Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
327 views60 pages

Information Security Questions

Uploaded by

leratolover.tsotetsi5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
327 views60 pages

Information Security Questions

Uploaded by

leratolover.tsotetsi5
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 60

Assessment 1 chapter 1- 3

A program can be validated in several different ways such as cross-checking


each system requirement with the system’s source code or execution-time
behavior. The goal is to demonstrate that the system does everything listed in
the functional requirements.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 2
A manager implements a number of controls in an organization, but the controls
do not mitigate the risk. The risk that remains uncovered by the controls is called
harm.
Select one:
True
False
Feedback
Answer is residual risk
The correct answer is 'False'.
Question 3
Vernam cipher is a type of one-time pad and is immune to most cryptanalytic
attacks.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 4
A student manages to access his assignment record in a student database and
changes his assignment mark. This is an example where the … of the record is
affected (one word only).

Answer:
Feedback
The correct answer is: integrity
Question 5
An unauthorized person changes a data item in a database - this constitutes
interception.
Select one:
True
False
Feedback
False, modification
The correct answer is 'False'.
Question 6
An umbrella procedure which maintains your identities and authentication codes
for all the different processes you access, is called single sign-on.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 7
A denial of service attack launched against a network is an interruption attack.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 8
An example of multifactor authentication is a password and fingerprint.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 9
Encrypt the following message using a 4-column permutation cipher.
Next to the trees

a.
nteeeotsxtrxthex
b.
nteestoextrxthex
c.
nteeeotsxtrthe
d.
nteestoexrtxxeht

Feedback
Your answer is correct.
The correct answer is:
nteeeotsxtrxthex
Question 10
An asymmetric encryption method has precisely matched pairs of keys that are
produced together, or of which one key is derived mathematically from the other.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 11
An attacker needs three things: method, opportunity and money for a successful
attack.
Select one:
True
False
Feedback
Answer: False, an attacker needs three things: method – the skills and knowledge
to perform a successful attack; opportunity – time and access by which to attack;
and motive – a reason to want to attack.
The correct answer is 'False'.
Question 12
When an extra field is added to a password saved in a database so as to prevent
people who have chosen identical passwords from being identified, this is called
a variant.
Select one:
True
False
Feedback
False, salt
The correct answer is 'False'.
Question 13
The resulting cipher text message after applying the Caesar Cipher with a shift of
THREE to CAIRO AT THREE will be as following:

a.
FDLURDWWKUHH
b.
CAIRO AT THREE
c.
ZXFOLXQQEOBB
d.
EERHTTAORIAC

Feedback
The correct answer is:
FDLURDWWKUHH
Question 14
The following are properties of information security:
Select one:
a.
threats, controls and vulnerabilities.
b.
availability, integrity and confidentiality.
c.
availability, integrity, confidentiality, authentication and nonrepudiation.
d.
passwords, encryption, back up and policies.
Feedback
The correct answer is: availability, integrity, confidentiality, authentication and
nonrepudiation.
Question 15
An example of an active token is a token that initiates a two-way communication
with its reader, often by wireless or radio signal.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 16
When an interceptor creates a table with a list of the concealed forms of
common passwords, it is called an access control matrix.
Select one:
True
False
Feedback
False, rainbow table
The correct answer is 'False'.
Question 17
Protecting objects involves several complementary goals such as to ensure that
each subject should have access to the smallest number of objects necessary to
perform some tasks. This is called verify acceptable usage.
Select one:
True
False
Feedback
False, enforce least privilege
The correct answer is 'False'.
Question 18
Installing system patches is an example of … an attack.
Select one:
a.
deflecting
b.
preventing
c.
deterring
d.
detecting
Feedback
The correct answer is: preventing
Question 19
A digital signature must meet certain conditions. It must be authentic and
unforgeable, not alterable and not reusable.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 20
A firewall and anti-virus program are examples of procedural control.
Select one:
True
False
Feedback
The correct answer is 'False'.
Question 21
Privileges in an access control matrix are associated with groups and roles.
Select one:
True
False
Feedback
False
An access control matrix is a table in which each row represents a subject, each
column represents an object, and each entry is the set of access rights for the
subject to that object.
A privileged list in an access matrix shows all the privileges or access rights for a
given subject.
An access control matrix can be presented as a list of triples <subject, object,
right>.
The correct answer is 'False'.
Question 22
A brute force attack tries all possible passwords usually in some automated
fashion using different password combinations until the correct password is
discovered. This is also referred to as guessing passwords.
Select one:
True
False
Feedback
False, exhaustive attack
The correct answer is 'False'.
Question 23
The human resource manager reviews all access requests to the Oracle system
and signs-off approval for the access before granting access to the human
resource system. This is an example of a … control (one word only).
Answer:
Feedback
The correct answer is: procedural
Question 24
The disadvantages of stream encryption algorithms are low diffusion and
susceptibility to malicious insertions and modifications.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 25
Installing system patches is an example of … an attack (one word only).

