image

Solution of Assignment Synopsis & Project Dissertation Report


PRODUCT DETAILS

Online-Typing-and-Filling

Title Name Information Security and Risk
University AMITY
Service Type Assignment
Course MBA
Semister Semester-IV-IT Cource: MBA
Short Name or Subject Code Information Security & Risk
Commerce line item Type Semester-IV-IT Cource: MBA
Product Assignment of MBA Semester-IV-IT (AMITY)

Solved Assignment


  Questions :-

Assignment- A

1. What are the 4 jobs of an operating system?

2. How does the Operating system keep track of the different disk drives?

3. What kind of natural hazards are not normally insurable?

4. Describe the trends in disaster management

5. What is network security and how does it protect you?

6. What is the Microsoft Encrypting File System and what are some of its features?

7. What is computer Security?

8. Discuss the concept of Local Security Policies

Assignment- B

1. What is the user authentication concept?

2. Discuss the key mechanism of Firewall.

3. Define the term "Disaster" and describe its classification

Assignment- C

1. In computer security............. means that the computer sytem assets can be modified only by authorized parties           

Options          

  1. Confidentiality           
  2. Integrity        
  3. Availability    
  4. Authencity

2. A computer security................ means that the information in acomputer sytem only can be accessible for reading by authorized parties  

Options          

  1. confidentiality           
  2. Integrity         
  3. Availibility     
  4. Authencity

3. Which of the following is independent malicious program that need not any host programe?    

Options          

  1. Trap Doors     
  2. Trojan horse   
  3. virus   
  4. worm

4. The .................... is code embedded in some legitimate program that is set to explode when certain conditions are met     

Options          

  1. Trap doors      
  2. Trojan horse   
  3. Logic bomb   
  4. Virus

5. which of the following malicious prog do not replicate authomatically ? 

Options          

  1. Trojan Horse
  2. Virus  
  3. Worm 
  4. Zombie

6. ......................Programs can be used to accomplish functions indirectly that an unauthorized user not accomplish directly           

Options          

  1. Zombie           
  2. worm  
  3. Trojan horse 
  4. Logic Bomb

7. state whether true of falls 1.A worm mails a copy of itself to other system 2.a worm executes a copy of itself on another system           

Options          

  1. true, false       
  2. false, true       
  3. true, true       
  4. false, false

8. ............ are used in denial of service attacks, typically against targeted web sites           

Options          

  1. Worm 
  2. Zombie          
  3. Virus  
  4. Trojan horse

9. ..................... is a form of virus explicitely designed to hide itself from detection by antivirus software

Options          

  1. Stealth Virus 
  2. Polymorphic virus      
  3. Parastic virus  
  4. macro virus

10. State whether the following statement is true 1. A macro virus is paltform indepecent 2. Macro viruese infect documents, not executabel portions of code 

Options          

  1. 1 only 
  2. 2 only 
  3. both 1 & 2     
  4. none

11. The type of auto executing macros, in microsoft word is/are      

Options          

  1. auto execute   
  2. auto macro     
  3. command macro         
  4. all of the above

12. In.................... the virus places an identical copy of itself into other programs or into certain sytem areas on the disk    

Options          

  1. Dormat phase 
  2. Propagation phase   
  3. Triggering Phase        
  4. execution phase          

13. In the world of computing, the essential element that controls how computers are used is       

Options          

  1. ethics  
  2. legal laws       
  3. security requiremnts   
  4. business demands

14. The guidelines for the morally acceptable use of computers in socitey are         

Options          

  1. computer ethics        
  2. privacy           
  3. morality          
  4. legal system

15. The issues that deal with the collection and use of data about individuals is     

Options          

  1. access 
  2. property          
  3. accuracy         
  4. privacy

16. The ethical issue concerned with the correctness of data collected is     

Options          

  1. access 
  2. property          
  3. Exactness      
  4. Privacy

17. The ethical issue that involves who is able to read and use data is          

Options          

  1. access 
  2. property          
  3. accuracy         
  4. privacy

18. The vast industry  involves the gathering and selling of personal data is

Options          

  1. direct marketing         
  2. fund raising    
  3. information reselling
  4. government agencies

