Practice Questions Flashcards
(18 cards)
Which of the following most concerns protecting availability of information?
Running redundant servers to maintain uptime.
Which of the following most concerns protecting integrity of information?
Employing two-person control to avoid data entry errors
Personally identifiable information, credit card numbers and intellectual property are examples of which of the following aspects of an Information Security risk?
Assets
Investing in an Access Control System to restrict access to authorised individuals best exemplifies which of the following?
Modifying risk by reducing the likelihood of an incident
Which of the following most concerns the act of authorising an entity?
Checking an access control list
Which of the following are examples of ‘something a supplicant has’?
Bank card reader and Yubikey device
Which of the following does NOT accurately specify a requirement of a useful biometric characteristic for the purposes of access control?|
the characteristic should be difficult to obtain/measure
Which of the following is a principle by which modern cryptographic algorithms should abide?
Resistant to frequency analysis
Which of the following are examples of symmetric cryptography?
DES, AES
‘Hashing a message and encrypting the result with a private key’ describes which of the following operations?
Signature Generation
Which of the following is NOT a characteristic of asymmetric encryption?
Typically used to encrypt a symmetric session key rather than the plaintext message
‘The amount of money estimated to be incurred each year due to a particular incident scenario’ defines which of the following?
Annualized Loss Expectancy (ALE)
Ceasing the business function that gives risk to a risk is an example of which of the following ?
Risk termination
Which of the following is NOT an activity expected to be undertaken in the immediate response to an incident?
Risk Assessment
Which of the following is an example of Reflected (i.e., Non-Persistent) Cross-Site Scripting?
An attacker exploits a vulnerable search bar by entering a query containing the
tag that executes malicious Javascript.
Which of the following accurately states a recommendation for preventing Cross Site Scripting?
URL escape before inserting untrusted data into HTML parameter values.
Which of the following is the most accurate statement?
Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities.
Which of the following accurately states an action recommended by the NCSC when securing the development environment?
Trust your developers, verify their actions.
