CS406: Information Security Exam Answers

Related Articles

Certiprof Prompt Engineering Foundation Professional Certification Answers

November 18, 2024

Itronix Blockchain Professional Certification Program

October 29, 2024

Corporate Finance Professional Certification

October 15, 2024

CS406: Information Security Exam Answers

Question 1: How are threats and vulnerabilities different?

• Threats are the product of long-term vulnerabilities in a system
• Vulnerabilities are the cause of threats to information systems
• Threats are the possibility of an exploit, while vulnerabilities are system weaknesses

Question 2: When reviewing the risk management process at a newly formed organization, the information security professional notices that all the steps have not been considered as part of the process. The process includes framing and responding but should also include

• auditing and reporting risks
• controlling and identifying risks
• identifying and reporting risks
• assessing and monitoring risks

Question 3: What occurs In the preparation stage of the incident response process?

• Tools and resources are gathered and the incident response team is formed and trained
• A lessons-learned meeting is held to prepare the team based on the history of incidents within the organization
• Data is collected on the number of incidents, the time spent handling each incident, and an assessment of each incident
• A log is kept of evidence information, such as hostname, the person handling the evidence, the time and date of the incident, and the location of the evidence

Question 4: In addition to being a physical type of security control, illuminating a building by installing outside lights as a protective measure is also an example of which of the following kinds of security control?

• Compensating
• Detective
• Deterrent
• Preventive

Question 5: You want to prevent malicious email within a company by providing layered security, or defense-in-depth. Which of the following would be a good strategy for doing this?

• Have information technology professionals read all email before the email is viewed by the employees
• Provide security awareness training, install antivirus and antimalware email filters, and patch all company laptops
• Provide security awareness training, password-lock all laptops when not in use, and provide privacy screens for monitors
• Have the exchange mail server scan all incoming mail that passes the antivirus software and then have each department head review it before the mail is sent to employees

Question 6: A phishing email sent to all management level employees appears to have originated from the HR department. The email is asking for confidential information that could provide an attacker with usernames and passwords that will provide system access. What is the best way for ensuring that managers recognize the email as an attack and act appropriately?

• Encrypt all email that is authentic when addressing management
• Send out an email to notify management that the email is a phishing email
• Post a banner when the email application is opened that warns about phishing attacks
• Provide security awareness training to educate management and to modify their behavior

Question 7: COBIT 5 is a proprietary framework written by ISACA. What does it specify?

• How to mitigate risks identified in the risk management process
• Standards and best practices for information technology functions
• Processes for governance and management of information technology
• The guidelines for information technology as required in NIST SP 800-39

Question 8: Which of the following are hacktivists, insiders, and script kiddies examples of?

• Attacks
• Threats
• Threat agents
• Vulnerabilities

Question 9: What is the purpose of a dictionary attack, and what is the method of attack?

• To corrupt system data by inserting lists of common words and phrases
• To corrupt system data by inserting every possible combination of numbers
• To gain access to a system by using lists of common words and phrases
• To gain access to a system by using every possible combination of numbers

Question 10: You have received four emails from one of your acquaintances, Greg. Which of the following email addresses should make you suspicious that it is a spoofed email from Greg?

• greg@mit.edu
• greg@yahoo.com
• greg@irs.gmail.com
• greg@bankofamerica.com

Question 11: What kind of attack uses impersonation to gain information?

• Phishing
• Pretexting
• Tailgating
• Whaling

Question 12: Which type of attack could hijack a session or send a user to a malicious site to steal sensitive information?

• SQL injection
• Brute force attack
• Denial of service (DoS)
• Cross-site scripting (XSS)

Question 13: You come across a type of malicious code that encrypts a victim’s files and only restores the files when certain conditions are met. What kind of attack have you found?

• Adware
• Spyware
• Ransomware
• A polymorphic virus

Question 14: How does a denial of service (DoS) or a distributed denial of service (DDoS) attack a system?

• By remotely powering down a system
• By installing ransomware on a system
• By overloading a system with requests
• By using spyware to find system vulnerabilities

Question 15: One of the earliest types of ciphers was the Caesar cipher. What was its purpose, and what method of encryption did it use?

