Hi All,
Iam Adding more Questions with my answers and few unanswered. Can someone please check whether the answers are correct and answer which unanswered.
1)Which of the following is NOT a strength of message digest functions?
Choice 1 There are no active patents.
Choice 2 Relative speed.
Choice 3 No export restrictions.
Choice 4 The digest will always be smaller than the original message.
Choice 5 High reliability for detecting tampering.
Answer : Choice 2
2)Which of the following can firewalls NOT protect against?
Choice 1 Unauthorized access to legacy systems.
Choice 2 Attackers with direct access to the protected side.
Choice 3 Viruses.
Choice 4 Inappropriate use of the Internet.
Choice 5 Unauthorized access to web servers.
Answer :Choice 2
3)In order to hide internal IP addresses from prying eyes on the Internet, what
would be the best option for an organization to employ?
Choice 1 A DNS server.
Choice 2 An E-mail server.
Choice 3 A proxy server.
Choice 4 A file server.
Choice 5 A web server.
Answer : Choice 3
4)Secure E-mail means which of the following is encrypted?
Choice 1
"From:" Category
Choice 2
Contents
Choice 3
Checksum
Choice 4
"To:" Category
Choice 5
Header
5)Companies A and B exchange electronic invoices and orders using encrypted
communications as shown above. This is an example of what technology?
Choice 1 subnet
Choice 2 intranet
Choice 3 extranet or VPN
Choice 4 supranet
Choice 5 value-added network
Answer : Choice 3
6)
A)port number
B)destination IP address
C)source IP address
D)mime type
E)username / password
Modern firewalls can allow/deny access on the basis of which of the above?
Choice 1
A only
Choice 2
A and C only
Choice 3
A, B, and C only
Choice 4
A, D, and E only
Choice 5
A, B, C, D, and E
Answer : Choice 3
7)Which of the following is NOT a firewall incident handling response when beginning an investigation of a system comprise?
Choice 1 The firewall should be examined on a weekly basis to determine if attacks have been detected.
Choice 2 The firewall should reject all forms of probing or scanning tools.
Choice 3 The firewall should be restored in a different configuration than was used prior to the incident or break-in.
Choice 4 The firewall administrator should be notified at anytime of a security alarm in the event of suspicious activity detection.
Choice 5 The firewall should be configured to log all activity.
Answer : Choice
8)What are file system permissions called that are enforced when a user
attaches to a file system?
Choice 1 Cumulative
Choice 2 Shared
Choice 3 Closed
Choice 4 File
Choice 5 Open
Answer : Choice 4
9)Which of the following is NOT a risk when an organization is hacked?
Choice 1 Delivery service might be interrupted.
Choice 2 Financial damages might result due to illegal activity.
Choice 3 Damage to an organization's reputation might result in business loss.
Choice 4 Hackers could break into the cgi-bin directory, causing redirection of critical data.
Choice 5 Stolen data might be used against an organization.
Answer : Choice 1
10)What should the security practitioner do to ensure the control objectives of a system design?
Choice 1 Get senior management's approval on the impact analysis.
Choice 2 Complete the vulnerability assessment first.
Choice 3 Make sure the auditing procedures have been defined per instructions.
Choice 4 Ensure the system design has proper security administrator authorization.
Choice 5 Check that properly formatted objectives are on file with the auditor.
Answer : Choice 3, 4
11)When does a problem with using persistent cookies or client certificates for user authentication occur?
Choice 1 When a user changes computers.
Choice 2 When a user does not log on for more than 30 days.
Choice 3 When the IP address of the server changes.
Choice 4 When the IP address of the user changes.
Choice 5 When a user wishes to change preferences.
Answer : Choice 1
12)Which layer of the OSI reference model is typically used to perform
cryptography?
Choice 1 Data Link
Choice 2 Presentation
Choice 3 Session
Choice 4 Transport
Choice 5 Network
Answer : Choice 3
13)Which of the following could be characterized as a "denial-of-service" attack on a system?
Choice 1 A Java applet is loaded that creates multiple threads that consume 99% of a CPU for no useful purpose.
Choice 2 A JavaScript window mimics an operating system window to trick you into doing something malicious.
Choice 3 A person uses a password sniffer to learn usernames and passwords and then breaks in.
Choice 4 A virus captures and then transmits credit card numbers when they are entered by a user.
Choice 5 An Active/X control secretly sends a password or configuration file to an attacker
Answer : Choice 1
14)List
A)Creating symmetric keys
B)Message authentication
C)Sender identification
D)Double encryption
E)Generating digital signatures
Which of the above can message digests be used for?
