Exam Practice

Sample Final Exam Questions
Test Yourself
Here is a course review in the form of self-test questions, covering
questions that are related to modules after the midterm.
Sample Final Exam Questions
1. The first step in deploying new systems is _________.
Please select the correct option and then click the "Check Your
Answer" button.
a. security testing
b. installing patches
c. planning
d. secure critical content
That's correct.
2. The following steps should be used to secure an operating

system:
Answer" button.
a. test the security of the basic operating system

b. remove unnecessary services
c. install and patch the operating system
d. Both A and B
e. All of the above
That's correct.
3. __________ applications is a control that limits the programs

that can execute on the system to just those in an explicit list.
Answer" button.
a. Virtualizing
b. White listing
c. Logging
d. Patching
e. Firewalling
That's correct.
4. The range of logging data acquired should be determined

_______.
Answer" button.
a. during security testing

b. as a final step
c. after monitoring average data flow volume
d. during the system planning stage
e. system analysis
That's correct.
5. The most important changes needed to improve system

security are to ______.
Answer" button.
a. disable remotely accessible services that are not required

b. ensure that applications and services that are needed are
appropriately configured
c. disable services and applications that are not required
d. All of the above
e. None of the above
That's correct.
6. The use of __________ avoids the complexity of software

installation, maintenance, upgrades, and patches.
Answer" button.
a. SaaS
b. MaaS
c. PaaS
d. IaaS
e. SecaaS
That's correct.
7. A __________ infrastructure is made available to the general

public or a large industry group and is owned by an
organization selling cloud services.
Answer" button.
a. community cloud
b. private cloud
c. hybrid cloud
d. public cloud
That's correct.
8. Examples of services delivered through the __________

include database on demand, e-mail on demand, and storage
on demand.
Answer" button.
a. hybrid cloud
b. public cloud
c. private cloud
d. community cloud
e. All of the above
That's correct.
9. A __________ is a person or organization that maintains a

business relationship with, and uses service from, cloud
providers.
Answer" button.
a. cloud auditor
b. cloud service consumer
c. cloud broker
d. cloud carrier
e. cloud provider
That's correct.
10. __________ is the monitoring, protecting, and verifying

the security of data at rest, in motion, and in use.
Answer" button.
a. Web security
b. Security assessments
c. Intrusion management
d. Data loss prevention
e. Intrusion prevention
That's correct.
11. The core of ___________ is the implementation of

intrusion detection systems and intrusion prevention systems
at entry points to the cloud and on servers in the cloud.
Answer" button.
a. Intrusion management
b. SIEM
c. security assessments
d. web security
e. risk analysis
That's correct.
12. __________ comprise measures and mechanisms to
ensure operational resiliency in the event of any service
interruptions.
Answer" button.
a. Data loss prevention

b. Security information and event management
c. Network security
d. Business continuity and disaster recovery
e. Firewall
That's correct.
13. A __________ interconnects the IoT-enabled devices with

the higher-level communication networks.
Answer" button.
a. microcontroller
b. gateway
c. carrier
d. sensor
e. Actuator
That's correct.
14. The most vulnerable part of an IoT is the __________ .
Answer" button.
a. RFID
b. fog/edge network
c. core network
d. smart objects/embedded systems
e. data center/cloud
That's correct.
15. __________ has two operating modes, one tailored for
single-source communication, and another tailored for multi-
source broadcast communication.
Answer" button.
a. Edge
b. Keystone
c. OpenSource
d. MiniSec
e. All of the above
That's correct.
16. __________ ensures that critical assets are sufficiently

protected in a cost-effective manner.
Answer" button.
a. IT control
b. IT security management
c. IT discipline
d. IT risk implementations
e. Both A & B
That's correct.
17. IT security management functions include:
Answer" button.
a. determining organizational IT security objectives, strategies,

and policies
b. detecting and reacting to incidents
c. specifying appropriate safeguards
d. all of the above
That's correct.
18. The objective of the ________ control category is to
counteract interruptions to business activities and to protect
critical business processes from the effects of major failures
of information systems or disasters and to ensure their timely
resumption.
Answer" button.
a. asset management
b. business continuity management
c. information security incident management
d. physical and environmental security
e. Risk assessment
That's correct.
19. Identification and authentication is part of the _______

