Download Information Security Final Exam: Questions and Answers and more Exams Information Technology in PDF only on Docsity!
INFORMATION SECURITY FINAL EXAM
WITH CORRECT ACTUAL QUESTIONS AND
CORRECTLY WELL DEFINED ANSWERS
LATEST 2025 ALREADY GRADED A+
integrity - ANSWERS-Only the authorized people can modify the contents ofinformation/data:
Cryptography - ANSWERS-Which technique can be used to ensure confidentiality? Hash Functions - ANSWERS-Which function ensure the integrity? inside hacking - ANSWERS-The biggest threat of the User domain is: People (users) - ANSWERS-The weakest link in IT industry is
False - ANSWERS-Hash functions is extremely easy to reverse. True or false Fixed and same - ANSWERS-Regardless the length of the password, the hashfunctions always creates ______ size of hash
SAM File - ANSWERS-The password file stored on windows computer is termed as: True - ANSWERS-Search space is the all possible passwords. True or false True - ANSWERS-If we increase the length of the password, the size of the searchspace becomes longer. True or false
Authorization - ANSWERS-After the succesful authentication, the authenticationnext step is:
username and password - ANSWERS-In authorization factors, something youknow is:
keystroke dynamics - ANSWERS-In authentication factor, what do you do: wireshark - ANSWERS-For sniffing of the credentials, the best software is:
Passive - ANSWERS-_____ tokens store the credentials permanently in ROM & thecredentials are static
Hash Value - ANSWERS-Usually, the response of the challenge (send byAuthentication system) is _____ calculated with Base Secret
Track the failed password attempts - ANSWERS-To avoid strong risks, whichshould be the best technique to detect the guessing attack:
Access Control System - ANSWERS-Grants or denies the access to specificequipment and resources?
Logical - ANSWERS-_____access control control the access of computer, networksand computational systems.
Security Kernel - ANSWERS-_____is a security system that enforced access controlfor computational systems
True - ANSWERS-Security Kernel is usually a centralized system. True or false Subjects - ANSWERS-In Access control systems, the users are known as: Single sign on (SSO) - ANSWERS-Which access control is more suitable in Multivendor environment:
Discretionary Access Control (DAC) - ANSWERS-Which is the least restrictedaccess control model:
Mandatory Access Control (MAC) - ANSWERS-Which is the most restricted accesscontrol model:
Rule Based Access Control (RBAC) - ANSWERS-Which is the best method fordynamic organizations, where rules can be assigned to objects.
Separation of Duties - ANSWERS-Split the critical tasks between two or morepeople, so none of them knows the overall system
Group Policy - ANSWERS-Which particular access control and managementtechnique is developed by Microsoft inc. and comes with windows:
Dormant - ANSWERS-Accounts that has not been accessed for long time Authentication, Authorization, Accounting - ANSWERS-AAA servers are mandatorypart of the organizations, where AAA stands for:
RADIUS - ANSWERS-Which of the filling formal authentication system invented in1992 and became the telecom industrial standard authentication model:
Cryptanalysis - ANSWERS-Breaking of secret codes are known as: Stenography - ANSWERS-The process of concealing a file/image within anotherfile or image is:
Enigma - ANSWERS-In World War I, the German forces took the advantage of____, an automatic cipher machine.
Non-repudiation - ANSWERS-By incorporating________, the users cannot disowntheir actions.
true - ANSWERS-Encrypted text is also known as Cipher text. true or false false - ANSWERS-In Symmetric key encryption, the sender and the receiver usedifferent keys.
true or false false - ANSWERS-Hash functions are exclusively designed for encryption. true or false
111 - ANSWERS-If key=111 and plain text=000 then using XOR gate what will bethe cipher
0000 - ANSWERS-Which of the followings is the weakest key example: DES - ANSWERS-Which of the following symmetric encryption algorithm was thejoint venture of DoD and IBM?
56 - ANSWERS-DES uses the ____bit key size to encrypt 64-bit of the data. AES - ANSWERS-Which of the following algorithms is currently the US FederalGov. Standard?
fasle - ANSWERS-Bitlocker is the encryption feature of MAC OS, that can encryptthe whole hard drive
true or false OTP - ANSWERS-Which of the following key stream mechanism is theoreticallyimpossible to crack.
3 times - ANSWERS-To erase a plain text file, how many times overwriting isrecommended:
true - ANSWERS-RSA uses the two Prime numbers to calculate Public and Privatekeys
true or false Non-repudiation - ANSWERS-Digital signatures are often used to provide: true - ANSWERS-In DVD players, to unwrap the Disk key, the DVD player uses"Player Key".
true or false false - ANSWERS-A digital signature uses symmetric keys to sign or verify digitaldata.
true or false false - ANSWERS-The shorter the encryption key, the more difficult it is to crack. true or false Salt (Nonce) - ANSWERS-To avoid the static behavior, the _____can be addedbefore computing the Hash value of the message.
Disk Key - ANSWERS-In DVD players, the title key can be unwrapped using _____ Public - ANSWERS-In RSA key wrapping (hybrid scheme), the sender uses the ____key of the receiver to wrap the secret key (through which data has been encrypted) true - ANSWERS-In RSA usually, Public keys are much longer than secret keys toachieve optimal security
true or false false - ANSWERS-The encryption protects data from unauthorized change andprotects the data integrity.
true or false false - ANSWERS-To protect the data, the best solution is check sum. true or false false - ANSWERS-To verify the digital signature, the receiver uses his/her privatekey.
true - ANSWERS-Bluejacking is considered more annoying than harmful. true or false Blue Snarfing - ANSWERS-In _____, the attacker accesses the internal datawithout the owner's knowledge with just establishing the bluetooth connection.
rogue access point - ANSWERS-An unauthorized access point that allows anattacker to bypass the network security configurations.
war driving - ANSWERS-When the Attackers search for open wifi networks bydriving down the streets, the process is known as:
true - ANSWERS-Once all the legitimate devices have connected the sending outthe SSID becomes unnecessary.
true or false WPA - ANSWERS-Which security algorithm was reported to be vulnerable withinfew months of its invention.
WPA2 - ANSWERS-Which WLAN security algorithm is more robust than others:
true - ANSWERS-By using Wireless Probes, one can detect the rogue wifi. true or false Site surveys and audits - ANSWERS-______is the best solution to find out the eviltwin.
false - ANSWERS-Web application security is much easier than protecting theother network systems.
true or false HTTP - ANSWERS-The traditional network security devices don't filter_____packets.
true - ANSWERS-The XSS attack is more susceptible to blogging websites. true or false Malicious script - ANSWERS-In XSS, the attacker posts comment which has aunderlying______ that may run itself to steal data
true - ANSWERS-In 2013, Adobe systems were hacked, but fortunately hackersgot encrypted financial details
true or false risk - ANSWERS-Likelihood of something bad can happen: Confidentiality, Integrity, Availability - ANSWERS-CIA stands for: CISO - ANSWERS-Usually the top most position in information securitydepartment is:
Security Technician - ANSWERS-Who performs day to day security tasks and hasnothing to do with project supervision:
Authentication - ANSWERS-In_______ the system ensures whether the individualis who, he/she claims to be not an impostor.
reconnaissance - ANSWERS-Collection of information about the target such as: IPaddress, vulnerability etc. is known as
IoTs - ANSWERS-System of interrelated devices provided with unique ID andability to transfer data without human intervention is known as:
cloud - ANSWERS-The network of servers hosted over internet is: physical security - ANSWERS-Which is the biggest problem of IoTs? VPN - ANSWERS-The mobile apps somehow work like _____ client Software. Data Analytics - ANSWERS-The process of inspecting, cleaning and modeling datato discover useful information form the bulk data is:
Security and Privacy - ANSWERS-The biggest risk with BYOD policy: Mobile Node - ANSWERS-The device which moves from one network to anotheris:
Care of Address (CoA) - ANSWERS-IP address issued by Foreign Agent (FA) isKnown as:
(Note: Please select the best matching answer)
false - ANSWERS-The piggyback entry wiretapping is passive type of wiretapping true or false cookies - ANSWERS-Small text file, which are created by the web sites, allowed byuser's web browsers and stored on local computer:
espionage - ANSWERS-Which threat is related to disclosure: SYN Flood - ANSWERS-Ghost IP address can be used to launch DoS attack, whichtype of DoS attack uses the Ghost IPs
Session Hijacking - ANSWERS-Attacker steals the session token to take control ofthe session this attack is known as:
Pharming - ANSWERS-The attacker redirects the user to crafted (fraudulent)website to get confidential data:
Appender - ANSWERS-Which virus infection method is easily detectable by anti-viruses?
Swiss cheese - ANSWERS-In which method of virus infection, virus code isencrypted?
installation of anti-virus - ANSWERS-Malware does everything expect: fale - ANSWERS-Virus can transport itself automatically without any humanintervention:
true or false rootkits - ANSWERS-______facilitates the existing viruses and hides them frombeing detected.
buffer overflow - ANSWERS-_______ attack is the modification of Return addresspointer of CPU & RAM.
XML injection - ANSWERS-_______injecting tags to web server to accessunauthorized directories.
True - ANSWERS-Worm can replicate itself without any human intervention. true or false
