INF4831 INFORMATION SECURITY QUESTIONS AND ANSWERS
A+ GRADED. Buy Quality Materials!
1. Honeypots
_____ are decoy systems designed to lure potential attackers away from critical
systems
2. Hash
____ functions are mathematical algorithms that generate a message summary or
digest to confirm the identity of a specific message and to confirm that there have not
been any changes to the content
3. certificate authority
3. ______issues, manages, authenticates, signs, and revokes users' digital certificates
4. symmetric
4. Encryption methodologies that require the same secret key to encipher and decipher
the message are using what is called _____
5. Decryption
5. _____ is the process of converting the ciphertext message back into plaintext so that
it can be readily understood.
6. demilitarized zone or DMZ
6. In computer security ______ is a semiprivate network that contains and exposes an
organization's external-facing services to a larger and untrusted network such as the
Internet.
7. certificate
7. A digital _______ is an electronic document or container file that contains a key value
and identifying information about the entity that controls the key.
8. Router
8. _____ is a device that interconnects two or more networks and selectively
interchanges packets of data between them.
9. Logic bomb
9. _____ is a program that executes a malicious function of some kind when it detects
certain conditions.
10. GLBA
10. _____ is the U.S. security-related act that addresses the privacy and security of
consumer financial information.
timing
11. In a ____ attack, the attacker eavesdrops during the victim's session and uses
statistical analysis of patterns and inter-keystroke timings to discern sensitive session
information.
a. replay c. correlation
b. timing d. dictionary
SOX
12. The main goal of ____ is to protect investors from financial fraud.
--GLBA
--CIPA
,--FISMA
--SOX
Confidentiality
13. Which of the following about information security is provided by symmetric-key
systems.
---Non-repudiation
---Confidentiality
---Integrity
---Authentication
SYN flood
14. Which type of attack results in legitimate users not having access to a system
resource?
---Man in the Middle
---Replay
---Trojan
---SYN flood
Digital certificates
15. Which of the following help us solve the key distribution problem of the symmetric-
key cryptography?
---Digital certificates
---Hash functions
---Triple DES
---Routers
16. False
16. Hash functions require the use of keys.
True/False
True
17. Popular cryptosystems use a hybrid combination of symmetric and asymmetric
algorithms.
True/False
18. True
18. The AES algorithm is a public key encryption algorithm
True/False
19. False
19. A stateful inspection firewall doesn't allow packets directly between systems on
opposite sides of the firewall but opens separate connections with each of the parties.
True/False
20. False
20. FERPA applies to all educational institutions of the US.
True/False
Information provided on a company's website. It is public so not confidential but
it should not have been tampered with and it should have been posted by the
legitimate company
21. Describe a scenario where information is not confidential but its integrity and
authenticity are crucial.
, --Define the assessment plan.
--Identify in-scope and out-of-scope objectives.
--Establish assessment benchmarks and baselines.
--Collect assessment data and conduct interviews.
--Target applications, connections, protocols, services, or users to exploit
--Validate security mechanisms and identify true weaknesses.
22. (3pts)The following procedures for assessing system security are out of order. Sort
them in the order of priority.
--Identify in-scope and out-of-scope objectives.
--Validate security mechanisms and identify true weaknesses.
--Define the assessment plan.
--Collect assessment data and conduct interviews.
--Establish assessment benchmarks and baselines.
--Target applications, connections, protocols, services, or users to exploit
Physical addressing------Data link
Data format; encryption----Presentation
Signaling----Physical
End-to-end communication-----Transport
Routing data; logical addressing-------Network
User interface------Application
Process to process communication-----Session
ans 7,5,6,4,3,2,1
23. (7pts) Match the OSI Network layers with their functions.
Functions
Physical addressing
Data format; encryption
Signaling
End-to-end communication
Routing data; logical addressing
User interface
Process to process communication
Layers
1. Session
2. Application
3. Network
4. Transport
5. Presentation
A+ GRADED. Buy Quality Materials!