Answer:
Feedback
The correct answer is: preventing
Question 26
A…is a weakness in the system, for example, in a design that can be
exploited (one word only).

Answer:
Feedback
The correct answer is: vulnerability
Question 27
An online travel agency requires you to provide your passport number as part of
the online booking process. The field where you can type in your passport
number accepts any length and type of character. This is an example of a system

Select one:
a. vulnerability.
b. threat.
c. asset.
d. control.
Feedback
The correct answer is: vulnerability.
Question 28
PKIs use symmetric encryption algorithms to digitally sign certificates.
Select one:
True
False
Feedback
False, asymmetric
The correct answer is 'False'.
Question 29
Integrity is defined as precise, accurate, unmodified or modified by
authorized people/processes/ways, consistent, internally consistent, meaningful
and usable.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 30
Electronic espionage of confidential organizational documents could result in
harm to reputation as well as loss of trade secrets.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 31
Ensuring that an authorized user in the exams department has access to capture
exam marks on the system is called … (one word only).
The correct answer is : authorization
Question 32
… is a CIA characteristic that ensures that only those with sufficient privileges
and a demonstrated need to access that information may access it (one word
only).
Answer:
Feedback
The correct answer is: Confidentiality
Question 33
A virus executes in a particular way, using certain methods to spread. Each of
these characteristics yields a tell-tale pattern, called an address that can be
found by a program that looks for it.
Select one:
True
False
Feedback
False, signature
Question 34
A power failure can been seen as a … that could cause harm (one word only).
Answer:
The correct answer is: threat
Question 35
In order for an attack to succeed one requires the skills, knowledge, tools and
other things which are needed to perpetrate the attack. This is referred to as…
(one word only).

Answer: Method

Assessment 2_
An attacker that creates a false website of the original website and changes the
values of the link to redirect the unsuspecting victim to points of the attacker’s
choosing is called a defaced website.

Select one:
True
False
Feedback
False, fake website
The correct answer is 'False'.
Question 2
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Information hiding aids in improving the likelihood that a programming
implementation is correct and works with the division of tasks on a logical and
function basis with each component performing an independent part of a task.
Select one:
True
False
Feedback
False, modularity
The correct answer is 'False'.
Question 3
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Verifying that the subject is authorized to perform the operation on an object is
called off-by-one-error.
Select one:
True
False
Feedback
False, mediation
The correct answer is 'False'.
Question 4
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
When designing a website one has to implement measures to protect against
failed identification and authentication. One method that can be used is out-of-
band-communication whereby the password is transferred in encrypted form.

Select one:
True
False
Feedback
False, out-of-band-communication. This is when one fact is transferred separately
from another fact along a communication path. For example a bank card PIN is
mailed separately from the bank card.

The correct answer is 'False'.


Question 5
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
A keystroke logger that records all keystrokes entered can only be a software
program.

Select one:
True
False
Feedback
False, a keystroke logger can be hardware or software
The correct answer is 'False'.
Question 6
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A trapdoor is an undocumented feature of a program that can be accessed in a
secret way, usually with special privileges.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 7
Correct
Mark 1.00 out of 1.00

Flag question
Question text
S/MIME and PGP can be used to protect against e-mail attacks.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 8
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A dropper is code that changes browser settings, disallows access to certain sites
or redirects the browser to others.
Select one:
True
False
Feedback
False, browser hijacker
The correct answer is 'False'.
Question 9
Correct
Mark 1.00 out of 1.00
Flag question
Question text
An/a … can detect altered content on a website by generating a hash value of
the files. The original and new hash values can be compared to detect changes.
Select one:
a.
anti-virus program
b.
checksum
c.
website certificate
d.
encryption
Feedback
The correct answer is: checksum
Question 10
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Signatures, shared secrets, one-time passwords and out of band communications
are all countermeasures for attacks against social engineering.