Question No.  19        

The first step in developing a Business Continuity Plan (BCP) is developing a:      

Options          

  1.  Business Impact Analysis     
  2.  Risk Analysis Sheet  
  3.  Risk Mitigation Document   
  4.  Risk Assess ment Sheet

Question No.  20        

An analysis of threats based on impacts and prioritizing business disruptions based on severity and occurrence comes under the second step of developing a BCP, which is:                     

Options          

  1.  Risk Monitoring        
  2.  Risk Assessment      
  3.  BIA   
  4.  Risk Management

Question No.  21        

Testing the BCP regularly comes under the phase:   

Options          

  1.  Risk Assessment       
  2.  BIA   
  3.  Risk Monitoring        
  4.  Risk Management

Question No.  22        

Effectiveness of a BCP can be validated through     

Options          

  1.  Monitoring    
  2.  Assessment   
  3.  Feedback       
  4.  Testing

Question No.  23        

By using "__________" option in Windows, you can limit the ability of users and groups to perform various actions by assigning permissions.       

Options          

  1.  Network and Internet           
  2.  Hardware and Sound
  3.  Programs       
  4.  Local Users and Groups

Question No.  24        

A Windows NT ______ is the administrative unit of directory services.     

Options          

  1.  Directory       
  2.  File    
  3.  Domain         
  4.  Folder

Question No.  25        

Domains, Folders, Objects are a part of ________ structure of Windows OS.        

Options          

  1.  Physical         
  2.  Logical          
  3.  Both Physical and Logical    
  4.  None of the above

Question No.  26        

Encrypting File System (EFS) is a feature of:           

Options          

  1.  Microsoft Windows  
  2.  iOS    
  3.  Linux 
  4.  Unix

Question No.  27        

Cyber-attack is a kind of:      

Options          

  1.  Natural Disaster        
  2.  Man-Made disaster   
  3.  Both  
  4.  None of the above

Question No.  28        

Which password management feature ensures that a user cannot re use a password for a specific time?    

Options          

  1.  Account Locking      
  2.  Password Verification          
  3.  Password History      
  4.  Password Ageing

Question No.  29        

Composing hard-to-guess passwords is a good practice.      

Options          

  1.  FALSE          
  2. May or May not be TRUE     
  3.  TRUE           
  4.  Not Sure        

Question No.  30        

Study of encryption algorithms in order to find weaknesses in the system so as to retrieve plain text from cipher text without knowing the key/algorithm.  

Options          

  1.  Cryptography          
  2.  Key Analysis 
  3.  Algorithm Analysis   
  4.  Cryptanalysis

Question No.  31        

Capital ´A´ in CIA triangle stands for:           

Options          

  1.  Availability   
  2.  Authorization
  3.  Authentication          
  4.  Algorithm      

Question No.  32        

When the sender and receiver do not have a possibility of denying sending or receiving data, it is called the principle of:       

Options          

  1.  Confidentiality          
  2.  Non-repudiation        
  3.  Repudiation  
  4.  Integrity

Question No.  33        

While Symmetric key cryptography utilizes ___ key(s) for encryption, the asymmetric key cryptography uses ___ key(s).

Options          

  1.  1,2     
  2.  2,1     
  3.  1,1     
  4.  2,3

Question No.  34         Marks - 10

A software application that monitors network and system activities for malicious content and policy violations is termed as:       

Options          

  1.  Firewall         
  2.  Anti-Virus     
  3.  Anti-Malware
  4.  Intrusion Detection System

Question No.  35        

During an earthquake in Nepal, many computers were destroyed with significant data. This is a kind of: 

Options          

  1.  Accidental Error       
  2.  Malicious use
  3.  Unauthorized access 
  4.  Physical Threat          

Question No.  36        

Process to eliminate means of attack by patching vulnerabilities and turning off inessential services is called:       

Options          

  1.  Malicious Code elimination  
  2.  Attack Prevention Mechanism          
  3.  Hardening    
  4.  Disaster Management

Question No.  37        

The local security policy of a system is a set of information regarding the security of a local computer. It includes trusted _____, ______ accounts and ______ assigned to the accounts.

