MIS 374-Practice Exam 2
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?
25
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
What is NOT a valid encryption key length for use with the Blowfish algorithm?
512 bits
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Accountability
Alice would like to send a message to Bob using a digital signature. What cryptographic key does alice use to create the digital signature?
Alice's private key
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Alices private key
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
During what phase of a remote access connection does the end user prove his or her claim of identity?
Authentication
During which phase of the access control process does the system answer the question, "What can the requestor access?"
Authorization
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?
Authorization
Which information security objective allows trusted entities to endorse information?
Certification
which information security objective allows trusted entities to endorse information?
Certification
Which audit data collection method ensures that information gathering covers all relevant areas
Checklist
An algorithm used for cryptographic purposes is known as a __________.
Cipher
Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?
Confidentiality
Which activity manages the baseline settings for a system or device?
Configuration control
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
A __________ is a representation of a physical signature stored in a digital format.
Digital signature
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
The act of scrambling plaintext into ciphertext is known as __________.
Encryption
what mathematical problem forms the basis of most modern cryptographic algorithms?
Factoring Large Primes
A private key cipher is also called an asymmetric key cipher.
False
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False positive error
What is NOT a good approach for destroying data on a magnetic disc?
Formatting
what type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
Hash
which one of the following is an example of a logical access control?
Password
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL injection
In what type attack does the attacker send unauthorized commands directly to database?
SQL injection
There are several types of software development methods, but most traditional methods are based on the ________ model.
WaterFall
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
What standard is NOT secure and should never be used on modern wireless networks?
Wired Equivalent Privacy (WEP)
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)
legacy encryption for wireless networks. it is weak and does not provide sufficient protection for most traffic
Wired Equivalent Privacy(WEP)
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
chosen plaintext
Which intrusion detection system strategy relies upon pattern matching?
signature detection
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alices public key
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Black-box test
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?
Bobs public key
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
which of the following is an example of a hardware security control?
MAC filtering
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
which security testing activity uses tools that scan for services running on system?
Network mapping
Which regulatory standard would NOT require audits of companies in the United States?
Personal Information Protection and Electronic Documents Act
what is NOT a goal of information security awareness programs ?
Punish users who violate policy
which item is an auditor least likely to review during a system controls audit?
Resumes of system administrators
In what type of attack does the attacker send unauthorized commands directly to a database?
SQL injection
Having one person authorized to write checks and another to issue checks is an example of
Separation of duties
An encryption cipher that uses the same key to encrypt and decrypt is called a(n) __________ key.
Symmetric
DES, IDEA, RC4, and WEP are examples of __________.
Symmetric algorithms
This security monitoring tool would identify an unauthorized change to a computer system
System integrity monitoring
Which type of cipher works by rearranging the characters in a message?
Transposition
Current encryption for wireless networks. Much stronger than WEP, it is the recommended encryption for wireless use
Wi-Fi Protected Access (WPA)
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?
Separation of duties
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Service level agreement (SLA)
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, Stream, Substitution
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution