





















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
This study guide provides a comprehensive overview of key concepts in information security fundamentals, covering topics such as cryptography, malware, social engineering, and physical security. It includes multiple-choice questions and answers to help students prepare for their final exam in cist 1601.
Typology: Exams
1 / 61
This page cannot be seen from the preview
Don't miss anything!
Which is a form of cryptography provides confidentiality with a weak form of authentication or integrity? Symmetric key encryption Asymmetric Key encryption Hash algorithm Key distribution - Answer:::✔✔Symmetric-key encryption What is the main difference between a worm and a virus? A worm tries to the steal information, while I virus tries to destroy data. A worm is restricted to one system, while a virus can spread from system to system. A worm can replace itself, while a virus requires a host for distribution. A worm requires an execution mechanism to start while a virus can start itself - Answer:::✔✔A worm can replicate itself, while a virus requires a host for distribution.
What type of malware monitors your actions? Virus Worm Spyware Trojan horse - Answer:::✔✔Spyware A collection of zombie computers have been set up to collect personal information. What type of malware to the zombie computers represent? Trojan Horse Logic Bomb Botnet Spyware - Answer:::✔✔Botnet Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? Worm ActiveX Control Outook Express Trojan horse - Answer:::✔✔Trojan Horse
What is the primary distinguishing characteristic between a worm and a logic bomb? Incidental damage to resources Masquerades as a useful program Self replication Spreads via email - Answer:::✔✔Self-replication What is another name for a logic bomb? Asynchronous attack Trojan horse Pseudo-flaw DNS poisoning - Answer:::✔✔Asynchronous Attack Which of the following statements about the use of antivirus software is correct?
You want to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? Change management Resource allocation Service Level Agreement (SLA) Acceptable use - Answer:::✔✔Change management What is the most effective way to improve or enforce security in any environment? Providing user awareness training Disabling Internet access Requiring two-factor authentication Enforcing account lockout - Answer:::✔✔providing User awareness training Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect
● Personnel and policies ● IT hardware and software - Answer:::✔✔Every aspect You have recently discovered that a network attack is compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you legally be required to do? Implement training for employees who handle personal information Perform additional investigations to identify the attacker Contact your customers let them know about the security breach Delete personally identifiable information from your computers - Answer:::✔✔Contact your customers to let them know of the security breach What is the primary countermeasure to social engineering? Traffic filters A written security policy Heavy management oversight Employee awareness training - Answer:::✔✔Employee awareness training
Masquerading Vishing Taligating - Answer:::✔✔Vishing You are about to enter your office building through a back entrance. A man dressed as a plumber asked you to let him and so he can fix the restroom. What should you do?
Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smartcards to gain entry? Use weight scales Install security cameras Use key locks rather than electronic locks Deploy a mantrap - Answer:::✔✔Deploy a mantrap What is the primary benefit of CCTV? Increase security protection throughout an environment Reduce the need for locks and sensors on doors Expand the area visible by security guards Provide a corrective control - Answer:::✔✔Expands the area visible by security guards Which of the following is not a benefit of physical security? Sensitive data is protected from unauthorized access Untrained employees cannot miss-use equipment Employee passwords are stronger Terrorists cannot walk in off the street and change the network configuration - Answer:::✔✔Employee passwords are stronger.
What common design feature among instant messaging clients make them less secure than other means of communicating over the Internet? Freely available for use Real-time communication Peer-to-peer networking Transfer of text and files - Answer:::✔✔Peer-to-peer networking What type of attack is most likely to succeed with communications between instant messaging clients? Sniffing DNS poisoning Brute force password attack Denial of service - Answer:::✔✔Sniffing Which of the following attacks, is successful, causes a switch to function like a hub? Replay ARP poisoning MAC flooding
MAC spoofing - Answer:::✔✔MAC flooding Which of the following switch attacks associates the attackers MAC address with the IP address of the victims devices? Cross-site scripting DNS poisoning MAC spoofing ARP spoofing/poisoning - Answer:::✔✔ARP spoofing/poisoning Which is a typical goal of MAC spoofing? Rerouting local traffic to a specified destination Causing a switch to enter fail open mode Causing incoming packets to broadcast to all ports Bypassing 802.1x port-based security - Answer:::✔✔Bypassing 802.1x port based security Which of the following is an appropriate definition of a VLAN?
RADIUS is primarily used for what purpose?
Delete all files from all the hard disks in the computer Damage the hard disks so badly that all data remaining is gone - Answer:::✔✔Damage the hard disc so badly that all data remaining is gone. How many keys are used with asymmetric (public key) cryptography? One Two Three Four - Answer:::✔✔Two A receiver wants to verify the integrity of the message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver used to access the hashing value and verify the integrity of the transmission? A receiver's public key Sender's private key Sender's public key Receiver's private key - Answer:::✔✔Sender's public key
Which aspect of a birth certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet? It is a trusted third - party It is a digital mechanism, rather than a physical one. It uses electronic signatures. It provides ease-of-use - Answer:::✔✔It is a trusted third party Which standard is most widely used for certificates? SSL v.3. HTTP 1. 802.1x X.509 - Answer:::✔✔X. If you perform regular backups, what must be done to ensure that you are protected against data loss? Write protect all backup media Restrict restoration privileges to system administrators Store the backup media in an on-site fireproof vault