Sei sulla pagina 1di 17

Sample Final Exam Questions

Test Yourself
Here is a course review in the form of self-test questions, covering
questions that are related to modules after the midterm.
Sample Final Exam Questions

1. The first step in deploying new systems is _________.

Please select the correct option and then click the "Check Your
Answer" button.

a. security testing
b. installing patches
c. planning
d. secure critical content
That's correct.

2. The following steps should be used to secure an operating


system:

Please select the correct option and then click the "Check Your
Answer" button.

a. test the security of the basic operating system


b. remove unnecessary services
c. install and patch the operating system
d. Both A and B
e. All of the above
That's correct.

3. __________ applications is a control that limits the programs


that can execute on the system to just those in an explicit list.

Please select the correct option and then click the "Check Your
Answer" button.
a. Virtualizing
b. White listing
c. Logging
d. Patching
e. Firewalling
That's correct.

4. The range of logging data acquired should be determined


_______.

Please select the correct option and then click the "Check Your
Answer" button.

a. during security testing


b. as a final step
c. after monitoring average data flow volume
d. during the system planning stage
e. system analysis
That's correct.

5. The most important changes needed to improve system


security are to ______.

Please select the correct option and then click the "Check Your
Answer" button.

a. disable remotely accessible services that are not required


b. ensure that applications and services that are needed are
appropriately configured
c. disable services and applications that are not required
d. All of the above
e. None of the above
That's correct.

6. The use of __________ avoids the complexity of software


installation, maintenance, upgrades, and patches.

Please select the correct option and then click the "Check Your
Answer" button.
a. SaaS
b. MaaS
c. PaaS
d. IaaS
e. SecaaS
That's correct.

7. A __________ infrastructure is made available to the general


public or a large industry group and is owned by an
organization selling cloud services.

Please select the correct option and then click the "Check Your
Answer" button.

a. community cloud
b. private cloud
c. hybrid cloud
d. public cloud
e. None of the above
That's correct.

8. Examples of services delivered through the __________


include database on demand, e-mail on demand, and storage
on demand.

Please select the correct option and then click the "Check Your
Answer" button.

a. hybrid cloud
b. public cloud
c. private cloud
d. community cloud
e. All of the above
That's correct.

9. A __________ is a person or organization that maintains a


business relationship with, and uses service from, cloud
providers.
Please select the correct option and then click the "Check Your
Answer" button.

a. cloud auditor
b. cloud service consumer
c. cloud broker
d. cloud carrier
e. cloud provider
That's correct.

10. __________ is the monitoring, protecting, and verifying


the security of data at rest, in motion, and in use.

Please select the correct option and then click the "Check Your
Answer" button.

a. Web security
b. Security assessments
c. Intrusion management
d. Data loss prevention
e. Intrusion prevention
That's correct.

11. The core of ___________ is the implementation of


intrusion detection systems and intrusion prevention systems
at entry points to the cloud and on servers in the cloud.

Please select the correct option and then click the "Check Your
Answer" button.

a. Intrusion management
b. SIEM
c. security assessments
d. web security
e. risk analysis
That's correct.
12. __________ comprise measures and mechanisms to
ensure operational resiliency in the event of any service
interruptions.

Please select the correct option and then click the "Check Your
Answer" button.

a. Data loss prevention


b. Security information and event management
c. Network security
d. Business continuity and disaster recovery
e. Firewall
That's correct.

13. A __________ interconnects the IoT-enabled devices with


the higher-level communication networks.

Please select the correct option and then click the "Check Your
Answer" button.

a. microcontroller
b. gateway
c. carrier
d. sensor
e. Actuator
That's correct.

14. The most vulnerable part of an IoT is the __________ .

Please select the correct option and then click the "Check Your
Answer" button.

a. RFID
b. fog/edge network
c. core network
d. smart objects/embedded systems
e. data center/cloud
That's correct.
15. __________ has two operating modes, one tailored for
single-source communication, and another tailored for multi-
source broadcast communication.

Please select the correct option and then click the "Check Your
Answer" button.

a. Edge
b. Keystone
c. OpenSource
d. MiniSec
e. All of the above
That's correct.

