Question set 501 Flashcards Preview

Security > Question set 501 > Flashcards

Flashcards in Question set 501 Deck (100):
1

Q.1) Which of the following is the best method of making a new employee aware of security policies of the organization? A. Make security policies awareness a part of the induction program for new employees B. Make security policies an appendix to the appointment letter C. Interview the employee for his/her level of awareness of security policies before you appoint him/her. D. None of the above.

Q.1) Which of the following is the best method of making a new employee aware of security policies of the organization? A. Make security policies awareness a part of the induction program for new employees (Answer) B. Make security policies an appendix to the appointment letter C. Interview the employee for his/her level of awareness of security policies before you appoint him/her. D. None of the above. Explanation Security is the most critical issue when making resources available to the new employee hence it is ideal to make the security policy awareness program a part of the induction program.

2

Q.2) Which of the following policies will define the rules for user account creation and password creation? A. Business policies B. Security policies C. Organizational policies D. None of the above

Q.2) Which of the following policies will define the rules for user account creation and password creation? A. Business policies B. Security policies (Answer) C. Organizational policies D. None of the above Explanation User account and password must be so created and maintained that it must be very difficult for a hacker to guess and break in to the network. Hence these will be governed by the security policies.

3

Q.3) If you wish to carry bulk data from one site to another but your data line does not support the required kind of transfer which of the following is your solution? A. Write into a CD ROM B. Perform FTP C. Copy it into several floppies D. None of the above

Q.3) If you wish to carry bulk data from one site to another but your data line does not support the required kind of transfer which of the following is your solution? A. Write into a CD ROM (Answer) B. Perform FTP C. Copy it into several floppies D. None of the above Explanation When bulk data needs to be transferred between sites it is ideal to write it into a CD ROM drive and carry the same.

4

Q.4) If you require a 24/7 availability in case of disaster which of the following would be an ideal solution for you? A. Server clustering B. Hot site C. File server mirroring D. None of the above

Q.4) If you require a 24/7 availability in case of disaster which of the following would be an ideal solution for you? A. Server clustering B. Hot site (Answer) C. File server mirroring D. None of the above Explanation Hot site is an alternate or a mirror site available for backup and DRP testing.

5

Q.5) Which of the following backup is slowest to restore ? A. Differential backup B. Incremental backup C. Full backup D. None of the above

Q.5) Which of the following backup is slowest to restore ? A. Differential backup B. Incremental backup (Answer) C. Full backup D. None of the above Explanation Incremental is the fastest of the backup methods (since only files that have been modified since last full back up are backed up) but the slowest of the restore methods.

6

Q.6) Which of the following will ensure data is available for use even in case of fire on the network site?

Q.6) Which of the following will ensure data is available for use even in case of fire on the network site? Explanation Daily backup ensures that the latest data will be available in case of fire

7

Q.7) Which of the following is an online security for data storage? A. Data backup B. RAID C. File server mirroring D. None of the above

Q.7) Which of the following is an online security for data storage? A. Data backup B. RAID (Answer) C. File server mirroring D. None of the above Explanation RAID is a data storage scheme that make storage device available in spite of tolerable failure. Data backup is offline fault tolerance and File server mirroring is an availability service

8

Q.8) Gas based fire suppressants are more safe then the water based fire suppressants on a network site. T/F? A. True B. False

Q.8) Gas based fire suppressants are more safe then the water based fire suppressants on a network site. T/F? A. True (Answer) B. False Explanation Gas based fire suppressants can not only put off various sources of fire it will also not cause the damage that water based suppressant would possibly do on a network site.

9

Q.9) Which of the following devices would you use to activate power backup during a dip in power or power cut?

Q.9) Which of the following devices would you use to activate power backup during a dip in power or power cut? Explanation Power conditioners are capable of activating power backup systems when situations demand so.

10

Q.10) Water based fire suppressants are ideal for data centers. T/F?

Q.10) Water based fire suppressants are ideal for data centers. T/F? Explanation Water based power suppressants can cause sever damage to power as well as electronic devices.

11

Q.11) Voice print biometric is not fool proof. T/F?

Q.11) Voice print biometric is not fool proof. T/F? Explanation Voice print is a complex biometric method but is not fool proof as frequency modulation to achieve a particular voice effect is not difficult. Hence voice print is not very secure.

12

Q.12) Which of the following are disadvantages with infrared based motion detectors? Choose two

Q.12) Which of the following are disadvantages with infrared based motion detectors? Choose two Explanation Infrared detectors have distance limitation as well as the line-of-sight limitation which stops it from being successful in large premises where line-of-sight is not possible.

13

Q.13) Which of the following is the best way to secure sensitive data on the server? A. Block all access to servers that store sensitive data (Your Answer) B. Ensure these servers are not visible on the network C. Encrypt sensitive information on the server D. None of the above

Q.13) Which of the following is the best way to secure sensitive data on the server? A. Block all access to servers that store sensitive data (Your Answer) B. Ensure these servers are not visible on the network C. Encrypt sensitive information on the server (Answer) D. None of the above Explanation The best way to secure stored information on the server is to encrypt the sensitive information by using complex algorithms and securing the passwords and making it inaccessible to hackers.

14

Q.14) Which of the following is true about risk management? A. It is an exercise that analyzes the potential risks an organization runs into when data is leaked to public B. It is a way of analyzing the potential risks to an enterprise C. It is a way of handling situations when the organization runs into a high financial risk. D. None of the above

Q.14) Which of the following is true about risk management? A. It is an exercise that analyzes the potential risks an organization runs into when data is leaked to public (Answer) B. It is a way of analyzing the potential risks to an enterprise C. It is a way of handling situations when the organization runs into a high financial risk. D. None of the above Explanation Risk management is a way of analyzing the situation of potential risk if the confidential data were to be leaked to the public.

