INF140 Exam 33 Questions with Verified Answers
... are difficult to identify as they keep on changing their type and signature - CORRECT ANSWER
... [Show More] Polymorphic Virus
... is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it - CORRECT ANSWER Cryptography
... is a naming system given to different computers which adapt to human-readable domain names. - CORRECT ANSWER DNS
... is not an attack technique where numerous TCP segments are spoofed with a bogus source address which is then sent to a server - CORRECT ANSWER Ping flooding attack
A ... is a method in which a computer security mechanism is bypassed untraceable for accessing the computer or its information. - CORRECT ANSWER Backdoor
A ... is a small malicious program that runs hidden in a legitimate like software. - CORRECT ANSWER Trojan
A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the traffic from such sources is known as a ... - CORRECT ANSWER DDoS attack
Access control is a broad term that covers several different types of mechanisms that enforce access control features on computer systems, networks, and information. When a user wants to access a system, progressively, there will be four security controls in the system: ___, ___, ___, and ___. - CORRECT ANSWER identification, authentication, authorization, auditing
According to the CIA Triad, which of the below-mentioned element is not covered in the triad? - CORRECT ANSWER Authenticity
An access control mechanism dictates how subjects access objects. There are different access models. A system that uses ___ enables the owner of the resource to specify which subjects can access specific resources. In ___ , users do not have the discretion of determining who can access objects. Instead, this model greatly reduces the amount of rights, permissions, and functionality a user has for security purposes. - CORRECT ANSWER descretionary access control (DAC), mandatory access control (MAC)
Backdoors would not be designed as ... - CORRECT ANSWER embedded code of anti-malware
Existence of weakness in a system or network is called ... - CORRECT ANSWER Volunerability
In a computer system, access is the flow of information between two entities. A/An ___ is an active entity that requests access to a/an ___. A/An ___ is a passive entity that contains information or needed functionality. - CORRECT ANSWER subject, object, object
Suicide Hackers are those who ... - CORRECT ANSWER break a system for some specific purpose with or without keeping in mind that they may suffer long term imprisonment due to their malicious activity
Suppose a user's password is hashed with SHA256 and the hash is then stored in a system. In practice, which of the following will significantly reduce the security level and may lead to a successful password cracking?
A. the user's password consists of only 20 lower-case letters
B. upper-case letters in the user's password are converted to lowercase letters before the password is hashed C. SHA256 is replaced with a fast hash function with 64-bit digest - CORRECT ANSWER BC
The full form of Malware is ... - CORRECT ANSWER Malicious Software
The integrity of data is not related to which of the following? - CORRECT ANSWER The extraction of data to share with unauthorized entities
The intent of a ... is to overkill the targeted server's bandwidth and other resources of the target website - CORRECT ANSWER DoS attack
Trojans normally do not do one of the following. What is that? - CORRECT ANSWER Protecting Data
Unexpectedly, you get an email from a colleague who requests you to urgently click on an email link which they have sent you. What is the safest option? - CORRECT ANSWER Do not click the link. Phone the sender for verification
Which of the following are common features of a computer virus and a trojan horse?
A. residing in a software
B. replicating itself in the infected system and network
C. exploiting system flaws and vulnerabilities in a system
D. running itself when certain condition is triggered
E. sending message to a remote controller - CORRECT ANSWER CD
Which of the following are security controls of user authentication?
A. a person uses a room card to open a hotel room
B. a person provides user name and password when login to a website
C. a person enters the letters from the image of "I am not a robot" in a login page
D. a person opens his/her mobile phone with fingerprint
E. a user in a system is promted "Permission Denied" when he/she opens a file in the system - CORRECT ANSWER ABD
Which of the following are the type of preventative security control?
A. user authentication
B. data encryption
C. data backup
D. firewall
E. intrusion detection system
F. anti-malware system
G. least-privilege access control - CORRECT ANSWER ABDG
Which of the following belong to the social engineering attack?
A. an attacker uses a telephone system to gain access to private personal and financial information from the public
B. an attacker sends an e-mail that appears to come from a legitimate business requesting "verification" of information
C. an attacker pretends to be another person with the goal of gaining access physically to a system or building - CORRECT ANSWER ABC
+
D. a student wants to see a student fellow's grade at mittuib but is rejected
Which of the following characteristics are provided by the RADIUS?
A. accountability
B. authorization
C. availability
D. authentication
E. aggregation
F. anti-malware - CORRECT ANSWER ABD
Which of the following firewalls act both client and server roles in controlling networl traffic?
A. packet filtering firewalls
B. stateful packet inspection firewalls C. application-proxy firewalls
D. circuit-proxy firewalls - CORRECT ANSWER CD
Which of the following is a type of transport layer DoS? - CORRECT ANSWER TCP flooding
Which of the following processes use an access control list?
A. a student logins mittuib with his/her student credentials
B. a student downloads some lecture slides at mittuib
C. a student check his/her grade for a course at mittuib
D. a student wants to see a student fellow's grade at mittuib but is rejected
E. a lecture uploads lecture notes for his/her course at mittuib - CORRECT ANSWER BCDE
Which of the following security features can be provided by cryptographic primitives?
A. accountability
B. authorization
C. authentication
D. availability - CORRECT ANSWER AC
Which of the protocol is not used at the network layer of the TCP/IP model? - CORRECT ANSWER HTTP
Which statements about public-key certificate are correct?
A. it is used to authenticate an entity in a network
B. it is widely used because public-key ciphers are more secure than symmetric ciphers
C. it is widely used because it makes key distribution more easily in the Internet
D. it is used to prevent man-in-the-middle attack in a network - CORRECT ANSWER ACD
Who are the targets of modern day hackers? - CORRECT ANSWER Any organisation or individual is liable to be the victim of hackers.
Why the elements confidentiality, integrity, authentication, authorization and availability are considered fundamental? - CORRECT ANSWER They help understands security and its components better [Show Less]