Choice 1
A only
Choice 2
C only
Choice 3
E only
Choice 4
A and B only
Choice 5
A, C, and D
Answer : Choice 3
15)What is the current standard for certificate format?
Choice 1 LDAP
Choice 2 NDS
Choice 3 x.500
Choice 4 ASN.1
Choice 5 x.509
Answer : Choice 5
16)The packet filter above ensures all outbound requests must come from the proxy server. Which of the following is an important security advantage of this arrangement?
Choice 1 It processes all requests very efficiently.
Choice 2 The proxy can store all private keys assigned to internal users.
Choice 3 The outside network sees only one internal address.
Choice 4 The two networks can use different protocols.
Choice 5 The level of protection can be customized for each internal host.
Answer : Choice 3
17)An Internet application uses certificates issued by your company to identify users. What is the minimum information about each user that should be stored in the certificate?
Choice 1 Information necessary to uniquely identify each user.
Choice 2 All information submitted by the user applying for the certificate.
Choice 3 The user's passphrase and name.
Choice 4 The user's name.
Choice 5 Name, logon ID, and password, if appropriate.
Answer : Choice 2
18)Of the following, which one is NOT a potential weakness in firewalls using packet filtration?
Choice 1 Programming is often specialized.
Choice 2 Most internal networks change daily, requiring programming changes.
Choice 3 Only works for TCP packets, not UDP.
Choice 4 Extensive filter lists slow the routing process.
Choice 5 Can be easily compromised or defeated.
Answer : Choice
19)What is the part of an incoming IP packet that identifies the application that requests data?
Choice 1 source port number
Choice 2 sequence count
Choice 3 destination address
Choice 4 destination port number
Choice 5 source address
Answer : Choice 4
20)How would a person authenticate a digital certificate issued by a public certificate authority?
Choice 1 Decrypt the subject identification information using the subject's private key.
Choice 2 Check the certificate authority's digital signature.
Choice 3 Call the subject and have them repeat the digital signature of the certificate.
Choice 4 Decrypt the subject identification information using the certificate authority's private key.
Choice 5 Check the subject's digital signature.
Answer : Choice 2
21)When considering employing a firewall, you will expect to find all of the following services but one. Which is it?
Choice 1 IP Masquerade
Choice 2 Proxy Services
Choice 3 Packet Switching
Choice 4 Packet Filtering
Choice 5 Encrypted Tunnels
Answer : Choice 5
22)What do you need to decipher an encrypted E-mail message that uses public key encryption?
Choice 1 Your public key.
Choice 2 The sender's public key.
Choice 3 The sender's private key.
Choice 4 The digital signature included with the message.
Choice 5 Your private key.
Answer : Choice 2
23)Java applets can open new windows on the user's system. How do most modern browsers prevent them from spoofing or fooling the user by pretending to be a different application?
Choice 1 The window is displayed inside the browser's main display area.
Choice 2 The window does not permit users to enter any data.
Choice 3 The browser produces an audible warning whenever a user enters information into the applet window.
Choice 4 The window is always modal.
Choice 5 The window indicates that it is an unsecure applet window.
Answer : Choice 5
24)What is the rule of thumb when designing a system that must protect data in transit across the Internet?
Choice 1 An encryption mechanism is only as strong as the secrecy of its private key.
Choice 2 To ensure that the cost of breaking the encryption method exceeds the value of the data.
Choice 3 Private keys should always be stored in the configuration file, never in their own file.
Choice 4 Use symmetric key encryption if you do not know who you will be communicating with ahead of time.
Choice 5 Always authenticate and encrypt data using different keys.
Answer : Choice 2
25)Which is NOT a fundamental security risk to an Internet host?
Choice 1 Inadequate activity logging.
Choice 2 Inadequate backup procedures.
Choice 3 Failure to upgrade software after bugs/security holes are detected.
Choice 4 Failure to upgrade hardware to increase processing efficiency.
Choice 5 Plain text password transmission.
Answer : Choice 1
26)What is the most common method of combating spam attacks?
Choice 1 Counter-spamming
Choice 2 Source post office blocking
Choice 3 Source address blocking
Choice 4 Content filtering
Choice 5 Source port blocking
Answer : Choice 3
27)How does one ensure non-repudiation on an e-commerce system?
Choice 1 By using hardware tokens.
Choice 2 By using public key cryptography.
