FCNS - FORESEC CERTIFIED NETWORKING SECURITY

1. system administrator needs to implement 802.1x whereby when

a user logs into the network, the authentication server
communicates to the network switch and assigns the user to the
proper VLAN.<br />
Which of the following protocols should be used?
A. RADIUS
B. Kerberos
C. LDAP
D. MSCHAP

2. Which of the following technologies would be MOST

appropriate to utilize when testing a new software patch
before a company-wide deployment?

A. Virtualization
B. Cloud computing
C. Redundancy
D. Application control

3. Which of the following would verify that a threat does

exist and security controls can easily be bypassed without
actively testing an application?
A. Vulnerability scan
B. Protocol analyzer
C. Penetration test
D. Port scanner

4. A security team wants to establish an Incident Response

plan. The team has never experienced an incident.Which of
the following would BEST help them establish plans and
procedures?
A. Recovery procedures
B. Table top exercises
C. Lessons learned
D. Escalation procedures

5. An administrator discovers the following log entry on a

server:<br />
Nov 12 2013 00:23:45 httpd[2342]: GET
/app2/prod/proc/process.php?input=change;cd
%20../../../etc;cat%20shadow<br />
Which of the following attacks is being attempted?
A. Cross-site scripting
B. Command injection
C. Password attack
D. Buffer overflow
 6. Anne, the Chief Executive Officer (CEO), has reported that
she is getting multiple telephone calls from someone
claiming to be from the helpdesk. The caller is asking to
verify her network authentication credentials because her
computer is broadcasting across the network.<br />
Which of the following types of attacks is this MOST
likely?
A. Phishing
B. Impersonation
C. Spim
D. Scareware

7. Phishing emails frequently take advantage of high-profile

catastrophes reported in the news. Which of the following
principles BEST describes the weakness being exploited?

A. Social proof
B. Authority
C. Intimidation
D. Scarcity

8. When disposing magnetic storage media, all of the following

methods ensure that data is unreadable, EXCEPT:

- degaussing the disk or tape 


- physical alteration of media 


- writing random data over the old file 


- removing the volume header information 


9. Choose the appropriate answers for A1, A2 and A3 based on

SDLC lifecycle.

- A1 - Planning A2 - Verification A3 - Audit 


- A1 - Design A2 - Implementation A3 - Maintenance 


- A1 - Scoping A2 - Feasibility Analysis A3 - Support 


- A1 - Technology Feasibility A2 - Capacity Planning A3 -

Service Level Agreement 


10. What is the most Effective method of identifying new vendor

vulnerabilities ?

- Periodic Assesment conducted by consultants 


 - Intrusion Prevention Software 


- External Vulnerability Reporting Sources 


- HoneyPots located at DMZ

11. Which of the security concepts does BIBA compliments ?

- Confidentiality

- Availability

- Integrity

- Authenticity
12. What is the common Risk Management Framework used by typical
IT organisations to mitigate the risk ?

- Val IT

- Cobit 5


- Graham Leech Bliley Act

- Sarbanes Oxley

13. The Chart
are the major agents threatening Hardware

Malfunction risk area?

- Poor Maintenance Practice 


- Lack of Failover 


- Non Compliance 


- Poorly Trained Vendor 


14 it is MOST important that INFOSEC architecture being aligned

with which of the following ?

- IT Plans 


- Business Objectives and Goals 


- INFOSEC Best Practices 


- Industrial Best Practices 


15. A timely review of system access records would be an example

of what type of basic security function?

- Supplemental 


- Mandatory 


- System 


- Discretionary 

16. As a part of Security Compliance, Companies are advised to
conduct Security Risk Assessment and Review on a regular Basis.
Which of the following is the MAIN reason for performing Risk
assessment on a continuous basis ?