• It was used to send secret messages to Caesar’s allies, and was based on hiding messages in plain sight
• It was used to send military messages, and was based on substitution using a predetermined shift number
• It was used to conceal the location of government officials, and was based on scrambled messages on a map
• It was used to hide the location of gold reserves, and was based on the transposition or rearrangement of letters

Question 16: The goal of cryptography is to protect which of the following?

• The availability of information and the confidentiality of systems
• The availability of information and the authentication of data and systems
• The most highly compartmentalized, secure data in an information system
• The confidentiality and integrity of information and provide a means for authentication

Question 17: Which keys are shared in asymmetric key encryption and which keys, if any, are shared in symmetric key encryption?

• Asymmetric shares the public key; symmetric does not share a key
• Asymmetric shares the public key; symmetric shares the secret key
• Asymmetric shares the secret key; symmetric shares the public key
• Asymmetric shares the public and the private key; symmetric shares the secret key

Question 18: Which of the following are blowfish and twofish examples of?

• Block ciphers
• Hashing algorithms
• Encryption standards
• Asymmetric key algorithms

Question 19: What is the difference between a hash and a message authentication code (MAC) used in a hashed message authentication code (HMAC)?

• A hash has one input and a MAC has two inputs that includes a secret key
• A hash is a one-way encryption and a MAC includes a secret key
• A hash is an encrypted message and a MAC is an encrypted key
• A hash provides for encryption and decryption and a MAC is a one-way encryption

Question 20: Why is access control needed in information systems?

• To prevent authorized users from launching system attacks and stealing classified data
• To guide black-hat hackers to honeypots to gather information about their intent and tactics
• To allow white-hat hackers to perform penetration tests on systems to ensure system security
• To prevent unauthorized use of data or to prevent data from being used in an unauthorized manner

Question 21: What is the difference between permissions and rights?

• Rights can be changed, but permissions cannot
• Rights are what users have before permissions are assigned to them
• Rights are what a user can do, while permissions apply to a file or folder
• Permissions are assigned to files so that users with rights can read, write, or execute them

Question 22: Why is discretionary access control (DAC) called discretionary and mandatory access control (MAC) called non-discretionary?

• DAC provides for security discretion, while MAC does not
• DAC uses discretionary file labels, while MAC uses mandatory file labels
• DAC access is based on the discretion of the owner, while in MAC it is based on security labels
• DAC is based on the discretion of the user, and MAC is based on predetermined rules that cannot be changed

Question 23: What is the difference between role-based access control (RBAC) and rule-based (RB-RBAC) access control?

• RBAC is discretionary access while RB-RBAC is non-discretionary access
• RBAC is based on assigned tasks of an employee, while RB-RBAC is based on specified parameters
• RBAC is based on the employees security level, while RB-RBAC is based on the IP address of the user
• RBAC is restricts access based on least privilege, and RB-RBAC provides access based on core work hours

Question 24: Passwords are the most common form of authentication. What are some rules that should always be used to enforce password security?

• Passwords should include common words and the length be limited to be easier for users to remember
• Passwords should be stored in a file on the computer system in case the user forgets and password aging should be employed
• Passwords should be kept secret, be encrypted and hashed, and the number of attempts to enter a password should be limited
• Password length should be 16 characters or more and contain special characters that are created by the system administrator for the user

Question 25: During authentication, when could a user receive a type II error?

• When authenticating with something you are
• When authenticating with something you have
• When authenticating with something you know
• When authenticating with a combination of human factors

Question 26: How is multifactor authentication more secure than single-factor authentication?

• The password is kept secret and encrypted, which requires hackers to have a decryption key
• Hackers must find where to enter the password not once, but twice to gain access to the system
• It encrypts the password twice using two different algorithms, instead of once like in single-factor
• If a password is discovered, the hacker cannot access the system unless another piece of information is obtained

Question 27: If employees at a company are seen writing passwords down and explain that it is because they have too many passwords to remember, what is a reasonable solution for an information security professional?

• Implement single sign-on (SSO) technology
• Force an immediate password change on all systems
• Allow employees to use one password for all applications
• Report the employees to upper management for acceptable use policy infringement

Question 28: What is the purpose of the key distribution center (KDC) in Kerberos?