Options          

  1. Users, domain, privileges       
  2. Domains, user, privileges     
  3. Privileges, user, domains        
  4.  None of the above

Question No.  38        

Administrator and Guest are examples of ____ user accounts.         

Options          

  1.  Default         
  2.  Explicit          
  3.  Implicit          
  4.  None of the above

Question No.  39        

Rahul, an IT Engineer, while working on his system, noticed that a new Notepad tab has popped out and a message is being typed. This is an example of 

Options          

  1.  Unauthorized Access          
  2.  Malicious Code         
  3.  Network Attack        
  4.  Password Attack

Question No.  40        

A secret entry point in the code which could be exploited by malicious users is called:      

Options          

  1.  Virus 
  2.  Worm
  3.  Trapdoor     
  4.  Trojan Horse
  Answers :-

Information Security & Risk

  1. What are the 4 jobs of an operating system?

Answer:The basic functions of an operating system are:

  • Booting the computer
  • Performs basic computer tasks eg. managing the various peripheral devices eg mouse, keyboard
  • Provides a user interface, e.g. command line, graphical user interface (GUI)
  • Handles system resources such as computer´s memory and sharing of the central processing unit (CPU) time by various applications or peripheral devices

Booting the computer

The process of starting or restarting the computer is known as booting. A cold boot is when you turn on a computer that has been turned off completely. A warm boot is the process of using the operating system to restart the computer 

Performs basic computer task 

The operating system performs basic computer tasks, such as managing the various peripheral devices such as the mouse, keyboard and printers. For example, most operating systems now are plug and play which means a device such as a printer will automatically be detected and configured without any user intervention. 

Provides a user interface 

A user interacts with software through the user interface. The two main types of user interfaces are: command line and a graphical user interface (GUI). With a command line interface, the user interacts with the operating system by typing commands to perform specific tasks. An example of a command line interface is DOS (disk operating system). With a graphical user interface, the user interacts with the operating system by using a mouse to access windows, icons, and menus. An example of a graphical user interface is Windows Vista or Windows 7.

The operating system is responsible for providing a consistent application program interface (API) which is important as it allows a software developer to write an application on one computer and know that it will run on another computer of the same type even if the amount of memory or amount of storage is different on the two machines. 

Handles system resources

The operating system also handles system resources such as the computer´s memory and sharing of the central processing unit (CPU) time by various applications or peripheral devices. Programs and input methods are constantly competing for the attention of the CPU and demand memory, storage and input/output bandwidth. The operating system ensures that each application gets the necessary resources it needs in order to maximise the functionality of the overall system.

  1. How does the Operating system keep track of the different disk drives?

Answer:The main idea behind allocation is effective utilization of file space and fast access of the files. There are three types of allocation:

  • contiguous allocation
  • linked allocation
  • indexed allocation

In addition to storing the actual file data on the disk drive, the file system also stores metadata about the files: the name of each file, when it was last edited, exactly where it is on the disk, and what parts of the disk are "free". Free areas are not currently in use by the file data or the metadata, and so available for storing new files. (The places where this metadata is stored are often called "inodes", "chunks", "file allocation tables", etc. 

To keep track of the free space, the file system maintains a free-space list which tracks all the disk blocks which are free. To create a file, the required space is reserved for the file and the corresponding space is removed from the free list.

Contiguous allocation

With contiguous allocation, each file has to occupy contiguous blocks on the disk. The location of a file is defined by the disk address of the first block and its length. Both sequential access and direct/Random access are supported by the contiguous allocation. The disadvantage of contiguous allocation is that it is often difficult to find free space for a new file. Moreover, one is often not sure of the space required while creating a new file. The various methods adopted to find space for a new file suffer from external fragmentation. 