- Management needs to be continually informed about the emerging

risk

- Justification of the security budget must be continually made

aware to Board of investments

- New Vulnerabilities are discovered every day

- The risk environment is constantly changing

17. From the context of Cyber Security Cost, Which among the
below are best suited as "Spilt Over Effect".

- Capital Investment 


- Cost Benefit 


- Hidden Cost 


- Additional Cost 


18. Corporate Security Laws are generally described as a company

law and wouldn't be applicable to the country law. What is the
legal ground that would allow an officer of the law to eavesdrop
on company phone calls without violating the Privacy Act.

- GAK - Goverment Access to Keys 


- Eavesdroping Act 


- Patriot Act 


- GLBA - Graham Leech Bliley Act 


19. Security of an automated information system is most effective

and economical if the system is...

- designed originally to meet the information protection needs.

- subjected to intense security testing.

- customized to meet the specific security threat.

- optimized prior to addition of security.

20. the following Security model focuses on mitigation of the
treat for the

- BIBA

- CHINESE FIREWALL

- MODEL CLARIK WILSON MODEL

- BELL LA Padula

21. Who is ultimately responsible for ensuring that information

is categorized and that specific protective measures are taken?

-Data Manager

- Data Administrator

- Data Owner

- Data Custodian

22. Which of the following is the least important information to

record when logging a security violation?

- Date and time of Violation

- User Name

- Types of Violation

- User Id

23. BMG has a distinctive and advanced Disaster Recovery Solution

for its Business. What would be the primary concern of BMG prior
to the design of the Disaster Recovery Site ?

- Crytographic Mechanism

- Virtualization Technology

- Physical Location

- Load Balancing

24. In the corporate structure of organisations, who is held

accountable for Information Security Planning ?

- CISO - Cheif Information Security Officer

- CTO - Chief Technology Officer

- CEO - Chief Execurite Officer

- CIO - Chief Information Officer

25. Alan has
networks. While doing so Alan discovered a severe

Risk Area on the IT Processing which the management has no
knowledge about. Which of the following should an Information
Security manager use to BEST convey a sense of urgency to the
management ?

- Security Metrics Report 


- ROSI - Return of Security Investment Report 


- Risk Assesment Report 


- Business Impact Analysis 


26. Who authorises the Information Security Governance initiative

program in a corporate organisation ?

- CEO - Chief Executive Officer 


- CISO - Chief Information Security Officer 


- CTO - Chief Technology Officer 


- CIO - Chief Information Officer 


27. The deliberate planting of apparent flaws in a system for the

purpose of detecting attempted penetrations or confusing an
intruder about which flaws to exploit is called ?

- re-direction. 


- enticement. 


- cracking. 


- alteration. 


28. Match the Appropriate B1,B2,B3 and B4 in the Context Of

Business Resumption Process .


- B1 - Incident Response B2 - Contigency Planning B3 - Business

Continuity B4 - Disaster Recovery 


- B1 - Disaster Recovery B2 - Business Continuity B3 - Incidenet

Response B4 - Contigency Planning 

- B1 - Business Continuity B2 - Disaster Recovery B3 - Incident
Response B4 - Contigency Planning

- B1 - Contigency Planning B2 - Incident Response B3 - Disaster

Recovery B4 - Business Continuity

29. What are the greater threats to Internal Security of an

Organisation ?

- Mobile Phone

- File Sharing

- E-mail

- USB Flash Disk

30 .Risk Assessment Should be carried out in ?

- only high risk workplaces 


- all workplaces 


- some workplaces 


- only large workplaces 


31. In the security terminology, which factor of e-business

ensures all data and electronic are focused on
authenticity and trustworthiness ?

- Integrity 


- Authenticity 


- Availability 


- Confidentiality 


32. Scamming and Phishers are common methods of credential theft

which attackers could use to gain access to your personal or
corporate identity. What would be the best method which
organisations could utilise to circumvent these attacks ?