• To provide for authentication using asymmetric encryption
• To provide for authentication without sending the password over an insecure network
• To manage tickets that provide for private and public keys for encryption and decryption
• To manage passwords using encryption for secure transmission over insecure networks

Question 29: Which of the following best describes Lightweight Directory Access Protocol (LDAP)?

• A method of multi-factor authentication
• A token used to authenticate a user to a server
• A method of authentication used by directory services
• A directory database that is less secure as indicated by the term lightweight

Question 30: What type of encryption is used by public key infrastructure and by digital certificates?

• A version of encryption created by Diffee-Hellman specifically for PKI and digital certificates
• Symmetric encryption, which has two keys, one of which is used to create digital certificates
• A PKI encryption algorithm that produces two keys, and both keys are used to provide for digital certificates
• Asymmetric encryption, which has a public and private key, and digital certificates use the same private key

Question 31: How does network zoning protect for confidentiality?

• By using firewalls to protect zones from data being viewed by users of adjacent zones
• By separating network zones so that if one is breached there is no access to other zones
• By using multiple encryption methods so that if one zone is breached the data cannot be unencrypted in the other zones
• By using routers to route incoming traffic by internet protocol (IP) addresses away from the network to protect from intrusion

Question 32: Which of the following statements about the placement of a firewall is correct?

• For stateful inspection firewalls, the firewall should be on the perimeter; for stateless inspection, the firewall should be internal
• For a wide area network (WAN), the firewall should be internal; for a local area network (LAN), the firewall should be on the perimeter
• A stateless inspection firewall is slower to make a connection and is therefore on the perimeter; a stateful inspection firewall is faster and should be placed in a central location
• Stateless inspection firewalls offer better performance and should be on the perimeter; stateful inspection firewalls are faster to make connections and are used to connect two networks

Question 33: Many companies allow employees to bring your own device (BYOD) and use it to complete business tasks for the company. This cuts down on device cost for the employer, but it can also incur other costs. Why does the fact that mobile devices are compact and popular create a greater security risk?

• Employees may mix their personal information with the employer’s data on the device
• Employees may overuse bandwidth and prevent the employer from performing their primary function
• Employees might allow access to confidential employer data, or lose that data via theft or device loss
• Children and relatives of employees may use the device to play games or conduct other activities against the employer’s acceptable use policy (AUP)

Question 34: In what state would a system be considered completely secure and hardened from all threats and vulnerabilities?

• When the hard drive is encrypted
• When turned off and locked in a safe
• When kept in a secure area while in use
• When a password is used that can never be cracked

Question 35: Once antivirus software has been installed, what should occur to ensure that the antivirus software is working to protect the system?

• Manually run the software and delete all infected files
• Scan the system periodically and leave the antivirus software running
• Write a script to run the antivirus software and review the antivirus log files periodically
• Disconnect the system from the network and place the system in a secure location while running the software

Question 36: Which of the following best describes an operating system (OS) firewall?

• A set of iptables that lists ports that can accept or reject traffic
• A device that protects the system by filtering traffic into and out of the system
• A list of commands that are set to accept or deny and are not in any particular order
• An ordered list of information for comparison to determine if traffic is encrypted properly

Question 37: Scanners assess known vulnerabilities on a system by following a series of steps. What is the process that a scanner follows to find system vulnerabilities?

• Look for a backdoor to a system, and once they gain system access, look for username and password files
• Probe a system like a pen test to find vulnerabilities, and then compare those vulnerabilities to a list of known vulnerabilities
• Identify the operating system and services running on open ports, then check for vulnerabilities that are applicable to the specific service versions
• Gain system access and run commands from a database of system vulnerabilities to determine if vulnerabilities exist on the system, then produce a vulnerability report

Question 38: What is the correct placement of intrusion protection systems (IPS) and intrusion detection systems (IDS)?

• An IPS is placed within a firewall, while an IDS is placed at system endpoints
• An IPS is placed on servers, while an IDS is placed on the network on a router to protect system traffic
• An IPS is placed in-line with the traffic, while an IDS can be placed anywhere on the network segment or can have traffic forwarded to it to be analyzed
• An IPS is placed at system end points to analyze packets as they enter the system, while an IDS is placed on hosts to monitor the actions of system users and to protect files

Question 39: Network-based intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) are both intrusion detection systems with the purpose of protecting against attackers. What differentiates NIDS from HIDS?

