




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Various topics related to basic networking and communications, including questions on protocols, ports, and networking attacks. It provides information on concepts such as sso (single sign-on), arp, dns, ssh, and different types of network attacks like salami attack, sniffing attack, replay attack, and covert channel. The document also discusses security-related user awareness training, malware detection techniques, risk management, controls and countermeasures, auditing, and security operations. Overall, the document seems to cover a broad range of fundamental networking and security topics that are relevant for students studying computer science, information technology, or cybersecurity.
Typology: Exams
1 / 105
This page cannot be seen from the preview
Don't miss anything!





























































































[Security Fundamentals] How many years of experience are required to earn the Associate of (ISC) designation? A. Zero B. One C. Two D. Five Correct Answer-A [Security Fundamentals] What are the three elements of the security triad? A. Authentication authorization, and accounting B. Confidentiality, integrity, and availability C. Identification, authentication, and authorization D. Confidentiality, integrity, and authorization Correct Answer-B [Security Fundamentals] Who is responsible for ensuring that security controls are in place to protect against the loss of confidentiality integrity, or availability of their systems and data? A. IT administrators
B. System and information owners C. CFO D. Everyone Correct Answer-B [Security Fundamentals] You are sending an e-mail to a business partner that includes proprietary data. You want to ensure that the partner can access the data but that no one else can. What security principle should you apply? A. Authentication B. Availability C. Confidentiality D. Integrity Correct Answer-C [Security Fundamentals] Your organization wants to ensure that attackers are unable to modify data within a database. What security principle is the organization trying to enforce? A. Accountability B. Availability C. Confidentiality D. Integrity Correct Answer-D [Security Fundamentals]
C. Users can only access data they need to perform their jobs. D. It prevents users from denying they took an action. Correct Answer-C [Security Fundamentals] Your organization wants to implement policies that will deter fraud by dividing job responsibilities. Which of the following policies should they implement? A. Nonrepudiation B. Least privilege C. Defense in depth D. Separation of duties Correct Answer-D [Security Fundamentals] Which one of the following concepts provides the strongest security? A. Defense in depth B. Nonrepudiation C. Security triad D. AAAs of security Correct Answer-A [Security Fundamentals] Which of the following would a financial institution use to validate an e-commerce transaction?
A. Nonrepudiation B. Least privilege C. Authentication D. Signature Correct Answer-A [Security Fundamentals] What are the AAAs of information security? A. Authentication, availability, and authorization B. Accounting, authentication, and availability C. Authentication, authorization, and accounting D. Availability, accountability, and authorization Correct Answer-C [Security Fundamentals] You want to ensure that a system can identify individual users track their activity, and log their actions. What does this provide? A. Accountability B. Availability C. Authentication D. Authorization Correct Answer-A [Security Fundamentals]
C. Identification D. Accounting Correct Answer-C [Access Controls] Access controls protect assets such as files by preventing unauthorized access. What must occur before a system can implement access controls to restrict access to these types of assets? A. Identification and authentication B. Identification and accountability C. Authentication and accounting D. Accountability and availability Correct Answer-A [Access Controls] Users are required to enter a different password each time they log on. What type of password is this? A. Static password B. Cognitive password C. Passphrase D. Dynamic password Correct Answer-D [Access Controls]
Authentication includes three types or factors. Which of the following best describes these authentication methods? A. Something you say, something you think, and something you are B. Something you know, something you have, and something you type C. Something you know, something you say, and something you are D. Something you know, something you have, and something you are Correct Answer-D [Access Controls] Which of the following choices does NOT ensure that a password is strong? A. Ensuring that the password is of a sufficient length B. Ensuring that the password is changed frequently C. Ensuring that the password has a mixture of different character types D. Ensuring that the password does not include any part of the user's name Correct Answer-B [Access Controls] What can be used to prevent a user from reusing the same password? A. Minimum password age B. Maximum password age C. Password length
A. False Acceptance Rate (FAR) B. False Rejection Rate (FRR) C. Sunlight shining into the scanner D. Faulty laser beam Correct Answer-C [Access Controls] Which of the following metrics identifies the number of valid users that a biometric authentication system falsely rejects? A. FAR B. FRR C. CER D. AAA Correct Answer-B [Access Controls] Which of the following biometric methods has the lowest CER? A. Iris scan B. Handwriting analysis C. Keystroke dynamics D. Thumbprint scan Correct Answer-A [Access Controls]
What is SSO? A. A system that requires user credentials once and uses the same credentials for the entire session B. An authentication system that requires users to use different credentials for each resource they access C. A secure system used for operations D. Any network that employs secure access controls Correct Answer-A [Access Controls] What type of service does Kerberos provide? A. Authentication B. Accounting C. Availability D. Accountability Correct Answer-A [Access Controls] Of the following choices what most accurately identifies the major drawback of SSO systems? A. It allows users to access multiple systems after logging on once. B. It increases the difficulty for users to log on.
