lOMoARcPSD|14131512

CP3404 Information Security Quiz Answer

Information Security (James Cook University)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by nh?t long nguy?n ([email protected])
 lOMoARcPSD|14131512

CP3404 Information Security Quiz

Chapter 1

1. The is primarily responsible for assessing, managing, and implementing security.

(a) security administrator
(b) security manager
(c) security technician
(d) chief information security officer (CISO)

2. What information security position reports to the CISO and supervises technicians,
administrators, and security staff?
(a) auditor
(b) engineer
(c) manager
(d) inspector

3. Which of the following is NOT a reason why it is difficult to defend against today’s attackers?
(a) increased speed of attacks
(b) simplicity of attack tools
(c) greater sophistication of defense tools
(d) delays in security updating

4. Which position below is considered an entry-level position for a person who has the
necessary technical skills?
(a) security technician
(b) security administrator
(c) CISO
(d) security manager

5. _____ ensures that only authorized parties can view the information.
Answer: Confidentiality

6. Which of the following terms best describes ensuring that data is accessible to authorized
users?
(a) Integrity
(b) Accounting
(c) Availability
(d) BYOD

7. Security is the goal to be free from danger as well as the process that achieves the freedom.
Answer: True

8. A(n) is defined as something that has a value.

Answer: asset

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

9. Addressing a risk by making it less serious is known as _____.

(a) risk avoidance
(b) risk acceptance
(c) risk mitigation
(d) risk deterrence

10. A(n) _____ is the likelihood that a threat agent will exploit a vulnerability.
Answer: risk

11. The motivation of may be defined as ideology, ar attacking for the sake of their principles or
belief.
(a) Brokers
(b) Cyberterrorists
(c) Hactivists
(d) cybercriminals

12. Attackers who do their work by downloading automated attack software from websites and
use it to perform malicious acts are known as _____.
(a) blackhat hackers
(b) white hat hackers
(c) gray hat hackers
(d) script kiddies

13. Targeted attacks against financial networks, unauthorized access to information, and the
theft of personal information is sometimes known as _____.
Answer: cybercrime

14. The basic steps of an attack are known as _____.

Answer: Cyber Kill Chain

15. An example of _____ is information security would be not revealing the type of computer,
version of operating system, or brand of software that is used. Answer: obsecurity

Chapter 2

1. A(n) _____ is a series of instructions that can be grouped together as a single command.
Answer: macro

2. A(n) _____ is a malicious program designed to enter a computer through the network and
then take advantage of vulnerability in an application or an operating system on the host
computer.
Answer: worm

3. A(n) _____ is a set of software tools used by an intruder to break into a computer, obtain
special privileges to perform unauthorized functions, and then hide all traces of its existence.
Answer: rootkit

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

4. A(n) _____ is a computer program or a part of a program that lies dormant until it is
triggered by a specific logical event, such as a certain date reached on the system calendar or
a drop below a previous level of a person’s rank in an organization.
Answer: logic bomb

5. A type of malware that gives access to a computer, program, or service that circumvents any
normal security protections and allows an attacker to bypass security settings is known as
a(n) _____.
Answer: backdoor

6. Social engineering attacks can involve psychological approaches as well as _____ procedures.
Answer: physical

7. _____ is a social engineering approach where a user masquerades as a real or fictitious

character and then plays out the role of that person on a victim.
Answer: impersonation

8. Which type of phishing attack automatically redirects the user to a fake web site?
Answer: pharming

9. _____ is a form of tailgating that involves the tailgater colluding with an authorized person.
Answer: Piggybacking

Chapter 4

1. Controls that are intended to mitigate or lessen the damage caused by the incident are called
_____.
Answer: corrective controls

2. _____ involves restricting access to the areas in which equipment is located.