16. __________ ensures that critical assets are sufficiently


protected in a cost-effective manner.

Please select the correct option and then click the "Check Your
Answer" button.

a. IT control
b. IT security management
c. IT discipline
d. IT risk implementations
e. Both A & B
That's correct.

17. IT security management functions include:

Please select the correct option and then click the "Check Your
Answer" button.

a. determining organizational IT security objectives, strategies,


and policies
b. detecting and reacting to incidents
c. specifying appropriate safeguards
d. all of the above
That's correct.
18. The objective of the ________ control category is to
counteract interruptions to business activities and to protect
critical business processes from the effects of major failures
of information systems or disasters and to ensure their timely
resumption.

Please select the correct option and then click the "Check Your
Answer" button.

a. asset management
b. business continuity management
c. information security incident management
d. physical and environmental security
e. Risk assessment
That's correct.

19. Identification and authentication is part of the _______


class of security controls.

Please select the correct option and then click the "Check Your
Answer" button.

a. technical
b. operational
c. management
d. all of the above
e. None of the above
That's correct.

20. Maintenance of security controls, security compliance


checking, change and configuration management, and
incident handling are all included in the follow-up stage of the
_________

Please select the correct option and then click the "Check Your
Answer" button.

a. technical
b. security awareness and training
c. maintenance
d. operational
e. management
That's correct.

21. Periodically reviewing controls to verify that they still


function as intended, upgrading controls when new
requirements are discovered, ensuring that changes to
systems do not adversely affect the controls, and ensuring
new threats or vulnerabilities have not become known are all
________ tasks.

Please select the correct option and then click the "Check Your
Answer" button.

a. security compliance
b. maintenance
c. incident handling
d. program management
e. risk analysis
That's correct.

22. ______ mode is typically used for a general-purpose


block-oriented transmission and is useful for high-speed
requirements.

Please select the correct option and then click the "Check Your
Answer" button.

a. ECB
b. OFB
c. CFB
d. ECC
e. CTR
That's correct.

23. __________ is a term that refers to the means of


delivering a key to two parties that wish to exchange data
without allowing others to see the key.
Please select the correct option and then click the "Check Your
Answer" button.

a. Session key
b. Subkey
c. Key distribution technique
d. Ciphertext key
e. all of the above
That's correct.

24. An example of a wireless __________ attack is one in


which bogus reconfiguration commands are used to affect
routers and switches to degrade network performance.

Please select the correct option and then click the "Check Your
Answer" button.

a. identity theft
b. ad hoc network
c. network injection
d. man-in-the-middle
e. IP spoofing
That's correct.

25. A(n) __________ is any entity that has station


functionality and provides access to the distribution system
via the wireless medium for associated stations.

Please select the correct option and then click the "Check Your
Answer" button.

a. ESS
b. access point
c. distribution system
d. MPDU
e. Antenna
That's correct
26. The unit of data exchanged between two peer MAC
entities using the services of the physical layer is a(n)
____________.

Please select the correct option and then click the "Check Your
Answer" button.

a. extended service set


b. MPDU
c. MSDU
d. station
e. access point
That's correct.

27. A system used to interconnect a set of basic service sets


and LANs to create an extended service set is a _________.

Please select the correct option and then click the "Check Your
Answer" button.

a. distribution system
b. coordination function
c. MAC data unit
d. wireless access system
e. dispatch function
That's correct.

28. What is the maximum spped or throughput of 802.11n?

Please select the correct option and then click the "Check Your
Answer" button.

a. 11 Mbps
b. 54 Mbps
c. 600 Mpbs
d. 1.3 Gbps
e. 3.5 Gbps
That's correct.
29. What is the IEEE standard for Bluetooth?

Please select the correct option and then click the "Check Your
Answer" button.

a. 802.15
b. 802.16
c. 802.11i
d. 802.15.4
e. 802.15.1
That's correct.

30. The wireless CSMA/CA collision handling is implemented


through _________.

