of encryption; combines cryptography and cryptanalysis
Process of making and using codes to secure transmission of information
Process of obtaining original message from encrypted message without knowing algorithms
Converting original message into a form unreadable by unauthorized individuals
The process of converting the ciphertext message back into plaintext
Which one of the following is definition for Decryption?
Science of encryption; combines cryptography and cryptanalysis
Process of making and using codes to secure transmission of information
Process of obtaining original message from encrypted message without knowing algorithms
Converting original message into a form unreadable by unauthorized individuals
The process of converting the ciphertext message back into plaintext
Which one of the following is one of most popular symmetric encryption cryptosystems?
DES
SSL
PEM
SET
WEP
Which one of the following is protocol: uses public key encryption to secure channel over public Internet?
DES
SSL
PEM
SET
WEP
Which one of the following is protocol for Privacy Enhanced Mail?
DES
SSL
PEM
SET
WEP
Which one of the following is an early attempt to provide security with the 8002.11 network protocol??
DES
SSL
PEM
SET
WEP
Which one of the following is correct about Steganography?
It is a process of hiding information
It is an Internet protocols
It is an encryption method
It is an attack
None of the above
Which one of the following is protocol for Electronic Transactions developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud?
DES
SSL
PEM
SET
WEP
Which one of the following is correct about Asymmetric Encryption?
Also known as public-key encryption
Uses two different but related keys
If Key A encrypts message, only Key B can decrypt
RSA algorithm is used for it
All of the above
Which one of the following is correct about Asymmetric Encryption?
Also known as public-key encryption
Uses two different but related keys
Data Encryption Standard is one of most popular symmetric encryption
RSA algorithm is used for it
All of the above
Which one of the following is not part of major project tasks in Work Breakdown Structure (WBS) in information security implementation?
Work to be accomplished
Start and end dates of tasks
Maintenance of systems
Estimated capital and noncapital expenses
Identification of dependencies between/among tasks
What kind of consideration are parts of Project Planning for Information Security?
Staffing considerations
Time and scheduling considerations
Priority considerations
Financial considerations
All of the above
Which one of the following is not part of The Bull’s-Eye Model?
Policies
Networks
People
Systems
Applications
Which one of the following is highest position in information security structure of an organization
Physical security management
Information Security technician
Information Security
Chief Information Security Officer
Security manager
Which one of the following position is responsible to develop drafts or approves information security policies?
Physical security management
Information Security technician
Information Security consultant
Chief Information Security Officer
Security manager
Which one of the following position is responsible for day-to-day operation of information security program?
Physical security management
Information Security technician
Information Security consultant
Chief Information Security Officer
Security manager
Which one of the following position is responsible to configure security hardware and software ?
Physical security management
Information Security technician
Information Security consultant
Chief Information Security Officer
Security manager
The security function can not be placed within:
IT function
Physical security function
Administrative services function
Insurance and risk management function
All of the above
Which one of the following is to maintain informed awareness of state of organization’s networks, systems, and security defenses?
External monitoring
Internal monitoring
Following international certificates
Planning and risk assessment
Vulnerability assessment and remediation
Which one of the following is to identifiy specific, documented vulnerabilities and their timely remediation
External monitoring
Internal monitoring
Following international certificates
Planning and risk assessment
Vulnerability assessment and remediation
Which one of the following is not part of Vulnerability assessment and remediation?
Internet vulnerability assessment
Platform security validation
Physical vulnerability assessment
Wireless vulnerability assessment
Intranet vulnerability assessment
Which one of the following is describing more detailed statements of what must be done to comply with policy
Practices
Policy
Standards
Blue print
None of the above
Which one of the following is one of the most widely referenced and often discussed security models ?
The ISO 17000 Series
The ISO 12000 Series
The ISO 7000 Series
The ISO 27000 Series
The ISO 9000 Series
Which one of the following is a device that selectively discriminates against information flowing in or out of organization ?
Firewall
DMZs
Proxy servers
Intrusion detection systems
Virual pricate network
Which one of the following is a no-man’s land between inside and outside networks where some place Web servers?
Firewall
DMZs
Proxy servers
Intrusion detection systems
Virual pricate network
Which one of the following is necessary tools for security?
Policy,
Awareness,
Training
Technology
All of the above
Which one of the following is presenting “The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information”
Information security
Policy
Risk management
Volnurabality assessment
None of the above
Which one of the following are different states of information?
Integrity, availability, confidentially
Transmission, storage, processing
Policy, education , training
Integrity, policy, transmission
None of the above
Which one of the following are different Desired goals for information?
Integrity, availability, confidentially
Transmission, storage, processing
Policy, education , training
Integrity, policy, transmission
None of the above
Which one of the following are the three primary tools to implement information security?
Integrity, availability, confidentially
Transmission, storage, processing
Policy, education , training
Integrity, policy, transmission
None of the above
Which one of the following is referring to the attack in which attacker monitors network packets, modifies them, and inserts them back into network?
Virus and worm hoaxes
Mail bombing
Spoofing
Phishing
Man-in-the-middle
Which one of the following is referring to an attempt to reverse calculate a password
Virus and worm hoaxes
Spoofing
Phishing
Password crack
Mail bombing
Which one of the following is occurring during Denial-of-service (DoS) attack?
Target system password will be cracked
Target system cannot handle successfully along with other, legitimate service requests
Target system cannot prevent intrusion
Target system will have back door
None of the above
Which one of the following is software that catch and save user activity like typing on a file called log file?
Microsoft security baseline
Snort software
Key logger software
Wireshark and packet miner sniffer
None of the above
Which one of the following is software that sniff and collect packets on the network?
Microsoft security baseline
Snort software
Key logger software
Wireshark and packet miner sniffer
None of the above
{"name":"Sec1-75", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"In which phase of the security systems development life cycle, Risk Management tasks begin?, Which on is correct about Information Security?, Which of the following addresses the protection of information assets?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
Quale giaguarina sei?
740
Exploring Space
3263
32333
10512
Which of the Eight Cousins Are You?
740
Are You an M&A Expert?
740
Module 1 Dr Mao Sammayuth (17)
17821
Quiz Linux 1
100
TEST WIEDZY O ZABURZENIACH PSYCHICZNYCH
1050
KIdane Korabza
13611
Josh Quiz
14714
Festive Award Ceremony 2021 (Part 2, Finals)
10510
Puliwood - FelnĹ‘tt animáciĂłs sorozatok kvĂz
25120