Documente Academic
Documente Profesional
Documente Cultură
NETWORKING SECURITY
1. When disposing magnetic storage media, all of the following methods ensure that
data is unreadable, EXCEPT:
2. Choose the appropriate answers for A1, A2 and A3 based on SDLC lifecycle.
- Confidentiality
- Availability
- Integrity
- Authenticity
5. What is the common Risk Management Framework used by typical IT organisations to
mitigate the risk ?
- Val IT
- Cobit 5
- Sarbanes Oxley
6. The Chart are the major agents threatening Hardware Malfunction risk area?
- Lack of Failover
- Non Compliance
7. it is MOST important that INFOSEC architecture being aligned with which of the
following ?
- IT Plans
8. A timely review of system access records would be an example of what type of basic
security function?
- Supplemental
- Mandatory
- System
- Discretionary
9. As a part of Security Compliance, Companies are advised to conduct Security Risk
Assessment and Review on a regular Basis. Which of the following is the MAIN reason
for performing Risk assessment on a continuous basis ?
10. From the context of Cyber Security Cost, Which among the below are best suited as
"Spilt Over Effect".
- Capital Investment
- Cost Benefit
- Hidden Cost
- Additional Cost
11. Corporate Security Laws are generally described as a company law and wouldn't be
applicable to the country law. What is the legal ground that would allow an officer of the
law to eavesdrop on company phone calls without violating the Privacy Act.
- Eavesdroping Act
- Patriot Act
12. Security of an automated information system is most effective and economical if the
system is...
- BIBA
- CHINESE FIREWALL
- BELL LA Padula
14. Who is ultimately responsible for ensuring that information is categorized and that
specific protective measures are taken?
-Data Manager
- Data Administrator
- Data Owner
- Data Custodian
15. Which of the following is the least important information to record when logging a
security violation?
- User Name
- Types of Violation
- User Id
16. BMG has a distinctive and advanced Disaster Recovery Solution for its Business.
What would be the primary concern of BMG prior to the design of the Disaster Recovery
Site ?
- Crytographic Mechanism
- Virtualization Technology
- Physical Location
- Load Balancing
17. In the corporate structure of organisations, who is held accountable for Information
Security Planning ?
18. Alan has
networks. While doing so Alan discovered a severe Risk Area on the IT
Processing which the management has no knowledge about. Which of the following
should an Information Security manager use to BEST convey a sense of urgency to the
management ?
20. The deliberate planting of apparent flaws in a system for the purpose of detecting
attempted penetrations or confusing an intruder about which flaws to exploit is called ?
- re-direction.
- enticement.
- cracking.
- alteration.
21. Match the Appropriate B1,B2,B3 and B4 in the Context Of Business Resumption
Process .
- Mobile Phone
- File Sharing
- all workplaces
- some workplaces
24. In the security terminology, which factor of e-business ensures all data and
electronic are focused on authenticity and trustworthiness ?
- Integrity
- Authenticity
- Availability
- Confidentiality
25. Scamming and Phishers are common methods of credential theft which attackers
could use to gain access to your personal or corporate identity. What would be the best
method which organisations could utilise to circumvent these attacks ?
- Employee Education
26. Risk "ALE" - Annual Loss Expectancy is best represented in which of the
following below ?
27. Risk Identification is a vital step towards Risk Assessment and Treatment plan.
Which of the Activities below could help an IT organization to detect potential risk
before its escalation to exposure ? ( Select the BEST Answer that applies )
- Impact Analysis
- Forensic Investigation
- Penetration Testing
- Gap Analysis
28. The Following Answers below depict the mitigation strategy of RISK. Which of the
answers BEST suit the RISK TRANSFER category ?
- Insurance Purchase
- Outsourcing
- Total Avoidance
29. In the absence of CISO or CEO, who has the authority of decision making for
corporate security policies ?
- Department Managers
- Vendors
30. It has been discovered that a former member of the IT department who switched to
the development team still has administrative access to many major network
infrastructure devices and servers. Which of the following mitigation techniques should
be implemented to help reduce the risk of this event recurring?
- DLP
31. Primary role of the Information Security Manager in the process of Information
Classification denotes which of the following ?
- Deciding the classification levels applied to the organizations information assets
32. Making sure that the data is accessible when and where it is needed is which of
the following?
- Confidentiality
- Integrity
- Availability
- Accountability
- Ongoing process to ensure that the necessary steps are taken to identify the impact of
potential losses and maintain viable recovery
- A standard that allows for rapid recovery during system interruption and data loss
- A program that implements the mission, vision, and strategic goals of the
34. It is important that information about an ongoing computer crime investigation be: (
Select the appropriate answer )
35. In the feasibility Analysis Phase , which of the following plays the most important part
of decision making from a senior management point of view ?
- Manpower Feasibility
- Technology Feasbility
- Economic feasibility
- Practical Feasibility
36. Which of
the following is a policy that would force all users to organize their areas
as well as help reducing the risk of possible data theft ?
- Clean Desk Policy
- Data Disposal
- Password Behaviours
- Data Handling
37. In the corporate structure of organisations, who is held accountable for General
Security Planning ?
38. Downloading Pirated Blue Ray Movies from the torrent sites are a direct violation of
which Legal Clause ?
39. Centrally authenticating multiple systems and applications against a federated user
database is an example of ?
- Smart Card
- Single Sign On
- Warm Site
- Cold Site
- Hot Site
- Hybrid DRP
41. Which of the policies below are directed for a dedicated "Unix Host Security" on ACL
security issue?
42. Protecting Customers Credit Card Details and oher personal information in a public
portal is crucial to the major services provided online. Which of he following would the
best compliance regulation that discusses this factor ?
- PCI-DSS
- ISO 27001
- TIA942
- ISO 9001
43. What type of access control where the security clearance of a subject must match
the security classification of an object?
- Discretionary
- Relational
- Administrative
- Mandatory
44. Which of the following attacks manifested as an embedded HTML image object or
Javascript TAG in an email ?
- Exceptional Handling
- Adware
45. Security controls that refer to agency facilities (e.g., physical access controls such as
locks and guards, environmental controls for temperature, humidity, lighting, fire, and
power) will be applicable only to those sections of the facilities that directly provide
protection to, support for, or are related to the information system (including its
information technology assets such as electronic mail or web servers, server farms, data
centers, networking nodes, controlled interface equipment, and communications
equipment). What are the key consideration factors that best describes this ?