15

Q.15) Which of the following can be referred to as public level data? A. Web site B. Intranet site C. Confidential D. None of the above

Q.15) Which of the following can be referred to as public level data? A. Web site (Answer) B. Intranet site C. Confidential D. None of the above Explanation All information hosted on a web site is usually available for public users and hence can be categorized as public level data

16

Q.16) Which of the following is true about threat modeling? Choose two A. Thread modeling refers to places where data leak is likely B. Threat modeling refers to people who are likely to leak data C. Threat modeling refers to the threats that are likely to affect the organization D. None of the above

Q.16) Which of the following is true about threat modeling? Choose two A. Thread modeling refers to places where data leak is likely (Missed) B. Threat modeling refers to people who are likely to leak data (Missed) C. Threat modeling refers to the threats that are likely to affect the organization D. None of the above Explanation Threat modeling is a very effective way in which you can analyze the places where data is likely to leak or the people who are likely to leak the data.

17

Q.17) The key size in RC5 can range from 0 to 255. Y/N? A. Yes B. No

Q.17) The key size in RC5 can range from 0 to 255. Y/N? A. Yes B. No (Answer) Explanation The number of rounds can range from 0-255 whereas the key size will range from 0-2040 bits.

18

Q.18) Which of the following is the RC2 supposed to replace? A. DES B. 3DES C. Caesar?s code D. None of the following

Q.18) Which of the following is the RC2 supposed to replace? A. DES (Answer) B. 3DES C. Caesar?s code D. None of the following Explanation Originally RC2 is meant to replace the DES algorithm.

19

Q.19) 3DES is much faster than DES. T/F? A. True B. False

Q.19) 3DES is much faster than DES. T/F? A. True B. False (Answer) Explanation 3DES is a variation of DES and is much slower.

20

Q.20) Which of the following can make use of IDEA? Choose two. A. Private communication B. Banking C. Industry applications D. Video conferencing

Q.20) Which of the following can make use of IDEA? Choose two. A. Private communication B. Banking (Missed) C. Industry applications (Missed) D. Video conferencing Explanation IDEA is used worldwide in banking and industry applications.

21

Q.21) Which of the following is required for a brute force attack? A. A specific configuration system meant for these attacks B. A server configuration system at least C. A general purpose daily use computer with usual configuration D. None of the above

Q.21) Which of the following is required for a brute force attack? A. A specific configuration system meant for these attacks B. A server configuration system at least C. A general purpose daily use computer with usual configuration (Answer) D. None of the above Explanation To exercise brute force attack you will need just a usual configuration computer that is being used everyday by regular users.

22

Q.22) Which of the following can also be done by cryptography? A. Explicitly authenticate the receiver B. Implicitly authenticate the sender C. Rectify a message that has been altered D. None of the above

Q.22) Which of the following can also be done by cryptography? A. Explicitly authenticate the receiver B. Implicitly authenticate the sender (Answer) C. Rectify a message that has been altered D. None of the above Explanation Cryptography can NOT explicitly authenticate sender or rectify the message that has been altered. If this is done the very purpose of cryptography is defeated. Cryptography can provide secrecy to any message and implicitly authenticate the sender.

23

Q.23) Cryptography without keys is simpler to use than cryptography with keys. T/F? A. True B. False

Q.23) Cryptography without keys is simpler to use than cryptography with keys. T/F? A. True (Answer) B. False Explanation Since Cryptography without keys will require just one enciphering program and one deciphering program it may not be as resource intensive as cryptography with keys and may be simpler to implement than cryptography with keys.

24

Q.24) Which of the following will be required by cryptography without keys? Choose two. A. A cipher program B. Deciphering program C. A cryptanalyst D. 128-bit key algorithm

Q.24) Which of the following will be required by cryptography without keys? Choose two. A. A cipher program (Missed) B. Deciphering program (Missed) C. A cryptanalyst D. 128-bit key algorithm Explanation Cryptography without keys will not need a key-based algorithm. A cryptanalyst is not required here either. You need one cipher program that will decide upon the complex substitution required for enciphering and also a deciphering program that will be required by the receiver of the message.

25

Q.25) Which of the following can be termed as a key distribution problem? A. Not knowing to whom the keys have to be distributed B. Not knowing the actual keys to be distributed C. Deciphering the message at the receiving end D. None of the above

Q.25) Which of the following can be termed as a key distribution problem? A. Not knowing to whom the keys have to be distributed B. Not knowing the actual keys to be distributed C. Deciphering the message at the receiving end (Answer) D. None of the above Explanation When a message is encrypted using a certain encryption algorithm that uses a certain bit of keys the related information must be known at the receiving end also if the original message has to be interpreted successfully. The issue of sending the right key to the recipient for the right message is a key distribution issue.

26

Q.26) Which of the following are symmetric algorithms? Choose two. A. Stream Cipher B. Block Cipher C. Caesar?s Cipher D. None of the above

Q.26) Which of the following are symmetric algorithms? Choose two. A. Stream Cipher (Missed) B. Block Cipher (Missed) C. Caesar?s Cipher D. None of the above Explanation There is no such algorithm as Caesar?s Cipher. Symmetric algorithm can be categorized into two: Stream and block.

27

Q.27) Which of the following is used by the PGP to create a signature? Choose two A. Public key B. Private key C. Message digest D. Clear text.

Q.27) Which of the following is used by the PGP to create a signature? Choose two A. Public key B. Private key (Missed) C. Message digest (Missed) D. Clear text. Explanation The PGP uses the combination of private key and the message digest to generate the signature.

