Post-course quiz

1)      Which security model is dependent on security labels?

a.       Discretionary access control

b.      Label-based access control

c.       Mandatory access control

d.      Non-discretionary access control

 

2)      Why do buffer overflows happen?

a.       Buffers can only hold so much data

b.      Input data is not checked for appropriate length at time of entry

c.       They are an easy weakness to exploit

d.      Insufficient system memory

 

3)      This backup method must be used regardless of whether Differential or Incremental methods are used:

a.       Full Backup Method

b.      Incremental Backup Method

c.       Copy Backup Method

d.      Tape Backup Method

 

4)      Which of the following firewall rules is less likely to be found on a firewall installed between an organizations internal network and the Internet?

a.       Permit all traffic to and from local host

b.      Permit all inbound ssh traffic

c.       Permit all inbound tcp connections

d.      Permit all syslog traffic to log-server.abc.org

 

5)      Which of the following is the most reliable authentication device?

a.       Variable callback system

b.      Smart Card system

c.       Fixed callback system

d.      Combination of variable and fixed callback system

 

6)      Which of the following logical access exposures involves changing data before, or as it is entered into the computer?

a.       Data diddling

b.      Salami technique

c.       Trojan Horse

d.      Logic bomb

 

 

7)      Which of the following tools is less likely to be used by a hacker?

a.       L0phtcrack

b.      Tripwire

c.       Crack

d.      John the Ripper

8)      Which of the following items should not be retained in an e-mail directory?

a.       Drafts of documents

b.      Copies of documents

c.       Permanent records

d.      Temporary documents

9)      Which Orange Book evaluation level is described as “Structured Protection”?

a.       A1

b.      B3

c.       B1

d.      B2

10)   Which of the following statements pertaining to software testing approaches is correct?

a.       Bottom-up approach allows interface errors to be detected earlier

b.      Top-down approach ensures management is on board.

c.       Test plan and results should be retained as part of the system’s permanent documentation.

d.      Black box testing is predicted on a close examination of procedural detail.

 

11)   Under “named perils” form of Property Insurance, which is true?

a.       Burden of proof that particular loss is covered is on Insurer

b.      Burden of proof that particular loss is not covered is on Insurer

c.       Burden of proof that particular loss is not covered is on Insured

d.      Burden of proof that particular loss is covered is on Insured

 

12)   Why would a database be denormalized?

a.       To ensure data integrity

b.      To increase processing efficiency

c.       To prevent duplication of data

d.      To save storage space

 

13)   The absence of a safeguard that could be exploited is the definition for:

a.       Vulnerability

b.      Threat

c.       Risk

d.      Exposure

 

 

14)   Which is a typical biometric characteristic that is not used to uniquely authenticate an individual’s identity?

a.       Retina scan

b.      Iris scan

c.       Palm scan

d.      Skin scan

 

15)   What are suitable protocols for security VPN connections?

a.       S/MIME and SSH

b.      TLS and SSL

c.       IPsec and L2TP

d.      PKCS# and X.509

 

16)   Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

a.       The Clark Wilson integrity model

b.      The Bell-LaPadula integrity model

c.       The Biba integrity model

d.      The Take-Grant model

17)   Which type of password provides maximum security because a new password is required for each new log-on is defined as:

a.       One-time or dynamic password

b.      Cognitive password

c.       Passphrase

d.      Independent Password

18)   Which of the following is not a weakness of symmetric cryptography

a.       Limited security

b.      Speed

c.       Key distribution

d.      Scalability

19)   Which backup method is most appropriate for off-site archiving?

a.       Incremental backup method

b.      Off-site backup method

c.       Full backup method

d.      Differential backup method

20)   Which of the following best describes the Secure Electronic Transaction (SET) protocol?

a.       Originated by Visa and MasterCard as an Internet Credit Card Protocol

b.      Originated by Visa and MasterCard as an internet credit card protocol using digital signatures

c.       Originated by Visa and Mastercard as an internet credit card protocol using the transport layer

d.      Originated by Visa and Mastercard as an Internet credit card protocol using SS