Choice 3 By using private key cryptography.
Choice 4 By using proper access control.
Choice 5 By using digital signatures.
Answer : Choice 5
28)Files access rights are what type of permissions?
Choice 1 Cumulative
Choice 2 File
Choice 3 Open
Choice 4 Shared
Choice 5 Closed
Answer : Choice 3
29)Which of the following is NOT an appropriate action to take regarding misuse of organizational network resources?
Choice 1 Termination
Choice 2 Verbal Reprimand
Choice 3 Hiding the incident from public scrutiny.
Choice 4 Written Reprimand
Choice 5 Demotion
Answer : Choice 3
30)Which of the below controls best enhances the confidentiality of internet mail?
Choice 1 Making all post office connections with POP protocol.
Choice 2 Encrypting messages with RSA.
Choice 3 Hashing message contents with MD5.
Choice 4 Signing messages with PGP.
Choice 5 Using the digital signature standard.
Answer : Choice
31)What is the MOST COMMON use of server certificates?
Choice 1 Signed applets
Choice 2 SSL
Choice 3 Authenticode
Choice 4 Secure E-mail
Choice 5 Citizen Identification
Answer : Choice 2
32)Using public key encryption, how can Betty ensure a message she sends Bill cannot be read by anyone else and that Bill can be sure she sent it?
Choice 1 Encrypt it with her private key and sign it with her private key.
Choice 2 Encrypt it with Bill's public key and sign it with Bill's public key.
Choice 3 Encrypt it with Bill's public key and sign it with her public key.
Choice 4 Encrypt it with Bill's public key and sign it with her private key.
Choice 5 Encrypt it with her public key and sign it with Bill's public key
Answer : Choice 4
33)Which is NOT a benefit of having a single sign-on for all applications within a corporate environment?
Choice 1 Facilitating employee access from home via the Internet.
Choice 2 Making security administration easier.
Choice 3 Easing the memory burden on users.
Choice 4 Reducing the likelihood that users will write down their passwords.
Choice 5 Reducing the time spent by users gaining access to systems.
Answer : Choice 1
34)What is Kerberos used for?
Choice 1 To secure credit card authorization of all magnitudes.
Choice 2 Providing a secure single sign-on capability in a distributed environment.
Choice 3 For user identification and authentication for E-mail.
Choice 4 Approving small charges over the Internet.
Choice 5 Providing real-time authentication for teleconferencing applications.
Answer : Choice
35)How could a photo, like the one above, be transmitted across the Internet resistant to tampering AND enabling the recipient to positively identify the sender?
Choice 1 It could be encrypted with the sender's public key.
Choice 2 It could be encrypted with the receiver's public key.
Choice 3 File compression could be used.
Choice 4 It could be digitally signed by the sender.
Choice 5 It could be encrypted with the receiver's private key
Answer : Choice 2, 4
36)Which of the below SMTP packets is suspicious and should be blocked?
Choice 1 An incoming TCP packet to a source port >1023 from a destination port of 25.
Choice 2 An incoming TCP packet to a source port 25 from a destination port of >1023.
Choice 3 An outgoing TCP packet to a source port >1023 from a destination port of 25.
Choice 4 An outgoing TCP packet to a source port 25 from a destination port of >1023.
Choice 5 None of the above is suspicious.
Answer : Choice
37)
A)username/password
B)certificates
C)biometrics
D)smart cards or tokens
Which of the above techniques for user authentication can be used over the Internet?
Choice 1 A only
Choice 2 A and B only
Choice 3 A, B, and C only
Choice 4 B and D only
Choice 5 A, B, C, and D
Answer : Choice 2
38)If your organization wished to communicate with an outside organization using a means that is authenticated and encrypted, what should you get management to invest in?
Choice 1 3DES Network
Choice 2 Secure Access Network
Choice 3 Virtual Public Network
Choice 4 Ethernet
Choice 5 Virtual Private Network
Answer : Choice 5
39)What is the first step any organization should take when considering
internet/network security options?
Choice 1 Disconnect from the Internet until option is implemented.
Choice 2 Develop a good security plan.
Choice 3 Perform a risk analysis.
Choice 4 Attempt a full host scan on the network.
Choice 5 Employ a firewall.
Answer : Choice 5
40)What is always necessary to decipher symmetrically encrypted data?
Choice 1 The message digest.
Choice 2 The check sum file.
Choice 3 The digital signature.
Choice 4 The key.
Choice 5 The signature file.
Answer : Choice 4