28

Q.28) Digital signatures apart from establishing identity provide which of the following? A. Data integrity B. Data security C. Data encryption D. None of the above

Q.28) Digital signatures apart from establishing identity provide which of the following? A. Data integrity (Answer) B. Data security C. Data encryption D. None of the above Explanation Digital signatures help to establish that data was not modified during the transmission hence helping in establishing data integrity.

29

Q.29) Larger the number of bits in a key higher is the risk of unauthorized decryption. T/F? A. True B. False

Q.29) Larger the number of bits in a key higher is the risk of unauthorized decryption. T/F? A. True B. False (Answer) Explanation Larger the number of bits in a key more complex it is to decrypt a message.

30

Q.30) Which of the following statements about PGP are true? Choose two. A. It offers high resistance to cryptanalysis B. It is a heterogeneous cryptography system C. It is not a hybrid cryptography system D. It compresses plain text before encypting. E. None of the above

Q.30) Which of the following statements about PGP are true? Choose two. A. It offers high resistance to cryptanalysis (Missed) B. It is a heterogeneous cryptography system C. It is not a hybrid cryptography system D. It compresses plain text before encypting. (Missed) E. None of the above Explanation It is hybrid crypto system that allows for data compression and thus discouraging pattern analysis or cryptanalysis.

31

Q.31) In Public-key cryptography one key is used for encryption as well as decryption. T/F? A. True B. False

Q.31) In Public-key cryptography one key is used for encryption as well as decryption. T/F? A. True B. False (Answer) Explanation In Public-key cryptography Public key is used for encryption and Private key is used for decryption.

32

Q.32) Which of the following is a disadvantage when using conventional encryption? A. It is not reliable B. Key distribution C. Key generation D. None of the above

Q.32) Which of the following is a disadvantage when using conventional encryption? A. It is not reliable B. Key distribution (Answer) C. Key generation D. None of the above Explanation When using conventional encryption for transmitting data key distribution between the sending and the receiving end can be a problem

33

Q.33) If Hi Kid is being represented as Kl Nlg then which of the following is the correct offset value or key value being used here? A. 3 B. 5 C. 4 D. 0

Q.33) If Hi Kid is being represented as Kl Nlg then which of the following is the correct offset value or key value being used here? A. 3 B. 5 C. 4 (Answer) D. 0 Explanation H when offset by 4 will be represented as K I as L K as N D as G. Hence key value or offset value being used here is 4

34

Q.34) Cipher is a mathematical function used for secure authentication. T/F? A. True B. False

Q.34) Cipher is a mathematical function used for secure authentication. T/F? A. True B. False (Answer) Explanation Cipher is a cryptography algorithm. It is a mathematical function used for the purpose of encryption and decryption.

35

Q.35) Which of the following is true about Ciphertext? Choose three. A. It is a result of strong cryptography B. It is a result of weak cryptography C. It makes it impossible to retrieve clear text without the help of correct decoding tools. D. It makes it impossible to retrieve clear text. E. Requires extensive computing capability to decode.

Q.35) Which of the following is true about Ciphertext? Choose three. A. It is a result of strong cryptography (Missed) B. It is a result of weak cryptography C. It makes it impossible to retrieve clear text without the help of correct decoding tools. (Missed) D. It makes it impossible to retrieve clear text. E. Requires extensive computing capability to decode. (Missed) Explanation Ciphertext is a result of strong cryptography. It is meant to be so complex that it is impossible to decode without appropriate decoding tools in spite of using extensive computing capabilities.

36

Q.36) Which of the following is the function of IETF? A. Setup networking standards B. Propose and develop standards relating to computers networks and Internet C. Review security policies for banks D. None of the above.

Q.36) Which of the following is the function of IETF? A. Setup networking standards B. Propose and develop standards relating to computers networks and Internet (Answer) C. Review security policies for banks D. None of the above. Explanation IETF (Internet Engineering Task Force) is responsible for proposing and developing standards relating to computers networks and the Internet.

37

Q.37) ECC and diffe-Hellman are both asymmetric using public/private keys. T/F? A. True B. False

Q.37) ECC and diffe-Hellman are both asymmetric using public/private keys. T/F? A. True (Answer) B. False Explanation ECC RSA Diffie-Hellman and El Gamal are all asymmetric systems using public/private keys

38

Q.38) Which of the following relate to information or message integrity? Choose two. A. Prevent information modification during transmission. B. Verification through check sum algorithms. C. Verification through authentication D. Verification through digital signatures.

Q.38) Which of the following relate to information or message integrity? Choose two. A. Prevent information modification during transmission. (Missed) B. Verification through check sum algorithms. (Missed) C. Verification through authentication D. Verification through digital signatures. Explanation Message integrity ensures that he message being transmitted is not being modified enroute. To ensure this a checksum algorithm may be employed at the sending and the receiving end to ensure the message being sent is received in tact.

39

Q.39) Which of the following statements relating to Digital signatures are true? Choose two. A. It is ideal security for emails B. It can be used for Identification establishment. C. It is an encryption method D. It is an encryption standard

Q.39) Which of the following statements relating to Digital signatures are true? Choose two. A. It is ideal security for emails (Missed) B. It can be used for Identification establishment. (Missed) C. It is an encryption method D. It is an encryption standard Explanation It is ideally meant to establish Identity of the sender and receiver of the information and not to encrypt the information. The most practical implementation of digital signatures would be in emails. It is not any encryption standard.