- Installing Firewall & Antivirus could prevent threats 


- Firing Employees who have been compromized 


- Employee Education 

 - Conducting Impact Analysis 


33. Risk "ALE" - Annual Loss Expectancy is best represented in

which of the following below ?

- Single loss expectancy x annualized rate of

occurrence x Gross loss expectancy 


- Gross loss expectancy x loss frequency 


- Asset value x loss expectancy 


- Single loss expectancy x annualized rate of occurrence




34. Risk Identification is a vital step towards Risk Assessment

and Treatment plan. Which of the Activities below
could help an IT organization to detect potential risk
before its escalation to exposure ? ( Select the BEST
Answer that applies )

- Impact Analysis 


- Forensic Investigation 


- Penetration Testing 


- Gap Analysis 


35. The Following Answers below depict the mitigation strategy of

RISK. Which of the answers BEST suit the RISK TRANSFER
category ?

- Insurance Purchase 


- DRP - Disaster Recovery Plan 


- Outsourcing 


- Total Avoidance 


36. In the absence of CISO or CEO, who has the authority of

decision making for corporate security policies ?

- Senior Finance Officers 


- Human Resource Director 


- Department Managers 

 - Vendors 


37. It has been discovered that a former member of the IT

department who switched to the development team still has
administrative access to many major network infrastructure
devices and servers. Which of the following mitigation techniques
should be implemented to help reduce the risk of this event
recurring?

- Change management notifications

- DLP

- Regular user permission and rights reviews

- Incident management and response policy

31. Primary role of the Information Security Manager in the

process of Information Classification denotes which of the
following ?

- Deciding the classification levels applied to the organizations

information assets

- Securing Information assets in accordance of their

classification

- Defining and ratifying the classification structure of

information assets

- Checking if Information Assets has been classified properly

38. Making sure that the data is accessible when and where it is
needed is which of the following?

- Confidentiality 


- Integrity 


- Availability 


- Accountability 


39 Which choice below most accurately describes a business

continuity ? 


- A determination of the effects of a disaster on human,

physical, economic, and natural resources

- Ongoing process to ensure that the necessary steps are taken to

identify the impact of potential losses and maintain viable
recovery

- A standard that allows for rapid recovery during system

interruption and data loss

- A program that implements the mission, vision, and strategic

goals of the

40. It is important that information about an ongoing computer

crime investigation be: ( Select the appropriate answer )

- reviewed by upper management before being released. 


- replicated to a backup system to ensure availability. 


- destroyed as soon after trial as possible. 


- limited to as few people as possible. 


41. In the feasibility Analysis Phase , which of the following

plays the most important part of decision making from a senior
management point of view ?

- Manpower Feasibility

- Technology Feasbility

- Economic feasibility

- Practical Feasibility
42. Which of
 the following is a policy that would force all
users to organize their areas as well as help reducing the risk
of possible data theft ?
- Clean Desk Policy 


- Data Disposal 


- Password Behaviours 


- Data Handling 


43. In the corporate structure of organisations, who is held

accountable for General Security Planning ?

- CTO - Cheif Technology Officer 


- CEO - Chief Executive Officer 


- CISO - Cheif Information Security Officer 


- CIO - Cheif Information Officer 


44. Downloading Pirated Blue Ray Movies from the torrent sites
are a direct violation of which Legal Clause ?

- USC 1030 - Computer Crimes Act 


- DMCA - Digital Millenium Copyright Act 


- USC 1029 - Fraud Related 


- FBI - Copyright ACT Disclaimer 


45. Centrally authenticating multiple systems and applications

against a federated user database is an example of ?

- Common Access Card 


- Smart Card 


- Access Control List 


- Single Sign On 


46. Cloud Computing describes which of the Business Resumption

Strategy ?

- Warm Site 

 - Cold Site 


- Hot Site 


- Hybrid DRP 


47. Which of the policies below are directed for a dedicated

"Unix Host Security" on ACL security issue?

