Scribd
Upload
33 views

Quiz Midterm Test

This quiz contains multiple choice questions about computer security concepts. It covers topics like separation of duties, least privilege, single sign-on, Kerberos authentication, PKI, encryption methods, DHCP snooping, and preventing masquerading attacks. The candidate is asked to choose the best answer from the options provided to demonstrate their knowledge in information security domains.

Uploaded by

co ca
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
33 views

Quiz Midterm Test

This quiz contains multiple choice questions about computer security concepts. It covers topics like separation of duties, least privilege, single sign-on, Kerberos authentication, PKI, encryption methods, DHCP snooping, and preventing masquerading attacks. The candidate is asked to choose the best answer from the options provided to demonstrate their knowledge in information security domains.

Uploaded by

co ca
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

 Home  Dashboard  Events  My courses  This course Instructions Courses Mobile App Anh

Hideblocks  Tuan view


Standard

SPM401-DanhNT16 Search courses 

  Home  My courses  SPM401-DanhNT16  Topic 2  Quiz Midterm Test

Question 1
 Quiz navigation
If a programmer is restricted from updating and modifying production code, what is this an example of?
Not yet
1 2 3 4 5 6 7 8
answered
a. Rotation of duties
Marked out of
1.00 b. Separation of duties
9 10 11 12 13 14 15 16
Flag c. Controlling input values
question
d. Due diligence 17 18 19 20 21 22 23 24
Clear my choice

25 26 27 28 29 30

Question 2 What is a cipher lock? Finish attempt ...


Not yet
answered
a. A lock that uses a keypad Time left 0:09:34
Marked out of
b. A lock that uses cryptographic keys 
1.00

Flag c. A lock that uses a token and perimeter reader


question
d. A lock that uses a type of key that cannot be reproduced
Clear my choice

Question 3 What is the di erence between least privilege and need to know?
Not yet
answered
a. A user should have least privilege that restricts her need to know.
Marked out of
1.00 b. A user should have a need to know to access particular resources, and least privilege should be implemented to ensure she
only accesses the resources she has a need to know.
Flag
question c. They are two di erent terms for the same issue.
d. A user should have a security clearance to access resources, a need to know about those resources, and least privilege to give
her full control of all resources.
Clear my choice

Question 4 Which best describes a hot-site facility versus a warm- or cold-site facility?
Not yet
answered
a. A site that has disk drives, controllers, and tape drives
Marked out of
1.00 b. A site that has wiring, central air-conditioning, and raised ooring
Flag c. A mobile site that can be brought to the company’s parking lot
question
d. A site that has all necessary PCs, servers, and telecommunications
Clear my choice

Question 5 Which is the best description of remote journaling?


Not yet
answered
a. Capturing and saving transactions to di erent media types
Marked out of
1.00 b. Capturing and saving transactions to two mirrored servers in-house
Flag c. Backing up transaction logs to an o site facility
question
d. Backing up bulk data to an o site facility
Clear my choice

Question 6 Pertaining to the CEO’s security concerns, what should Lenny suggest the company put into place?
Not yet
answered
a. An intrusion prevention system, security event management software, and malware protection
Marked out of
1.00 b. Security information and event management software, an intrusion detection system, and signature-based protection
Flag c. An intrusion prevention system, security event management software, and war-dialing protection
question
d. Security event management software, an intrusion prevention system, and behavior-based intrusion detection
Clear my choice

Question 7 What is the technology that allows a user to remember just one password?
Not yet
answered
a. Password dictionaries
Marked out of
1.00 b. Password synchronization
Flag c. Password generation
question
d. Password rainbow tables
Clear my choice

Question 8 Which could be considered a single point of failure within a single sign-on implementation?
Not yet
answered
a. RADIUS
Marked out of
1.00 b. User’s workstation
Flag c. Logon credentials
question
d. Authentication server
Clear my choice

Question 9 Which item is not part of a Kerberos authentication implementation?


Not yet
answered
a. Message authentication code
Marked out of
1.00 b. Users, programs, and services
Flag c. Ticket granting service
question
d. Authentication service
Clear my choice

Question 10 Which of the following best describes the type of environment Harry’s team needs to set up?
Not yet
answered
a. Public key infrastructure
Marked out of
1.00 b. Web services
Flag c. Service-oriented architecture
question
d. RADIUS
Clear my choice

Question 11 Which of the following best describes the types of languages and/or protocols that Harry needs to ensure are implemented?
Not yet
answered
a. Security Assertion Markup Language, Extensible Access Control Markup Language, Service Provisioning Markup Language
Marked out of
1.00 b. Extensible Access Control Markup Language, Security Assertion Markup Language, Simple Object Access Protocol
Flag c. Service Provisioning Markup Language, Simple Object Access Protocol, Extensible Access Control Markup Language
question
d. Service Provisioning Markup Language, Security Association Markup Language
Clear my choice

Question 12 Alice wants to send a message to Bob, who is several network hops away from her. What is the best approach to protecting the
Not yet con dentiality of the message?
answered

Marked out of a. Link encryption


1.00
b. PPTP
Flag
question c. S/MIME
d. SSH
Clear my choice

Question 13 An e ective method to shield networks from unauthenticated DHCP clients is through the use of _______________ on network switches.
Not yet
answered
a. DHCP shielding
Marked out of
1.00 b. DHCP protection
Flag c. DHCP caching
question
d. DHCP snooping
Clear my choice