Select one:
True
False
Feedback
False, identification and authentication in man-in-the-middle attacks
The correct answer is 'False'.
Question 11
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
A spammer gets a list of email addresses but does not know if the addresses are
active and if anyone reads the mail. The spammer therefore includes a web bug
in the email with an image. The web bug is a malicious file that can be used to
monitor keystrokes of the individual who opened the email.

Select one:
True
False
Feedback
False. With the embedded web bug, the spammer will receive a report when the
email message is opened in a browser. The web bug is not harmful, but allows
tracking across multiple merchants. Some might argue that it is an invasion of
privacy
The correct answer is 'False'.
Question 12
Correct
Mark 1.00 out of 1.00

Flag question
Question text
TOCTTOU flaw is when a program exploits the delay between two actions,
namely between check and use.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 13
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
You receive an email from your bank informing you that you need to change your
password by clicking on the link provided in the email. This is a clickjacking
attack.

Select one:
True
False
Feedback
False, phishing attack
The correct answer is 'False'.
Question 14
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Buffer overflows often come from …
Select one:
a.
innocent programmer oversights.
b.
a virus.
c.
a threat.
d.
a lack of physical controls.
Feedback
The correct answer is: innocent programmer oversights.
Question 15
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Black-box testing is when testers examine the design and code directly,
generating test cases based on the code’s actual construction.
Select one:
True
False
Feedback
False, clear-box testing

The correct answer is 'False'.


Question 16
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
An attacker uses a transparent box and slips it over an existing question on a
website. The user is unaware of clicking on the transparent box and is tricked
into clicking on the transparent link which performs a malicious action. This is an
example of drive-by-download.

Select one:
True
False
Feedback
False, clickjacking
The correct answer is 'False'.
Question 17
Correct
Mark 1.00 out of 1.00

Flag question
Question text
When executable code is included in the interaction between client and server
and executed by the client or server, it is called SQL injection
Select one:
True
False
Feedback
False, cross-site scripting
The correct answer is 'False'.
Question 18
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Consider an attack in which a programmer at a bank writes code that takes 1/10
of a cent off ten million client accounts and puts the money into his own account.
What type of attack is this?
Select one:
a.
Scareware
b.
Lazy Attack
c.
Salami Attack
d.
Replay Attack
Feedback
The correct answer is: Salami Attack
Question 19
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Function testing is the process of evaluating the system to determine whether
the functions that were specified according to the requirements are actually
performed by the integrated system.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 20
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
A one-time-password can be used so that a server can distinguish between a
human who makes a request and an automated program generating the request.
Select one:
True
False
Feedback
False, CAPTCHA
The correct answer is 'False'.
Question 21
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Modularity, encapsulation and mutual suspicion are techniques that software
developers can use to improve the security of their code.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 22
Correct
Mark 1.00 out of 1.00

Flag question
Question text
One aspect of malicious code infection is stealth mode. Stealth mode is how the
malicious code gains control and install themselves so that they can be
reactivated.

Select one:
True
False
Feedback
False, stealth mode is how the malicious code hide to avoid detection

The correct answer is 'False'.


Question 23
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A user-in-the-middle attack is when malicious code intercepts data passing
through the browser before the browser can encrypt the data.

Select one:
True
False
Feedback
False, man-in-the-browser attack
The correct answer is 'False'.
Question 24
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A man-in-the-browser attack is an example of …
Select one:
a.
software that records all keystrokes entered.
b.
a Trojan horse that intercepts data passing through the browser.
c.
download substitution.
d.
an attack where a user is redirected to another page.
Feedback
The correct answer is: a Trojan horse that intercepts data passing through the
browser.
Question 25
Correct
Mark 1.00 out of 1.00

Flag question
Question text
When malware exploits a product vulnerability for which the manufacturer has
no countermeasure it is called a…
Select one:
a.
script attack
b.
trapdoor
c.
zero day attack
d.
hostile agent
Feedback
The correct answer is: zero day attack
Question 26
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Buffer overflows often come from innocent programmer oversights or failures to
document and check for excessive data, string overrun.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 27
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A worm is malicious code that, in addition to its primary effect, has a second,
non-obvious, malicious effect. Code that contains unexpected, undocumented,
additional functionality.

