COMPUTER SECURITY RECOVERY EXAM

NAME: WILSON DAVID CAIZA RECALDE DATE: FEBRUARY 27, 2014

Indications.-
 To answer multiple choice questions, highlight the answer in red.
 All questions must have an explanation, otherwise they will be worth 50%.
 Send the exam in PDF format to [email protected].
 If similar answers are found among other classmates, it will be considered copying.
 All questions are purely for consultation purposes.

1. Which of the following security techniques is the BEST method for authenticating a
user's identity?
A. Smart card
B. BIOMETRIC
C. Challenge-response token
D. User ID and Password

Explanation:

In a typical Biometrics system, a person registers with the system when one or more of his
or her physical and behavioral characteristics are obtained, processed by a numerical
algorithm, and entered into a database. Ideally, when you log in, almost all of your
characteristics match; then when someone else tries to log in, they don't match
completely, so the system doesn't let them in.

2. Which of the following is the MOST effective control when granting temporary access to
vendors?
A. Seller access corresponds to the service level agreement (SLA).
B. USER ACCOUNTS ARE CREATED WITH EXPIRATION DATES AND ARE BASED ON THE
SERVICES PROVIDED.
C. Administrator access is provided for a limited period of time.
D. User IDs are deleted when the job is complete.

Explanation:

Because this would make them more difficult to decipher, and if for some other reason the
user forgets to log in, the system would automatically close the session after a certain
period of active status.

3. A threat to Internet security that could affect integrity is:

A. theft of customer data
B. Exposing network configuration information
C. A TROJAN HORSE BROWSER
D. eavesdropping on the network.

Explanation:

It is a seemingly useful, novel, or attractive program that contains hidden functions that
allow, for example, obtaining user privileges (as long as the program is executed), posing a
huge security problem. A Trojan horse is generally ineffective without the involuntary
cooperation of the targeted user.
4. Which of the following is MOST critical to the successful implementation and
maintenance of a security policy?
A. ASSIMILATION OF THE STRUCTURE AND INTENT OF A WRITTEN SECURITY POLICY BY
ALL APPROPRIATE PARTIES
B. Management support and approval for the implementation and maintenance of a
security policy
C. Enforcement of security rules by providing punitive actions for any violation of security
rules
D. Strict implementation, monitoring and enforcement of rules by the security officer
through access control software.

Explanation:

5. An IS Auditor performing an access controls review should be LESS concerned if:

A. audit trails were not enabled.
B. PROGRAMMERS WOULD HAVE ACCESS TO THE LIVE ENVIRONMENT.
C. Group logos were being used for critical functions.
D. the same user could initiate transactions and also change related parameters.

Explanation:

Because the auditor would not know if the programmers are still or continued to
manipulate access.

6. WHICH OF THE FOLLOWING VIRUS PREVENTION TECHNIQUES CAN BE IMPLEMENTED

USING HARDWARE?
A. REMOTE BOOTING
B. Heuristic Scanners
C. Behavior Blockers
D. Immunizers

Explanation:

7. Automated teller machines (ATMs) are a specialized form of point-of-sale terminal that:
A. allows cash withdrawals and financial deposits only.
B. They are usually located in populous areas to curb theft or vandalism.
C. uses protected telecommunications lines for data transmissions.
D. MUST INCLUDE HIGH LEVELS OF LOGICAL AND PHYSICAL SECURITY.

Explanation:

It is primarily for the well-being of users and their security, with this we do not allow free
access to cloned or adulterated cards.

8. To prevent unauthorized access to data maintained in a speed dial response system, an

IS Auditor should recommend:
A. that online terminals be placed in restricted areas.
B. that online terminals are equipped with key locks.
C. that identification cards are required to access online terminals.
 D. THAT ONLINE ACCESS IS TERMINATED AFTER THREE FAILED ATTEMPTS.

Explanation:

It is for the integrity of our information so that it is not modified by third parties.