Linked allocation

In linked allocation, each file is a linked list of disk blocks. The directory contains a pointer to the first and (optionally the last) block of the file. For example, a file of 5 blocks which starts at block 4, might continue at block 7, then block 16, block 10, and finally block 27. Each block contains a pointer to the next block and the last block contains a NIL pointer. The value -1 may be used for NIL to differentiate it from block 0.

With linked allocation, each directory entry has a pointer to the first disk block of the file. This pointer is initialized to nil (the end-of-list pointer value) to signify an empty file. A write to a file removes the first free block and writes to that block. This new block is then linked to the end of the file. To read a file, the pointers are just followed from block to block.

There is no external fragmentation with linked allocation. Any free block can be used to satisfy a request. Notice also that there is no need to declare the size of a file when that file is created. A file can continue to grow as long as there are free blocks. Linked allocation, does have disadvantages, however. The major problem is that it is inefficient to support direct-access; it is effective only for sequential-access files. To find the ith block of a file, it must start at the beginning of that file and follow the pointers until the ith block is reached. Note that each access to a pointer requires a disk read. 

Indexed allocation

Linked allocation does not support random access of files, since each block can only be found from the previous. Indexed allocation solves this problem by bringing all the pointers together into an index block. This type of allocation will have a pointer which has the address of all the blocks of a file. This method solves the problem of fragmentation as the blocks can be stored in any location.           

  1. What kind of natural hazards are not normally insurable?

Answer:Landslides:

Earthquakes are a major cause of landslides. Landslides occur when masses of rock, earth material, or debris flows move down a slope due to gravity. Landslides can occur on any terrain if the conditions are right, and cause significant damage and casualties to people and property. In this lesson, students learn about earthquake-induced landslides and the associated hazards, and how and why landslides occur. In addition, students discuss steps they can take to reduce landslide hazards. 

  1. Describe the trends in disaster management.

Answer:Risk-based Planning and Resourcing

 As jurisdictions continue to have to figure out how to do more with less, risk-based planning and resourcing will become even more important. It will be more important than ever to be able to identify risk and make assessments of the potential of each risk and assign resources accordingly. Performance measures and the ability to show some benefits from monies spent may too become critical. 

Jurisdictions will need to become better at planning for assessed risks and managing those plans and resources to mitigate those risks, while still maintaining the ability to respond to unanticipated events. Emergency management can’t be a response entity but a planning and mitigation one.

Focused Social Media Use 

Not everyone in emergency management is taking advantage of the opportunities social media offers, but it’s become a viable, even necessary way to communicate with the public during and after a disaster. Sharing photos is one of the ways social media can help the emergency manager or public safety official. Law enforcement is using it as a tool to identify suspects and glean information on people of interest 

Building and Rebuilding for Sustainability 

There is no one-size-fits-all solution to developing a resilient community, and while there are usually multiple options to rebuilding, communities often fall into the trap of rebuilding the community as it was, inviting the same disaster scenario. The days of subsidizing bad behavior in the form of non-market-based flood insurance and federal aid that helps communities build back right in the crosshairs of the next disaster are waning. It’s too easy to make the wrong choice and build back as things were. 

Education

More and more, the emergency management and public safety fields will be asking for individuals with more education. There is an ongoing debate about education versus experience but both are important in an increasingly complicated world. As emergency management grows as a profession, the knowledge of emergency managers will have to be deeper. It is no longer a profession to “fall into.”

  1. What is network security and how does it protect you?

Answer:Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become ``wired´´, an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.

Some history of networking is included, as well as an introduction to TCP/IP and internetworking. We go on to consider risk management, network threats, firewalls, and more special-purpose secure networking devices. 

This is not intended to be a ``frequently asked questions´´ reference, nor is it a ``hands-on´´ document describing how to accomplish specific functionality. 