Question 14 Charlie uses PGP on his Linux-based email client. His friend Dave uses S/MIME on his Windows-based email. Charlie is unable to send
Not yet an encrypted email to Dave. What is the likely reason?
answered

Marked out of a. There is not enough information to determine the likely reason
1.00
b. Each is using a di erent CA
Flag
question c. PGP and S/MIME are incompatible
d. Each has a di erent secret key
Clear my choice

Question 15 What should Don’s team put into place to stop the masquerading attacks that have been taking place?
Not yet
answered
a. Disable unnecessary ICMP tra c at edge routers
Marked out of
1.00 b. ARP spoo ng protection
Flag c. Dynamic packet lter rewall
question
d. SRPC
Clear my choice

Question 16 What type of client ports should Don make sure the institution’s software is using when client-to-server communication needs to take
Not yet place?
answered

Marked out of a. Well known


1.00
b. Registered
Flag
question c. Dynamic
d. Free
Clear my choice

Question 17 How many bits make up the e ective length of the DES key?
Not yet
answered
a. 32
Marked out of
1.00 b. 16
Flag c. 56
question
d. 64
Clear my choice

Question 18 security from components that are not security related?


Not yet
answered
a. Security perimeter
Marked out of
1.00 b. Security related
Flag c. Security policy
question
d. Security kernel
Clear my choice

Question 19 smaller number of computers, which still must carry the same processing load as the systems in the main building. Which of the
Not yet following best describes the most important aspects of the products Mark needs to purchase for these purposes?
answered

Marked out of a. Systems must provide multiprogramming multiprocessing capabilities and virtualized environments.
1.00
b. Systems must provide asymmetric multiprocessing capabilities and virtualized environments.
Flag
question c. Systems must provide symmetric multiprocessing capabilities and virtualized environments.
d. Systems must provide multiprogramming multiprocessing capabilities and symmetric multiprocessing environments.
Clear my choice

Question 20 What feature enables code to be executed without the usual security checks?
Not yet
answered
a. Maintenance hook
Marked out of
1.00 b. Temporal isolation
Flag c. Maintenance disk
question
d. Race conditions
Clear my choice

Question 21 What is the de nition of an algorithm’s work factor?


Not yet
answered
a. The time it takes to break the encryption
Marked out of
1.00 b. The time it takes to implement 16 rounds of computation
Flag c. The time it takes to encrypt and decrypt the same plaintext
question
d. The time it takes to apply substitution functions
Clear my choice

Question 22 During which phase or phases of the information life cycle can cryptography be an e ective control?
Not yet
answered
a. Disposal and Use
Marked out of
1.00 b. All the them.
Flag c. Archival and Disposal
question
d. Use and Archival
Clear my choice

Question 23 Information classi cation is most closely related to which of the following?
Not yet
answered
a. The information’s destination
Marked out of
1.00 b. The information’s age
Flag c. None of them
question
d. The source of the information
Clear my choice

Question 24 What should management consider the most when classifying data?
Not yet
answered
a. The type of employees, contractors, and customers who will be accessing the data
Marked out of
1.00 b. Availability, integrity, and con dentiality
Flag c. Assessing the risk level and disabling countermeasures
question
d. Availability, integrity
Clear my choice

Question 25 Which of the following makes the most sense for a single organization’s classi cation levels for data?
Not yet
answered
a. Sensitive, Sensitive But Unclassi ed (SBU), Proprietary
Marked out of
1.00 b. Proprietary, Trade Secret, Private
Flag c. Unclassi ed, Secret, Top Secret
question
d. Unclassi ed, Sensitive, Top Secret
Clear my choice

Question 26 Which of the following requirements should the data retention policy address?
Not yet
answered
a. Operational
Marked out of
1.00 b. Legal
Flag c. All the them
question
d. Regulatory
Clear my choice

Question 27 classi cation of data?


Not yet
answered
a. The level of damage that could be caused were disclosed
Marked out of
1.00 b. The cost of implementing controls for the data
Flag c. Regulatory requirements in jurisdictions within which the organization is not operating
question
d. The level of damage that could be caused if the data were disclosed
Clear my choice

Question 28 If di erent user groups with di erent security access levels need to access the same information, which of the following actions should
Not yet management take?
answered

Marked out of a. Increase the controls on the information.


1.00
b. Decrease the security level on the information to ensure accessibility and usability of the information.
Flag
question c. Decrease the classi cation label on the information.
d. Increase the security controls on the information.
Clear my choice

Question 29 The data owner is most often described by all of the following except
Not yet
answered
a. Financially liable for the receive of the data
Marked out of
1.00 b. Manager in charge of a business unit
Flag c. Ultimately responsible for the protection of the data
question
d. Financially liable for the loss of the data
Clear my choice

Question 30 OCTAVE, NIST SP 800-30, and AS/NZS 4360 are di erent approaches to carrying out risk management within companies and
Not yet organizations. What are the di erences between these methods?
answered

Marked out of a. AS/NZS is IT based, and OCTAVE and NIST SP 800-30 are assurance based.
1.00
b. NIST SP 800-30 and AS/NZS are corporate based, while OCTAVE is international.
Flag
question c. NIST SP 800-30 is IT based, while OCTAVE and AS/NZS 4360 are 

d. None of them.

Clear my choice

Finish attempt ...

PREVIOUS ACTIVITY
 Lect01_2-Discuss-Six-Ps

Jump to...

FPT University HCM Campus Get the mobile app

Contact: [email protected]

IT Support: 0914 291 596

You might also like