Answer: Physical security

3. A(n) _____ device monitors and controls two interlocking doors to a small room.
Answer: mantrap

4. A(n) _____ is designed to prevent malicious network packets from entering or leaving
computers or networks.
Answer: firewall

5. Most portable devices, and some computer monitors, have a special steel bracket security
slot built into the case, which can be used in conjunction with a:
(a) U-lock
(b) safe lock
(c) shield lock
(d) cable lock

6. A(n) _____ is a document or series of documents that clearly defines the defense
mechanisms an organization will employ in order to keep information secure.
Answer: security policy

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

7. A(n) _____ is a computer system with a dedicated function within a larger electrical or
mechanical system.
Answer: embedded systems

8. Application _____ is intended to prevent exploiting vulnerabilities in software applications.

Answer: hardening

9. _____ is defined as a security analysis of the transaction within its approved context.
Answer: Content inspection

10. When a policy violation is detected by the _____, it is reported back to the DLP server.
Answer: DLP agent

Chapter 5

1. _____ is the science of transforming information into an unintelligible form while it is being
transmitted or stored so that unauthorized users cannot access it.
(a) Hashing
(b) Steganography
(c) Message Authentication Code (MAC)
(d) Cryptography

2. Whereas cryptography scrambles a message so that it cannot be viewed, _____ hides the
existence of the data.
Answer: steganography

3. Changing the original text to a secret message using cryptography is known as _____.
Answer: encryption

4. Select below the hashing algorithm that takes plaintext of any length and generates a digest
128 bits in length
(a) RSA
(b) SHA1
(c) MD5
(d) MD2

5. A(n) _____ is a mathematical value entered into the algorithm to produce ciphertext, or text
that is scrambled.
Answer: key

6. A(n) _____ takes as input a string of any length and returns a string of fixed length.
Answer: hashing algorithm

7. _____ cryptographic algorithms use the same single key to encrypt and decrypt a message.
Answer: Symmetric
8. The _____ was approved by the NIST in late 2000 as a replacement for DES.
Answer: Advanced Encryption Standard (AES)

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

9. In cryptography, which of the following basic protections ensures that the information is
correct and no unauthorized person or malicious software has altered that data?
(a) Confidentiality
(b) Availability
(c) Encryption
(d) Integrity

10. Asymmetric cryptographic algorithms is also known as _____ cryptography.

Answer: public key

11. Cryptography can also be applied to entire disks. This is known as _____.
Answer: whole disk encryption

12. _____ is essentially a chip on the motherboard of the computer that provides cryptographic
services.
Answer: Trusted Platform Module (TPM)

Chapter 6

1. _____ can be used to associate or bind a user’s identity to a public key.

Answer: Digital certificates

2. A specially formatted encrypted message that validates the information the CA requires to
issue a digital certificate is known as a(n) _____.
Answer: Certificate Signing Request (CSR)

3. Revoked digital certificates are listed in a(n) _____, which can be accessed to check the
certificate status of other users.
Answer: Certificate Revocation List (CRL)

4. The master secret is used to create _____, which are symmetric keys to encrypt and decrypt
information exchanged during the session and to verify its integrity.
Answer: session keys

5. _____ is a framework for all of the entities involved in digital certificates (including hardware,
software, people, policies and procedures) to create, store, distribute, and revoke digital
certificates.
Answer: Public key infrastructure (PKI)

6. A(n) _____ refers to the type of trusting relationship that can exist between individuals or
entities.
Answer: trust model

7. A(n) _____ is a published set of rules that govern the operation of a PKI.
Answer: certificate policy (CP)

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

8. A process in which keys are managed by a third party, such as a trusted CA, is known as
_____.
Answer: key escrow

Chapter 11

1. _____ is the process by which resources or services are granted or denied on a computer
system or network.
Answer: Access control

2. A(n) _____ is a set of permissions that is attached to an object.

Answer: access control list (ACL)

3. _____ are user accounts that remain active after an employee has left an organization.
Answer: Orphaned accounts

4. Mandatory Integrity Control (MIC) uses a unique number issued to the user, group, or
session called the _____.
Answer: Security identifier (SID)

5. A RADIUS client is the device requesting authentication, such as a desktop system or wireless
notebook computer.
Answer: False

6. _____ is an authentication system developed by the Massachusetts Institute of Technology