A. Chinese Wall and Clark-Wilson B. Chinese Wall and Biba C. Clark-Wilson and Bell-LaPadula D. Biba and Bell-LaPadula Correct Answer-A [Access Controls] Which of the following statements is true? A. An access control matrix is object based and a capability table is object based. B. An access control matrix is subject based and a capability table is object based. C. An access control matrix is object based and a capability table is subject based. D. An access control matrix is subject based and a capability table is subject based. Correct Answer-C [Access Controls] Which of the following will disable an account if an attacker tries to guess the password multiple times? A. A password policy B. An account lockout policy C. A password history D. De-provisioning accounts Correct Answer-B [Access Controls]
Which of the following actions is most appropriate if an employee leaves the company? A. Delete the user's account as soon as possible. B. Disable the user's account as soon as possible. C. Change the user's password as soon as possible. D. Change the user's permissions as soon as possible. Correct Answer-B [Basic Networking & Communications] Which layer of the OSI Model defines cable standards? A. Physical layer B. Data Link layer C. Network layer D. Transport layer Correct Answer-A [Basic Networking & Communications] Which layer of the OSI Model packages data as a frame? A. Physical layer B. Data Link layer C. Network layer D. Transport layer Correct Answer-B
C. Data Link layer D. Host layer Correct Answer-B [Basic Networking & Communications] Which layer of the OSI Model includes TCP and UDP? A. Transport layer B. Network layer C. Data Link layer D. Application Correct Answer-A [Basic Networking & Communications] Which of the following protocols is connection oriented? A. IP B. RIP C. TCP D. UDP Correct Answer-C [Basic Networking & Communications] Which layer of the TCP/IP Model corresponds to the OSI Network layer?
A. Host layer B. Application layer C. Internet layer D. Link layer Correct Answer-C [Basic Networking & Communications] Which of the following topologies avoids collisions using a token? A. IEEE 802. B. IEEE 802. C. CSMA/CD D. CSMA/CA Correct Answer-B [Basic Networking & Communications] What protocol would a system use to determine a systems physical address? A. ARP B. RARP C. BootP D. DNS Correct Answer-A [Basic Networking & Communications] Which of these ports does DNS use?
Which of the following protocols is a more secure alternative for remote login? A. Telnet B. rlogin C. rexec D. SSH Correct Answer-D [Basic Networking & Communications] What port does POP3 use? A. 25 B. 110 C. 143 D. 443 Correct Answer-B [Basic Networking & Communications] You are purchasing a product from a website. Which of the following protocols will your system most likely use to provide confidentiality for this transaction? A. SSL B. SSH C. IPsec D. HTTP Correct Answer-A
[Basic Networking & Communications] Which of the following statements is correct related to IPsec? A. IPsec provides confidentiality by encrypting data with AH. B. IPsec provides confidentiality by encrypting data on the Network layer. C. IPsec AH uses protocol number 50. D. IPsec ESP uses protocol number 51. Correct Answer-B [Basic Networking & Communications] What is the protocol number for IPsec AH? A. 1 B. 6 C. 50 D. 51 Correct Answer-D [Basic Networking & Communications] Where is a DMZ located? A. Behind the intranet firewall B. In front of the first intranet-facing firewall