Please select the correct option and then click the "Check Your
Answer" button.

a. RTS/CTS
b. 3-way handshaking
c. 4-way handshaking
d. DORA
e. CSU/DSU
That's correct.

31. Which of the following wireless standards does support


frequencies of 2.4 and 5.0 Ghz?

Please select the correct option and then click the "Check Your
Answer" button.

a. 802.11a
b. 802.11i
c. 802.11g
d. 802.11ac
e. 802.11n
That's correct.
32. The Canadian PIPEDA privacy protection law consists of
how many guiding principles?

Please select the correct option and then click the "Check Your
Answer" button.

a. 5
b. 6
c. 7
d. 10
e. 12
That's correct.

33. The final form of the 802.11i standard is referred to as


________.

Please select the correct option and then click the "Check Your
Answer" button.

a. WEP
b. RSN
c. Wi-Fi
d. WPA
e. WPA2
That's correct.

34. Establishing security policy, objectives, processes and


procedures is part of the ______

Please select the correct option and then click the "Check Your
Answer" button.

a. plan
b. check
c. act
d. analyze
e. none of the above
That's correct.
35. The intent of the ________ is to provide a clear overview
of how an organization’s IT infrastructure supports its overall
business objectives.

Please select the correct option and then click the "Check Your
Answer" button.

a. risk register
b. corporate security policy
c. vulnerability source
d. threat assessment
e. security analysis
That's correct.

36. The advantages of the _________ approach are that it


doesn’t require the expenditure of additional resources in
conducting a more formal risk assessment and that the same
measures can be replicated over a range of systems.

Please select the correct option and then click the "Check Your
Answer" button.

a. combined
b. informal
c. baseline
d. detailed
e. formal
That's correct.

37. The _________ approach involves conducting a risk


analysis for the organization’s IT systems that exploits the
knowledge and expertise of the individuals performing the
analysis.

Please select the correct option and then click the "Check Your
Answer" button.

a. baseline
b. combined
c. detailed
d. informal
e. formal
That's correct.

38. A ________ is a key used between entities for the


purpose of distributing session keys.

Please select the correct option and then click the "Check Your
Answer" button.

a. permanent key
b. session key
c. distribution key
d. all of the above
e. none of the above
That's correct.

39. The follow-up stage of the management process includes


_________.

Please select the correct option and then click the "Check Your
Answer" button.

a. maintenance of security controls


b. security compliance checking
c. incident handling
d. All of the above
e. None of the above
That's correct.

40. The objective of the ________ control category is to


avoid breaches of any law, statutory, regulatory, or
contractual obligations, and of any security requirements.

Please select the correct option and then click the "Check Your
Answer" button.

a. access
b. asset management
c. compliance
d. business continuity management
e. All of the above
That's correct.

41. Severe messages, such as immediate system shutdown,


is a(n) _____ severity.

Please select the correct option and then click the "Check Your
Answer" button.

a. alert
b. emerge
c. crit
d. warning
e. risk
That's correct.

42. The _______ module performs end-to-end encryption and


obtains session keys on behalf of users.

Please select the correct option and then click the "Check Your
Answer" button.

a. PKM
b. RCM
c. SSM
d. CCM
e. ECC
That's correct.

43. Cryptographic systems are generically classified by


_________.

Please select the correct option and then click the "Check Your
Answer" button.
a. the type of operations used for transforming plaintext to
ciphertext
b. the number of keys used
c. the way in which the plaintext is processed
d. all of the above
e. none of the above
That's correct.

44. IPsec can assure that _________.

Please select the correct option and then click the "Check Your
Answer" button.

a. a router advertisement comes from an authorized router


b. a routing update is not forged
c. a redirect message comes from the router to which the initial
packet was set
d. all of the above
e. none of the above
That's correct.

45. The most complex part of TLS is the __________.

Please select the correct option and then click the "Check Your
Answer" button.

a. signature
b. message header
c. payload
d. Heartbeat
e. handshake protocol
That's correct.

PREVIOUS
Topics

©2016 The Chang School, Ryerson University


 Terms & Conditions(Opens light box window)
 Web Policy(Opens light box window)
 Developer Login