Informationsecuritymanagement

Informationsecurity(ISec)describesactivitiesthatrelatetotheprotection
ofinformationandinformationinfrastructureassetsagainsttherisksofloss,
misuse,disclosureordamage.
Informationsecuritymanagement(ISM)describescontrolsthatan
organizationneedstoimplementtoensurethatitissensiblymanagingthese
risks.
Theriskstotheseassetscanbecalculatedbyanalysisofthefollowing
issues:
Threatstoyourassets:Theseareunwantedeventsthatcouldcause
thedeliberateoraccidentalloss,damageormisuseoftheassets
Vulnerabilities:Howsusceptibleyourassetsaretoattack
Impact:Themagnitudeofthepotentiallossortheseriousnessofthe
event.

Network Security
1- A Self-Enforcing Protocol
(A) Makes it obvious to all parties involved in a
transaction when a party attempts to cheat.
(B)Uses an adjudicator to evaluate if any party to the
transaction cheated
(C)Uses a trusted third party (TTP) to mediate the
transaction between the various parties
(D) Others
2- Disadvantages in using an arbitrated computer protocol.
(A) Two sides may not agree on a neutral third party.
(B)Arbitration causes a time in communication
(C)Secrecy becomes invulnerable,
(D) Others
3- One of Goals Of secure computing is :
(A) Confidentiality
(B)Interruption
(C)Modification
(D) Others
4-One of the following is threats to security in computing:
(A)Confidentiality
(B) Interruption
(C)Integrity
(D) Others
5- Circuit-level Gateway means :
(A)Stand-alone system
(B)Specialized function performed by an Application-level
Gateway
(C)Sets up two TCP connections
(D) All
6- Fabrication:
(A) Counterfeit objects on a computing system.

(B)Changing the values in a database modifying a program

so that it performs an additional computation,
(C)An asset of the system becomes lost,
(D) Others
7- Integrity:
(A)Viewing, printing
(B) Separation and protection of the resources
(C)Access to computing resources without difficulties.
(D) Others
8- Trojan horse is -:
(A) A program that overtly does one thing while
covertly doing another
(B)Can be used to spread infection from one computer to
another.
(C)A program that has a secret entry point.
(D) Others
9- Storage media
(A)A collections of software, hardware
(B)The intruder may steal computer time just to do
computing and he can destroy software
(C) Effective security plans consider adequate
backups of data and physical protection for the
media contains these backups.
(D) Others
10 - OS Controls:
(A) Limitations enforced By the OS to protect each
user from other users
(B)Quality standards under which program is designed,
coded, tested und maintained
(C)Parts of the program that enforce security restriction such
as access limitation in a data base management system
(D) Others
11-

Cipher text is:

(A) The encrypted form.
(B)A system of encryption and decryption
(C)Hidden writing.
(D) Others

12- Transient
(A) Runs when its attached program executes and
terminates when its attached program ends
(B)Locates itself in memory so that it can remain active even
after its attached program ends

(C)A class of malicious code that detonates when a specified

condition occurs
(D) Others
13- Packet-filtering Router means:
(A) Applies a set of rules to each incoming IP packet
and then forwards or discards the packet
(B)Also called proxy server
(C)Acts as a relay of application-level traffic
(D) Others
14- Appended Viruses
(A)Virus code runs the original program but has control
before and after its execution.
(B) Virus code attaches itself to a program and is
activated whenever the program is run.
(C)Virus program replaces some of its target, integrating
itself into the original code of the target.
(D) Others
15 - Homes for Viruses
(A)Boot Sector Viruses
(B)Memory-Resident Viruses
(C)Other Homes (like Application)
(D) All
16 - Virus signatures are used by virus scanners to detect the virus
in
(A) Storage Patterns
(B)Boot Sector
(C)Object code
(D) Others
17- Polymorphic Viruses using encryption contains three parts one
of them:
(A)Encryption key
(B)Encrypted code
(C) Unencrypted object code of the decryption
routine
(D) Others

18- Preventing Virus Infection:

(A) Use only commercial software acquired from
reliable, well established vendors
(B)Test all old software on an isolated computer

(C)Make many copies for your software

(D) Others
19-The Sources of Trapdoors are:
(A)Debug commands left is code before r testing
(B) Poor error checking
(C)A small amount of money is shaved from each
computation
(D) Others
20 The Causes of Trapdoors are:
(A) Forgets to remove them
(B)Intentionally leaves them for programmers
(C)Intentionally leaves them for users
(D) Others
21- The Basic Principles of Software Engineering is:
(A)Division of Labor
(B)Reuse of Code
(C)Use of Standard Pre-constructed Software tools
(D) All
22- Characteristics of a Module are:
(A) Unity
(B)Reuse of Code
(C)Organized Activity
(D) Others
23- Program correctness proofs are hindered by:
(A)Program translation is error prone
(B)The logical engines are slow
(C)Proofs of correctness have not been consistently and
successfully applied to large production systems
(D) all
24- Characteristics of Trusted Software are:
(A)Functional Correctness
(B)Enforcement of Integrity
(C)Limited Privilege
(D) all
25-

By Patents we mean :
(A) Protect inventions
(B)Algorithms are facts of nature
(C)Patent process is expensive
(D) Others

26-In the fire wall service control:

(A)Determines the types of Internet services that can be
accessed, inbound or outbound
(B)Determines the direction in which particular service
requests are allowed to flow
(C)Controls access to a service according to which user is
attempting to access it
(D) Others
27-Threats are categorized as:
(A) Passive or active
(B)Traffic
(C)Masquerade
(D) Others
28- Release of message contents means:
(A)Obtain information that is being transmitted.
(B) Telephone conversation, email message and
transferred
files.
(C)Attack that have a specific target
(D) Others
29-The basic elements of model of access control are:
(A) Subject, Object, Access right
(B)Capability list, Object, Access right
(C)Centralized, Decentralized
(D) Others
30-In the boot sector viruses, virus:
(A) Gains control very early in the boot process
before most detection tools are active
(B)Gains control very early in the boot process after most
detection tools are active
(C)Gains control in AUTOEXEC.BAT batch file
(D) Others
31) By Salami Attack virus we mean:
(A)Control viruses
(B) A small amount of money is shaved from each
computation
(C)Trapdoors persist
(D) Others
32) The main idea of peer review is:
(A)Each team member has a clear design document
(B)Team members review each others code
(C)All team members recognize that the product belongs to
the group

(D) ALL the above

33) What is a network?
(A)A single main processor
(B) More than one independent processor.
(C)More users and computing systems have access
(D) Others
34) Complexity is one of network security problems that mean:
(A) Network may combine two or more dissimilar
operating systems with mechanisms for interhost
connection
(B)Sensitive data
(C)Insertion of bogus messages
(D) Others
35) Authentication is:
(A)Modification
(B)Insertion
(C) Hard to assure identity of user on a remote
system
(D) Others
36) Copyrights means:
(A) Protect expression of ideas
(B)Protect inventions
(C)Allows the distribution of the result of the secret
(D) Others
37) Trade Secret means:
(A) Information that gives one company a competitive
edge over others
(B)Provides protection for the source code and not the
algorithm
(C)Copy distributed that must be marked
(D) Others
38) Communication systems are used to transmit data, it concerns
the following:
(A)Availability
(B)Security
(C)Integrity
(D) Others
39) Masquerade in communication systems means:
(A)This attack may have a specific target
(B) Takes place when one entity pretends to be
different entity
(C)The message are delayed

(D) Others
40) Open design principle means:
(A) The security of system should not depend on
keeping the design of its mechanism secret
(B)Interfere with the work of users
(C)Security mechanisms should simple and small as
possible.
(D) Others
41) One of the general techniques for Firewall Characteristics is :
(A)Packet-filtering routers
(B)Application-level gateways
(C)Circuit-level gateways
(D) Others
42) The behavior control allows:
(A) Controls how particular services are used
(B)Controls access to a service according to which user is
attempting to access it
(C)The types of Internet services that can be accessed
(D) Others
43) Filter packets going:
(A) In both directions
(B)In One direction
(C)In Parallel direction
(D) Others
44) The main disadvantages of packet-filtering Router:
(A)Simplicity
(B)Transparency to users
(C) Lack of Authentication
(D) Others
45) We can call the application-level Gateway:
(A)Stand-alone system
(B) Proxy server
(C)The SOCKS package
(D) Others
46-The primary choice for password storage:
A- Clear text
B- Encrypted password
C- Hash value of a password
D- All of the above

47-The best storage locations for passwords is.

A-Root or administrator readable only
B-Readable by anyone.
AC- Any file
D- All of the above.
48- Client/Server Model A Network Access Server (NAS) operates as
ABCD-

Client to RADIUS.
User for RADIUS server.
Peer to RADIUS server.
None of the above

49- In RADIUS any user passwords are sent

ABCD-

encrypted.
Hashed.
In clear text.
None of the above.

50- In a computer protocol arbiter is a trustworthy third party who

ensures
A- Fairness.
B- Truth.
C- Data.
D- People.
51- Low error propagation is one of the advantages of.
A- asymmetric
B- Block Ciphers
C- Stream Ciphers
D- none of the above.
52- Substitution ciphers.
A- The order of plaintext letters is rearranged during encryption.
B- Letters of the plaintext messages are replaced with other
letters during the encryption.
C- A & B.
D- None of the above.
53- One of the security Phases is Response, it means.
A-plans/processes that focus on security improvements.
B- proactive risk reduction

C- to take measures that allow recovery of assets or recovery

from damage, and minimize losses.
D- to take measures to detect whether an asset has been
damaged, how, and who has caused the damage.
54- Transient
Viruses
A- Locates itself in memory so that it can remain active even
after its attached program ends
B-Runs when its attached program executes and
terminates when its attached program ends
C- A & B
D- none of the above
55- Appended Viruses
A- Virus code attaches itself to a program and is activated
whenever the program is run.

B- Virus code runs the original program but has control before
and after its execution.
C- Virus program replaces some of its target, integrating itself
into the original code of the target.
D- A & C.
56- Virus attaches itself to memory resident code.
A- Virus gains control very early in the boot process before most
detection tools are active.
B- Virus is activated many times while the machine is
running
C- Virus embeds itself in data files
D-None of the above.
D57- The DBMS maintains the integrity by:
A- Applying field checks
B- Access control
C- Change log
D- All of the above
58-Interruption affects
A- availability
Bintegrity
C- authenticity

D- none of the above

59-Modification affects
A- availability
Bintegrity
C- authenticity
D- none of the above
60-Error detection and correction is one of the aspects of
A- availability
Bintegrity
C- authenticity
D- none of the above
61-International Standards in Information Security are developed by
A- the
A- IETF
BC- ETSI
CB- IEEE
DC- ISO/IEC
62-

the above graph represent the.

A- Asymmetric Cryptosystem
B- symmetric Cryptosystem
C- Hash function
D- Web Access with SSL

63this picture represent

A- Arbitrated Protocols

AB- Adjudicated Protocols

.
C- A Hardware protocols.
D- Self-Enforcing Protocols
.