Select one:
True
False
Feedback
False, Trojan horse
The correct answer is 'False'.
Question 28
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Watch the “Cryptography fundamentals” online video of the IEEE in terms of
Triple Des, Twofish and RSA encryption algorithms. Then answer the following
question.
Triple des is an extension of DES while Twofish is related to Blowfish.

Select one:
True
False
Feedback

The correct answer is 'True'.


Question 29
Correct
Mark 1.00 out of 1.00

Flag question
Question text
When malware exploits a product vulnerability for which the manufacturer has
no countermeasure, it is called a zero day attack.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 30
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Watch the “Cryptography fundamentals” online video of the IEEE in terms of
Triple Des, Twofish and RSA encryption algorithms. Then answer the following
questions
RSA is faster then DES and AES, but Twofish is slower than AES for 128-bit keys.

Select one:
True
False
Feedback
False: RSA is slower that DES and AES. Twofish is slower than AES for 128-bit
keys.

The correct answer is 'False'.


Question 31
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Attackers are interested in creating continuing or repeated harm using viruses.
One way of continuity of infection is for the virus to become part of the network
with a boot sector attack as example.

Select one:
True
False
Feedback
False, become part of the operating system
The correct answer is 'False'.
Question 32
Correct
Mark 1.00 out of 1.00

Flag question
Question text
To protect data modification on a website administrators can use integrity check
sums.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 33
A scripting attack forces the server to execute commands in a normal data fetch request.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 34
Good program design principles specifically for security are: 1) validation of input; 2)
complete mediation; and 3) disaster recovery.
Select one:
True
False
Feedback
False, validation of input, complete mediation and separation of privilege
The correct answer is 'False'.
Question 35
An append virus is when a program virus attaches itself to a program and the virus is
activated when the program runs.
Select one:
True
False
Feedback
The correct answer is 'True'.

Assessment 3
Which of the following is not an action that can be taken by a DBMS to ensure the
integrity of elements?
Select one:
a.
Access control.
b.
Unit testing.
c.
Field checks.
d.
Implementing a change log.
Feedback
The correct answer is: Unit testing.
Question 2
Correct
Mark 1.00 out of 1.00

Flag question
Question text
…is a variation of a ping attack where the attacker spoofs the source address in the
ping packet so that it appears to come from the victim, and sends the request to the
network in broadcast mode. The victim is saturated with ECHO replies from the entire
network.
Select one:
a.
Echo-chargen
b.
Smurf
c.
SYN flood
d.
Ping of death
Feedback
The correct answer is: Smurf
Question 3
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Segmentation and paging are two approaches that can be used to address memory
protection in operating systems.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 4
Correct
Mark 1.00 out of 1.00

Flag question
Question text
… in an operating system is when different processes use different physical objects,
such as printers for output requiring different levels of security.
Select one:
a.
Cryptographic separation
b.
Temporal separation
c.
Logical separation
d.
Physical separation
Feedback
The correct answer is: Physical separation
Question 5
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Suppression and concealment is used to address inference in aggregation and
geotracking.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 6
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A SYN flood is a variation of a ping attack where the attacker spoofs the source
address in the ping packet so that it appears to come from the victim, and sends the
request to the network in broadcast mode. The victim is saturated with ECHO replies
from the entire network.

Select one:
True
False
Feedback
False, Smurf attack
The correct answer is 'False'.
Question 7
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The application layer of the OSI model includes network processes to applications.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 8
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Routers achieve integrity through their structure and individual elements.

Select one:
True
False
Feedback
False, databases achieve integrity through their structure and individual elements.
The correct answer is 'False'.
Question 9
Correct
Mark 1.00 out of 1.00

Flag question
Question text
An operating system can implement a controlled security environment by controlling
sharing through separating classes of subjects and objects. The separation can occur
in several ways such as temporal, logical and network separation.

Select one:
True
False
Feedback
False, the separation can occur in several ways such as temporal, logical and
physical and cryptographic separation
The correct answer is 'False'.
Question 10
Correct
Mark 1.00 out of 1.00
Flag question
Question text
When the structure of a database is preserved and a modification to the value of one
field does not affect the other it is referred to as physical database integrity.

