Sic all merged mcq - Security in computing mcq PDF

Preview

Summary

Sample MCQSr. No.Sample MCQ option1 option2 option3 option1 ___ means to include the right level of responsibility and authorization to be effective.Assessment Framework Planning Authority2 ___ are the day-today practices of the individuals and technologies assigned to the protection of assets.Strat...

Description

Sample MCQ Sr. Sample MCQ No.

1 2

3 4 5 6 7 8

option1

___ means to include the right level of Assessment responsibility and authorization to be effective. ___ are the day-today practices of the Strategic planning individuals and technologies assigned to the protection of assets. FUD stands for ___________ fear,understanding,defe nse ____ typically arrive in documents, executable Threat files, and e-mail. If the virus stays in memory after it is executed, parasitic virus it is called a ____. viruses placing themselves at the end of a file overwriting virus are called ____. which of the following is an example of content Email attack attack? What does CIA stand for ___

option2

option3

Framework

Planning Security Tactics

option4

y Security

fact,uncertainity,defense None of the Above Trojen

worm

overwriting virus

stealth viruses

s

parasitic virus

stealth virus

packet Injector

buffer overfolw

Central Agency

Intelligence Cyber security Cyber security, ,Investigation Agency Internet, Accessibility 9 The attack surface of the operating system is Installing unnecessary Allowing access to Giving administrative reduced by _____________ software everyone privileges to everyone. 10 SSL stands for? Secured Shell Layer System Socket Layer System Secured Layer 11 What is Authentication ? Encryption Access Modification 12 Which list ACL is composed of ? Permission SID Access control rejection

13 The process of transforming plain text into Decryption unreadable text. 14 What is the name of the group that IBM have formed in 1970's to design a block cipher to protect customer data? 15 DES stands for? 16 What is full form of LUNs? 17 What is full form of NAS? New-attached storage 18 Using tools to capture network packets is called Packet spoofing ____ 19 ----- Command specifies that a particular user REVOKE or role will have access to perform specific action on database objects 20 Microsoft SQL Server database platform uses a 1527 default TCP port of ________ 21 The main layer of The Cisco Hierarchical Internetworking model. 22 TCP/IP previously used by______ DECNET 23 The protocol used to find the mac Address RARP when IP Address is given. 24 ____________ is a routing protocol. Internet protocol 25 ADCs stands for____ 26

Which of the following is the types of firewall?

l 27 Network layer firewall works as a __________ Frame filter 28 CSMA/CA is based on receiving a positive response ……………………. For every successfully transmitted frame

Stream Cipher Group

Network Security

Information Hiding

Block Cipher Group

Cipher Suites Group

Data Encryption Statistics Data Encryption System Data Encryption Sequence linear unit numbers linear uniary numbers linear uniion numbers New-available storage Neutral attached storage Packet relay Packet replay G

UPDATE

DENY

1

3306

8080 Performance

ISO-NET DNS

DECNET IP

Hyper text transfer protocol User datagram protocol Application Data Application Device Apply Delivery Composers Controllers Controllers Dual Homed Gateway Screen Host Firewall Dual Host Firewall Firewall r Content filter Virus filter reply request

29 One way to control your wireless signal spread Order is correct __________________ 30 There are ________ generic types of antennas, 4 which can be further divided into subtypes 31 Which is true of a signature-based IDS? It cannot work with an IPS. 32 Full Form of SIEM? Secure Internet and Environment Management.

sequence

transmitting power

2

5

It detects never-before- It works best in large seen anomalies. enterprises. System Interface and Serial interface and Event Management Event log Managements. Penetration identification. Profile based Machine based.

33 In which approach references a baseline pattern of normal system activity to identify active intrusion? 34 Which of the following is the most commonly SDP IMS used VoIP standard? 35 PBX stands for ______ public Branch Element Public Branch Exchange

36 Session Intiation Protocol(SIP) , has a Domain mechanism that finds the ___ 37 Bell-Lapadula model was revolutionary when it 1969 was published in 38 Which if the following is not the functionality of I a Discretionary access control. 39 Common criteria part _____ details the specific 1 security functional requirements and details a criterion for expressing the security functional requirements for target of evaluation 40 Which of these is not a major type of cloud computing usage?