- HSSP - Host Specific Policies SSSP - System Specific Policies

- ISSP - Issue Specific Policies

- ESP - Enterprise Security Policies

48. Protecting Customers Credit Card Details and oher personal

information in a public portal is crucial to the major services
provided online. Which of he following would the best compliance
regulation that discusses this factor ?

- PCI-DSS

- ISO 27001

- TIA942

- ISO 9001

49. What type of access control where the security clearance of a

subject must match the security classification of an object?

- Discretionary

- Relational

- Administrative

- Mandatory

50. A security technician would like to obscure sensitive data

within a file so that it can be transferred without causing
suspicion. Which of the following technologies would BEST be
suited to accomplish this?</p> The process of hiding a message
in another message so as to obfuscate its importance. It is also
the process of hiding a message in a medium such as a digital
image, audio file, or other file. In theory, doing this prevents
analysts from detecting the real message. You could encode your
message in another file or message and use that file to hide your
message.
Steganography
Digital Signature
Transport Encryption
 Stream Encryption

51. A security administrator is developing controls for creating

audit trails and tracking if a PHI data breach is to occur. The
administrator has been given the following requirements: All
access must be correlated to a user account. All user accounts
must be assigned to a single individual. User access to the PHI
data must be recorded. Anomalies in PHI data access must be
reported. Logs and records cannot be deleted or modified.Which of
the following should the administrator implement to meet the
above requirements?"
Implement usage auditing and review, enable account lockout
thresholds & perform regular permission audits and
reviews

Eliminate shared accounts & Create a standard naming

convention for accounts
Perform regular permission audits and reviews

Copy logs in real time to a secured WORM drive & perform

regular permission audits and reviews

52. A security analyst is reviewing the following output from an

IPS:[See the figure!
A. The source IP of the attack is coming from 250.19 18.22 &
the TTL value is outside of the expected range,
triggering the alert.
B. The source IP of the attack is coming from 250.19 18.22 &
the source IP of the attack is coming from 250 19.18 71.
C. The TTL value is outside of the expected range,
triggering the alert.
D. The attacker sent a malformed TCP packet, triggering the
alert & he TTL value is outside of the expected range,
triggering the alert.

53. An organization finds that most help desk calls ate regarding
account lockout due to a variety of applications running on
different systems. Manager is looking for a solution to reduce
the number of account lockouts while improving security. Which of
the following is the BEST solution for this organization?
A. Provide secure tokenS
B. Create multiple application accounts for each user
C. Implement SSO
D. Utilize role-based access control. No

54. Which of the following explains why vendors publish MD5

values when they provide software patches for their customers to
download over the Internet?</p>
A. The recipient can verify integrity of the software patch
B. The recipient can verify the authenticity of the site used
to download the patch
 C. The recipient can request future updates to the software
using the published MD5 value
D. The recipient can successfully activate the new software
patch.

55. A security analyst is diagnosing an incident in which a

system was compromised from an external IP address. The socket
identified on the firewall was traced to 207.46.130.66. Which of
the following should the security analyst do to determine if the
compromised system still has an active connection?&nbsp;
A. Tracert
B. Netstat
C. Ping
D. Nslooku

56. A security administrator is trying to encrypt communication.

For which of the following reasons should administrator take
advantage of the Subject Alternative Name (SAM) attribute of a
certificate?&nbsp;
A. It provides extended site validation
B. It can protect multiple domains
C. It does not require a trusted certificate authority
D. It protects unlimited sub domains

57. After a merger between two companies a security analyst has

been asked to ensure that the organization's systems are secured
against infiltration by any former employees that were terminated
during the transition. Which of the following actions are MOST
appropriate to harden applications against infiltration by former
employees?</p>
A. Assess and eliminate inactive accounts & Develop and
implement updated access control policies
B. Monitor VPN client access & Reduce failed login out
settings
C. Review and address invalid login attempts
D. Increase password complexity requirements