• NIDS is more expensive than HIDS, since it requires more hardware
• NIDS provides logs that are simpler to analyze than HIDS, so both are used together
• NIDS monitors network traffic, while HIDS monitors system activity on individual hosts on the network
• NIDS is more efficient and produces results quicker than HIDS, while HIDS provides more detailed results

Question 40: What is the purpose of a security incident and event management (SIEM) system?

• To repair a system after an incident occurs
• To close vulnerabilities to protect against incidents as they occur
• To accumulate information from network sensors and alert analysts of occurring incidents
• To scan and aggregate capabilities for many systems at one time so that skilled technicians are not required for monitoring

Question 41: Which of the following devices may cause a need for electronic data privacy protection?

• A radio-controlled fire truck presented as a child’s toy on his/her birthday
• A digital watch used to keep time and reveals to the owner that they are late for work
• A television remote control that controls more than one television and is used on a daily basis
• An health tracker that monitors sleep and can detect an illness that can be used by insurance companies

Question 42: The company’s network has recently had an increase in logged attacks. Management determines that they are not appropriately providing the network with the appropriate defense-in-depth steps as needed. Many company employees are teleworking and are remotely connecting to the network. Which of the following methods could the company use to provide a defense-in-depth strategy for the network?

• Patching and physical access control
• Firewalls and virtual private networks (VPNs)
• Firewalls and operating system (OS) antivirus software
• Security awareness training and revised access policies

Question 43: An organization with a high number of security incidents related to unintentional mistakes by personnel has recently seen a decline in security incidents. Management previously required information security professionals to take action to reduce the number of incidents related to personnel. Which of the following would most likely cause this result?

• Password changes due to forced resets
• Newly required two-factor authentication methods
• Behavioral changes due to security awareness training
• Enforced entry restrictions due to the hiring of front desk security personnel

Question 44: What is the purpose of a dictionary attack, and what is the method of attack?

• To corrupt system data by inserting lists of common words and phrases
• To corrupt system data by inserting every possible combination of numbers
• To gain access to a system by using lists of common words and phrases
• To gain access to a system by using every possible combination of numbers

Question 45: Which of the following best describes a spoofing attack?

• Communication that comes from known sources that is nefarious in nature
• Communication that is from unknown sources and should always be examined
• Communication from a known source that appears to be from an unknown source
• Communication from an unknown source that appears to be from a known source

Question 46: Many organizations require document shredding to prevent which of the following?

• Whaling attacks
• Phishing attacks
• Pretexting attacks
• Dumpster diving attacks

Question 47: What is the mechanism for cross-site scripting (XSS) attacks?

• Rootkits
• Spoofing
• Malicious code injection
• Password cracking software

Question 48: If you discover a program that has been installed by a hacker on a system that performs the expected function but also runs malicious code in the background, what kind of threat agent is it?

• A rootkit
• Spyware
• A logic bomb
• A Trojan horse

Question 49: Bob receives an email from Sally that has her digital signature, which is proof that the email was from Sally. The fact that Sally cannot deny that she sent the email is a goal of cryptography. Which of the following concepts does this example demonstrate?

• Validity
• Secrecy
• Non-repudiation
• Account availability

Question 50: Which of the following is a difference between symmetric and asymmetric key algorithms?

• Symmetric key algorithms are slower than asymmetric key algorithms
• Symmetric key algorithms were replaced by asymmetric key algorithms to provide for better security
• Symmetric key algorithms are typically used for smaller amounts of data than are asymmetric key algorithms
• Symmetric key algorithms provide for confidentiality and authenticity, while asymmetric key algorithms provide for confidentiality and non-repudiation

Question 51: The Rivest cipher (RC2) was developed in the 1980s and replaced DES. How was RC2 a stronger cipher?

• RC2 had a larger key size, which provided stronger encryption
• DES had a variable key size, causing it to be weaker than RC2
• DES was cracked and RC2 was not, proving that RC2 was the stronger cipher
• RC2 had a smaller key size, which allowed it to encrypt more quickly than DES

Question 52: Bob has the appropriate credentials and clearance to access a system. He is still not allowed access to the system because it does not directly relate to his job or position. What is this type of restriction?

