INFOSEC FINAL EXAM QUESTIONS AND ANSWERS 100% PASS

INFOSEC FINAL EXAM QUESTIONS
AND ANSWERS 100% PASS




The idea behind _____________ in ______________ is to manage risk with diverse defensive
strategies, so that if one layer of defense turns out to be inadequate, another layer of defense
will hopefully prevent a full breach. - ANS defense , depth



A security mechanism is a method, tool, or procedure for enforcing a security policy. -
ANS True



The role of trust is not crucial to understanding the nature of computer security. - ANS False



A security policy is a statement of what is, and what is not, allowed. - ANS True



Analysis of a policy model usually discusses particular policies. - ANS False



Match the following terms to their definitions:

- Principle of Least Privilege / Principle of Least Authority

- Principle of Separation of Privilege

- Principle of Fail-Safe Defaults

- Principle of Least Common Mechanism


1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

,- Principle of Least Astonishment - ANS Principle of Least Privilege / Principle of Least
Authority - a subject should be given only those privileges that it needs in order to complete its
task



Principle of Separation of Privilege - a system should not grant permission based on a single
condition



Principle of Fail-Safe Defaults - unless a subject is given explicit access to an object, it should be
denied access to that object



Principle of Least Common Mechanism - mechanisms used to access resources should not be
shared



Principle of Least Astonishment - security mechanisms should be designed to that users
understand the reason that the mechanisms work the way it does and that using the
mechanism is simple



Security mechanisms must be technical in nature. - ANS False



In theory, formal verification can prove the absence of vulnerabilities. - ANS True



Penetration testing is a testing technique, not a proof technique. - ANS True



The White Team is made up of all-knowing, neutral, third-party individuals who set the rules of
engagement, organizes teams, makes plans and monitors progress. - ANS True



Black-box testing - ANS uses test methods that aren't based directly on knowledge of a
program's architecture or design


2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

, White-box testing - ANS Based on knowledge of the application's design and source code.



Gray Box Testing - ANS Uses limited knowledge of the program's internals. This might mean
the tester knows about some parts of the source code and not others



Unlike other testing and verification technologies, a penetration test examines procedural and
operational controls as well as technological controls. - ANS True



The primary goal of a Purple Team is to maximize the results of Red Team engagements and
improve Blue Team capability. - ANS True



Select the correct Audit Data Collection Methods - ANS Checklists

Reviewing Polcy

Questionnaires



The goal of a penetration study/test is to violate the site security policy. - ANS True



The White Team is made up of all-knowing, neutral, third-party individuals who set the rules of
engagement, organizes teams, makes plans and monitors progress. - ANS True



Cryptography is a fundamental tool in security because encryption can guarantee: - ANS 1.
Data Confidentiality/Privacy

2. Data integrity

3. Protection from replay attacks

4. Message Authenticity



3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.