FCNS - FORESEC CERTIFIED

NETWORKING SECURITY

1. When disposing magnetic storage media, all of the following methods ensure that
data is unreadable, EXCEPT:

- degaussing the disk or tape 


- physical alteration of media 


- writing random data over the old file 


- removing the volume header information 


2. Choose the appropriate answers for A1, A2 and A3 based on SDLC lifecycle.

- A1 - Planning A2 - Verification A3 - Audit 


- A1 - Design A2 - Implementation A3 - Maintenance 


- A1 - Scoping A2 - Feasibility Analysis A3 - Support 


- A1 - Technology Feasibility A2 - Capacity Planning A3 - Service Level

Agreement 


3. What is the most Effective method of identifying new vendor vulnerabilities ?

- Periodic Assesment conducted by consultants 


- Intrusion Prevention Software 


- External Vulnerability Reporting Sources 


- HoneyPots located at DMZ 


4. Which of the security concepts does BIBA compliments ?

- Confidentiality

- Availability

- Integrity

- Authenticity
5. What is the common Risk Management Framework used by typical IT organisations to
mitigate the risk ?

- Val IT

- Cobit 5


- Graham Leech Bliley Act

- Sarbanes Oxley

6. The Chart
 are the major agents threatening Hardware Malfunction risk area?

- Poor Maintenance Practice 


- Lack of Failover 


- Non Compliance 


- Poorly Trained Vendor 


7. it is MOST important that INFOSEC architecture being aligned with which of the
following ?

- IT Plans 


- Business Objectives and Goals 


- INFOSEC Best Practices 


- Industrial Best Practices 


8. A timely review of system access records would be an example of what type of basic
security function?

- Supplemental 


- Mandatory 


- System 


- Discretionary 

9. As a part of Security Compliance, Companies are advised to conduct Security Risk
Assessment and Review on a regular Basis. Which of the following is the MAIN reason
for performing Risk assessment on a continuous basis ?

- Management needs to be continually informed about the emerging risk

- Justification of the security budget must be continually made aware to Board of

investments

- New Vulnerabilities are discovered every day

- The risk environment is constantly changing

10. From the context of Cyber Security Cost, Which among the below are best suited as
"Spilt Over Effect".

- Capital Investment 


- Cost Benefit 


- Hidden Cost 


- Additional Cost 


11. Corporate Security Laws are generally described as a company law and wouldn't be
applicable to the country law. What is the legal ground that would allow an officer of the
law to eavesdrop on company phone calls without violating the Privacy Act.

- GAK - Goverment Access to Keys 


- Eavesdroping Act 


- Patriot Act 


- GLBA - Graham Leech Bliley Act 


12. Security of an automated information system is most effective and economical if the
system is...

- designed originally to meet the information protection needs.

- subjected to intense security testing.

- customized to meet the specific security threat.

- optimized prior to addition of security.

13. the following Security model focuses on mitigation of the treat for the

- BIBA

- CHINESE FIREWALL

- MODEL CLARIK WILSON MODEL

- BELL LA Padula

14. Who is ultimately responsible for ensuring that information is categorized and that
specific protective measures are taken?

-Data Manager

- Data Administrator

- Data Owner

- Data Custodian

15. Which of the following is the least important information to record when logging a
security violation?

- Date and time of Violation

- User Name

- Types of Violation

- User Id

16. BMG has a distinctive and advanced Disaster Recovery Solution for its Business.
What would be the primary concern of BMG prior to the design of the Disaster Recovery
Site ?

- Crytographic Mechanism

- Virtualization Technology

- Physical Location

- Load Balancing

17. In the corporate structure of organisations, who is held accountable for Information
Security Planning ?

- CISO - Cheif Information Security Officer

- CTO - Chief Technology Officer

- CEO - Chief Execurite Officer

- CIO - Chief Information Officer

18. Alan has
 networks. While doing so Alan discovered a severe Risk Area on the IT
Processing which the management has no knowledge about. Which of the following
should an Information Security manager use to BEST convey a sense of urgency to the
management ?

- Security Metrics Report 


- ROSI - Return of Security Investment Report 


- Risk Assesment Report 


- Business Impact Analysis 


19. Who authorises the Information Security Governance initiative program in a

corporate organisation ?

- CEO - Chief Executive Officer 


- CISO - Chief Information Security Officer 


- CTO - Chief Technology Officer 


- CIO - Chief Information Officer 


20. The deliberate planting of apparent flaws in a system for the purpose of detecting
attempted penetrations or confusing an intruder about which flaws to exploit is called ?

- re-direction. 


- enticement. 


- cracking. 


- alteration. 


21. Match the Appropriate B1,B2,B3 and B4 in the Context Of Business Resumption
Process .


 - B1 - Incident Response B2 - Contigency Planning B3 - Business Continuity B4 -

Disaster Recovery 


- B1 - Disaster Recovery B2 - Business Continuity B3 - Incidenet Response B4 -

Contigency Planning 


- B1 - Business Continuity B2 - Disaster Recovery B3 - Incident Response B4 -

Contigency Planning

- B1 - Contigency Planning B2 - Incident Response B3 - Disaster Recovery B4 -

Business Continuity
22. What are the greater threats to Internal Security of an Organisation ?

- Mobile Phone

- File Sharing

- E-mail

- USB Flash Disk

23. Risk Assessment Should be carried out in ?

- only high risk workplaces 


- all workplaces 


- some workplaces 


- only large workplaces 


24. In the security terminology, which factor of e-business ensures all data and
electronic are focused on authenticity and trustworthiness ?