Select one:
True
False
Feedback
False, logical database integrity
The correct answer is 'False'.
Question 11
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The transport layer of the OSI performs error checking and correction to ensure a
reliable flow of data.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 12
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The nucleus / core / kernel is the part of the operating system that performs the
lowest-level functions.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 13
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
The reference monitor is the most important part of a security kernel and mediates
access by subjects to objects. It is the only security mechanism of a trusted operating
system.

Select one:
True
False
Feedback
Answer: False, the reference monitor is not the only security mechanism of a trusted
operating system. Other parts of the security suite include auditing and identification
and authentication processing, as well as setting enforcement parameters, such as
who are allowable subject and what objects they are allowed to access.
The correct answer is 'False'.
Question 14
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Wi-Fi Protected Access (WPA) is a stronger protocol suite than WEP because WPA
uses a 64-bit encryption key.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 15
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
An example of data mining in big data is when a software developed uses a SQL
query to extract customer data from the organisations’ database.

Select one:
True
False
Feedback
False, various sources of data are used in data mining, including sources external to
the organisation, correlating multiple data elements, it uses machine learning,
mathematical models, patterns etc.
The correct answer is 'False'.
Question 16
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
A honeypot shows a safe set of resources for the attacker while the administrators
monitor the attacker’s activities in real time. Virus detection companies will never put
out poorly protected systems as part of research to check how the system have been
infected as part of their product development.

Select one:
True
False
Feedback
False, virus detection companies put out poorly protected systems as part of
research to check how the system have been infected as part of their product
development
The correct answer is 'False'.
Question 17
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Layering is recognized as a good operating system design. Each layer uses the more
central layers as services and each layer provides a certain level of functionality to
the farther layers. This has the drawback that problems such as a hardware or
software failure cannot be limited to the hierarchical levels.

Select one:
True
False
Feedback
False, this has the benefit that problems such as a hardware or software failure can
be limited to the hierarchical levels
The correct answer is 'False'.
Question 18
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Big data correlation capabilities could have privacy implications, which are also
lucrative.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 19
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Least privilege, economy of mechanism, open design and complete mediation are
examples of good design principles for databases.

Select one:
True
False
Feedback
False, least privilege, economy of mechanism, open design and complete mediation
are examples of good design principles for operating systems
The correct answer is 'False'.
Question 20
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
A firewall complements preventative controls as the next line of defense and is a
device, typically another separate computer, that monitors activity to identify
malicious or suspicious events.

Select one:
True
False
Feedback
False, an Intrusion Detection System (IDS)

The correct answer is 'False'.


Question 21
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A bounds register is a register that serves as an upper address limit in the same way
as a base or fence register is a lower address limit. The fence (base) register and
bounds register are used together to neatly confine a program’s addresses between
the base and bound.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 22
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Field checks, access control and a change log are used to achieve logical integrity in
a database.

Select one:
True
False
Feedback
False, element integrity
The correct answer is 'False'.
Question 23
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A security kernel is responsible for enforcing security mechanisms for the entire
operating system. Which of the following is NOT a good design reason for isolating
functions in a security kernel?
Select one:
a.
Compactness
b.
Separation
c.
Mediation
d.
Unity
Feedback
The correct answer is: Mediation
Question 24
Correct
Mark 1.00 out of 1.00
Flag question
Question text
…is used when the client requests an SSL session and the server responds with its
pubic key certificate so that the client can determine the authenticity of the server.
The server and client compute the session key and switch to encrypted
communication using a shared session key.
Select one:
a.
NIC
b.
SHA
c.
HTTPS
d.
SMPT
Feedback
The correct answer is: HTTPS
Question 25
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
When an intruder taps a wire and reads radiated signals without making physical
contact with the cable, this is called packet sniffing.

Select one:
True
False
Feedback
False, inductance
The correct answer is 'False'.
Question 26
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A circuit firewall joins two subnetworks.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 27
Correct
Mark 1.00 out of 1.00

Flag question
Question text
One of the most common ways to implement big data projects is to use a database
with a SQL query.

