Questions 0-200 Flashcards

Question 1

Q

Which part of the security policies must a user be aware of? A. The applicable policies themselves and the effect caused by security breach B. The person responsible for creating the policies. C. The total number of policies that are there. D. None of the above

Answer

A

Which part of the security policies must a user be aware of? A. The applicable policies themselves and the effect caused by security breach (Answer) B. The person responsible for creating the policies. C. The total number of policies that are there. D. None of the above Explanation It is very essential for every employee/user to know the relevant security policies and the effect of security breach

Question 2

Q

Which of the following is necessary even after an employee has attended a security awareness program? A. Ensure security update bulletins are distributed to all employees at regular intervals. B. Assign a test score to the employee for the training attended C. Ensure the employee goes through one more such training D. None of the above

Answer

A

Which of the following is necessary even after an employee has attended a security awareness program? A. Ensure security update bulletins are distributed to all employees at regular intervals. (Answer) B. Assign a test score to the employee for the training attended C. Ensure the employee goes through one more such training D. None of the above Explanation The security awareness program attended by the employee may provide security awareness up to that date only. Any improvements and up gradation in security awareness there after must reach all the staff in form of bulletins.

Question 3

Q

Which of the following will not be available on a cold site? A. Electricity B. Networking C. Space D. None of the above

Answer

A

Which of the following will not be available on a cold site? A. Electricity B. Networking (Answer) C. Space D. None of the above Explanation Cold site usually has electricity and space for furniture. Networking will have to be set up from scratch.

Question 4

Q

If you cannot afford a hot site- which of the following would be an alternate solution? A. Warm site B. Cold site C. Luke warm site D. None of the above

Answer

A

If you cannot afford a hot site- which of the following would be an alternate solution? A. Warm site (Answer) B. Cold site C. Luke warm site D. None of the above Explanation A warm site would provide all facilities other than computers. Hence the return time to business is usually more than t hat in hot site.

Question 5

Q

Which of the following backup is most time consuming to restore during a server crash? A. Differential backup B. Incremental backup C. Full backup D. None of the above

Answer

A

Which of the following backup is most time consuming to restore during a server crash? A. Differential backup B. Incremental backup (Answer) C. Full backup D. None of the above Explanation Incremental backups take the fastest to perform in comparison with full and differential backups- but are the longest to restore

Question 6

Q

Which of the following is an ideal location for storing the backup? A. Offsite location B. Within the main site C. In the same city as head office D. None of the above

Answer

A

Which of the following is an ideal location for storing the backup? A. Offsite location (Missed) B. Within the main site (Missed) C. In the same city as head office D. None of the above Explanation Any off site location is good. Within the vicinity of the site will ensure that data backup is safe in case of fire and is also available at short notice when required to restore. In general- Budget and security concerns should dictate distance- as far away location will protect against natural disasters that may effect the city/neighbrohood

Question 7

Q

Which of the following enhances the server availability on the network? Choose the best answer A. Server mirroring B. Server clustering C. PDC D. None of the above

Answer

A

Which of the following enhances the server availability on the network? Choose the best answer A. Server mirroring B. Server clustering (Answer) C. PDC D. None of the above Explanation Server clustering is the ideal solution for enhancing file server availability on the network

Question 8

Q

Backup is required only for electric power and not electronic data. T/F? A. True B. False

Answer

A

Backup is required only for electric power and not electronic data. T/F? A. True B. False (Answer) Explanation All precautions for networks are being taken to preserve network and data availability. Hence iti s mandatory that data be given maximum online and offline fault tolerance.

Question 9

Q

Surge protectors are meant to provide backup to electrical and electronic devices. T/F? A. True B. False

Answer

A

Surge protectors are meant to provide backup to electrical and electronic devices. T/F? A. True (Answer) B. False Explanation Surge protectors as the name suggests provides electronic devices protection against power surge

Question 10

Q

In case of fire- which o the following needs to be programmed to be put off instantly? A. Electric supply B. Air conditioner C. Fire D. None of the above

Answer

A

In case of fire- which o the following needs to be programmed to be put off instantly? A. Electric supply (Answer) B. Air conditioner C. Fire (Your Answer) D. None of the above Explanation Leaving the electric supply on during fire can have disastrous effect on the site. T o avoid this- it is ideal that the electric supply be programmed to be put off with the usage of heat sensors.

Question 11

Q

Which of the following is essential for backing up burglar alarms and surveillance systems? Choose two A. Burglar alarms are connected to the local police or security organization through telephone lines B. Burglar alarms are connected to the local police or security organization being powered by electric supply C. None

Answer

A

Which of the following is essential for backing up burglar alarms and surveillance systems? Choose two A. Burglar alarms are connected to the local police or security organization through telephone lines (Missed) B. Burglar alarms are connected to the local police or security organization being powered by electric supply (Missed) C. None Explanation Usually burglar alarms are connected to the local police or security organization through telephone lines as well as being powered by electric supply. Hence it is important to backup telephone lines as well as power lines.