40

Q.40) Which of the following can RSA be used for? Choose two. A. Encryption B. Digital signatures C. Certificates D. Tokens

Q.40) Which of the following can RSA be used for? Choose two. A. Encryption (Missed) B. Digital signatures (Missed) C. Certificates D. Tokens Explanation RSA can be used for Encryption and Digital signatures. It is not relevant to certificates and tokens.

41

Q.41) Which of the following statements about the MDA (Message Digest algorithm) are true? Choose two. A. It offers 128-bit hash B. It offers 256-bit hash C. Its latest version is MD#5 D. Its latest version is MD#1

Q.41) Which of the following statements about the MDA (Message Digest algorithm) are true? Choose two. A. It offers 128-bit hash (Missed) B. It offers 256-bit hash C. Its latest version is MD#5 (Missed) D. Its latest version is MD#1 Explanation MDA is also a hash algorithm that can be used during encryption. It provides 128-bit hash. Its latest version is MD#5.

42

Q.42) Microsoft Windows 2000 supports authorized updates in DNS?

Q.42) Microsoft Windows 2000 supports authorized updates in DNS? Explanation MS Windows 2000 does support Authorized DNS updates

43

Q.43) Does NTFS provide file system security? A. Yes B. No

Q.43) Does NTFS provide file system security? A. Yes (Answer) B. No Explanation NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

44

.44) Active directory authorized DHCP which is an ideal security measure.

.44) Active directory authorized DHCP which is an ideal security measure. Explanation By ensuring that the DHCP server needs to be authorized in a network to issue IP addresses to clients the ADS ensures there is no spurious DHCP server that can be included in the network and arbitrary issue IP address to clients and thus disrupt the network functioning.

45

Q.45) To prevent News servers from being accessed you must block TCP port 21. T/F? A. True B. False

Q.45) To prevent News servers from being accessed you must block TCP port 21. T/F? A. True B. False (Answer) Explanation The port number 119 must also be blocked.

46

Q.46) Which of the following is an ideal policy for password policies on a network?

Q.46) Which of the following is an ideal policy for password policies on a network? Explanation Passwords must be changed periodically. It must be so configured that it should not get repeated between changes and passwords must always be alpha numeric with a minimum length and unique (not rotated)

47

Q.47) Which of the following is true about a three-tier model? Choose two. A. In this model the Database server is the core component. B. In this model the database client is the core component. C. This is the most secure model for a database server. D. This is the least secure model for hosting a database server.

Q.47) Which of the following is true about a three-tier model? Choose two. A. In this model the Database server is the core component. (Missed) B. In this model the database client is the core component. C. This is the most secure model for a database server. (Missed) D. This is the least secure model for hosting a database server. Explanation In a three-tier model the client is the superficial component the middle server provides the required security and the database server forms the core component. Since the middle level server receives client requests first and then passes it on to the database server the database server is not directly exposed to the client and is hence the most secure way of hosting the web server.

48

Q.48) Which of the following can help with Web Server hardening? Choose all that apply. A. Web servers should not have most restrictive permissions on resources that need not be accessible to the external user. B. Web servers should have most restrictive permissions on resources that need not be accessible to the external user. C. Verifying that only relevant resources can be accessible through URLs D. Verify if all services have been updated with latest patches or service packs. E. None of the above

Q.48) Which of the following can help with Web Server hardening? Choose all that apply. A. Web servers should not have most restrictive permissions on resources that need not be accessible to the external user. B. Web servers should have most restrictive permissions on resources that need not be accessible to the external user. (Missed) C. Verifying that only relevant resources can be accessible through URLs (Missed) D. Verify if all services have been updated with latest patches or service packs. (Missed) E. None of the above Explanation To harden the Web server it is essential that all services running on the server be updated with latest patches as and when required. Resources that should not be accessible to the external user must have the most restrictive permissions. Static files and other resources that are not relevant to external users must not be accessible through URLs.

49

Q.49) If you wish to block the external users from accessing your Mail server you must block port number 110. T/F? A. True B. False

Q.49) If you wish to block the external users from accessing your Mail server you must block port number 110. T/F? A. True B. False (Answer) Explanation If you wish to block the external users from accessing your Mail server you must block port number 25.

50

Q.50) If you have implemented a FTP server in your network and you would wish to secure this service so that no external user will be able perform FTP and obtain secure data which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections D. Block port numbers 67 and 68 on the internal interface

Q.50) If you have implemented a FTP server in your network and you would wish to secure this service so that no external user will be able perform FTP and obtain secure data which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections (Answer) B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections D. Block port numbers 67 and 68 on the internal interface Explanation Blocking port numbers 20 and 21 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the FTP service.

51

Q.51) When faced with an incoming packet which of the following header components would a firewall look at first? A. Protocol information B. Source address C. Destination address D. No of bytes in the header

Q.51) When faced with an incoming packet which of the following header components would a firewall look at first? A. Protocol information B. Source address (Answer) C. Destination address D. No of bytes in the header Explanation The firewall will first look at the source address to verify which network has sent the packet and then see if any firewall restriction is applicable to this packet.

52

Q.52) Which of the following is the correct authority to decide on the firewall design policy? A. Administrator B. Business owner C. User D. Government policies.

Q.52) Which of the following is the correct authority to decide on the firewall design policy? A. Administrator (Answer) B. Business owner C. User D. Government policies. Explanation Based on the network policy and the access policy the administrator will be required to design an accurate firewall policy. The Government will have no role to play here.

53

Q.53) Which of the following firewall policies is least restrictive? A. Any any B. Deny all C. Permit any D. None of the above

Q.53) Which of the following firewall policies is least restrictive? A. Any any B. Deny all C. Permit any (Answer) D. None of the above Explanation The ?Permit any? is the most restrictive statement that can be defined in the firewall. This statement should not be configured on the top of the list ideally as it will over rule any other restriction that may follow this statement.