(MIT) and used to verify the identity of networked users.
Answer: Kerberos

7. LDAP makes it possible for almost any application running on virtually any computer platform
to obtain directory information.
Answer: True

Chapter 12

1. A(n) is a secret combination of letters, numbers, and/or characters that only the user should
know.
Answer: password

2. A token is typically a small device (usually one that can be affixed to a keychain) with a
window display.
Answer: True

3. Cognitive biometrics is considered to be much more difficult for the user to remember.
Answer: False

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

4. Authentication that interprets a users physical whereabouts is known as _____.

Answer: Geolocation

5. _____ is a decentralized open source Federated Identity Management (FIM) that does not
require specific software to be installed on the desktop.
Answer: OpenID

6. Open Authorization (OAuth) is an open-source service that authenticates a user on multiple

sites _____ credentials.
Answer: token

7. The Active Directory Domain Service policy that can block a login after a specified number of
failed logins over a specified time period is named _____.
Answer: Account Lockout Policy

Chapter 13

1. Developing an outline of procedures that are to be followed in the event of a major IT

incident is known as _____.
Answer: IT contingency planning

2. Which RAID (Redundant Array of Independent Drives) level acts as a mirrored array and can
achieve high data transfer rates because there are multiple stripe segments?
Answer: RAID 0+1 (high data transfer)

3. A(n) _____ is always running off its battery while the main power runs the battery charger
and is not affected by dips or sags in voltage.
Answer: on-line UPS

4. The age of the data that an organization wants the ability to restore in the event of a disaster
is known as _____.
Answer: recovery point objective (RPO)

5. A metallic enclosure that prevents the entry or escape of an electromagnetic field is known
as a _____.
Answer: Faraday cage

6. A new area known as _____ uses technology to search for computer evidence of a crime.
Answer: computer forensics

7. The _____ documents that the evidence was under strict control at all times and no
unauthorized person was given the opportunity to corrupt the evidence.
Answer: chain of custody

8. _____ can contain any information that has been created, viewed, modified, downloaded, or
copied since the computer was last booted.
Answer: RAM slack

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

Chapter 14

1. An attempt to address a risk by making it less serious is known as _____.

Answer: risk mitigation

2. Which risk calculation approach uses an educated guess based on observation?

Answer: Qualitative risk calculation

3. The likelihood of a risk occurring within a year is known as the _____.

Answer: Annualized Rate of Occurrence (ARO)

4. At its core, a _____ is a written document that states how an organization plans to protect
the company’s information technology assets.
Answer: security policy

5. A policy that outlines how to maintain information in the user’s possession for a
predetermined length of time is known as a(n) _____.
Answer: data retention policy

6. Grouping individuals and organizations into clusters or groups based on some sort of
affiliation is called _____.
Answer: social networking

7. The _____ policy typically contains statements regarding actions to be taken when an
employee is terminated.
Answer: security-related human resource

8. _____ learners learn through taking notes, being at the front of the class, and watching
presentations.
Answer: Visual

Chapter 15

1. The goal of _____ is to better understand who attackers are, why they attack, and what types
of attacks might occur.
Answer: threat modelling

2. A _____ involves determining the damage that would result from an attack and the
likelihood that the vulnerability is a risk to the organization.
Answer: risk assessment

3. A(n) _____ is a computer typically located in an area with limited security and loaded with
software and data files that appear to be authentic, yet they are actually imitations of real
data files.
Answer: honeypot

4. In a white box test, the tester has no prior knowledge of the network infrastructure that is
being tested.

Downloaded by nh?t long nguy?n ([email protected])

 lOMoARcPSD|14131512

Answer: False

5. An agreement through which parties in a relationship can reach an understanding of their

relationships and responsibilities is known as a(n) _____.
Answer: interoperability agreement

6. A(n) _____ is an approach, philosophy, or strategy regarding security.

Answer: security posture

7. The purpose of is to eliminate as many security risks as possible and make the system more
secure.
Answer: hardening

Downloaded by nh?t long nguy?n ([email protected])