Many network security threats today are spread over the Internet. The most common include:

Viruses, worms, and Trojan horses

Spyware and adware

Zero-day attacks, also called zero-hour attacks

Hacker attacks

Denial of service attacks

Data interception and theft

Identity theft 

Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.

A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components often include:

Anti-virus and anti-spyware

Firewall, to block unauthorized access to your network

Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks

Virtual Private Networks (VPNs), to provide secure remote access

  1. What is the Microsoft Encrypting File System and what are some of its features?

Answer:Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure. 

 Some key features of EFS:

  • Encrypting is simple; just select a check box in the file or folder´s properties to turn it on.
  • You have control over who can read the files.
  • Files are encrypted when you close them, but are automatically ready to use when you open them.
  • If you change your mind about encrypting a file, clear the check box in the file´s properties.
  1. What is computer Security?

Answer:Computer Security is the protection of computing systems and the data that they store or access.

Computer security is a branch of Information Security and is often used interchangeably with the term. It encompasses several security measures such as software programs like anti-virus suites, firewalls, and user dependant measures such as activating deactivating certain software features like Java scripts, ActiveX and being vigilant in using the computer and the network resources or the Internet.

Why is Computer Security Important?

Prevention of data theft such as bank account numbers, credit card information, passwords, work related documents or sheets, etc. is essential in today’s communications since many of our day to day actions depend on the security of the data paths.

Data present in a computer can also be misused by unauthorized intrusions. An intruder can modify and change the program source codes and can also use your pictures or email accounts to create derogatory content such as pornographic images, fake misleading and offensive social accounts.

Malicious intents can also be a factor in computer security. Intruders often use your computers for attacking other computers or websites or networks for creating havoc. Vengeful hackers might crash someone’s computer system to create data loss. DDOS attacks can be made to prevent access to websites by crashing the server.

Above factors imply that your data should remain safe and confidential. Therefore, it is necessary to protect your computer and hence the need for Computer Security arises.

  1. Discuss the concept of Local Security Policies

Answer:Local security policy overview

A security policy is a combination of security settings that affect the security on a computer. You can use your local security policy to edit account policies and local policies on your local computer.

With the local security policy, you can control:

  • Who accesses your computer?
  • What resources users are authorized to use on your computer.
  • Whether or not a user or group´s actions are recorded in the event log.

How policy is applied to a computer that is joined to a domain

If your local computer is joined to a domain, you are subject to obtaining security policy from the domain´s policy or from the policy of any organizational unit that you are a member of. If you are getting policy from more than one source, then any conflicts are resolved in this order of precedence, from highest to lowest:

  • Organizational unit policy
  • Domain policy
  • Site policy
  • Local computer policy

When you modify the security settings on your local computer using the local security policy, then you are directly modifying the settings on your computer. Therefore, the settings take effect immediately, but this may only be temporary. The settings will actually remain in effect on your local computer until the next refresh of Group Policy security settings, when the security settings that are received from Group Policy will override your local settings wherever there are conflicts. The security settings are refreshed every 90 minutes on a workstation or server and every 5 minutes on a domain controller. The settings are also refreshed every 16 hours, whether or not there are any changes 

Case Detail:

There is no case study. Answer the following questions.

  1. What is the user authentication concept?

Answer:Authentication is an element of information security that enables you to protect the confidentiality, integrity and availability of the information flow, supported by the information systems in your business operations. With the increasing use of distributed systems based on open standards and flexible information sharing with multiple business partners, establishing the identities of communicating parties also becomes an important element in protecting your business operations.

Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access. The permissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of allocated storage space.

User authentication occurs within most human-to-computer interactions other than guest accounts, automatically logged-in accounts and kiosk computer systems. Generally, a user has to enter or choose an ID and provide their password to begin using a system.

  1. Discuss the key mechanism of Firewall. 

Answer:Firewalls are computer security systems that protect your office/home PCs or your network from intruders, hackers & malicious code. Firewalls protect you from offensive software that may come to reside on your systems or from prying hackers. In a day and age when online security concerns are the top priority of the computer users, Firewalls provide you with the necessary safety and protection.