Question 12

Q

Cipher text can be used for punch system locks. T/F? A. True B. False

Answer

A

Cipher text can be used for punch system locks. T/F? A. True B. False (Answer) Explanation Cipher locks can be used in punch lock systems and not Cipher text. Cipher text is an encryption scheme.

Question 13

Q

Which of the following provide protection to the enterprise premises against attackers? Choose two A. Burglar alarms B. Bullet proof jackets C. Surveillance systems D. Public address systems

Answer

A

Which of the following provide protection to the enterprise premises against attackers? Choose two A. Burglar alarms (Missed) B. Bullet proof jackets C. Surveillance systems (Missed) D. Public address systems (Your Answer) Explanation Burglar alarms and surveillance systems are an integral part of tracking and alerting authorities against intruders and attackers.

Question 14

Q

Which of the following can be referred to as highly confidential data? A. Intranet web site B. Customer information C. Budget related information D. None of the above

Answer

A

Which of the following can be referred to as highly confidential data? A. Intranet web site B. Customer information (Answer) C. Budget related information D. None of the above Explanation Customer information is usually classified as highly confidential information. Budget related information is classified as confidential information.

Question 15

Q

Which of the following will allow you to take stock of sensitive data in the organization? A. Scanning all floppies that are allowed into the network B. Running scan disk on all drives C. Auditing all servers for stored data D. None of the above

Answer

A

Which of the following will allow you to take stock of sensitive data in the organization? A. Scanning all floppies that are allowed into the network B. Running scan disk on all drives C. Auditing all servers for stored data (Answer) D. None of the above Explanation By auditing all servers in the network for stored data- you can classify data as sensitive or non-sensitive. Auditing is the best process of taking stock of sensitive data in the network.

Question 16

Q

Which of the following statements are true about the way data classification can be made? Choose two A. It must be adhoc or informal B. It may be adhoc or informal C. The strategy usually involves a scheme that splits into different levels D. The strategy usually involves a ten level scheme.

Answer

A

Which of the following statements are true about the way data classification can be made? Choose two A. It must be adhoc or informal B. It may be adhoc or informal (Missed) C. The strategy usually involves a scheme that splits into different levels (Missed) D. The strategy usually involves a ten level scheme. Explanation It is important to have a classification of data to ensure correct levels of security to the relevant type of data. Although it is possible to have informal methods to classify data- it is much methodical to employ a strategy to achieve the end result. The usual strategy employs a scheme that splits into different levels to classify data in the organization. The number of levels is usually dependent on the company needs and requirements or security.

Question 17

Q

As per a company policy- which of the following personnel should be considered as insiders? Choose two. A. Key employees B. Contractors C. Ex-employees D. Vendors

Answer

A

As per a company policy- which of the following personnel should be considered as insiders? Choose two. A. Key employees (Missed) B. Contractors (Missed) C. Ex-employees D. Vendors Explanation Although as per certain company policies that provide granular clarity and specific information- even ex-employees are considered as insiders- by and large many corporates consider only key employees and contractors as insiders as they require some kind of an access to the company resources and in specific network resources.

Question 18

Q

The block size in RC5 can range from 0 to 255. Y/N? A. Yes B. No

Answer

A

The block size in RC5 can range from 0 to 255. Y/N? A. Yes B. No (Answer) Explanation The block size in RC5 can be 32-bit- 64-bit or 128-bit.

Question 19

Q

Which of the following best describes Ron’s Code 2? A. RC2 or Ron’s code 2 is a 64-bit block cipher. B. It was devised by Ron Rivest. C. None

Answer

A

Which of the following best describes Ron’s Code 2? A. RC2 or Ron’s code 2 is a 64-bit block cipher. (Missed) B. It was devised by Ron Rivest. (Missed) C. None Explanation

Question 20

Q

Which of the following is provided by IDEA? Choose two. A. High level security B. Complex implementation C. Ease of implementation D. Average security level

Answer

A

Which of the following is provided by IDEA? Choose two. A. High level security (Missed) B. Complex implementation C. Ease of implementation (Missed) D. Average security level Explanation IDEA provides high level of security along with ease of implementation.

Question 21

Q

Differential cryptanalysis is nothing but pattern studying. T/F? A. True B. False

Answer

A

Differential cryptanalysis is nothing but pattern studying. T/F? A. True (Answer) B. False Explanation Differential Cryptanalysis is nothing but pattern studying. It chooses a pair of plain text with specific differences.

Question 22

Q

Which of the following is required by the cipher when it is important to maintain a message as a secret? A. Generate one cipher text for that message B. Generate at least 5 cipher text for that message C. Generate several cipher text. D. None of the above.

Answer

A

Which of the following is required by the cipher when it is important to maintain a message as a secret? A. Generate one cipher text for that message B. Generate at least 5 cipher text for that message C. Generate several cipher text. (Answer) D. None of the above. Explanation To keep a message a secret it is required that the cipher must be able to generate several cipher text.