MGCP Private Branch Element

System

Terminal 1987

1990

b) Work well in Not suited for the effective for private commercial and military web site. etc academic sector. 3 4

Platform Service

as

a Software Service

as

a Infrastucture Service

as

a

41 42 43

44

45 46

How many types of service model are mainly 1 present in Cloud? Which of the following is not cloud deployment Public model? A ___________ program must be conducted for development teams which includes technical security awareness training and role-specific training. Application security is mainly controlled by the ____________ of the application, as he/she requires extensive knowledge about various Server areas like GUI, network connectivity, OS interaction and sensitive data management for writing secure programs. One of the following is a disadvantage of custom web administration. SDL stands for ____________.

y

2

3

Private

Hybrid

Security coding

Security Testing

encryption Safe Lifecycle

47 which One of the following comes under the Air-conditioners Token category of Technical equipment. 48 Antitailgating mechanism is used to prevent All Authorized _________________ person from closely following an authorized person through an open door. 49 What is a critical part of physical security? Guard Dogs Fences 50 DNS Stands for ____

Domain Service

Name D

Documentation

Client

Company

specific OS

complex graphics

Design Significant Development Lifecycle Fax machine

Secure Lifecycle

Design

Credit-cards

Both Authorized Few Authorized and Unauthorized

Layered Access Control Data Name Service Data Name System

1. ___________are used to educate employees, business partners, and other stakeholders about what behaviours are expected of them, what actions they should take under various circumstances to comply with security policies a. b. Training Program c. Notes d. All of the above 2. You can never be _____________percent secure about security. a. 10% b. 20% c. 30% d. 3. Which is not a part of Building a Security Program a. Authority b. Framework c. Planning d.

4. The basic assumptions of security are as follows a. We want to protect our assets. b. There are threats to our assets. c. We want to mitigate those threats. d. 5. Advanced persistent threats (APTs) means a. An attacker connects to a web site with a SQL server back-end database b. Try to guess passwords c. Connect and intercept the victim’s network traffic d.

6. Which of the following is not a proper method for email security? a. Use Strong password b. Spam filters and malware scanners c. d. Use email encryption

7. Which among the following is a method that could be implemented to minimize the risk of a successful attack? a. b. By sharing passwords with unknown people c. By allowing mobile codes to be run without malware scanning d. By not using firewall 8. The attack surface of the operating system is reduced by _____________ a. Installing unnecessary software b. c. Allowing access to everyone d. Giving administrative privileges to everyone.

9. _____________ is a famous technological medium for the spread of malware. a. Pen drive b. Cloud c. Antivirus d. 10. SSL stands for? a. b. Secured Shell Layer c. System Socket Layer d. System Secured Layer 11. Adopting encryption techniques improve ______________ A. Performance B. C. Reliability D. Longevity 12. Which is the best practice in the firewall domain environment? a. Create two domain trusted and untrusted b. Create strong network c. d. Allow access to everyone 13. Encryption in databases can be done a. b. Through VPN c. Providing passwords d. Restricting Access

.

14. The most commonly used method of controlling data access is a. cursors b. c. trigger d. sequence 15. What is WIDS a. Wireless Internet Design Service b. Wide Internet Design System c. d. Wireless Intrusion Definition System 16. _______attempt to guess a password by trying all the character combinations listed in an accompanying dictionary. a. b. File-system transversals c. SQL injection attacks d. Permutation 17. Scrambling the data according to a secret key is known as? a. Caesar Cipher b. Decryption c. Code cracking d. 18. The process of making the encrypted text readable again is called ___________ a. b. Encryption c. Network Security d. Information Hiding 19. ____________ is the risk of loss of information, such as confidential data or intellectual property, through intentional or unintentional means a. b. Theft c. Exposure d. Forwarding 20. The _________________ is the original message before transformation. a. Cipher text b. c. Secret text d. Simple text