Firewalls are software programs or hardware devices that filter the traffic that flows into you PC or your network through an internet connection. They sift through the data flow & block that which they deem (based on how & for what you have tuned the firewall) harmful to your network or computer system.

When connected to the internet, even a standalone PC or a network of interconnected computers make easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that makes you less vulnerable and also protect your data from being compromised or your computers being taken hostage.

How do they work? 

Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply security rules that can be set up by yourself or by the network administrators to allow traffic to their web servers, FTP servers, Telnet servers, thereby giving the computer owners/administrators immense control over the traffic that flows in & out of their systems or networks. 

Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and controlled thus giving the firewall installer a high level of security & protection.

Firewall logic 

Firewalls use 3 types of filtering mechanisms: 

Packet filtering or packet purity

Data flow consists of packets of information and firewalls analyse these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.

Proxy

Firewalls in this case assume the role of a recipient & in turn sends it to the node that has requested the information & vice versa.

Inspection

In this case Firewalls instead of sifting through all of the information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.

Firewall Rules

Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as: 

IP Addresses

 Blocking off a certain IP address or a range of IP addresses, which you think are predatory. What is my IP address?  Where is an IP address located?

Domain names

 You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil.

Protocols

 A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP, ICMP, Telnet or SNMP.

Ports

 Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.

Keywords

 Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.

Types of Firewall

software firewalls

 New generation Operating systems come with built in firewalls or you can buy a firewall software for the computer that accesses the internet or acts as the gateway to your home network.

Hardware firewalls

 Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web. 

  1. Define the term "Disaster" and describe its classification.

Answer:A disaster is a serious disruption of the functioning of a community or a society involving widespread human, material, economic or environmental losses and impacts, which exceeds the ability of the affected community or society to cope using its own resources.

General Classification 

Geophysical:  Events originating from solid earth.  Eg. Earthquake 

Meteorological: Events caused by short-lived/small to meso scale atmospheric processes (in the spectrum from minutes to days). Eg. Storm

Hydrological: Events caused by deviations in the normal water cycle and/or overflow of bodies of water caused by wind set-up .Eg. Flood 

Climatological: Events caused by long-lived/meso to macro scale processes (in the spectrum from intra-seasonal to multi-decadal climate variability). Eg. Drough 

Biological: Disaster caused by the exposure of living organisms to germs and toxic substances.

Eg. Epidemic

Section C

  1. In computer security............. means that the computer sytem assets can be modified only by authorized parties

Options          

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authencity

Ans.Integrity

  1. A computer security................ means that the information in acomputer sytem only can be accessible for reading by authorized parties

Options          

  1. confidentiality
  2. Integrity
  3. Availibility
  4. Authencity

 Ans.confidentiality

  1. Which of the following is independent malicious program that need not any host programe?

Options          

  1. Trap Doors
  2. Trojan horse
  3. virus
  4. worm

 Ans.worm

  1. The .................... is code embedded in some legitimate program that is set to explode when certain conditions are met

Options          

  1. Trap doors
  2. Trojan horse
  3. Logic bomb
  4. Virus

Ans. Logic bomb

  1. which of the following malicious prog do not replicate authomatically ?

Options          

  1. Trojan Horse
  2. Virus
  3. Worm
  4. Zombie

 Ans.Trojan Horse

  1. ......................Programs can be used to accomplish functions indirectly that an unauthorized user not accomplish directly

Options          

  1. Zombie
  2. worm
  3. Trojan horse
  4. Logic Bomb

 Ans.Trojan horse

  1. state whether true of falls 1.A worm mails a copy of itself to other system 2.a worm executes a copy of itself on another system

Options          

  1. true, false
  2. false, true
  3. true, true
  4. false, false

 Ans.true, true

  1. ............ are used in denial of service attacks, typically against targeted web sites