• Confidential
• Need to know
• System rights
• Secret clearance

Question 53: In which of these scenarios should an organization choose rule-based access control (RB-RBAC) over role-based access control (RBAC)?

• When it wants to control access based on the job description of the users
• When it wants to control access from a discretionary perspective based on file ownership
• When it wants the controls to affect all users and does not want to use a control based on identity
• When it wants to control access to system files based on the need to know and the classification of the data

Question 54: Which of the following is an example of token-based authentication?

• Scanning an index finger for entry onto a machine room floor
• Providing a facial recognition scan for access to an application on a cell phone
• After entering identification information, an application sends a text with a verification code
• Entering a username and password to log into an application after obtaining access to the computer system

Question 55: What is an advantage of sign-on (SSO) technology?

• Its passwords are simpler and easier to remember
• It increases the speed of a system by reducing authentication processing times
• It allows a user to log in forever, thereby cutting down on the time needed for user authentication
• It reduces the number of requests for password changes and reduces time users spend authenticating

Question 56: Which of the following is a difference between Terminal Access Controller Access Control System (TACACS+) and Remote Authentication Dial-In User Service (RADIUS)?

• RADIUS encrypts passwords, while TACACS+ encrypts all communication
• RADIUS is a proprietary protocol, while TACACS+ is an open standard protocol
• RADIUS is used for device administration, while TACACS+ is used for network access
• RADIUS separates authentication, authorization, and accountability, while TACACS+ combines all three

Question 57: How is a man-in-the-middle (MITM) attack prevented in public key infrastructure (PKI)?

• By using a public key to encrypt a message and a private key to decrypt the message
• By the sender and receiver having trust that they are the appropriate sender and receiver
• By using a digital certificate issued by a trusted third party known as a certificate authority (CA)
• By verifying the email address of the sender for verification that ensures the message was from the expected sender

Question 58: Firewalls block and filter traffic according to firewall rules. How do firewall rules function?

• They are determined by the user sending or receiving the traffic
• They are matched from bottom to top and are rejected only if there is a match
• They are matched in sequence from first to last with an action of either accept, reject, or drop
• They are dropped or accepted depending on whether the traffic is incoming or outgoing traffic

Question 59: Connections between systems or organizations originally was done using leased lines through expensive T1 connections. Tunneling is now used to transmit data over public networks. What technology secures data in a tunnel?

• Hashing and salting
• Wrappers and hardening
• Obfuscation and encoding
• Encapsulation and encryption

Question 60: What are some methods that can be used to harden a personal device such as an iPhone?

• Only use the device when necessary, remove all applications, and remove all personal data
• Turn Bluetooth on only when in use, do not jailbreak the device, and keep the device patched to the most current version
• Never connect the device to Wi-Fi or to another Bluetooth device, keep the device in airplane mode when not in use, and turn off location settings
• Avoid using the camera such as when using FaceTime, do not upload information into social networking sites, and lock the phone in a drawer when not in use

Question 61: When setting up iptables what is the most critical task?

• The syntax as incorrect syntax will be ignored
• The order of the rules as the first rule matching the traffic is used
• The drop and accept commands as the drop command is obeyed first
• The port numbers as the system will lose its connection to the administrator is improperly configured

Question 62: What is the difference between intrusion protection systems (IPS) and intrusion detection systems (IDS)?

• An IPS provides for detection, while an IDS prevents attacks
• An IPS corrects the damage done by an attacker, while an IDS detects an attack
• An IPS proactively reacts to prevent attacks, while an IDS provides for detection or after-the-fact technology
• An IPS resembles a firewall and blocks attacks, while an IDS resembles a honeypot and monitors an attacker

Question 63: What are some strengths of host-based intrusion detection systems (HIDS)?

• They can be used to replace iptables on a system
• They are inexpensive and require little maintenance
• They can verify the success of an attack and require no additional hardware
• They are simple to use and can work on systems where the configuration consistently changes

Question 64: What characteristics of web application vulnerability scanners (WAVS) allow us to describe them as dynamic application security testing tools (DAST)?

