CS154 MOOC All Questions
A
The business continuity plan is equivalent to the incident response plan. A.True B.False
D
An Intrusion happens when: A.Some employee losses a device containing sensitive information. B.Employees use very easy to guess passwords. C.An attacker scans a system for vulnerabilities. D.An attacker takes advantage of a vulnerability on a system to gain access to it.
B
An access control model where access rights to resources are assigned centrally to users and cannot be changed by them is a A.Role based access control (RBAC) model B.Mandatory access control (MAC) model C.Discretionary access control (DAC) model
B
An access control policy establishes: A.The model of access for a specific system. B.A set of rules that determines if an identity is allowed to execute an operation over a resource. C.A method to verify the identity accessing a set of resources.
C
A Network Intrusion Detection System (NIDS): A.Must be configured with a set of rules to match the malicious behaviour. B.Is not needed when a firewall is already installed in the network. C.Analyses the content of network connections to ensure that malicious activities are not carried out through those connections.
B
A document being edited in an editing tool installed locally on a workstation is A.Data at rest. B.Data in use. C.Data in motion.
C
A document that is being sent attached in an email is A.Data in use. B.Data at rest. C.Data in motion.
A
A firewall: A.Filters incoming and outgoing packets based on a set of rules. B.Detects suspicious activity on the organisation network. C.Avoids other computers in the network from being infected with malware.
B. it is verifiably unaltered
A message has integrity if: A. it is authenticated B. it is verifiably unaltered C. it contains the truth D. it contains the senders handwritten signature
B
A picture saved into a memory card is A.Data in use. B.Data at rest. C.Data in motion.
A. The message is using a cryptographic protocol to implement confidentiality
A third party (e.g. a spy) is not able to read a message when: A. The message is using a cryptographic protocol to implement confidentiality B. The message is sent with integrity C. The message has high availability D. The message is sent using a nonrepudiation technique
A
A username and password sent to a social networking website are A.Data in motion. B.Data at rest. C.Data in use.
B
An information security policy is a standardised set of requirements that must be met to keep the organisation secure A.True B.False
B
Authentication always requires a password. A.True B.False
B
Denial of Service attacks only affect web application servers A.True B.False
A
If I can prove that a message has not been altered, which of the following services does my system provide? A.Integrity B.Nonrepudiation C.Availability D.Confidentiality
D. Nonrepudiation
If I can prove who the sender of a message is, which of the following services does my system provide? A. Confidentiality B. Integrity C. Availability D. Nonrepudiation
A. Confidentiality D. Authentication and authorisation
If I need to prove who I am in order to access a message, which of the following services does my messaging system provide? A. Confidentiality B. Availability C. Integrity D. Authentication and authorisation E. Nonrepudiation
BC
If an unauthorised change is made to company data/information or software, what type of information security risk is it considered to be? A.Unauthorised use B.Unauthorised modification C.Unauthorised destruction D.Unauthorised disclosure
B
In the Transport Layer Security (TLS) Protocol, the server proves its identity by: A.Providing a pre-shared password. B.Providing a digital certificate. C.Providing a public key D.The server does not need to prove its identity.
B
Information being sent through a cellular network could be eavesdropped by: (multiple answers possible) A.A device with a WiFi eavesdropping antenna in the same cell of the network. B.The base station providing access to the network. C.A cellular antenna located in a different non-adjacent cell of the network.
AC
Information being sent through a wired local network can be eavesdropped by: (multiple answers possible) A.Anyone with physical access to the network infrastructure. B.Anyone with access to a powerful enough wireless card C.Anyone with physical access to the cable connecting the nodes of the network.
BC
Information being sent to the Internet through a WiFI local wireless access point can be eavesdropped by: (multiple answers possible) A.Anyone with physical access to the cable connecting the nodes of the network. B.The access point providing access to the network C.A device with a WiFi eavesdropping antenna in the same network
D. All of the above
Management tries to ensure adherence to security policies by which of the following? (Multiple answers possible) A. Periodically asking employees to confirm their compliance with the policies. B. Testing employees. C. Creating training courses to ensure employees are aware. D. All of the above
B
Organisations can request to be certified against: A.Their ISO 27001 implementation of security policies. B.Their ISO 27001 implementation and operation of an information security management system. C.Their ISO 27002 implementations of controls. D.None of these answers.