class of security controls.
Answer" button.
a. technical
b. operational
c. management
d. all of the above
That's correct.
20. Maintenance of security controls, security compliance

checking, change and configuration management, and
incident handling are all included in the follow-up stage of the
_________
Answer" button.
a. technical
b. security awareness and training
c. maintenance
d. operational
e. management
That's correct.
21. Periodically reviewing controls to verify that they still

function as intended, upgrading controls when new
requirements are discovered, ensuring that changes to
systems do not adversely affect the controls, and ensuring
new threats or vulnerabilities have not become known are all
________ tasks.
Answer" button.
a. security compliance
b. maintenance
c. incident handling
d. program management
e. risk analysis
That's correct.
22. ______ mode is typically used for a general-purpose

block-oriented transmission and is useful for high-speed
requirements.
Answer" button.
a. ECB
b. OFB
c. CFB
d. ECC
e. CTR
That's correct.
23. __________ is a term that refers to the means of

delivering a key to two parties that wish to exchange data
without allowing others to see the key.
Answer" button.
a. Session key
b. Subkey
c. Key distribution technique
d. Ciphertext key
e. all of the above
That's correct.
24. An example of a wireless __________ attack is one in

which bogus reconfiguration commands are used to affect
routers and switches to degrade network performance.
Answer" button.
a. identity theft
b. ad hoc network
c. network injection
d. man-in-the-middle
e. IP spoofing
That's correct.
25. A(n) __________ is any entity that has station

functionality and provides access to the distribution system
via the wireless medium for associated stations.
Answer" button.
a. ESS
b. access point
c. distribution system
d. MPDU
e. Antenna
That's correct
26. The unit of data exchanged between two peer MAC
entities using the services of the physical layer is a(n)
____________.
Answer" button.
a. extended service set

b. MPDU
c. MSDU
d. station
e. access point
That's correct.
27. A system used to interconnect a set of basic service sets

and LANs to create an extended service set is a _________.
Answer" button.
a. distribution system
b. coordination function
c. MAC data unit
d. wireless access system
e. dispatch function
That's correct.
28. What is the maximum spped or throughput of 802.11n?
Answer" button.
a. 11 Mbps
b. 54 Mbps
c. 600 Mpbs
d. 1.3 Gbps
e. 3.5 Gbps
That's correct.
29. What is the IEEE standard for Bluetooth?
Answer" button.
a. 802.15
b. 802.16
c. 802.11i
d. 802.15.4
e. 802.15.1
That's correct.
30. The wireless CSMA/CA collision handling is implemented

through _________.
Answer" button.
a. RTS/CTS
b. 3-way handshaking
c. 4-way handshaking
d. DORA
e. CSU/DSU
That's correct.
31. Which of the following wireless standards does support

frequencies of 2.4 and 5.0 Ghz?
Answer" button.
a. 802.11a
b. 802.11i
c. 802.11g
d. 802.11ac
e. 802.11n
That's correct.
32. The Canadian PIPEDA privacy protection law consists of
how many guiding principles?
Answer" button.
a. 5
b. 6
c. 7
d. 10
e. 12
That's correct.
33. The final form of the 802.11i standard is referred to as

________.
Answer" button.
a. WEP
b. RSN
c. Wi-Fi
d. WPA
e. WPA2
That's correct.
34. Establishing security policy, objectives, processes and

procedures is part of the ______
Answer" button.
a. plan
b. check
c. act
d. analyze
e. none of the above
That's correct.
35. The intent of the ________ is to provide a clear overview
of how an organization’s IT infrastructure supports its overall
business objectives.
Answer" button.
a. risk register
b. corporate security policy
c. vulnerability source
d. threat assessment
e. security analysis
That's correct.
36. The advantages of the _________ approach are that it

doesn’t require the expenditure of additional resources in
conducting a more formal risk assessment and that the same
measures can be replicated over a range of systems.
Answer" button.
a. combined
b. informal
c. baseline
d. detailed
e. formal
That's correct.
37. The _________ approach involves conducting a risk

analysis for the organization’s IT systems that exploits the
knowledge and expertise of the individuals performing the
analysis.
Answer" button.
a. baseline
b. combined
c. detailed
d. informal
e. formal
That's correct.
38. A ________ is a key used between entities for the

purpose of distributing session keys.
Answer" button.
a. permanent key
b. session key
c. distribution key
d. all of the above
That's correct.
39. The follow-up stage of the management process includes