• They test the application while it is being used
• They are always current as they are consistently being updated
• They are always active, scanning the application whether the application is off or on
• The scanner runs against every application on the system and not just the web application

Question 65: Of the following, how might a camera be used that would cause a need for electronic data protection?

• Automatic traffic enforcement
• Thwarting or monitoring illegal activity
• Facial recognition and the movement of individuals
• Filming wild animals to learn about their hunting habits

Question 66: What is one main difference between the US Privacy Act of 1974 and the General Data Protection Regulation (GDPR)?

• They are similar, but the US Privacy Act of 1974 has been invalidated and is no longer in effect
• The US Privacy Act of 1974 differs from the GDPR in that it is not a law and all states do not have to adhere to its conditions
• The US Privacy Act of 1974 only provides protection to US citizens, but the GDPR protects privacy data for everyone when the data is collected in the European Union (EU)
• The US Privacy Act of 1974 protects the privacy data of US citizens outside the US, while the GDPR protects privacy data for members of the European Union (EU) while outside the EU

Question 67: When developing the risk management process, sources and methods used to acquire threat information in the risk framing step is the input to the next step in the risk management process. Consequently, subsequent steps provide input to the next step in the process. What is the progression or steps that follow the risk framing step?

• Risk assessment, risk monitoring, and risk reporting
• Risk assessment, risk response, and risk monitoring
• Risk valuation, risk monitoring, and risk reporting
• Risk identification, risk monitoring, and risk response

Question 68: Which of the following is an example of a type of control that is physical and a deterrent?

• A lock
• A fence
• A mantrap
• A motion detector

Question 69: You are talking with one of your acquaintances, and they ask you questions based on personal knowledge that could be used to obtain a password reset on your accounts. What would a good company security awareness training have to say about these kinds of social engineering attempts?

• Due to behavioral characteristics humans are the weakest link in security
• Since no one can be trusted, you should change your passwords every 60 days
• Since human nature is to be trusting, providing the information will usually not be an issue
• When something like this happens, you should call the police and inform them of an attack

Question 70: What is the purpose of the PCI DSS security framework?

• It is a standard for keeping credit card data safe and reducing fraud
• It is a standard for protecting businesses from liability from credit card fraud
• It is a standard that protects individuals from being overcharged by vendors
• It is a standard that protects vendors from the loss of money due to credit card fraud

Question 71: Which of the following are the possibility of a hurricane, tornado, loss of power, or data corruption examples of?

• Attacks
• Threats
• Threat agents
• Vulnerabilities

Question 72: What does a brute force attack do?

• Hijacks a session
• Uses a fake MAC address to spoof a device
• Attempts all possible password combinations
• Uses malformed information packets to shut down a system

Question 73: Which of the following kinds of systems are vulnerable to cross-site scripting (XSS) and SQL injection attacks?

• Networks
• Databases
• Web applications
• Operating systems

Question 74: During which of the following scenarios could a server potentially be under a denial of service (DoS) attack?

• When the server shuts down due to a power failure
• When data is lost because a log file has filled up a mount point on the server
• When the server is flooded with requests that deny users access to the server
• When the root password is breached, and the files are corrupted and deleted by an attacker

Question 75: What type of encryption is the Diffee-Hellman algorithm, and what is it based on?

• Asymmetric; based on a 16-digit number
• Asymmetric; based on prime numbers
• Symmetric; based on one-way encryption
• Symmetric; based on square numbers

Question 76: What should happen before a user is given access to system data?

• The user must identify and be declared trustworthy to access sensitive data
• The user must identify, prove their identity, and be authorized to access the data
• The user must enter a username and password and then request priority access to the data as needed
• The user’s system access should be checked to determine if the user should be provided access to the data

Question 77: Which of the following is an example of the concept of least privilege?

• Granting a user the privileges necessary only to accomplish assigned duties
• Granting a user the minimum amount of privileges and then increasing privileges as needed
• Granting a user maximum privileges and then removing privileges not in use by monitoring those privileges over time
• Granting a user the minimum amount of privileges and then removing those privileges the user is not actively working

Question 78: Bob is hired by a government agency to configure access control. Due to the type of agency where Bob is working, the data is primarily classified. What type of access control model should Bob use?

