Test 1

Question 1

System integrity means the system

Answer 1

performs in an unimpaired manner

Question 2

Integrity of data means the data

Answer 2

is not modified

Question 3

Which of the following terms indicates that information is to be read only by those people for whom it is intended?

confidentiality.
integrity.
availability.
accounting.

Answer 3

confidentiality

Question 4

What do you call the scope that hacker can use to break into a system?

Defense in depth
Attack surface
Principle of least privilege
Risk mitigation

Answer 4

Attack surface

Question 5

Which concept determines what resources users can access after they log on?

Authentication
Auditing
Access Control
Defense in depth

Answer 5

Access Control

Question 6

What type of electronic document contains a public key?

Biometrics
Digital certificate
Kerberos
PIN

Answer 6

Digital certificate

Question 7

What is the process of giving individual access to a system or resource?

Authentication
Authorization
Accounting
Auditing

Answer 7

Authorization

Question 8

What type of attack tries to guess passwords by trying common words?

Dictionary attack.
Brute-force attack.
Man-in-the-middle attack.
Smurf attack.

Answer 8

Dictionary attack

Question 9

The application layer security includes the following security mechanisms except:

PGP.
S/MIME.
Ping.
DNS security.

Answer 9

Ping

Question 10

Which of the following are considered an e-mail communication scenario. (MTOA)

One-to-One E-mail.
Distribution List-to-One E-mail.
One-to-Multiple Recipients E-mail.
Multiple-to-One E-mail. 
One-to-Distribution List E-mail.

Answer 10

One to One Email
One to Multiple Recipients
One to Distribution List email

Question 11

…….. is the de-facto standard e-mail encryption scheme.

Kerberos.
Ultra gridsec.
PGP.
S/MIME.

Answer 11

PGP

Question 12

S/MIME relies on……….. for public key distribution and uses ……………. for message encryption as private key algorithms.

Kerberos, (RC2 and DES).
X.509 certificate, (RC2 and TDES).
Ultra Gridsec, (RC2 and AES).
PGP, (RC4 and DES).
DSA, (RSA and Al Gamal).

Answer 12

X.509 certificate, (RC2 and TDES)

Question 13

S/MIME relies on……….. for message hashing.

RSA or Elliptic Curve algorithms.
SHA-1 or MD5
RSA and MD5
SHA-2 or RC2

Answer 13

SHA-1 or MD5

Question 14

……….. is an internet standard that can foil DNS Cash Poisoning attacks.

DNSFOIL.
DNSSEC.
DNSDETECT.
CASHSEC.

Answer 14

DNSSEC

Question 15

HTTPS provides secure web browsing through ……….. between the client web browser and the website server.

encrypted and authenticated connection.
authenticated connection.
hashed and authenticated connection.
encrypted connection.

Answer 15

encrypted and authentication connection

Question 16

TLS is designed to operate over ……….. because it handles…….……….

TCP, (the ‘timing out’ and ‘reformatting lost data’).
UDP, (the ‘timing out’ and ‘reformatting lost data’).
TCP, (the ‘timing out’ and ‘retransmitting lost data’).
FTP, (the ‘timing out’ and ‘reformatting lost data’).

Answer 16

TCP, (the ‘timing out’ and ‘retransmitting lost data’).

Question 17

……….. are designed to interwork between application and transport layer: (MTOA)

TSL.
TLS.
SSL.
Telnet.

Answer 17

TLS

SSL

Question 18

Which of the following components are related to the SSL protocols: (MTOA)

Record protocol.
Handshake protocol.
Information Specifications protocol.
Alert Protocol.

Answer 18

Record protocol
Handshake protocol
Alert Protocol

Question 19

cipher_suite is a list of cryptographic algorithms supported by …………

the server machine
the server web browser
the client application
the client web browser

Answer 19

the client web browser

Client will send to server a list of what they support, server decides what to use based on what the client has

Question 20

………is designed to replace the TELNET and rlogin remote facility.

PUTTY
SSL
SSH
FTPS

Answer 20

SSH

Question 21

………is a combination of encryption and decryption methods. As an example for it the ……………

Cryptography, Ultra Gridsec
Digital Enveloping, Ultra Gridsec
Cryptosystem, PGP
Cryptography, Kerberos

Answer 21

Cryptosystem, PGP

Cryptosystem is encryption and decryption

Question 22

……… is the combination of public key and private key encryption algorithms.

Digital Enveloping
Cryptosystem
Cryptography
Cryptanalysis

Answer 22

Digital Enveloping

Question 23

Among the common types of the digital certificate are ………………… (MTOA)

1) data certificate.
2) developer certificate.
3) personal certificate.
4) Professional certificate.

Answer 23

Developer certificate

Personal certificate

Question 24

Using a digital signature during an online transaction is a form of:

One way encryption.
Availability.
Confidentiality.
Non-repudiation.

Answer 24

Non-repudiation

Assuring that digital was signed and can’t deny transaction

Question 25

Failed sessions allow MITM attacks on access credentials. This type of attacks are done in which layer of the OSI model?

A) Physical layer
B) Data-link Layer
C) Transport layer
D) Presentation layer

Answer 25

Transport Layer

Question 26

Which of the following is not a vulnerability of the application layer?

A) Application design bugs may bypass security controls.
B) Inadequate security controls force “all-or-nothing” approach.
C) Logical bugs in programs may be by chance or on purpose be used for crashing programs.
D) Overloading of handshaking mechanism.

Answer 26

Overloading of handshaking mechanism

Question 27

Which of the following is an example of application layer vulnerability?

A) Cryptographic flaws lead to the privacy issue
B) Very complex application security controls
C) MAC Address Spoofing
D) Weak or non-existent authentication

Answer 27

Very complex application security controls

Question 28

When integrity is lacking in a security system, _________ occurs.

a) Database hacking
b) Data overloading
c) Data tampering
d) Data leakage

Answer 28

Data tampering

Question 29

In the Handshaking method, the field Cipher contains fields like ………..

A) The Cipher Algorithm, the transport protocol, and Private-key algorithm.
B) The cipher algorithm, the MAC algorithm , and Public-key algorithm.
C) The MAC Address , the Cipher algorithm, the transport protocol.
D) The nonce, cnonce, and the cipher algorithm.

Answer 29

The cipher algorithm, the MAC algorithm , and Public-key algorithm.

Question 30

Digital certificate is an electronic documents which plays an important part in………

a) the public key infrastructure (PKI).
b) the digital enveloping mechanism.
c) MAC Spoofing.
d) data leakage.

Answer 30

PKI

Question 31

The SSL Alert Protocol is used for ………..

Notify the sender that size of transmitted data is large.
Report errors such as unexpected message or bad record MAC
Notify the initiation of a new TCP connection.
None of the above.

Answer 31

Report errors such as unexpected message or bad record MAC

Question 32

Certificate Signing Request or CSR is encoded information that is used by ………… to issue ……….. to the applicant.

a) Certifying authority (CA), an SSL certificate.
b) Certifying authority (CA), a TLS certificate.
c) an authority, a SSH certificate.
d) an authority, a CSR certificate.

Answer 32

Certifying authority (CA), an SSL certificate.

Question 33

The SSH Provides various services such as
……...
a) The private key exchange.
b) The cryptosystem mechanism.
c) SFTP and Port Forwarding (Tunneling).
d) FTP and UDP data transmission.

Answer 33

SFTP and Port Forwarding (Tunneling).

Question 34

SSL used ……….to encrypt data between browser and web server. In contrast, ……… is used to exchange generated encryption keys, which validates the client and server’s identity.

a) symmetric encryption , asymmetric encryption.
b) Certifying authority (CA), asymmetric encryption.
c) asymmetric encryption , symmetric encryption.
d) SSH, symmetric encryption.

Answer 34

symmetric encryption , asymmetric encryption.

Question 35

SSL/TLS layer provides ………. while data is transmitting from source to destination.
………
a) key exchange and data integrity.
b) confidentiality and integrity.
c) Port Forwarding and confidentiality.
d) UDP data transmission and confidentiality.

Answer 35

confidentiality and integrity