21. ______risks affect both the validity of information and the assurance that the information is correct. a. b. Avialability c. Confidentiality d. Authority 22. Switches and Firewall come under the category of _______________ assets a. Technical equipment b. Computer equipment c. Communication equipment d. 23. While entering or leaving the internal network, firewalls examine which of the following? a. emails users b. updates c. connections d. s 24. Which of the below defines the packet filtering firewall rules. a. t b. Protocols c. Policies d. Ports 25. What does IP mean? a. Instance protocol b. l c. Instant Protocol d. Intellectual property

Category: I

Marks: 1

1. Which of the following is independent malicious program that need not any host program? a. b. c. d. Answer:

Trap Doors Worm Trojan Horse Viruses Worm

2. Which of the following malicious program do not replicate automatically? a. b. c. d. Answer:

Trap Doors Worm Trojan Horse Viruses Trojan Horse

3. In computer security, ……………………. means that computer system assets can be modified only by authorized parities a. b. c. d. Answer:

Confidentiality Integrity Availability Authenticity Integrity

4. The three D’s of security a. b. c. d.

Defense, Detection ,Divide Defend ,Detect ,Dig Defense ,Deterrence ,Detection Divide ,Disguise ,Detect

Answer : Defense ,Deterrence ,Detection 5. You are never ____________ percent secure. a. 70 b. 80

c. 100 d. 90 Answer:

100

6. What is the function of a firewall? a. b. c. d. Answer:

protects the computer in case of fire Block or screen out spam Prevents the CPU from being overheated Helps to prevent outsiders from obtaining unauthorized access Helps to prevent outsiders from obtaining unauthorized access

7. __________ is the act of capturing packets of data flowing across a computer network a. b. c. d. Answer:

packet catching packet snipping packet sniffing packet pulling

packet sniffing

8. ___________condition exists when a program attempts to put more data in a buffer than it can hold a. b. c. d. Answer:

buffer overflow buffer fill buffer overrun buffer full

buffer overflow

9. ___________is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet a. b. c. d. Answer :

ARP Protocol ARP sniffing ARP poisoning ARP cracking

ARP poisoning

10. Authentication is the process by which people prove they are who they say they are a. b. Answer :

true false

True

11. ___________ a. b. c. d. Answer:

is a network authentication system based on the use of tickets.

Kerberos Railway SSL TLS Kerberos

12. Secure Sockets Layer (SSL) is a certificate-based system that is used to provide authentication of secure web servers and clients and to share encryption keys between servers and clients

a. b.

True False

Answer :

True

13. A _________algorithm simply replaces each character in a message with another character a. b. c. d.

substitution transposition. cipher decipher

Answer:

substitution

14. CIA triad focuses on three aspects of information protection. a. b. c. d.

Confidentiality, Interest, and Availability Confidentiality, Integrity, and Availability Confidence, Integrity, and Availability Confidentiality, Integrity, and Authentication

Answer :

Confidentiality, Integrity, and Availability

15. A better approach is the lollipop model of security. It is a layered strategy, often referred to as defense in depth a. b.

True False

Answer: False 16. In _________________cryptography the same secret key is used by the sender and the receiver. a. b. c. d. Answer:

symmetric-key asymmetric-key digital certificate digital signature symmetric-key

17. A ________________issues, catalogs, renews, and revokes certificates under the Management of a policy and administrative control. a. b. c. d.

Certification authority Registration authorithy Revocation Authority Digital authority

Answer:

Certification authority

18. _________________defines the protection against denial by one of the parties in a communication a. b. c. d.

authentication non repudiation confidentiality Integrity

Answer:

non repudiation

19. With one predefined command, the attacker can cause all the zombies tobegin to attack another remote system with a distributed denial of service (DDoS) attack a.