D
Risk is defined as: A.The impact of a vulnerability that may affect the organization assets. B.A threat that may affect the organisation assets, independently of its vulnerabilities. C.The sum of the probabilities of having a vulnerability in each system within the organisation. D.A combination of the likelihood and impact of something harmful that may affect the organisation.
abcd (.86)
Risk management involves the following processes: A.Risk treatment. B.Risk elimination. C.Risk acceptance. D.Risk assessment. E.Risk communication. F.Risk creation. G.Risk avoidance.
C
SSL/TLS uses public-key encryption to establish symmetric keys because public-key encryption is: A.More secure B.Faster C.Necessary
BCDF
Select the items from the list that are considered phases in the management of security incidents. A.Implementation. B.Assessment. C.Investigation. D.Corrections. E.Logging. F.Reporting.
ABC
Select the items from the list that influence the likelihood of a threat being realised: A.Difficulty to exploit the vulnerability. B.Motivation of the attacker. C.Skills of the attacker.
ABCDE
Select the phases of development where a vulnerability can appear: A.Implementation B.Design C.Maintenance D.Analysis E.Deployment
BD
Select the protocols that could be used to secure an IEEE 802.11 network: A.UMTS. B.WEP. C.TLS D.WPA2
BD
Select which of the following items are requirements for an information security management system to operate: A.Intrusion detection. B.Document control C.Encryption. D.Internal audits.
ABE
Select which of the items in the list can be considered as a category of security control (not specific controls): A.Access control. B.Encryption. C.Version control. D.Document control. E.Asset management.
ACD
Select which of the items in this list can be considered specific security controls (not categories of controls): A.Employment termination. B.Access control. C.Equipment disposal. D.Document encryption.
IDK
Select, which of the following could prove your identity (individually, on their own) during an authentication process. (Note that this is a multiple-correct-answers question and the answer may include more than one option). A.Iris. B.Username. C.Email address. D.Palm veins pattern. E.Height.
B
Side channel attacks exploit weaknesses in: A.Protection of plaintext after it has been decrypted B.Implementation of cryptography C.Management of cryptographic keys
A
The ISO 27000 series is sector-agnostic. This is, it does not include any supplements to adapt sector specific processes for information security management. A.True. B.False.
ACD
The ISO 27000 standards series provides: (multiple answers possible) A.Description and guidance on security controls. B.Descriptions of how to establish and operate an information management system. C.Guidance on risk assessment. D.Definitions of basic terminology related to information security.
A
The ISO 27001 is: A.A standard that establishes the requirements for the implementation of an information security management system. B.A standard that describes the security policies that must be followed at all levels of an organisation. C.A document that defines the security controls that can be implemented within an information security management system. D.A set of recommendations to secure the information systems of an organisation.
try except f c d except f c (.83) except f (.67)
The Plan-Do-Check-Act model establishes a set of tasks that must be executed in cycles. Although this model was used in previous versions of the ISO 27001 standard, it is still valid as an effective approach to implement an effective Information Security Management System (ISMS). In fact, when implementing a ISMS using the Plan-Do-Check-Act (select those that are true): A.The acting stage involves acting on the findings of the checking stage to address the gaps found. B.The check phase involves verifying the activities that have been done to check if what was planned was done and what was done meets the security goals of the organisation. C.The check stage involves analysing the planned actions to verify if they will meet the security goals of the organisation. D.The planning stage is limited to the activities related to project planning and management. E.The planning stage includes all the activities to determine what is required for the ISMS. F.The acting stage involves executing all the planned actions during the planning phase.
B
The executable code of an application stored (not executing) in a phone is A.Data in motion. B.Data at rest. C.Data in use.
A
The formula that combines likelihood and impact to provide a value of risk is: A.Multiplying them. B.Dividing them. C.Summing them.