Options          

  1. Worm
  2. Zombie
  3. Virus
  4. Trojan horse

 Ans.Zombie

  1. ..................... is a form of virus explicitely designed to hide itself from detection by antivirus software

Options          

  1. Stealth Virus
  2. Polymorphic virus
  3. Parastic virus
  4. macro virus

Ans.Stealth Virus

  1. State whether the following statement is true 1. A macro virus is paltform indepecent 2. Macro viruese infect documents, not executabel portions of code

Options          

  1. 1 only
  2. 2 only
  3. both 1 & 2
  4. none

 Ans.both 1 & 2

  1. The type of auto executing macros, in microsoft word is/are

Options          

  1. auto execute
  2. auto macro
  3. command macro
  4. all of the above

Ans. all of the above

  1. In.................... the virus places an identical copy of itself into other programs or into certain sytem areas on the disk

Options          

  1. Dormat phase
  2. Propagation phase
  3. Triggering Phase
  4. execution phase

 Ans.Propagation phase

  1. In the world of computing, the essential element that controls how computers are used is

Options          

  1. ethics
  2. legal laws
  3. security requiremnts
  4. business demands

 Ans.ethics

  1. The guidelines for the morally acceptable use of computers in socitey are

Options          

  1. computer ethics
  2. privacy
  3. morality
  4. legal system

Ans. computer ethics

  1. The issues that deal with the collection and use of data about individuals is

Options          

  1. access
  2. property
  3. accuracy
  4. privacy

 Ans.privacy

  1. The ethical issue concerned with the correctness of data collected is

Options          

  1. access
  2. property
  3. Exactness
  4. Privacy

 Ans.Exactness

  1. The ethical issue that involves who is able to read and use data is

Options          

  1. access
  2. property
  3. accuracy
  4. privacy

 Ans.access

  1. The vast industry involves the gathering and selling of personal data is

Options          

  1. direct marketing
  2. fund raising
  3. information reselling
  4. government agencies

Ans. information reselling

Question No.  19        

The first step in developing a Business Continuity Plan (BCP) is developing a:      

Options          

  1. Business Impact Analysis     
  2. Risk Analysis Sheet  
  3. Risk Mitigation Document   
  4. Risk Assess ment Sheet

Ans.Risk Assess ment Sheet

Question No.  20        

An analysis of threats based on impacts and prioritizing business disruptions based on severity and occurrence comes under the second step of developing a BCP, which is:                      

Options          

  1. Risk Monitoring        
  2. Risk Assessment      
  3. BIA   
  4. Risk Management

 Ans.Risk Assessment   

Question No.  21        

Testing the BCP regularly comes under the phase:   

Options          

  1. Risk Assessment       
  2. BIA   
  3. Risk Monitoring        
  4. Risk Management

Ans. Risk Management

Question No.  22        

Effectiveness of a BCP can be validated through     

Options          

  1. Monitoring    
  2. Assessment   
  3. Feedback       
  4. Testing

 Ans Testing

Question No.  23        

By using "__________" option in Windows, you can limit the ability of users and groups to perform various actions by assigning permissions.       

Options          

  1. Network and Internet           
  2. Hardware and Sound
  3. Programs       
  4. Local Users and Groups

 Ans.Local Users and Groups

Question No.  24        

A Windows NT ______ is the administrative unit of directory services.     

Options          

  1. Directory       
  2. File    
  3. Domain         
  4. Folder

Ans.Domain 

Question No.  25        

Domains, Folders, Objects are a part of ________ structure of Windows OS.        

Options          

  1. Physical         
  2. Logical          
  3. Both Physical and Logical    
  4. None of the above

 Ans.Logical     

Question No.  26        

Encrypting File System (EFS) is a feature of:           

Options          

  1. Microsoft Windows  
  2. iOS    
  3. Linux 
  4. Unix

Ans. Microsoft Windows  

Question No.  27        

Cyber-attack is a kind of:      

Options          

  1. Natural Disaster        
  2. Man-Made disaster   
  3. Both  
  4. None of the above

Ans. Man-Made disaster

Question No.  28        

Which password management feature ensures that a user cannot re use a password for a specific time?    

