Infosec

Question 1

What word would best describe how an intrusion system operates
A)Proactive
B) Reactive
C) inductive
D)reductive

Answer 1

Reactive

Question 2

What would be considered a best mitigation practise for services that are not being used on devices?

A) Enable
B) limit
C) Disable
D) monitor

Answer 2

disable

Question 3

What is the benefit of using a viritual private network?
A) Increased lag
B) Increased confidentiality
C) Increased availability
D) Decreased lag

Answer 3

Increased confidentiality/ protection against eavesdropping

Question 4

which alternative would provide the best countermeasure against an on-line attack (active authentication) against a username and a password?
A) The using of a long password
B) the use of a firewall
C) To use the diffie-hellman password exhange
D) to use a strict limit on login failures

Answer 4

To use a strict limit on login failures

Question 5

Which of the following sentences describe the term asset best from an information security perspective?

A) Anything that an organization buys
B) Anything that is situated within an organizations premisis
C) Anything that has a value to the organization
D) Anything that an organization sells

Answer 5

Anything that has a value to the organization

Question 6

Where in the information security model would an information security policy be placed ?
A)physcial security
B)administrative security
C)network security
D)computer security

Answer 6

Network security

Question 7

Which of the below-mentioned protocols is susceptible to sniffing?

A) TCP
B)HTTP
C)UDP
D)All of them

Answer 7

HTTP

Question 8

What type of cryptographic algorithms are DES and 3DES?
A)Assymetric
B)Caesar
C)Symmetric
D)Vigenére

Answer 8

Symmetric

Question 9

According to the CIA triad, which of the below-mentioned security aspects is considered in the triad?
A)Authenticity
B)Availability
C)Accountability
D)Auditability

Answer 9

Availability

Question 10

SQL injection is a code injecting method used for attacking the database of a website

Question 11

which of the following is not a wireless attack ?
A)Wireless hijacking
B)Rootkit
C)MAC spoofing
D)Eavesdropping

Answer 11

Rootkit

Question 12

Assume you encounter a search box on a web page that can take an input of 200 characters. You insert 300 characters and the remote system craches. Usually, this type of behaviour is because of limited 
A)cloud
B)storage
C)local memory
D)buffer

Answer 12

buffer

Question 13

Imagine you are using an internet service provider who you dont trust. What could you use to hide your browsing activity?
A)Anti spyware software
B)An antivirus software
C)A firewall
D)The incognito mode on the browser
E)A virtual private network (VPN)

Answer 13

a viritual private network

Question 14

List at least three kinds of damage a company could suffer when the intergrity of a program or company data is compromised.

Blackmailing
Customers due to lack of faith in the company.
Money drops in stocks

Question 15

Describe the concepts, intrusion detection system IDS and intrusion prevention system IPS also differentiate the concepts

Question 16

Describe three reasons why penetrate and patch is a misguided strategy

Question 17

Explain the concept of salt and exemplify how it can be used

Question 18

List three reasons why people might be reluctant to use biometrics for authentication. Also give examples of how to counter those objections?

Question 19

Define the terms Vulnerability, threat, harm, and security controls. Also relate the terms to each other by giving an applied example.

Question 20

Are computer to computer authentication subject to the weakness of replay? Motivate why or why not

Question 21

Describe by giving an applied example of how passwords are stored by the operating system of your personal computer

Question 22

In the context of software security, such as OS security, eight design principles were formulated more than 40 years ago. Despite the relative age, they remain valid even today. Describe any four of these design principles