Select one:
True
False
Feedback
False, Hadoop is the most common way to implement big data projects.
The correct answer is 'False'.
Question 28
Correct
Mark 1.00 out of 1.00

Flag question
Question text
An operating system addresses several particular functions that involve computer
security such as memory protection whereby each user’s program must run in a
portion of memory protected against unauthorized accesses.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 29
Correct
Mark 1.00 out of 1.00

Flag question
Question text
When duplicates are made of attributes or entire databases and used for an
immediate replacement of the data if an error is detected, it is called a duplicate.

Select one:
True
False
Feedback
False, shadow field.

The correct answer is 'False'.


Question 30
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A protocol is a language or set of conventions for how two computers will interact.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 31
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Installing anti-malware and updating the operating system and applications with
security updates once a year are recommended as basic security measures.

Select one:
True
False
Feedback
False. Installing anti-malware and updating the operating system and applications
with security updates as soon as available are recommended as basic security
measures.
The correct answer is 'False'.
Question 32
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A change log contains both original and modified values.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 33
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A hypervisor is the hardware that implements a virtual machine and can support two
or more operating systems simultaneously.

Select one:
True
False
Feedback
False, a hypervisor is the software that implements a virtual machine and can support
two or more operating systems simultaneously
The correct answer is 'False'.
Question 34
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
The integrity of the database elements is their correctness or accuracy. Separate files
are used as a method for taking corrective action to correct integrity errors.

Select one:
True
False
Feedback
The correct answer is 'False'.
Question 35
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Satellite is regarded as the most secure network transmission.

Select one:
True
False
Feedback
False. Optical fibre
The correct answer is 'False'.

Assessment 4
ISO27001 is used by organisations for the governance of information technology.

Select one:
True
False
Feedback
False, ISO27001 is used for the management of information security, COBIT is used
for the governance of information technology.
The correct answer is 'False'.
Question 2
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Consider the following scenario. A colleague reports to you that he clicked on a link
he received in an email, and now his computer is “acting funny”. In determining how
best to respond, which of the following should be consulted?
Select one:
a.
Service level agreement
b.
Incident response plan
c.
Business continuity plan
d.
Security plan
Feedback
The correct answer is: Incident response plan
Question 3
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Data anonymization is when data is replaced with untraceable codes.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 4
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Information usage relates to the collection of personal information by a house agent
and used by the house agent organisation for insurance marketing of another
company.

Select one:
True
False
Feedback
False, the house agent may only use personal information for the purpose of
selling/buying houses as specified in the purpose statement to the data subject. The
information usage must be in line with the purpose of collection.

The correct answer is 'False'.


Question 5
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Security Assertion Markup Language (SAML) is a privacy standard.
Select one:
True
False
Feedback
False, SAML is an XML-based standard that defines a way for systems to securely
exchange user identity and privilege information which addresses trust and
standardization.

The correct answer is 'False'.


Question 6
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Defcon is an international information security certification.

Select one:
True
False
Feedback
False, Defcon is one of the largest hacking conferences. CISSP or CISM are
information security certifications.
The correct answer is 'False'.
Question 7
Correct
Mark 1.00 out of 1.00

Flag question
Question text
SaaS offers applications which the user does not have control over of which an
example is Dropbox.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 8
Correct
Mark 1.00 out of 1.00

Flag question
Question text
On demand self service and fixed resources are characteristics of cloud computing.

Select one:
True
False
Feedback
False, on demand self services and resource pooling.

The correct answer is 'False'.


Question 9
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Society relies on the law to describe and enforce behaviour that is acceptable in
communities.

Select one:
True
False
Feedback
False, ethics not law

The correct answer is 'False'.


Question 10
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Cookies could contain your password and credit card number.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 11
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The Fair Information Practice Principles include accountability which means that the
data subject is accountable to determine the purpose of use of his/her personal data.

Select one:
True
False
Feedback
False, accountability refers to the data controller who is accountable for complying
with the Fair Information Practice Principles.

The correct answer is 'False'.


Question 12
Correct
Mark 1.00 out of 1.00

Flag question
Question text
What can be implemented to aid in securing IaaS?
Select one:
a.
Using a deletion tool that ‘wipes’ your data.
b.
Encryption of data-in-transit and data-at-rest.
c.
All of the options are correct.
d.
Virtual networks.
Feedback
The correct answer is: All of the options are correct.
Question 13
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Informed consent must be obtained during to the processing of personal information.

