1.
The biggest change that has occurred in
security over the last 30 years has been the
change in the computing environment from
small, tightly contained mainframes to a
highly widespread network of much larger
systems.
A) True
B) False
2.
A successful attack on a network may
adversely impact security in all the following ways
EXCEPT:
A) Loss of confidentiality
B) Loss of integrity
C) Loss of functionality
D) Loss of availability
3.
As the level of sophistication of attacks
has increased,
A) The level of knowledge necessary to
exploit vulnerabilities has increased
B) The level of knowledge necessary to
exploit vulnerabilities has decreased
C) The level of skill necessary to exploit
vulnerabilities has increased
D) The amount of exploit software available
on the Internet has decreased
4.
The IDS fails to alert on an intruder’s
ping sweep and port scan. This is a failure of which
element of the operational model of
computer security?
A) Protection
B) Prevention
C) Detection
D) Response
5.
___________ places the focus on the
security processes and the actual data.
A) Computer security
B) Network security
C) Information assurance
D) Communications security
6.
A company doing business online conducted
all financial transactions over the Internet
without any encryption. As a result,
customer information such as credit card numbers,
expiration dates, and the security codes
found on the back of the credit cards was stolen.
This is a violation of which policy?
A) Due diligence
B) Due process
C) Need to know
D) Acceptable usePoints Earned: 1.0/1.0
7.
_______________ is a set of elements that
can lead to the specific identity of a person.
Correct Answer(s): Personally identifiable
information (PII)
8.
Which type of backup copies all files, but
only since the last full backup?
A) Full
B) Differential
C) Incremental
D) Delta
9.
A(n) _______________ is a special
mathematical function that performs a one-way
encryption.
10.
_______________ is the simple tactic of
following closely behind a person who has just
used their own access card or PIN to gain
physical access to a room or building.
11.
Which of the following is NOT an example of
a poor security practice?
A) The user does not follow established
security policies or processes.
B) A result of a lack of security policies,
procedures or training within the user’s
organization.
C) An employee does not allow a person he
is talking to, to enter a secured area
behind him before showing proper
credentials.
D) An employee creates on good password and
then uses it for all accounts.
12.
Leaving sensitive information in a car is
appropriate if the doors are locked and the files
are not in plain view.
A) True
B) False
13.
Cryptography can be used to protect
confidentiality and integrity as well be used to
implement nonrepudiation, authentication,
key escrow, digital signatures, and digital
rights management.
A) True
B) False
14.
The art of secret writing that enables an
individual to hide the contents of a message from
all but the intended recipient is called
A) Steganography
B) Cryptanalysis
C) Cryptography
D) Key management
15.
_______________ puts the plaintext through
a simplified cipher to try to deduce what the
key is likely to be in a full version of
the cipher.
Correct Answer(s): Linear cryptanalysis
16.
_______________ is the PKI component that
accepts a request for a digital certificate
and performs the necessary steps of
registering and authenticating the person requesting
the certificate.
17.
What is a certificate repository?
A) A directory that calculates a message
digest for the certificate
B) An entity that generates electronic
credentials
C) A directory that requires a centralized
infrastructure
D) A centralized directory in which the
registered certificate is stored
18.
An in-house certificate authority is
A) A CA that is already established and
being used by many individuals and
companies
B) A certificate authority that is
maintained and controlled by the company that
C) implemented it
D) A CA that provides dedicated services,
and possibly equipment, to an
individual company
E) A CA that provides more flexibility for
companies
19.
The current version of S/MIME is version 2.
A) True
B) False
20.
What are the SSL and TLS used for?
A) A means of securing application programs
on the system
B) To secure communication over the
internet
C) A method to change from one form of PKI
infrastructure to another
D) A secure way to reduce the amount of
SPAM a system receives
21.
The _______________ protocol was introduced
by Netscape as a means of providing
secure connections between the client and
server for exchanging information.
22.
What kind of copy is a drive image?
A) Bit-by-bit copy
B) File-by-file copy
C) Partition copy
D) A copy of all images on the drive
23.
A mantrap is used to prevent piggybacking.
A) True
B) False
24.
One drawback to water-based fire suppression
systems is that they
A) Can be toxic to humans
B) Can cause more damage to equipment
C) Are the most expensive type of
suppression system
D) Are not useful against type A fires
25.
Which of the following is not a private IP
address?
A) 10.100.200.100
B) 172.32.32.21
C) 192.168.1.1
D) 192.168.254.254
26.
Local packet delivery (where packets are
delivered on a LAN) uses ________ addresses
to send packets.
27.
LAN and WAN networks can be connected.
A) True
B) False
28.
_____________ is/are computers in a network
that host applications and data for
everyone to share.
A) Linux boxes
B) Servers
C) Firewalls
D) Cryptography
29.
Hubs are the most common device used for
connecting computers on a local area
network.
A) True
B) False
30.
Preventing physical access to a server by
an unauthorized individual is the
A) Responsibility of the CFO of an
organization
B) Primary security concern for a system
administrator
C) An organization’s least important
concern
D) Reason we implement firewalls
Which type of access control would be used
to grant permissions based on the duties that
must be performed?
A) Mandatory access control
B) Discretionary access control
C) Role-based access control
D) Rule-based access control
32.
_______________ authentication is a term
that describes the use of more than one
authentication mechanism at the same time.
Correct Answer(s): Multifactor
33.
What does SSH stand for?
A) Simple Security Hardware
B) Secure Socket Help
C) Secure Shell
D) Scientifically Secure Hard Drive
34.
A new standard for sending packetized data
traffic over radio waves in the unlicensed 2.4
GHz band is
A) WAP
B) WTLS
C) 802.11b
D) 804.11b
35.
_______________ protocol can support a wide
variety of authentication methods and
also fits well into existing authentication
systems like RADIUS.
36.
802.1x is not is not compatible with RADIUS
or LDAP.
A) True
B) False