Options          

  1. Account Locking      
  2. Password Verification          
  3. Password History      
  4. Password Ageing

 Ans. Password History

Question No.  29        

Composing hard-to-guess passwords is a good practice.      

Options          

  1. FALSE          
  2. May or May not be TRUE
  3. TRUE           
  4. Not Sure        

Ans. TRUE 

Question No.  30        

Study of encryption algorithms in order to find weaknesses in the system so as to retrieve plain text from cipher text without knowing the key/algorithm.        

Options          

  1. Cryptography          
  2. Key Analysis 
  3. Algorithm Analysis   
  4. Cryptanalysis

 Ans.Cryptography          

Question No.  31        

Capital ´A´ in CIA triangle stands for:           

Options          

  1. Availability   
  2. Authorization
  3. Authentication          
  4. Algorithm      

Ans. Availability 

Question No.  32        

When the sender and receiver do not have a possibility of denying sending or receiving data, it is called the principle of:    

Options          

  1. Confidentiality          
  2. Non-repudiation        
  3. Repudiation  
  4. Integrity

 Ans.Integrity

Question No.  33        

While Symmetric key cryptography utilizes ___ key(s) for encryption, the asymmetric key cryptography uses ___ key(s).     

Options          

  1. 1,2     
  2. 2,1     
  3. 1,1     
  4. 2,3

Ans. 1,2 

Question No.  34         Marks - 10

A software application that monitors network and system activities for malicious content and policy violations is termed as:   

Options          

  1. Firewall         
  2. Anti-Virus     
  3. Anti-Malware
  4. Intrusion Detection System

Ans. Intrusion Detection System

Question No.  35        

During an earthquake in Nepal, many computers were destroyed with significant data. This is a kind of: 

Options          

  1. Accidental Error       
  2. Malicious use
  3. Unauthorized access 
  4. Physical Threat          

 Ans.Accidental Error   

Question No.  36        

Process to eliminate means of attack by patching vulnerabilities and turning off inessential services is called:           

Options          

  1. Malicious Code elimination  
  2. Attack Prevention Mechanism          
  3. Hardening    
  4. Disaster Management

 Ans.Hardening  

Question No.  37        

The local security policy of a system is a set of information regarding the security of a local computer. It includes trusted _____, ______ accounts and ______ assigned to the accounts.

Options          

  1. Users, domain, privileges
  2. Domains, user, privileges
  3. Privileges, user, domains
  4. None of the above

 Ans.Domains, user, privileges

Question No.  38        

Administrator and Guest are examples of ____ user accounts.         

Options          

  1. Default         
  2. Explicit          
  3. Implicit          
  4. None of the above

 Ans.Default 

Question No.  39        

Rahul, an IT Engineer, while working on his system, noticed that a new Notepad tab has popped out and a message is being typed. This is an example of           

Options          

  1. Unauthorized Access          
  2. Malicious Code         
  3. Network Attack        
  4. Password Attack

Ans. Unauthorized Access    

Question No.  40        

A secret entry point in the code which could be exploited by malicious users is called:      

Options          

  1. Virus 
  2. Worm
  3. Trapdoor     
  4. Trojan Horse

 Ans.Trapdoor  

 

 

 

Review

Average user rating

4.8 / 5

Rating breakdown

5
80% Complete (danger)
1
4
80% Complete (danger)
1
3
80% Complete (danger)
0
2
80% Complete (danger)
0
1
80% Complete (danger)
0

January 29, 2015
This was nice in buy
Assignment from solve zone is probably one of the first preference of students.

October 09, 2016
This was nice in buy
I recommend a website that was really helpful throughout your session.

March 19, 2017
Some day ago
This was nice in buy
This was good in buy . I found all the answer correct and meaningful and had scored good marks
Back to top