Select one:
True
False
Feedback
False, informed consent must be obtained prior to the processing.
The correct answer is 'False'.
Question 14
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Accountability and use of international standards are part of the six requirements of a
security plan.

Select one:
True
False
Feedback
False, only accountability
The correct answer is 'False'.
Question 15
Correct
Mark 1.00 out of 1.00

Flag question
Question text
PaaS cloud architecture enables the user to control the underlying systems.

Select one:
True
False
Feedback
False, IaaS
The correct answer is 'False'.
Question 16
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Estimate the likelihood of exploitation is a step in a risk analysis.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 17
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Data to support cybersecurity decision-making can be obtained from industry
surveys.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 18
Correct
Mark 1.00 out of 1.00
Flag question
Question text
FIdM maintains a user’s identity information .

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 19
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Domain names are protected by copyright.

Select one:
True
False
Feedback
False, trademarks
The correct answer is 'False'.
Question 20
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Software can be patented.
Select one:
True
False
Feedback
The correct answer is 'True'.
Question 21
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The Protection of Personal Information Act of South Africa regulates the right to
privacy in Africa.

Select one:
True
False
Feedback
False, South Africa
The correct answer is 'False'.
Question 22
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
An internal cloud is a cloud that has an infrastructure that is operated exclusively by
and for the organisation that owns it, but the management may be contracted out to a
third party.

Select one:
True
False
Feedback
False, private cloud

The correct answer is 'False'.


Question 23
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Notice and sharing of breaches are the foundations of privacy.

Select one:
True
False
Feedback
False, notice of collection and consent.

The correct answer is 'False'.


Question 24
Correct
Mark 1.00 out of 1.00

Flag question
Question text
A hot site is an empty room with standard heating and air conditioning.

Select one:
True
False
Feedback
False, duplicates computing resources.

The correct answer is 'False'.


Question 25
Correct
Mark 1.00 out of 1.00

Flag question
Question text
The "recommended control" step of the security plan relates to the mapping of
controls to the vulnerabilities identified in the policy and requirements.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 26
Correct
Mark 1.00 out of 1.00

Flag question
Question text
OAuth does not exchange identity information, just authorisation as well as allows
users to give third-party applications access to only the account resources they need.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 27
Correct
Mark 1.00 out of 1.00

Flag question
Question text
What would be the most appropriate protection for URL's?
Select one:
a.
Trade secret
b.
Trademark
c.
Patent
d.
Copyright
Feedback
The correct answer is: Trademark
Question 28
Correct
Mark 1.00 out of 1.00

Flag question
Question text
… is a cloud that has an infrastructure that is operated exclusively by and for the
organisation that owns it, but the management may be contracted out to a third party.
Select one:
a.
A private cloud
b.
A community cloud
c.
An international cloud
d.
A public cloud
Feedback
The correct answer is: A private cloud
Question 29
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Privacy for correlation is when data is swapped in databases to protect privacy.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 30
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Data loss prevention is the responsibility of the cloud provider, and the company
does not have to implement controls.

Select one:
True
False
Feedback
False, the company is also responsible for controls

The correct answer is 'False'.


Question 31
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Collection of the minimal amount of data can be used to protect stored data.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 32
Correct
Mark 1.00 out of 1.00

Flag question
Question text
Encryption of data-in-transit and data-at-rest can be implemented to aid in securing
IaaS.

Select one:
True
False
Feedback
The correct answer is 'True'.
Question 33
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
Privacy is an aspect of integrity.

Select one:
True
False
Feedback
False, confidentiality

The correct answer is 'False'.


Question 34
Incorrect
Mark 0.00 out of 1.00

Flag question
Question text
In a Paas and IaaS cloud architecture the customer develops his or her own
application, but the provider affords the languages and tools for creating them.

Select one:
True
False
Feedback
False, only PaaS
The correct answer is 'False'.
Question 35
Correct
Mark 1.00 out of 1.00

Flag question
Question text
…must be obtained prior to the processing of personal information of for example an
employee, customer or research participant.
Select one:
a.
An identity confirmation
b.
A fee
c.
A reference
d.
Informed consent
Feedback
The correct answer is: Informed consent

You might also like