B
The implementation of an Information Security Management System requires us to identify the laws and legislations a company is subject to. Those are: A.The laws and regulations from the country of origin B.The laws and regulations from the countries the company is operating within
BCD
The information security policy of an organization A.Shouldn´t focus on the regulatory and legislation. B.Shouldn't be described in a single document. C.Should address the requirements created by the business strategy. D.Should take into account the information security threat landscape.
A
The least effective strategy for controlling use of cryptography today is probably exploiting weaknesses in: A.Design of cryptographic algorithms B.Key management C.Implementation of cryptography
D
The main purpose of cryptography is to: A.Translate each physical security mechanism into an equivalent digital security mechanism B.Achieve complete security in the digital world D.Provide a range of security mechanisms which can be used to support security in the digital world
B
We can consider a fingerprint as an authorisation system. A.True B.False
B. message nonrepudiation
What is the term that best describes the following: a sender is not able to deny sending a message, e.g. an email or text message A. message confidentiality B. message nonrepudiation C. message availability D. message integrity
ABC
What kinds of information do you think are susceptible to security threats? A.Data being actively used by a computer system B.Data being transmitted between two systems C.Data stored on a computer system
C
What security control from the list below would protect stored and transmitted data / information against unauthorised disclosure? A.Access control B.Technical control C.Cryptographic control D.Physical control
A. Loss of availability
Which aspect of security has failed when a denial of service (DoS) attack has occurred? A. Loss of availability B. Loss of confidentiality C. Loss of integrity D. Loss of privacy E. None of these answers
B. All of the answers combined.
Which of the answers best describes the discipline of information/cyber security? A. A computing-based discipline involving technology, people, information, and processes B. All of the answers combined. C. A discipline that focuses on the creation, operation, analysis, and testing of secure computer systems. D. An interdisciplinary course comprising elements of law, policy, human factors, ethics, and risk management
A
Which of the following answers best define privacy and confidentiality? A.That all non essential information about a transaction are removed from a public network or system and that data is protected. B.Checks that the parties to a transaction are who they claim to be C.Checks that the messages are complete and unaltered. D.Puts in measures to ensure the continuity and performance of the system. Ensures that the sender cannot deny sending the message.
ABF
Which of the following are knowledge areas in cyber security as we discussed in week 1? Select all that are correct. A.Cyber Physical Systems B.Cyber Ethics D.Network management E.Geo-politics F.Digital Forensics
C
Which of the following attacks is not typically countered through the use of cryptography? A.Unauthorised falsification of source of data B.Unauthorised modification of data C.Unauthorised prevention of access to data
A. The system checks that a message has been sent complete and unaltered.
Which of the following best defines integrity? A. The system checks that a message has been sent complete and unaltered. B. Checks that parties to a transaction are who they claim to be C. Ensures that threats to the continuity and performance of the system are mitigated. D.Ensures that the sender of a message cannot deny sending the message.
D. All of the above
Which of the following best describe Information Assurance? (Multiple answers possible) A. Seeks cost efficient solutions to mitigate risks B. Multi-disciplinary C. Includes security, people and processing D. All of the above
E. A sequence of symbols that convey some meaning in a given context
Which of the following best describes "information"? A. Documents such as books, the content on the World Wide Web (WWW) etc B. Data, such as census, medical or readings from sensors etc C. A discipline developed by Claude Shannon in the 1940's D. A computing-based discipline involving technology, people, information, and processes E. A sequence of symbols that convey some meaning in a given context
C
Which of the following best describes a series of characters that is used to verify a users identity in an information system? A.An IP (Internet Protocol) address B.The IMEI of a users mobile phone C.A password D.A user ID card
B
Which of the following should always be kept secret? A.The encryption/decryption algorithm B.The decryption key C.The encryption key
A
Which of these answers best describes methods for authenticating users in an information system? A.Passwords, biometrics, security tokens B.Identification, authorisation, security tokens C.Authorisation, passwords, security tokens D.Authorisation, identification, encryption
B. Information Assurance
Which of these is not a dimension in the RMIAS? A. Security Goals B. Information Assurance C. Information Taxonomy D. Security Countermeasures
C. Security countermeasures
Which of these is not part of the Information Security Lifecycle? A. Security design B. Security management and monitoring C. Security countermeasures D. Security requirements engineering E. Secure retirement of the information system