1. Honeypots
_____ are decoy systems designed to lure potential attackers away from critical
systems
2. Hash
____ functions are mathematical algorithms that generate a message summary or
digest to confirm the identity of a specific message and to confirm that there have not
been any changes to the content
3. certificate authority
3. ______issues, manages, authenticates, signs, and revokes users' digital certificates
4. symmetric
4. Encryption methodologies that require the same secret key to encipher and decipher
the message are using what is called _____
5. Decryption
5. _____ is the process of converting the ciphertext message back into plaintext so that
it can be readily understood.
6. demilitarized zone or DMZ
6. In computer security ______ is a semiprivate network that contains and exposes an
organization's external-facing services to a larger and untrusted network such as the
Internet.
7. certificate
7. A digital _______ is an electronic document or container file that contains a key value
and identifying information about the entity that controls the key.
8. Router
8. _____ is a device that interconnects two or more networks and selectively
interchanges packets of data between them.
9. Logic bomb
9. _____ is a program that executes a malicious function of some kind when it detects
certain conditions.
10. GLBA
10. _____ is the U.S. security-related act that addresses the privacy and security of
consumer financial information.
timing
11. In a ____ attack, the attacker eavesdrops during the victim's session and uses
statistical analysis of patterns and inter-keystroke timings to discern sensitive session
information.
a. replay c. correlation
b. timing d. dictionary
SOX
12. The main goal of ____ is to protect investors from financial fraud.
--GLBA
--CIPA
,--FISMA
--SOX
Confidentiality
13. Which of the following about information security is provided by symmetric-key
systems.
---Non-repudiation
---Confidentiality
---Integrity
---Authentication
SYN flood
14. Which type of attack results in legitimate users not having access to a system
resource?
---Man in the Middle
---Replay
---Trojan
---SYN flood
Digital certificates
15. Which of the following help us solve the key distribution problem of the symmetric-
key cryptography?
---Digital certificates
---Hash functions
---Triple DES
---Routers
16. False
16. Hash functions require the use of keys.
True/False
True
17. Popular cryptosystems use a hybrid combination of symmetric and asymmetric
algorithms.
True/False
18. True
18. The AES algorithm is a public key encryption algorithm
True/False
19. False
19. A stateful inspection firewall doesn't allow packets directly between systems on
opposite sides of the firewall but opens separate connections with each of the parties.
True/False
20. False
20. FERPA applies to all educational institutions of the US.
True/False
Information provided on a company's website. It is public so not confidential but
it should not have been tampered with and it should have been posted by the
legitimate company
21. Describe a scenario where information is not confidential but its integrity and
authenticity are crucial.
, --Define the assessment plan.
--Identify in-scope and out-of-scope objectives.
--Establish assessment benchmarks and baselines.
--Collect assessment data and conduct interviews.
--Target applications, connections, protocols, services, or users to exploit
--Validate security mechanisms and identify true weaknesses.
22. (3pts)The following procedures for assessing system security are out of order. Sort
them in the order of priority.
--Identify in-scope and out-of-scope objectives.
--Validate security mechanisms and identify true weaknesses.
--Define the assessment plan.
--Collect assessment data and conduct interviews.
--Establish assessment benchmarks and baselines.
--Target applications, connections, protocols, services, or users to exploit
Physical addressing------Data link
Data format; encryption----Presentation
Signaling----Physical
End-to-end communication-----Transport
Routing data; logical addressing-------Network
User interface------Application
Process to process communication-----Session
ans 7,5,6,4,3,2,1
23. (7pts) Match the OSI Network layers with their functions.
Functions
Physical addressing
Data format; encryption
Signaling
End-to-end communication
Routing data; logical addressing
User interface
Process to process communication
Layers
1. Session
2. Application
3. Network
4. Transport
5. Presentation