Question 23

Q

Which of the following is the most common attack faced by the DES algorithm? A. DoS B. Brute force attack C. Code attack D. None of the above

Answer

A

Which of the following is the most common attack faced by the DES algorithm? A. DoS B. Brute force attack (Answer) C. Code attack D. None of the above Explanation Brute force attack is the most common attack faced by the DES algorithm

Question 24

Q

Cryptography without keys is more secure than cryptography with keys. T/F? A. True B. False

Answer

A

Cryptography without keys is more secure than cryptography with keys. T/F? A. True B. False (Answer) Explanation Cryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest- the data can be stolen along with the deciphering program.

Question 25

Q

Which of the following can be termed as brute force attack? A. Trying all combinations to break a code B. Breaking into strong cryptography C. Forcibly capturing all data being transmitted D. None of the above

Answer

A

Which of the following can be termed as brute force attack? A. Trying all combinations to break a code (Answer) B. Breaking into strong cryptography C. Forcibly capturing all data being transmitted D. None of the above Explanation When a particular message has been encrypted using random combinations- a person who is capturing this message will have to try all combinations of deciphering possible to expose the original message. This is known as brute force attack.

Question 26

Q

Which of the following types of cryptography is possible? Choose two. A. Cryptography with keys B. Cryptography without keys C. Cryptography before encryption D. Cryptography without encryption

Answer

A

Which of the following types of cryptography is possible? Choose two. A. Cryptography with keys (Missed) B. Cryptography without keys (Missed) C. Cryptography before encryption D. Cryptography without encryption Explanation Cryptography without encryption and before encryption is not cryptography at all. Cryptography is possible with keys and without keys. When used without keys- it will be using simple or complex substitution.

Question 27

Q

Which of the following are the two key-based algorithms? A. Symmetric algorithm B. Asymmetric algorithm C. 128-bit key algorithm D. 1024-bit key algorithm

Answer

A

Which of the following are the two key-based algorithms? A. Symmetric algorithm (Missed) B. Asymmetric algorithm (Missed) C. 128-bit key algorithm D. 1024-bit key algorithm Explanation There are two types of key-based algorithms. Depending on the key pair types they use- they can be categorized as symmetric or asymmetric algorithms.

Question 28

Q

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. C. The messages will be dropped and retransmitted. D. None of the above

Answer

A

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. (Answer) C. The messages will be dropped and retransmitted. D. None of the above Explanation When cryptography uses hash function on a plain text- a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a a digest value when the data was originally transmitted. If during transmission the data gests modified- the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

Question 29

Q

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. C. The messages will be dropped and retransmitted. D. None of the above

Answer

A

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. (Answer) C. The messages will be dropped and retransmitted. D. None of the above Explanation When cryptography uses hash function on a plain text- a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a a digest value when the data was originally transmitted. If during transmission the data gests modified- the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

Question 30

Q

A digital signature is synonymous to which of the following? A. Finger print B. Hand written signature C. Blood sample D. None of the above

Answer

A

A digital signature is synonymous to which of the following? A. Finger print B. Hand written signature (Answer) C. Blood sample D. None of the above Explanation A digital signature is synonymous to hand written signature. A signature though unique to that person varies with the persons? age. Similarly although a digital signature is unique and is used to establish the origin of that signature- it can vary from situation to situation.

Question 31

Q

Which of the following statements about Public Key Cryptography are true? Choose two. A. You need to have a security setup configured on both the sending as well as the receiving ends to implement Public Key Cryptography. B. You do not need an existing security setup C. Public key can only encrypt and private key can only decrypt. D. Public key can encrypt as well as decrypt- private key can only decrypt E. None of the above

Answer

A

Which of the following statements about Public Key Cryptography are true? Choose two. A. You need to have a security setup configured on both the sending as well as the receiving ends to implement Public Key Cryptography. B. You do not need an existing security setup (Missed) C. Public key can only encrypt and private key can only decrypt. (Missed) D. Public key can encrypt as well as decrypt- private key can only decrypt E. None of the above Explanation The implementation of Public key cryptography does not need any existing security measure to be implemented. Public key can only encrypt and Private key can only decrypt.

Question 32

Q

The concept of public key cryptography was introduced by Diffie-Hellman. T/F? A. True B. False

Answer

A

The concept of public key cryptography was introduced by Diffie-Hellman. T/F? A. True (Answer) B. False Explanation The issues with key distribution faced by conventional encryption- was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.

Question 33

Q

Which of the following is an advantage of using conventional encryption? A. It is the most secure B. It is very fast C. It is economical D. None of the above

Answer

A

Which of the following is an advantage of using conventional encryption? A. It is the most secure B. It is very fast (Answer) C. It is economical D. None of the above Explanation When conventional encryption is used for stored data rather than the data being transmitted- encryption and decryption process can be very fast.