True

b. Answer:

False True

20. If the virus executes, does its damage, and terminates until the next time it is executed, it is known as a __________________ a. b. c. d.

nonresident virus stealth virus overwriting virus prepending virus

Answer :

nonresident virus

1. The ____________security program must include the right level of responsibility and authorization to be effective. a. b. Framework c. Planning d. Gap Analysis 2. ________________for the use of software, computer systems, and networks should be clearly documented for the sake of the people who use these technologies a. Rules b. c. Program d. Network 3. A _________________ is a plan of action for how to implement the security remediation plans. a. Planning b. Road c. d. Gap Analysis 4. ______________is concerned with protecting information in all its forms, whether written, spoken, electronic, graphical, or using other methods of communication. a. I b. Network Security c. Computer Security d. Graphics Security 5. ___________is an important asset. a. b. Algorithm c. Program d. All of the Above 6. FUD stands for ___________ a. fear,understanding,defense b. c. fact,uncertainity,defense d. None of the Above 7. The field of __________ is concerned with protecting assets in general a. Network b. Information c. d. Program 8. The basic assumptions of security are as follows a. We want to protect our assets. b. There are threats to our assets. c. We want to mitigate those threats. d. 9. __________Assessing what needs to be protected, why, and how leads to a strategy for improving the security posture. a. b. Planning

10.

11.

12.

c. Frame Work d. Roadmap A universal truth of security, regardless of the application, is that the job of the attacker is always ___________ than the job of the defender. a. Difficult b. c. Moderate d. None of the Above The three Ds of security are _____________ a. delete,desired,defect b. c. Defect,Deterrent,Dial d. None of the Above A ______________ compares the desired state of the security program with the actual current state and identifies the differences. risk analysis Remediation planning

a. b. c. d. Planning 13. ___________are used to educate employees, business partners, and other stakeholders about what behaviours are expected of them, what actions they should take under various circumstances to comply with security policies a. s b. Training Program c. Notes d. All of the above 14. You can never be _____________percent secure about security. a. 10% b. 20% c. 30% d. 15.Which is not a part of Building a Security Program a. Authority b. Framework c. Planning d.

Security in Computing Unit 1 Chapter 2 1.

A ________________is a term used to describe where a threat originates and the path it takes to reach a target. a. r b. Malicious mobile code

c. Advanced Persistent Threats

d. Manual attacks 2

_________Viruses infect the data running on top of an application by using the program’s macro or scripting language a. Boot sector b. c. Computer worm d. Trojans

3.

______ is a self-replicating program that uses other host files or code to replicate a. Malicious mobile code b. Content Attack c. d. DNS spoofing

4.

Which one of the following is not an Application layer attack a. Content Attack b. Buffer overflow c. d. Password cracking

5.

A ____ virus prove that a virus can steal private encryption keys

6.

a. b. Remote access Trojan c. Bugbear d. Nimda ____________is used in distributed denial of service (DDoS) attack a b. Bugbear c. Js.ExitW d. Remote access Trojans

7

Which one of the following is common content attack a. b. DHCP Poisoning c. ARP poisoning d. Packet Sniffing

8

The formal definition of risk is a. b. Risk = Probability (Threat + Cost of Asset Damage) * Exploit of Vulnerability c. Risk = Probability (Exploit of Vulnerability + Cost of Asset Damage) * Threat d. Risk = Probability (Exploit of Vulnerability + Cost of Asset Damage+ Threat )

9

_______attempt to guess a password by trying all the character combinations listed in an accompanying dictionary. a. b. c. d.

Brute-force tools File-system transversals SQL injection attacks Permutation

10 ____ is a type of man-in-the-middle attack in which server IP address that a user connects to is also applied to the attacker’s system a. b. c. d.

DNS spoofing attack I ICMP Poisoning Intrusion prevention system

11 Packet sniffing attack is also known as a. b. Spoofing attack c. Address flooding d. MAC flooding 12 _________ is an attack that is tailored to a specific individual rather than broadcast to everyone. a. MAC Phishing b. IP Phishing c. d. Injection attack 13 The process of manipulating a web application to run SQL commands sent by an attacker is referred as ____ a. b. MAC injection c. Phishing d. DNS Spoofing 14 Advanced persistent threats (APTs) means a. An attacker connects to a web site with a SQL server back-end database b. Try to guess passwords c. Connect and intercept the...