54

Q.54) Packet filtering firewall will operate Application layer of the OSI reference model. T/F? A. True B. False

Q.54) Packet filtering firewall will operate Application layer of the OSI reference model. T/F? A. True B. False (Answer) Explanation Packet filtering firewall operates on the network layer of the OSI reference model.

55

Q.55) Which of the following protocols will the Circuit-level filtering firewall relate to? Choose two A. UDP B. TCP C. FTP

Q.55) Which of the following protocols will the Circuit-level filtering firewall relate to? Choose two A. UDP (Missed) B. TCP (Missed) C. FTP Explanation Circuit level filtering firewall relates to transport/session layers and will hence relate to TCP and UDP. It can make up for the shortcomings of the ultra-simple UDP protocol wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

56

Q.56) Which of the following is/are the firewall capable of? Choose two. A. NAT B. PAT C. MAC D. DAC

Q.56) Which of the following is/are the firewall capable of? Choose two. A. NAT (Missed) B. PAT (Missed) C. MAC D. DAC Explanation The firewall is capable of Nat (Network Address Translation) as well as PAT (Port Address Translation). MAC is an addressing scheme and DAC is Digital to Analog conversion which the firewall is not capable of.

57

Q.57) Which of the following devices use Infrared? Choose three. A. Small range LAN B. Remote control devices C. Advanced cellular devices D. Refrigerators

Q.57) Which of the following devices use Infrared? Choose three. A. Small range LAN (Missed) B. Remote control devices (Missed) C. Advanced cellular devices (Missed) D. Refrigerators Explanation Small range LAN that can afford placement of devices within line of sight may go in for Infrared communication. Remote control devices such as television or home theater sets do also use Infrared. Advanced cellular devices use Infrared for data transfer between themselves and PCs or Printers.

58

Q.58) Routers perform filtering based on which of the following? A. Information presented by the Access List. B. Information presented by the routing table. C. Information presented by the header information of the incoming packets. D. Information presented by the header information of the outgoing packets.

Q.58) Routers perform filtering based on which of the following? A. Information presented by the Access List. (Answer) B. Information presented by the routing table. C. Information presented by the header information of the incoming packets. D. Information presented by the header information of the outgoing packets. Explanation Filtering can be performed only if certain rules for filtering is decided upon. These rules or conditions for filtering are available in the Access List in case of the routers. The routing table or the header information of packets on their own cannot present any information that is required for filtering.

59

Q.59) Which of the following layers is responsible for assigning the correct standard of signal strength to the communicating devices? A. Physical layer B. Datalink layer C. Network Layer D. None of the above

Q.59) Which of the following layers is responsible for assigning the correct standard of signal strength to the communicating devices? A. Physical layer (Answer) B. Datalink layer C. Network Layer D. None of the above Explanation The responsibility of the physical layer is to assign correct standards of physical connection as well as the signal strengths required for operation.

60

Q.60) Which of the following devices may require a modem for WAN communication? Choose two. A. PC B. Routers C. Switches D. None of the above.

Q.60) Which of the following devices may require a modem for WAN communication? Choose two. A. PC (Missed) B. Routers (Missed) C. Switches D. None of the above. Explanation Connecting a modem to the switch is the same as connecting it to the PC. Switch is a transparent device on the network and is not intelligent enough to independently drive a modem to perform any function. The PC and the router require a modem for dial up or leased line connectivity to the WAN.

61

Q.61) Which of the following is true about cellular communication? Choose three. A. It uses radio frequency for main communication. B. Advanced phones use Infrared for data transfer. C. Its reception/transmission range will depend upon the service providers? signal strength D. Its reception/transmission range will depend upon the cellular devices? signal strength

Q.61) Which of the following is true about cellular communication? Choose three. A. It uses radio frequency for main communication. (Missed) B. Advanced phones use Infrared for data transfer. (Missed) C. Its reception/transmission range will depend upon the service providers? signal strength (Missed) D. Its reception/transmission range will depend upon the cellular devices? signal strength Explanation Cellular phones mainly communicate on radio frequency. The range of reception and transmission will depend upon the number of towers as well as the signal strength provided by the cellular service provider. Advanced cellular devices have data transfer feature that can be used with PCs or printers that are Infrared enabled.

62

Q.62) Which of the following statements about the email client is/are true? Choose only answer(s) that apply. A. An email client can retrieve mails only from an email server B. An email client needs a retrieval protocol as well as an email application C. It is mandatory that emails are scanned if an email client has to be operational D. None of the above

Q.62) Which of the following statements about the email client is/are true? Choose only answer(s) that apply. A. An email client can retrieve mails only from an email server (Missed) B. An email client needs a retrieval protocol as well as an email application (Missed) C. It is mandatory that emails are scanned if an email client has to be operational D. None of the above Explanation An email client application usually has the client component that is configured with a protocol (POP3) for retrieving mails from an email server.

63

Q.63) Which of the following port numbers is used by POP3? A. 25 B. 20 C. 110 D. 119

Q.63) Which of the following port numbers is used by POP3? A. 25 B. 20 C. 110 (Answer) D. 119 Explanation POP3 uses port number 110.

64

Q.64) Which of the following is a best update schedule/configuration for antivirus on a mail server? Choose two.

Q.64) Which of the following is a best update schedule/configuration for antivirus on a mail server? Choose two. Explanation It is ideal for updates to be automatic as no important update or otherwise will be missed. It is better to configure the schedule of update twice daily as Mail servers are the most vulnerable components of the network after the web servers.