Question 34

Q

When employing Caesars Cipher key value of 3- which of the following will be the decrypted equivalent of JGOOQ? A. HELLO B. WHAT C. WHEN D. DATE

Answer

A

When employing Caesars Cipher key value of 3- which of the following will be the decrypted equivalent of JGOOQ? A. HELLO (Answer) B. WHAT C. WHEN D. DATE Explanation According to Caesar?s Cipher key value of 3- you would be sliding up the alphabetical value by 3. Hence ?H? would be represented as J- ?E? as G- ?L? as O and ?O? as Q.

Question 35

Q

In symmetric-key encryption- one key will be used for encryption and another will be used for decryption to provide maximum security. T/F? A. True B. False

Answer

A

In symmetric-key encryption- one key will be used for encryption and another will be used for decryption to provide maximum security. T/F? A. True B. False (Answer) Explanation In symmetric-key encryption- one key will be used for encryption as well as decryption.

Question 36

Q

Which of the following will be required to perform Cryptanalysis? Choose three. A. Mathematical tools B. Analytical reasoning C. Pattern finding D. Mathematical reasoning E. Advanced calculators

Answer

A

Which of the following will be required to perform Cryptanalysis? Choose three. A. Mathematical tools (Missed) B. Analytical reasoning (Missed) C. Pattern finding (Missed) D. Mathematical reasoning E. Advanced calculators Explanation Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding- mathematical tools and analytical reasoning.

Question 37

Q

Which of the following is responsible for key issues relating to security of inter-bank communications? A. IETF B. ISI C. NSA D. ABA

Answer

A

Which of the following is responsible for key issues relating to security of inter-bank communications? A. IETF B. ISI C. NSA D. ABA (Answer) Explanation ABA concerns itself with key issues in providing security to financial transaction/communication between banks.

Question 38

Q

RSA is the encryption system used in cellular devices. T/F? A. True B. False

Answer

A

RSA is the encryption system used in cellular devices. T/F? A. True B. False (Answer) Explanation ECC is the encryption system used in cellular devices.

Question 39

Q

What is the requirement for cryptography? Choose two. A. To avoid unauthorized access of information being stored B. To avoid unauthorized access of network resources C. To avoid unauthorized access of information being transmitted. D. To avoid unauthorized access of network servers

Answer

A

What is the requirement for cryptography? Choose two. A. To avoid unauthorized access of information being stored (Missed) B. To avoid unauthorized access of network resources C. To avoid unauthorized access of information being transmitted. (Missed) D. To avoid unauthorized access of network servers Explanation Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.

Question 40

Q

Which of the following are encryption systems? Choose two. A. RC5 B. Blowfish C. MAC D. ARP

Answer

A

Which of the following are encryption systems? Choose two. A. RC5 (Missed) B. Blowfish (Missed) C. MAC D. ARP Explanation RC5 and Blowfish are encryption systems. MAC is a type of hardware address. ARP is a protocol that resolves MAC address to IP address.

Question 41

Q

Which of the following is true about Public/Private key pairs? Choose two. A. They form an essential part of Website security B. They are used by Certificate security system C. They are a pair of clear text passwords D. They are obsolete.

Answer

A

Which of the following is true about Public/Private key pairs? Choose two. A. They form an essential part of Website security (Missed) B. They are used by Certificate security system (Missed) C. They are a pair of clear text passwords D. They are obsolete. Explanation They forma an essential part of Web site security system- as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.

Question 42

Q

Does NTFS provide file system security? A. Yes B. No

Answer

A

Does NTFS provide file system security? A. Yes (Answer) B. No Explanation NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

Question 43

Q

Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two. A. SHA is a security hash algorithm that is used with encryption protocols B. Its latest version is SHA-1 C. None

Answer

A

Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two. A. SHA is a security hash algorithm that is used with encryption protocols (Missed) B. Its latest version is SHA-1 (Missed) C. None Explanation SHA is a security hash algorithm that is used with encryption protocols. Its latest version is SHA-1

Question 44

Q

To prevent internal Web servers from being accessed you must block TCP port 20. T/F? A. True B. False

Answer

A

To prevent internal Web servers from being accessed you must block TCP port 20. T/F? A. True B. False (Answer) Explanation The port number 443 must also be blocked.

Question 45

Q

Authorized update is one way of securing DNS serer. T/F? A. True B. False

Answer

A

Authorized update is one way of securing DNS serer. T/F? A. True (Answer) B. False Explanation Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

Question 46

Q

Which of the following is an ideal practice to ensure network resources safety? Choose three. A. Rename guest accounts B. Rename administrator accounts. C. Ensure there is just one administrator account present. D. Ensure the administrator account does not have a blank password E. None of the above

Answer

A

Which of the following is an ideal practice to ensure network resources safety? Choose three. A. Rename guest accounts (Missed) B. Rename administrator accounts. (Missed) C. Ensure there is just one administrator account present. D. Ensure the administrator account does not have a blank password (Missed) E. None of the above Explanation It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.