_________.
Answer" button.
a. maintenance of security controls

b. security compliance checking
c. incident handling
d. All of the above
That's correct.
40. The objective of the ________ control category is to

avoid breaches of any law, statutory, regulatory, or
contractual obligations, and of any security requirements.
Answer" button.
a. access
b. asset management
c. compliance
d. business continuity management
e. All of the above
That's correct.
41. Severe messages, such as immediate system shutdown,

is a(n) _____ severity.
Answer" button.
a. alert
b. emerge
c. crit
d. warning
e. risk
That's correct.
42. The _______ module performs end-to-end encryption and

obtains session keys on behalf of users.
Answer" button.
a. PKM
b. RCM
c. SSM
d. CCM
e. ECC
That's correct.
43. Cryptographic systems are generically classified by

_________.
Answer" button.
a. the type of operations used for transforming plaintext to
ciphertext
b. the number of keys used
c. the way in which the plaintext is processed
d. all of the above
That's correct.
44. IPsec can assure that _________.
Answer" button.
a. a router advertisement comes from an authorized router

b. a routing update is not forged
c. a redirect message comes from the router to which the initial
packet was set
d. all of the above
That's correct.
45. The most complex part of TLS is the __________.
Answer" button.
a. signature
b. message header
c. payload
d. Heartbeat
e. handshake protocol
That's correct.
PREVIOUS
Topics
©2016 The Chang School, Ryerson University

 Terms & Conditions(Opens light box window)
 Web Policy(Opens light box window)
 Developer Login

Exam Practice

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Exam Practice

Caricato da

Copyright:

Formati disponibili

Sample Final Exam Questions

1. The first step in deploying new systems is _________.

2. The following steps should be used to secure an operating

a. test the security of the basic operating system

3. __________ applications is a control that limits the programs

4. The range of logging data acquired should be determined

a. during security testing

5. The most important changes needed to improve system

a. disable remotely accessible services that are not required

6. The use of __________ avoids the complexity of software

7. A __________ infrastructure is made available to the general

8. Examples of services delivered through the __________

9. A __________ is a person or organization that maintains a

10. __________ is the monitoring, protecting, and verifying

11. The core of ___________ is the implementation of

a. Data loss prevention

13. A __________ interconnects the IoT-enabled devices with

14. The most vulnerable part of an IoT is the __________ .

16. __________ ensures that critical assets are sufficiently

17. IT security management functions include:

a. determining organizational IT security objectives, strategies,

19. Identification and authentication is part of the _______

20. Maintenance of security controls, security compliance

21. Periodically reviewing controls to verify that they still

22. ______ mode is typically used for a general-purpose

23. __________ is a term that refers to the means of

24. An example of a wireless __________ attack is one in

25. A(n) __________ is any entity that has station

a. extended service set

27. A system used to interconnect a set of basic service sets

28. What is the maximum spped or throughput of 802.11n?

30. The wireless CSMA/CA collision handling is implemented

31. Which of the following wireless standards does support

33. The final form of the 802.11i standard is referred to as

34. Establishing security policy, objectives, processes and

36. The advantages of the _________ approach are that it

37. The _________ approach involves conducting a risk

38. A ________ is a key used between entities for the

39. The follow-up stage of the management process includes

a. maintenance of security controls

40. The objective of the ________ control category is to

41. Severe messages, such as immediate system shutdown,

42. The _______ module performs end-to-end encryption and

43. Cryptographic systems are generically classified by

44. IPsec can assure that _________.

a. a router advertisement comes from an authorized router

45. The most complex part of TLS is the __________.

©2016 The Chang School, Ryerson University

Potrebbero piacerti anche