65

Q.65) Which of the following can happen due to virus transmitted via email? Choose the most applicable answers.

Q.65) Which of the following can happen due to virus transmitted via email? Choose the most applicable answers. Explanation Virus transmitted via email usually end up corrupting the mails database and the address book. They can also attach themselves to every destination address in the address book and be transmitted before actually destroying the address book entries.

66

Q.66) Which of the following is essential when planning a RAS server for accommodating remote clients? Choose two.

Q.66) Which of the following is essential when planning a RAS server for accommodating remote clients? Choose two. Explanation When considering implementing remote access in a network for security purpose it is better to dedicate one pool of IP addresses for remote clients. The allocation of IP addresses to remote clients will be more efficient if the allocation is dynamic.

67

Q.67) Which of the following statements about SSH (Secure Shell) is true? Choose all that apply.

Q.67) Which of the following statements about SSH (Secure Shell) is true? Choose all that apply. Explanation SSH is a protocol used to establish tunnels between UNIX systems. It is capable of providing encryption as it is a tunneling protocol.

68

Q.68) Which of the following services can be used to hide internal network addresses from the external networks?

Q.68) Which of the following services can be used to hide internal network addresses from the external networks? Explanation DHCP service is responsible for dynamically allocating IP addresses to clients. Routing Service Firewall Proxy are all services that are capable of NAT. NAT (Network Address Translation) is a process of translating internal network address to public IP address.

69

Q.69) Which of the following would allow a secure connection with your Web server? Choose all that apply.

Q.69) Which of the following would allow a secure connection with your Web server? Choose all that apply. Explanation HTTP (Hyper Text Translation Protocol) when configured to operate along with SSL (Secure Socket Layer) will ensure secure connections of clients to web Server. This is also referred to as HTTPS.

70

Q.70) Which of the following is true about the RADIUS server? A. It needs an independent administrator B. It can be managed by the central administrator C. It needs to be configured on the central server D. None of the above

Q.70) Which of the following is true about the RADIUS server? A. It needs an independent administrator B. It can be managed by the central administrator (Answer) C. It needs to be configured on the central server D. None of the above Explanation The RADIUS server can be managed by the central administrator or by the administrator who manages the other servers. It need not be configured on the Central server to be centrally manged.

71

Q.71) To transfer mails between email servers and client of the same domain you would require POP3 service. T/F? A. True B. False

Q.71) To transfer mails between email servers and client of the same domain you would require POP3 service. T/F? A. True (Answer) B. False Explanation POP3 (Post office Protocol) is a mail retrieval protocol that helps the client to retrieve mails from the mail server.

72

Q.72) Which of the following protocols is used for connecting UNIX hosts or terminals? A. PPP B. RS232 C. SLIP D. V35

Q.72) Which of the following protocols is used for connecting UNIX hosts or terminals? A. PPP B. RS232 C. SLIP (Answer) D. V35 Explanation PPP and SLIP are the only two protocols mentioned. The other two are related to standards and not protocols. SLIP is the protocol used in UNIX networks.

73

Q.73) If you required a dedicated service to authenticate remote users on your network which of the following would you choose? A. RAS B. DHCP C. HTTP D. RADIUS

Q.73) If you required a dedicated service to authenticate remote users on your network which of the following would you choose? A. RAS B. DHCP C. HTTP D. RADIUS (Answer) Explanation RADIUS (Remote Access Dial In User Service) is meant for authenticating remote users on a network.

74

Q.74) Which of the following protocol helps to address and IP multicast group? A. ICMP B. IGMP C. IGRP D. EIGRP

Q.74) Which of the following protocol helps to address and IP multicast group? A. ICMP B. IGMP (Answer) C. IGRP D. EIGRP Explanation IGRP and EIGRP are routing protocols. ICMP is responsible for path determination. IGMP is responsible for maintaining IP multicast group information.

75

Q.75) Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as Eavesdropping. T/F? A. True B. False

Q.75) Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as Eavesdropping. T/F? A. True B. False (Answer) Explanation Super imposing the internal IP address of a network on to your own for the purpose of gaining access to the network is referred to as ?IP Masquerading? or ?Spoofing?.

76

Q.76) Which of the following could give rise to DoS on the destination end of the command? A. Ftp B. Ping C. IPCONFIG D. Trace

Q.76) Which of the following could give rise to DoS on the destination end of the command? A. Ftp B. Ping (Answer) C. IPCONFIG D. Trace Explanation Putting the ping command on a continuous loop to a given destination IP address can cause that destination end system to hang thus causing the DoS state.

77

Q.77) Which of the following would indicate that the Web Server in your organization has been subjected to the DoS attack? Choose the best answer. A. The servers? behavior would be erratic. B. The user would not be able to access the Web Server. C. All resources attached to the Web Server would stop functioning D. The entire network stops functioning.

Q.77) Which of the following would indicate that the Web Server in your organization has been subjected to the DoS attack? Choose the best answer. A. The servers? behavior would be erratic. B. The user would not be able to access the Web Server. (Answer) C. All resources attached to the Web Server would stop functioning D. The entire network stops functioning. Explanation As the name suggests the services or the access to resources may be denied. This is not to say that the resources will themselves stop functioning. Any user who is currently logging in may be denied authentication or users who are already logged in may not have resources available to them. The entire network connected to the Web Server cannot stop functioning as the network is usually hidden behind the firewall and will not be accessible to the outside world.

78

Q.78) Which of the following can ensure that eavesdropping does not occur on wireless LANs? A. Encrypting passwords B. Encrypting usernames C. Encrypting data D. Encrypting data as well as passwords.

Q.78) Which of the following can ensure that eavesdropping does not occur on wireless LANs? A. Encrypting passwords B. Encrypting usernames C. Encrypting data D. Encrypting data as well as passwords. (Answer) Explanation If it is practical and achievable on the network the best way to implement security on Wireless LAns would be to encrypt passwords as well as data.

79

Q.79) Which of the following services is capable of hiding internal network IP addresses? A. Proxy B. RAS C. DNS D. DHCP

Q.79) Which of the following services is capable of hiding internal network IP addresses? A. Proxy (Answer) B. RAS C. DNS D. DHCP Explanation Proxy firewall and Router are all capable of Network Address Translation (NAT). NAT helps to hide internal network IP addresses from the external world.

80

Q.80) MS-CHAP is abbreviation for Most Secure Challenge Handshake Authentication Protocol. T/F? A. True B. False

Q.80) MS-CHAP is abbreviation for Most Secure Challenge Handshake Authentication Protocol. T/F? A. True B. False (Answer) Explanation MS-CHAP is abbreviation for Microsoft Challenge Handshake Authentication Protocol.

81

Q.81) If you were implementing a network that required users to be assigned certificates for authentication which of the following services would be most important? A. Certificate Service B. IIS C. RAS D. None of the above

Q.81) If you were implementing a network that required users to be assigned certificates for authentication which of the following services would be most important? A. Certificate Service (Answer) B. IIS C. RAS D. None of the above Explanation Certificate service will be responsible for generating and maintaining certificates.

82

Q.82) If you wanted to provide a user limited access to network which of the following authentication methods would you use? Choose the best answer. A. Username/Password B. Smart Card C. Certificate D. Token

Q.82) If you wanted to provide a user limited access to network which of the following authentication methods would you use? Choose the best answer. A. Username/Password B. Smart Card C. Certificate (Answer) D. Token Explanation Smart Card and token are not the correct choices here. Username/Password could have been considered if the option also carried the term ?with limited permissions? but since that is not he case the ideal choice here would be the Certificate. Certificates allow the user to roam the network but with limited access.

83

Q.83) Which of the following are an advantage and a disadvantage with Smart Cards?

Q.83) Which of the following are an advantage and a disadvantage with Smart Cards? Explanation In case of Smart Cards although one card can hold access permissions for several buildings in a campus it can be a problem if the user loses it and is no longer in possession of the card physically as it could reach the wrong hands before it is found.

84

Q.84) To ensure secure authentication on a network you would use IPSec authentication. T/F?

Q.84) To ensure secure authentication on a network you would use IPSec authentication. T/F? Explanation IPSec policies are one of the best implementations to ensure secure authentication on a network.

85

Q.85) Which of the following statements correctly define multi-factor? Choose the best answer.

Q.85) Which of the following statements correctly define multi-factor? Choose the best answer. Explanation Multi-factor is a process of combining more than one access methods to ensure authentication happens correctly and is fool proof

86

Q.86) Which of the following can be enabled to issue certificates in a network that requires Certificates for security? Choose two. A. Certificate Server B. Administrator C. Owner D. Third party Certificate Server

Q.86) Which of the following can be enabled to issue certificates in a network that requires Certificates for security? Choose two. A. Certificate Server (Missed) B. Administrator C. Owner D. Third party Certificate Server (Missed) Explanation The Certificate Server component that is hosting the Certificate service is responsible for generating certificates. This Certificate Server can be local to the network or can be a third party Certification authority.

87

Q.87) Which of the following is true about the Certificates? Choose all that apply. A. A Certificate can be issued by a third party only. B. A Certificate enhances the credibility of the end object to which it has been assigned. C. A Certificate when assigned to a user enhances user access permissions on the network resources for that user. D. A Certificate requires a Certification authority to be generated. E. A Certificate is used for secure authentication.

Q.87) Which of the following is true about the Certificates? Choose all that apply. A. A Certificate can be issued by a third party only. B. A Certificate enhances the credibility of the end object to which it has been assigned. (Missed) C. A Certificate when assigned to a user enhances user access permissions on the network resources for that user. D. A Certificate requires a Certification authority to be generated. (Missed) E. A Certificate is used for secure authentication. (Missed) Explanation A Certificate is ideally used for secure authentication. Whenever a Certificate has been assigned to a User Computer or a Web site it enhances the credibility for that individual object of reference and makes it easy for the other communicating end to trust this user computer or web site. A Certificate need not be assigned only by a third party. You may configure a Certificate Server in your network that is capable of generating Certificates. But a third party verification is always better trusted as it is unbiased.

88

Q.88) Which of the following about the Kerberos system is true? Choose all that apply. A. Kerberos is ideal for WAN security B. Kerberos uses a ticket to attach credentials to users. C. Kerberos needs a certificate authority to be present in the network D. Kerberos is ideally meant for LAN

Q.88) Which of the following about the Kerberos system is true? Choose all that apply. A. Kerberos is ideal for WAN security B. Kerberos uses a ticket to attach credentials to users. (Missed) C. Kerberos needs a certificate authority to be present in the network D. Kerberos is ideally meant for LAN (Missed) Explanation Kerberos is ideally meant for LAN security. It uses tickets to assign credentials to users who need to be authenticated to the LAN and then need to use the network resources.

89

Q.89) Which of the following statements about password encryption is true? Choose all that apply. A. PAP allows maximum security B. CHAP allows maximum security C. PAP is a two-way handshake D. CHAP is a three-way handshake.