Question 47

Q

Which of the following is true about providing security to database servers? Choose two. A. Do not host a database server on the same server as your web server. B. Do not host a database server on a server based system C. Employ a three-tier model D. Employ a centralized administration model.

Answer

A

Which of the following is true about providing security to database servers? Choose two. A. Do not host a database server on the same server as your web server. (Missed) B. Do not host a database server on a server based system C. Employ a three-tier model (Missed) D. Employ a centralized administration model. Explanation It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.

Question 48

Q

If you wish to allow the external users access your Web server you must block port number 110. T/F? A. True B. False

Answer

A

If you wish to allow the external users access your Web server you must block port number 110. T/F? A. True B. False (Answer) Explanation If you wish to allow the external users access your Web server you must unblock port number 80.

Question 49

Q

Which of the following can secure your internal server best- against external attacks? Choose all that apply. A. Perform OS hardening by blocking all access to this server B. Perform OS hardening by verify and terminating all un used service C. Regularly check for unused usernames and disable or delete them. D. Ensure you are running a vulnerability check on this server at regular intervals.

Answer

A

Which of the following can secure your internal server best- against external attacks? Choose all that apply. A. Perform OS hardening by blocking all access to this server B. Perform OS hardening by verify and terminating all un used service (Missed) C. Regularly check for unused usernames and disable or delete them. (Missed) D. Ensure you are running a vulnerability check on this server at regular intervals. (Missed) Explanation The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server- no unused user names are existing in the user database- all vulnerabilities are being verified and monitored at required intervals.

Question 50

Q

If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client- which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections D. Block port numbers 67 and 68 on the internal interface

Answer

A

If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client- which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections (Answer) D. Block port numbers 67 and 68 on the internal interface Explanation Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP service.

Question 51

Q

When faced with an outgoing packet- which of the following header components would a firewall look at first? A. Protocol information B. Source address C. Destination address D. No of bytes in the header

Answer

A

When faced with an outgoing packet- which of the following header components would a firewall look at first? A. Protocol information B. Source address C. Destination address (Answer) D. No of bytes in the header Explanation The firewall will first look at the destination address.

Question 52

Q

Which of the following firewall policies is most restrictive? A. Any any B. Deny all C. Permit all D. None of the above

Answer

A

Which of the following firewall policies is most restrictive? A. Any any B. Deny all (Answer) C. Permit all D. None of the above Explanation The ?deny all? is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the ?deny all? statement.

Question 53

Q

Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F? A. True B. False

Answer

A

Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F? A. True B. False (Answer) Explanation Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.

Question 54

Q

Which of the following will relates to how the external world can access the internal network resources? A. Network policy B. Firewall policy C. Access policy D. None of the above

Answer

A

Which of the following will relates to how the external world can access the internal network resources? A. Network policy B. Firewall policy C. Access policy (Answer) D. None of the above Explanation The access policy or the Service access policy will dictate to what extend the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

Question 55

Q

Which of the following about the Stateful inspection firewall is true? Choose two. A. It maintains a state table B. It maintains a routing table C. It functions on the network layer D. It functions on the application layer.

Answer

A

Which of the following about the Stateful inspection firewall is true? Choose two. A. It maintains a state table (Missed) B. It maintains a routing table C. It functions on the network layer (Missed) D. It functions on the application layer. Explanation The Stateful inspection firewall- monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Question 56

Q

Which of the following are capable of functioning as a Firewall? Choose two A. Proxy B. Router C. PC D. Switch

Answer

A

Which of the following are capable of functioning as a Firewall? Choose two A. Proxy (Missed) B. Router (Missed) C. PC D. Switch Explanation Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Question 57

Q

If you wish to block FTP access to your Web server- which of the following Firewall types should you consider? A. Stateful Inspection B. Port filtering C. Packet filtering D. Application filtering

Answer

A

If you wish to block FTP access to your Web server- which of the following Firewall types should you consider? A. Stateful Inspection B. Port filtering C. Packet filtering (Answer) D. Application filtering Explanation Stateful inspection is a type of filtering used when complex security is required and header information of packets will have to be read to perform filtering. In the above mentioned scenario- you just need filtering based on port numbers. This type of filtering is done in packet filtering firewall types. Port filtering is a function and not a firewall type. Application filtering is irrelevant.

Question 58

Q

Which of the following communications use the 2.4 GHz frequency? Choose three. A. The microwave operates B. Blue-tooth C. Wireless

Answer

A

Which of the following communications use the 2.4 GHz frequency? Choose three. A. The microwave operates (Missed) B. Blue-tooth (Missed) C. Wireless (Missed) Explanation The microwave operates on the 2.4 GHz range- which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Blue-tooth as well as Wireless 802.11b and g devices operate on 2.4 GHz frequency.