• Mandatory access control (MAC)
• Role-based access control (RBAC)
• Discretionary access control (DAC)
• Rule-based access control (RB-RBAC)

Question 79: In which of these scenarios should an organization choose rule-based access control (RB-RBAC) over role-based access control (RBAC)?

• When it wants to control access based on the job description of the users
• When it wants to control access from a discretionary perspective based on file ownership
• When it wants the controls to affect all users and does not want to use a control based on identity
• When it wants to control access to system files based on the need to know and the classification of the data

Question 80: What is the major concern of authenticating using “something you have”?

• It can be lost and used to authenticate someone other than the intended user
• It can be duplicated and used by a user other than the intended user
• It could have undetected errors and will not authenticate the intended user
• It is not secure because anyone can create the same device for authentication

Question 81: What type of authentication is used when entering a username or a password?

• Mutual authentication
• Single-factor authentication
• Two-factor authentication
• Multi-factor authentication

Question 82: What is the purpose of the key distribution center (KDC) in Kerberos?

• To provide for authentication using asymmetric encryption
• To provide for authentication without sending the password over an insecure network
• To manage tickets that provide for private and public keys for encryption and decryption
• To manage passwords using encryption for secure transmission over insecure networks

Question 83: Lightweight Directory Access Protocol (LDAP) uses short abbreviations for data, such as ou and dn, and arranges data in a hierarchical manner. Which of the following does this allow LDAP to do?

• Authenticate using a third-party server
• Provide for authentication, authorization, and accounting
• A downward categorization of pUse two parts, the authentication server and the ticket-granting server
• Portray relationships between people, departments, and organizationsasswords and usernames

Question 84: Which of the following is a difference between Terminal Access Controller Access Control System (TACACS+) and Remote Authentication Dial-In User Service (RADIUS)?

• RADIUS encrypts passwords, while TACACS+ encrypts all communication
• RADIUS is a proprietary protocol, while TACACS+ is an open standard protocol
• RADIUS is used for device administration, while TACACS+ is used for network access
• RADIUS separates authentication, authorization, and accountability, while TACACS+ combines all three

Question 85: How is a man-in-the-middle (MITM) attack prevented in public key infrastructure (PKI)?

• By using a public key to encrypt a message and a private key to decrypt the message
• By the sender and receiver having trust that they are the appropriate sender and receiver
• By using a digital certificate issued by a trusted third party known as a certificate authority (CA)
• By verifying the email address of the sender for verification that ensures the message was from the expected sender

Question 86: What is the advantage of a honeypot over a firewall?

• Firewalls protect a network’s perimeter, while a honeypot can identify internal threats
• Firewall settings cannot be changed once they are set, but honeypots can be changed at will
• More than one firewall must be on a system to secure it, while one honeypot is all that is needed
• Firewalls protect only incoming data, while a honeypot can protect both incoming and outgoing data

Question 87: What are some strengths of host-based intrusion detection systems (HIDS)?

• They can be used to replace iptables on a system
• They are inexpensive and require little maintenance
• They can verify the success of an attack and require no additional hardware
• They are simple to use and can work on systems where the configuration consistently changes

Question 88: What is the method used by a Security Incident and Event Management (SIEM) to provide data to a security professional?

• A SIEM collects logs from all systems on a network and attempts to correlate related security events
• A SIEM collects vulnerabilities from all systems on a network and categories them according to the level of risk
• A SIEM reviews security incidents and protects the system using event management techniques that avoids detection by attackers
• A SIEM manages security incidents on a network by alerting the administrator and patching systems to prevent an attack from being successful

Question 89: Smartphones have replaced many other devices, such as cameras, appointment books, and alarm clocks. Which of the following is an example of how smartphones have increased the need for electronic data privacy protection?

• They have caller ID, which identifies the caller’s phone number
• They use GPS or wireless network data to identify a user’s location
• Their lockscreen mechanisms are easy to break, and sensitive data can be accessed easily
• They store data unencrypted and transmit data in ways that can be intercepted by nearby attackers

Question 90: What is the right to be forgotten that is provided by the General Data Protection Regulation (GDPR)?