9. A callback system requires a user with an ID and password to call a remote server over a
dial-up line, then the server disconnects and:
A. DIALS IN RESPONSE TO THE USER'S MACHINE BASED ON THE USER'S ID AND
PASSWORD USING A PHONE NUMBER FROM ITS DATABASE.
B. Dials in response to the user's machine based on the user's ID and password using a
phone number provided by the user during this connection.
C. It waits for a new dial response from the user's machine for reconfirmation and then
verifies the user's ID and password using its database.
D. waits for a new dial response from the user's machine for reconfirmation and then
verifies the user's id and password using the sender's database.

Explanation:

10. Which of the following provides the GREATEST guarantee for achieving the authenticity
of a message?
A. The pre-hash code is mathematically derived from the message being sent
B. THE PRE-HASH CODE IS ENCRYPTED USING THE SENDER'S PRIVATE KEY
C. Encryption of the pre-hash code and the message using the secret key
D. The sender obtains the recipient's public key and verifies the authenticity of its digital
certificate with a certificate authority

Explanation:

11. A critical function of a firewall is to act as:

A. a special Router that connects the Internet to a LAN.
B. device to prevent authorized users from accessing the LAN.
C. SERVER USED TO CONNECT AUTHORIZED USERS TO TRUSTED PRIVATE NETWORK
RESOURCES.
D. proxy server to increase access speed for authorized users.

Explanation:

12. Antivirus software should be used as a:

A. DETECTION CONTROL.
B. preventive control.
C. corrective control.
D. compensatory control.

Explanation:
13. When an organization's network is connected to an external network in a client/server
model from the Internet that is not under the organization's control, security becomes a
concern. In providing adequate security in this environment/setting, which of the
following levels of assurance is the LEAST important?
A. Server and client authentication
B. Data integrity
C. DATA RECOVERY
D. Data confidentiality

Explanation

14. If inappropriate, which of the following would MOST likely contribute to a denial of
service attack?
A. ROUTER CONFIGURATION AND APPLIED RULES
B. The design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques

Explanation:

15. An IS Auditor, evaluating proposed biometric control devices, reviews the false reject
rates (FRRs), false acceptance rates (FARs), and equal error rates (ERRs) of three different
devices. The IS Auditor should recommend purchasing the device that has:
A. LESS ERRORS.
B. more ERR.
C. less FRR but more FAR.
D. less FAR but more FRR.

Explanation:

16. The risk of gaining unauthorized access through social engineering can be BEST resolved
by:
A. AWARENESS PROGRAMS/SECURITY AWARENESS.
B. asymmetric encryption/cipher.
C. intrusion detection systems.
D. a demilitarized zone.

Explanation:

17. When connecting to an online system, which of the following processes would the
system perform FIRST?
A. Initiation
B. Verification
C. Authorization
D. AUTHENTICATION
Explanation:

18. Who is primarily responsible for periodically reviewing user access to systems?
A. Computer operators
B. security administrators
C. DATA OWNERS
D. IS auditors

Explanation:

19. When auditing security for a data center, an IS Auditor should look for the presence of a
voltage regulator to ensure that:
A. THE HARDWARE IS PROTECTED AGAINST VOLTAGE DROPS.
B. integrity is maintained if the main power is interrupted.
C. immediate power is available if primary power is lost.
D. the hardware is protected against long-term power fluctuations.

Explanation:

20. Which of the following techniques could illegally capture network user passwords?
A. Encryption/cipher
B. SNIFFING
C. Spoofing
D. Data destruction

Explanation:

The easiest way to understand how it works is to examine how a sniffer works on an Ethernet
network. The same principles apply to other network architectures.

An Ethernet sniffer is a program that works in conjunction with the Network Interface Card
(NIC) to indiscriminately absorb all traffic that is within the listening threshold of the listening
system. And not just traffic directed to a network card, but to the network broadcast address
255.255.255.255 (i.e. everywhere).

To do this, the sniffer has to get the card to enter "promiscuous" mode, in which - as the word
itself indicates - it will receive all the packets that travel through the network. So the first thing
to do is to put the network hardware into promiscuous mode, and then the software can
capture and analyze any traffic passing through that segment.

This limits the scope of the sniffer, as in this case it will not be able to capture traffic outside
the network (i.e. beyond routers and similar devices), and depending on where it is connected
in the Intranet, it will be able to access more and more important data than elsewhere. To
absorb data circulating on the Internet, what is done is to create mail or DNS servers to place
their sniffers at these strategic points.