Question 59

Q

To which layer do the following communicating devices belong? Switch- Ethernet Card. A. Physical layer B. Datalink layer C. Network Layer D. None of the above

Answer

A

To which layer do the following communicating devices belong? Switch- Ethernet Card. A. Physical layer B. Datalink layer (Answer) C. Network Layer D. None of the above Explanation The mentioned devices? purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.

Question 60

Q

Which of the following statements about a Modem are true? Choose two. A. It steps us AC voltage B. It steps down DC voltage C. It modulates and demodulates signals for the Computer and the telephone line. D. It converts Analog signals to digital and vice versa.

Answer

A

Which of the following statements about a Modem are true? Choose two. A. It steps us AC voltage B. It steps down DC voltage C. It modulates and demodulates signals for the Computer and the telephone line. (Missed) D. It converts Analog signals to digital and vice versa. (Missed) Explanation As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC- it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.

Question 61

Q

Which of the following statements regarding Infrared communication is true? Choose three. A. It requires line of sight B. It requires the same radio frequency at the transmitting and receiving end. C. It is least secure. D. Interception is possible if the tapping devices is also in the line of sight E. Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices.

Answer

A

Which of the following statements regarding Infrared communication is true? Choose three. A. It requires line of sight (Missed) B. It requires the same radio frequency at the transmitting and receiving end. C. It is least secure. (Missed) D. Interception is possible if the tapping devices is also in the line of sight (Missed) E. Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices. Explanation Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

Question 62

Q

Which of the following port numbers is used by SMTP? A. 25 B. 26 C. 27

Answer

A

Which of the following port numbers is used by SMTP? A. 25 (Answer) B. 26 C. 27 Explanation SMTP service uses port number 25.

Question 63

Q

Which of the following statements about an email server is/are true? Choose only answer(s) that apply A. Verifies if destination domain is self or not before transmitting a mail B. Verifies if recipient is from local domain or not before receiving an email C. Verifies if email is infected or not D. None of the above

Answer

A

Which of the following statements about an email server is/are true? Choose only answer(s) that apply A. Verifies if destination domain is self or not before transmitting a mail (Missed) B. Verifies if recipient is from local domain or not before receiving an email C. Verifies if email is infected or not (Missed) D. None of the above Explanation Before transmitting any email- the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

Question 64

Q

When configuring antivirus for email- which of the following configurations must be applied? Choose two. A. Scan before downloading B. Scan before sending C. Scan before opening D. Scan after receiving

Answer

A

When configuring antivirus for email- which of the following configurations must be applied? Choose two. A. Scan before downloading (Missed) B. Scan before sending (Missed) C. Scan before opening D. Scan after receiving Explanation Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Answer 65

A

Which of the following virus types can be transmitted via email? Choose two most common types that apply. A. Worms (Missed) B. Trojan horse (Missed) C. Boot Record virus D. EXE file virus Explanation Usually email attachments are documents- pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.

Answer 66

A

L2TP can work over which of the following networks? Choose all appropriate answers. A. IP (Missed) B. IPX (Missed) C. SNA (Missed) D. None of the above Explanation L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP- IPX and SNA networks.

Answer 67

A

Which of the following will be compulsory tasks to run on Web servers of your network? Choose two. A. There are web sites that keep updating vulnerability information for different platforms. (Missed) B. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. (Missed) C. update virus definition files regularly. (Missed) D. None Explanation There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

Answer 68

A

Which of the following would help with dedicated authentication to dial-in clients? A. TACACS (Terminal Access Controller Access Control System) (Missed) B. RADIUS (Missed) C. IAS (Internet Authentication Server) Explanation TACACS (Terminal Access Controller Access Control System)- RADIUS are both dedicated authenticating services for dial in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

Answer 69

A

You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer. A. PPTP B. IPSec (Answer) C. Kerberos D. Certificate (Your Answer) Explanation Since the only protocol that supports cross platform communication is IP- the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

Answer 70

A

When a remote user is dialing-in to the network- which of the following servers would be challenging his request for authentication first? A. RADIUS server would be challenging the users request first- the rest of the servers on the network (Missed) B. RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user (Missed) C. None Explanation In the mentioned scenario- the RADIUS server would be challenging the users request first- the rest of the servers on the network- would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

Answer 71

A

Which of the following protocols could a VPN make use of? Choose two. A. PPTP (Missed) B. L2TP (Missed) C. HTTP D. NNTP Explanation A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

Answer 72

A

Which of the following is the most popular protocol that is used in dial-up connections? A. SLIP B. PPTP C. POP3 D. PPP (Answer) Explanation SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

Answer 73

A

To transfer mails between email servers of different domains you would require POP3 service. T/F? A. True B. False (Answer) Explanation To transfer mails between email servers of different domains you would require SMTP service.

Answer 74

A

Which of the following protocols help to gain MAC address of a PC on the network? A. ARP (Answer) B. FTP C. TFTP D. DHCP Explanation Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.