• Individuals do not have to respond to requests for information and can block callers
• An individual has the right in certain situations to have their personal data erased without delay
• Individuals have the right to have their privacy data redacted from files so they can never be reviewed again
• When the appropriate type of request is made, an individual can view information stored on a system and delete specific privacy information themselves

CS406: Information Security Final Exam Answers:

Question 1: A bank’s servers are hosted by an external hosting company. The hosting company lost power due to an outage beyond their control and they did not have the appropriate backup systems in place. The bank’s servers went down and the data was inaccessible. Which of the following foundations of information security was not protected by the hosting company?

• Data integrity
• Physical security
• System availability
• Data confidentiality

Question 2: What are the four components of the risk management process?

• Assess risks, control risks, identify controls, and identify hazards
• Information systems view, mission view, organization view, and trustworthiness
• Risk assessment, risk framing, risk monitoring, and risk response
• Risk auditing, risk evaluation, risk identification, and risk reporting

Question 3: In which stage of the incident response process would an attacker be redirected to a sandbox so that the attacker could be monitored?

• Preparation
• Post-incident activity
• Detection and analysis
• Containment, eradication, and recovery

Question 4: Most applications will advise users to use words such as “dog” and “cat” in passwords, or will not allow these types of passwords at all. Why is that?

• This mitigates man-in-the-middle attacks that intercept the passwords in transit
• This mitigates dictionary attacks that try all the words in a dictionary to try match or hack the password
• This mitigates zero-day attacks that take new forms that are unknown to information security professionals
• This mitigates denial of service attacks that will shut the system down if simple words are used as the password

Question 5: What kind of attack happens when a person follows another person through a locked door?

• Whaling
• Phishing
• Tailgating
• Shoulder surfing

Question 6: Why are attachments a common way to deliver malicious code?

• Email addresses can be easily spoofed
• Email can never be scanned for viruses
• There is no way to verify the authenticity of an email
• Attachments are automatically opened once the email is received

Question 7: Why is “something you know” the most vulnerable type of authentication?

• Because it can be copied and reused
• Because it is in the form of a token that can be lost
• Because it is vulnerable to social engineering and brute-force attacks
• Because it can result in either type I or type II errors that will cause authentication to fail

Question 8: How can segmentation provide for network security?

• It protects the network from attack by creating an area between two firewalls
• It prevents attacks from spreading by confining them to a part of the network
• It ensures a user only accesses a single block of internet protocol (IP) addresses
• It provides for network redundancy in the case of failure by creating identical network segments

Question 9: Which of the following best explains packet filtering?

• Packets are filtered using the criteria of accept, deny, or reject
• Groups of data are combined into a packet and filtered based on the state of the data
• Traffic is filtered according to how the packet that contains the data was formed
• Traffic is formed as packets with information about where and how it should be delivered in the header

Question 10: Wireless networks transmit information using radio waves that are easy to intercpt. Because of this, wireless networks today should be encrypted using which of the following current encryption standards for 802.11 networks?

• Asymmetrical encryption
• Wired Equivalent Privacy (WEP) using a key and the RC4 encryption algorithm
• Wi-Fi Protected Access 2 (WPA2), using Advanced Encryption Standard (AES)
• Wi-Fi Protected Access (WPA), using RC4 and Temporal Key Integrity Protocol (TKIP)

Question 11: What does antivirus software do with infected files?

• Destroy them
• Send them to cloud storage
• Quarantine them and allow the user to repair, delete, or keep the file
• Place them in the trash folder and remove them when the folder is emptied

Question 12: What are iptables and firewalls used for in a system?

• To open and close ports
• To apply patching updates
• To control traffic moving in and out of the network
• To direct information traffic to the correct destination

Question 13: How can detection be avoided by an intrusion detection system (IDS)?

• By modifying the header of a packet
• By using packet fragmentation or end-to-end encryption
• By using an application such as Snort to break the IDS code
• By using signature-based packets that will not be noticed by IDS

Question 14: What type of intrusion detection system (IDS) would best detect zero-day attacks?

• Rule-based IDS
• Host-based IDS
• Anomaly-based IDS
• Signature-based IDS