Q.89) Which of the following statements about password encryption is true? Choose all that apply. A. PAP allows maximum security B. CHAP allows maximum security (Missed) C. PAP is a two-way handshake (Missed) D. CHAP is a three-way handshake. (Missed) Explanation Password encryption allows for security during authentication. PAP is a two-way handshake that is least secure. CHAP is a three-way handshake that is most secure.

90

Q.90) Certificates can be assigned to which of the following? Choose all that apply A. User B. Computer C. Web site D. Operating System

Q.90) Certificates can be assigned to which of the following? Choose all that apply A. User (Missed) B. Computer (Missed) C. Web site (Missed) D. Operating System Explanation User Computer as well as Websites need to be certified as ?secure? by a third party at times depending on the scenario. Hence assigning certificates to any of these objects can improve the credibility of that individual object.

91

Q.91) While assigning access privilege using the RBAC model which of the following will you be needing? A. Responsibilities attached to the role played by the user B. Access Control list C. Resource list D. User Database

Q.91) While assigning access privilege using the RBAC model which of the following will you be needing? A. Responsibilities attached to the role played by the user (Answer) B. Access Control list C. Resource list D. User Database Explanation The mandatory information required while assigning privilege access in the RBAC model would be the responsibilities attached to the role in the organization that the user has assumed.

92

Q.92) You have created a folder on your server that will be holding confidential data. You wish to assign privilege access to the same. You will be choosing which of the following control systems? A. Mandatory Access Control B. Discretionary Access Control C. Role Based Access Control D. Any of the above

Q.92) You have created a folder on your server that will be holding confidential data. You wish to assign privilege access to the same. You will be choosing which of the following control systems? A. Mandatory Access Control B. Discretionary Access Control (Answer) C. Role Based Access Control D. Any of the above Explanation System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

93

Q.93) Which of the following will make an administrator aware of the security vulnerabilities on the network server? (Choose two) A. Web sites relating to vulnerability management must be frequently visited B. Running patches on the server will inform the administrator about the vulnerabilities C. Run an audit on the server D. None of the above

Q.93) Which of the following will make an administrator aware of the security vulnerabilities on the network server? (Choose two) A. Web sites relating to vulnerability management must be frequently visited (Missed) B. Running patches on the server will inform the administrator about the vulnerabilities C. Run an audit on the server (Missed) D. None of the above Explanation The administrator must make it a point to frequently visit sites that provide information on vulnerability management issues. This will help the administrator to run a comparison on what are the existing vulnerabilities and which are the ones that the network servers are currently suffering. Periodic audits should be done to detect vulnerabilities.

94

Q.94) Which of the following would correctly define the process of monitoring?

Q.94) Which of the following would correctly define the process of monitoring? Explanation Monitoring is a process where in you must ensure that the policies that have been decided upon have been put into place are in practice.

95

Q.95) Which of the following would ensure that the level of vulnerabilities on the server be reduced? A. Apply relevant patches as and when required B. Do away with antivirus if proper updating is not possible C. Ensure the server is using proper network drivers D. None of the above

Q.95) Which of the following would ensure that the level of vulnerabilities on the server be reduced? A. Apply relevant patches as and when required (Answer) B. Do away with antivirus if proper updating is not possible C. Ensure the server is using proper network drivers D. None of the above Explanation Applying correct version of patches and applying it as and when required will secure the server to a great extent and reduce on vulnerabilities.

96

Q.96) Define a threat. A. It is the probable action when taken can harm the organization assets. B. It is the probable analysis when fails can damage company assets C. It is the action that will take place to damage the company assets. D. None of the above

Q.96) Define a threat. A. It is the probable action when taken can harm the organization assets. (Answer) B. It is the probable analysis when fails can damage company assets C. It is the action that will take place to damage the company assets. D. None of the above Explanation A threat is a probability of an action that will damage the assets of the organization when and if it occurs. It is not a surety of that action in itself.

97

Q.97) Which of the following can be a problem for database server security? Choose two A. A skillful but non-trust worthy administrator B. An amateur administrator C. Server that is not fully equipped to handle network load D. Network that cannot support required data transfer speed

Q.97) Which of the following can be a problem for database server security? Choose two A. A skillful but non-trust worthy administrator (Missed) B. An amateur administrator (Missed) C. Server that is not fully equipped to handle network load D. Network that cannot support required data transfer speed Explanation A skillful but non-trust worthy administrator is a potential source for data leakage. An amateur administrator may not assign the access permission as and how required which is also goes against he security of the database server.

98

Q.98) Which of the following is a must to ensure data security? Choose two A. Encrypt local data on the server B. Encrypt data being backed up on to the tape C. Encrypt authentication D. Encrypt password

Q.98) Which of the following is a must to ensure data security? Choose two A. Encrypt local data on the server (Missed) B. Encrypt data being backed up on to the tape (Missed) C. Encrypt authentication D. Encrypt password Explanation Since data being saved is also being backed up it is essential to ensure the backup copy of the data along with the live data is being encrypted for the purpose of data security.

99

Q.99) Which of the following is the use of encryption where mail messages are concerned? A. Enforce encryption based on message content B. Enforce need for digital signatures C. Enforce the need for encrypting user specific message D. None of the above

Q.99) Which of the following is the use of encryption where mail messages are concerned? A. Enforce encryption based on message content (Answer) B. Enforce need for digital signatures C. Enforce the need for encrypting user specific message D. None of the above Explanation Encryption is usually enforced based on message content rather than who the sender is.

100

Q.100) Every user must be aware of security solutions employed on the network. T/F? A. True B. False

Q.100) Every user must be aware of security solutions employed on the network. T/F? A. True B. False (Answer) Explanation Every user must be transparent to the security solutions employed on the network