- Integrity 


- Authenticity 


- Availability 


- Confidentiality 


25. Scamming and Phishers are common methods of credential theft which attackers
could use to gain access to your personal or corporate identity. What would be the best
method which organisations could utilise to circumvent these attacks ?

- Installing Firewall & Antivirus could prevent threats 


- Firing Employees who have been compromized 


- Employee Education 


- Conducting Impact Analysis 


26. Risk "ALE" - Annual Loss Expectancy is best represented in which of the
following below ?

- Single loss expectancy x annualized rate of occurrence x Gross loss

expectancy 


- Gross loss expectancy x loss frequency 


- Asset value x loss expectancy 


 - Single loss expectancy x annualized rate of occurrence 


27. Risk Identification is a vital step towards Risk Assessment and Treatment plan.
Which of the Activities below could help an IT organization to detect potential risk
before its escalation to exposure ? ( Select the BEST Answer that applies )

- Impact Analysis 


- Forensic Investigation 


- Penetration Testing 


- Gap Analysis 


28. The Following Answers below depict the mitigation strategy of RISK. Which of the
answers BEST suit the RISK TRANSFER category ?

- Insurance Purchase 


- DRP - Disaster Recovery Plan 


- Outsourcing 


- Total Avoidance 


29. In the absence of CISO or CEO, who has the authority of decision making for
corporate security policies ?

- Senior Finance Officers 


- Human Resource Director 


- Department Managers 


- Vendors 


30. It has been discovered that a former member of the IT department who switched to
the development team still has administrative access to many major network
infrastructure devices and servers. Which of the following mitigation techniques should
be implemented to help reduce the risk of this event recurring?

- Change management notifications

- DLP

- Regular user permission and rights reviews

- Incident management and response policy

31. Primary role of the Information Security Manager in the process of Information
Classification denotes which of the following ?
- Deciding the classification levels applied to the organizations information assets

- Securing Information assets in accordance of their classification

- Defining and ratifying the classification structure of information assets

- Checking if Information Assets has been classified properly

32. Making sure that the data is accessible when and where it is needed is which of
the following?

- Confidentiality 


- Integrity 


- Availability 


- Accountability 


33. Which choice below most accurately describes a business continuity ? 


- A determination of the effects of a disaster on human, physical, economic, and natural

resources

- Ongoing process to ensure that the necessary steps are taken to identify the impact of
potential losses and maintain viable recovery

- A standard that allows for rapid recovery during system interruption and data loss

- A program that implements the mission, vision, and strategic goals of the

34. It is important that information about an ongoing computer crime investigation be: (
Select the appropriate answer )

- reviewed by upper management before being released. 


- replicated to a backup system to ensure availability. 


- destroyed as soon after trial as possible. 


- limited to as few people as possible. 


35. In the feasibility Analysis Phase , which of the following plays the most important part
of decision making from a senior management point of view ?

- Manpower Feasibility

- Technology Feasbility

- Economic feasibility

- Practical Feasibility
36. Which of
 the following is a policy that would force all users to organize their areas
as well as help reducing the risk of possible data theft ?
- Clean Desk Policy 


- Data Disposal 


- Password Behaviours 


- Data Handling 


37. In the corporate structure of organisations, who is held accountable for General
Security Planning ?

- CTO - Cheif Technology Officer 


- CEO - Chief Executive Officer 


- CISO - Cheif Information Security Officer 


- CIO - Cheif Information Officer 


38. Downloading Pirated Blue Ray Movies from the torrent sites are a direct violation of
which Legal Clause ?

- USC 1030 - Computer Crimes Act 


- DMCA - Digital Millenium Copyright Act 


- USC 1029 - Fraud Related 


- FBI - Copyright ACT Disclaimer 


39. Centrally authenticating multiple systems and applications against a federated user
database is an example of ?

- Common Access Card 


- Smart Card 


- Access Control List 


- Single Sign On 


40. Cloud Computing describes which of the Business Resumption Strategy ?

- Warm Site 


- Cold Site 


- Hot Site 


- Hybrid DRP 

41. Which of the policies below are directed for a dedicated "Unix Host Security" on ACL
security issue?

- HSSP - Host Specific Policies SSSP - System Specific Policies

- ISSP - Issue Specific Policies

- ESP - Enterprise Security Policies

42. Protecting Customers Credit Card Details and oher personal information in a public
portal is crucial to the major services provided online. Which of he following would the
best compliance regulation that discusses this factor ?

- PCI-DSS

- ISO 27001

- TIA942

- ISO 9001

43. What type of access control where the security clearance of a subject must match
the security classification of an object?

- Discretionary

- Relational

- Administrative

- Mandatory

44. Which of the following attacks manifested as an embedded HTML image object or
Javascript TAG in an email ?

- Exceptional Handling 


- Cross Site Request Forgery 


- Cross Site Scripting 


- Adware 


45. Security controls that refer to agency facilities (e.g., physical access controls such as
locks and guards, environmental controls for temperature, humidity, lighting, fire, and
power) will be applicable only to those sections of the facilities that directly provide
protection to, support for, or are related to the information system (including its
information technology assets such as electronic mail or web servers, server farms, data
centers, networking nodes, controlled interface equipment, and communications
equipment). What are the key consideration factors that best describes this ?

- Infrastructure Related Concerns 


- Technology Related Consideration 


- Common Security Control Consideration 


- Public Access Related Information Systems Related Consideration