Answer 75

A

You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer. A. Ping to the server B. Simulate a DDoS attack on that server (Answer) C. Simulate a DoS attack on the server D. Check if all the patches and required antivirus software has been loaded o the server. Explanation Ping the server will only ensure if the connectivity is proper. Simulating a DoS attack could only test for a very few vulnerabilities on the server. DDoS (Distributed DoS) would test for more vulnerabilities on the server than the DoS would. Checking for patches and antivirus is just a precaution. It is not a process of testing for vulnerabilities.

Answer 76

A

Which of the following can be termed as the Denial of Service Attack? A. A computer on your network has crashed B. Your router is unable to find a destination outside of your network C. Your Web server has gone into a loop trying to service a client request. (Answer) D. You keyboard is no longer responding. Explanation DoS is a way of engaging a Web Server continuously in one specific task by outing it on a loop and ensuring it is unable to respond to any further requests.

Answer 77

A

Which of the following is a Wireless LAN susceptible to? A. Loss of signal strength B. Eavesdropping (Answer) C. Blackout D. EMI Explanation Wireless LANs are most susceptible to eavesdropping as the media here is dependent on frequency for transmission and reception. This makes the media very susceptible to overhearing or eavesdropping as well.

Answer 78

A

Which of the following services when placed on the edge of the newtork- will provide security to the entire network? A. Firewall (Answer) B. Router C. Antivirus D. None of the above Explanation Router is a gateway and antivirus resides on all systems. Firewall is meant to safe guard the network from external attacks.

Answer 79

A

If you were implementing an Enterprise network that require remote users connecting to the Intranet- which of the following services would be most important? A. DNS B. DHCP (Answer) C. RAS D. None of the above Explanation It is imperative that remote users be assigned a separate block of IP addresses for the purpose of connecting to the company Intranet. This is inline with security for the network. This dynamic allocation will be possible only with the help of DHCP service.

Answer 80

A

RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F? A. True B. False (Answer) Explanation RADIUS is abbreviation for Remote Access Dial In User Service.

Answer 81

A

If you had to implement a foolproof method of establishing User ID in your organization- which of the following would you choose? Choose the best answer. A. Smart Card B. Username/Password C. Biometric (Answer) D. Credit Card Explanation Biometric will authenticate or establish User ID depending on the physical attribute of the user. For ex: Finger print- hand scan or retina scan. Since these physical attributes are always physically attached to the person- there is no fear of any of these being lost or reaching wrong hands. Hence Biometric is the most secure form of authentication.

Answer 82

A

Which of the following are an advantage and a disadvantage with clear text authentication? A. Advantage is that it is easy to remember passwords B. Advantage is that it is easy to implement (Missed) C. Disadvantage is that it is difficult to implement D. Disadvantage is that it is not secure (Missed) Explanation Clear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.

Answer 83

A

To allow access to a campus you would use Kerberos. T/F? A. True B. False (Answer) Explanation To allow access to a campus you would use smart cards.

Answer 84

A

Which of the following does the Biometrics use to establish user identity? Choose two A. Finger prints (Missed) B. Retinal scan (Missed) C. Some times the DNA structure too to establish user Id (Missed) Explanation The Biometrics uses finger prints- retinal scan and some times the DNA structure too to establish user Id.

Answer 85

A

Which of the following are key components in the Kerberos system? Choose two. A. The Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user- Computer or Service. (Answer) B. None Explanation The Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user- Computer or Service. Depending on whether the authentication fails or succeeds the ticket will be granted to the end user- Computer or Service.

Answer 86

A

Which of the following is true about a token system? Choose all that apply. A. A token is generated when a user has been successfully authenticated (Missed) B. This token is attached to the users session and will be destroyed once the session is terminated (Missed) C. This token is attached to the users session and will be destroyed after the user has logged out (Missed) Explanation A token is generated when a user has been successfully authenticated. This token is attached to the users? session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.

Answer 87

A

Which of the following does NOT happen during a CHAP authentication? Choose all that apply A. The server issues password to any body requesting for it. (Missed) B. The server poses the challenge for the password request. C. The server requests for the password. (Missed) D. The server expects a clear text password initially. (Missed) Explanation Whenever a user requests login- the Server poses a challenge and then the user provides the requested password and then the server will decide based on the credentials if it should authorize the user or not. This is what is referred to as three-way handshake.

Answer 88

A

Certificates are best used in which of the following scenarios? Choose all that apply. A. LAN authentication B. Accessing Web sites (Missed) C. Dial-Up connections D. Intranet login (Missed) Explanation LAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself- or when you are logging in to the Intranet- from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.

Answer 89

A

Which of the following statements relating to the MAC model is true? Choose two. A. MAC uses static mapping or predefined access privileges (Missed) B. MAC cannot allow dynamic sharing of resources (Missed) C. MAC uses ACL to assign privileges D. MAC allows dynamic sharing of resources Explanation MAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.

