Priya Dogra – Certification | Jobs | Internships
Related Articles
Apply for Fundamentals of Information Security Here
Q1 of 15
How many keys are required for implementing a symmetric key cryptography system for 200 users? How many keys will be required if asymmetric key cryptography is used?
- 400 keys in symmetric key cryptography, 400 keys in asymmetric key cryptography
- 400 keys in symmetric key cryptography, 19900 keys in asymmetric key cryptography
- 19900 keys in symmetric key cryptography, 400 keys in asymmetric key cryptography
- 400 keys in symmetric key cryptography, 200 keys in asymmetric key cryptography
Q2 of 15
Which principle ensures that a user cannot deny doing something that he actually did?
- Integrity
- Non-repudiation
- Availability
- Confidentiality
Q3 of 15
Now-a-days, threats arising from networks pose serious security risks to many organizations. Which of the following mechanism you must implement to protect your network?
- Firewall
- IDS
- Anti-virus
Q4 of 15
Which of the following is TRUE with respect to Symmetric Cryptography?
(i) Symmetric cryptography uses – private and public keys
(ii) Also called Shared Key Cryptography
(iii) Requires secure exchange of keys before establishing secure communication
(iv) Faster than Asymmetric Cryptographic algorithms
- Only (i) and (iii)
- Only (ii), (iii) and (iv)
- Only (ii) and (iv)
- Only (i), (ii) and (iv)
Q5 of 15
A hacker hacked into your Social networking account and uploaded some objectionable content through it. You tried accessing your account but were unable to login as he has changed your password and the answers of all possible password recovery options. According to your understanding, what all security objectives were violated in this scenario?
- Confidentiality
- Integrity
- Availability
Q6 of 15
A group of hackers including some ex-employees of an organization attacked the organization’s website which resulted in leak of personal data of its customers. They exploited the flaw present in authentication functionality – ‘user login’. Based on the above scenario, which of following statement(s) is/are CORRECT?
- Personal data of Customers is an Asset
- Authentication functionality has a Vulnerability
- Ex-employee is a Threat Agent
Q7 of 15
Which of the following network security controls is supposed to send an alert to the administrator if it finds unusual traffic in the network?
- Firewall
- Intrusion Detection System
- Demilitarized Zone (DMZ)
- Secure configuration of network devices
Q8 of 15
Person-A wants to digitally sign a file before sending it to Person-B.
Which key will Person-A use to encrypt the hash of the file to obtain the signature?
- Person-B’s private key
- Person-B’s public key
- Person-A’s public key
- Person-A’s private key
Q9 of 15
Person-A and Person-B are working on a secret project. They perceive eavesdropping as one of the major threats. Which of the following security controls can mitigate this?
- Firewall
- Intrusion Detection System
- Asymmetric key cryptography
- Demilitarized Zone (DMZ)
Q10 of 15
Hackers exploit SQL injection flaw in an application and stole sensitive records from the database. The application developers analysed the incident, it was found that “PreparedStatements” were not used properly.
“PreparedStatement” in this scenario refers to which of the following terminology?
- A security control
- Business impact
- Asset
- Threat agent
Q11 of 15
Which of the following is an attack on network, that exhausts the memory of server by sending large amount of requests, so that legitimate users cannot access the server?
- Spoofing
- Tampering
- Elevation of Privilege
- Denial of Service
Q12 of 15
Which of the following cryptography techniques can be used to verify data integrity?
- Public key cryptography
- Symmetric key cryptography
- Hashing
- Digital Signature
Q13 of 15
Which of the controls will you implement under “Defense in Depth” strategy to address SQL injection vulnerability?
- Input validation that rejects that potentially harmful inputs
- Use of Prepared Statements to construct queries
- Setting proper database permissions to ensure “Principle of Least Privilege”
- Use of Web Application firewalls that can block HTTP requests if it finds an SQL injection exploit
Q14 of 15
Businesses are increasingly leveraging new technologies such as mobile and cloud to enable strategic initiatives, and facilitate innovation. Although these initiatives provide many business benefits, the new evolving technology landscape can also introduce substantial security risks that threaten the sensitive corporate information.
Choose the most appropriate security objective/service that must be implemented to ensure that the sensitive information is not modified by unauthorized parties/ individuals.
- Confidentiality
- Integrity
- Availability
- Repudiation
Q15 of 15
Which of the following are good security practices for an organization to protect itself against sensitive data exposure?
- Encrypt data during transport and at rest
- Not storing sensitive data unnecessarily. Discarding it as soon as possible
- Use TLS while transmitting sensitive data
- Giving default privileges to users
