Information Security MCQs and Notes

R

Rakesh Kumar • 28.44K Points
Instructor II

Q 31. An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?

(A) Inspection of password files to detect inadvisable passwords

(B) Mechanisms put in place to reenact known methods of attack and record system responses

(C) Inspection of system to detect policy violations

(D) Inspection of configuration files to detect inadvisable settings

A

Admin • 36.96K Points
Coach

Q 32. This is is the hiding of a secret message within an ordinary message and the extraction of it at its destination.

(A) Secret key algorithm

(B) Message queuing

(C) Spyware

(D) Steganography

V

Vikash Gupta • 33.56K Points
Instructor I

Q 33. What is the purpose of a shadow honeypot?

(A) To flag attacks against known vulnerabilities

(B) To help reduce false positives in a signature-based IDS.

(C) To randomly check suspicious traffic identified by an anomaly detection system.

(D) To enhance the accuracy of a traditional honeypot.

V

Vikash Gupta • 33.56K Points
Instructor I

Q 34. This is an encryption/decryption key known only to the party or parties that exchange secret messages.

(A) E-signature

(B) Digital certificate

(C) Private key

(D) Security token

P

Praveen Singh • 36.81K Points
Coach

Q 35. A false positive can be defined as…

(A) An alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.

(B) An alert that indicates nefarious activity on a system that is not running on the network.

(C) The lack of an alert for nefarious activity.

(D) Both a. and b.

P

Praveen Singh • 36.81K Points
Coach

Q 36. Which of the following is an advantage of anomaly detection?

(A) Rules are easy to define.

(B) Custom protocols can be easily analyzed.

(C) The engine can scale as the rule set grows.

(D) Malicious activity that falls within normal usage patterns is detected.

P

Praveen Singh • 36.81K Points
Coach

Q 37. This is an assault on the integrity of a security system in which the attacker substitutes a section of cipher text (encrypted text) with a different section that looks like (but is not the same as) the one removed.

(A) Trojan horse

(B) Hashing

(C) Switching fabric

(D) Cut and paste attack

A

Admin • 36.96K Points
Coach

Q 38. This enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

(A) Security Identifier (SID)

(B) Public key infrastructure (PKI)

(C) Internet Assigned Numbers Authority (IANA)

(D) Private Branch Exchange (PBX)

A

Admin • 36.96K Points
Coach

Q 39. ___________is a form of eavesdropping used to pick up telecommunication signals by monitoring the electromagnetic fields produced by the signals.

(A) Reverse engineering

(B) Magneto resistive head technology

(C) Van Eck phreaking

(D) Electronic data processing (EDP)

V

Vikash Gupta • 33.56K Points
Instructor I

Q 40. This is a Peripheral Component Interconnect (PCI) card that offloads SSL processing to speed up secure transactions on e-commerce Web sites.

(A) PCMCIA card

(B) Smart card

(C) Server accelerator card

(D) Network interface card