Answer 90

A

While assigning access privilege using the DAC- which of the following will you be needing? A. User database B. Access Control list (Answer) C. Resource list D. None of the above Explanation The information of mapping users to their permissions for resource access would be available in the ACL.

Answer 91

A

You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems? A. Mandatory Access Control (Answer) B. Discretionary Access Control C. Role Based Access Control D. Any of the above Explanation System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

Answer 92

A

Which of the following processes will allow you to ascertain organizational assets? A. Auditing (Answer) B. Monitoring C. Troubleshooting D. None of the above Explanation Auditing is an accounting process where in the organization assets and deficits will be accounted for.

Answer 93

A

Which of the following vulnerabilities could be a common error on the servers? A. Virus database not being updated as per schedule (Answer) B. Forgetting to restart the server C. Installing an incorrect version of an application D. None of the above Explanation Virus database not being updated as per schedule could be a common but serious error on the servers that gives rise to vulnerabilities.

Answer 94

A

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence (Answer) B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above Explanation View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

Answer 95

A

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence (Answer) B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above Explanation View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

Answer 96

A

Which of the following is the best way to ensure that contact employees no longer use the network resources once their contract with the organization is over? Choose two A. Ensure you create a separate group for contractors. (Missed) B. Ensure that you disable the account of the contractor who has completed contract (Missed) C. Ensure you assign permissions to individual contractor each time D. Ensure you monitor the logged in users to forcibly logout a contract employee who has completed contract. Explanation A separate group for contract employees will be a good idea as they are all similar in nature of role and will require similar access to the network. Disabling an account of the contractor who has completed contract is a must as he will no longer be able to login.

Answer 97

A

Which of the following is an essential configuration for email messages? A. Content sensitivity action (Answer) B. Sender specific action C. Receipt date specific action D. None of the above Explanation Content specific action will ensure that you can discard the mail that is containing sensitive or prohibited data.

Answer 98

A

It is ideal that a network supports a specific encryption standard only. T/F? A. True B. False (Answer) Explanation Supporting only a specific encryption standard will make that network a closed network and will make it impossible to communicate with networks that follow flexibility in encryption.

Answer 99

A

It is ideal for any organization to employ an encryption scheme that can address its entire organizations data security either stores or transmitted. T/F? A. True B. False (Answer) Explanation No one encryption scheme can handle the security required by an entire organization. It will usually be a combination of two or more.

Answer 100

A

Confidentiality

Answer 101

A

Integrity

Answer 102

A

Availability

Answer 103

A

Access Control

Answer 104

A

Accountability

Answer 105

A

Non-repudiation

Answer 106

A

SYN Flood

Answer 107

A

ICMP Flood

Answer 108

A

UDP Flood

Answer 109

A

Buffer Overflow

Answer 110

A

Man-in-the-Middle

Answer 111

A

Birthday attack

Answer 112

A

Social engineering

Answer 113

A

Fire Class: A

Answer 114

A

Fire Class: B

Answer 115

A

Fire Class: C

Answer 116

A

Fire Class: D

Answer 117

A

Symmetric

Answer 118

A

Symmetric

Answer 119

A

Symmetric

Answer 120

A

Symmetric

Answer 121

A

Asymmetric

Answer 122

A

Asymmetric

Answer 123

A

Asymmetric

Answer 124

A

Hash (Digest)

Answer 125

A

64 bit (56 + 8 parity)

Answer 126

A

192 bit (168 bit + 24 parity)

Answer 127

A

Variable (128- 192- 256)

Answer 128

A

Variable (up to 2048)

Answer 129

A

512 bit block processing/ 128 bit digest

Answer 130

A

512-bit processing/160 bit digest

Answer 131

A

Block cipher

Answer 132

A

Block cipher

Answer 133

A

Rijndael Block cipher

Answer 134

A

RSA Block mode cipher

Answer 135

A

Key transport

Answer 136

A

Key exchange

Answer 137

A

Key exchange

Answer 138

A

Rivest MD5 Block Hash

Answer 139

A

Rivest SHA Hash

Answer 140

A

Keyed Digest

Answer 141

A

Public-key or asymmetric algorithms

Answer 142

A

End-to-End encryption

Answer 143

A

Symmetric

Answer 144

A

Asymmetric

Answer 145

A

Circuit-level gateway

Answer 146

A

Application-level gateway

Answer 147

A

Proxy server

Answer 148

A

Screening router

Answer 149

A

Dual-homed gateway

Answer 150

A

Screened host gateway

Answer 151

A

Screened-subnet

Answer 152

A

Network-based

Answer 153

A

Host-based

Answer 154

A

Knowledge-based

Answer 155

A

Behavior-based

Answer 156

A

Anonymous

Answer 157

A

Remote Access

Answer 158

A

Data-Link layer

Brainscape's Knowledge GenomeTM

Questions 0-200 Flashcards

Brainscape's Knowledge Genome^TM