Information Security & Risk

 

SECTION A

 

1. What are the 4 jobs of an operating system?

Answer:

 

2. How does the Operating system keep track of the different disk drives?

Answer:

 

3. What kind of natural hazards are not normally insurable?

Answer:

 

4. Describe the trends in disaster management.

Answer:

 

5. What is network security and how does it protect you?

Answer:

 

6. What is the Microsoft Encrypting File System and what are some of its features?

Answer:

 

7. What is computer Security?

Answer:

 

8. Discuss the concept of Local Security Policies

Answer:

 

SECTION B

 

Case Detail:

There is no case study. Answer the following questions.

 

1. What is the user authentication concept?

Answer:

 

2. Discuss the key mechanism of Firewall.

 

Answer:

 

3. Define the term "Disaster" and describe its classification.

Answer:

 

Section C

 

1. In computer security............. means that the computer sytem assets can be modified only by authorized parties

 

Options

1. Confidentiality

2. Integrity

3. Availability

4. Authencity

 

2. A computer security................ means that the information in acomputer sytem only can be accessible for reading by authorized parties

 

Options

1. confidentiality

2. Integrity

3. Availibility

4. Authencity

 

3. Which of the following is independent malicious program that need not any host programe?

 

Options

1. Trap Doors

2. Trojan horse

3. virus

4. worm

 

4. The .................... is code embedded in some legitimate program that is set to explode when certain conditions are met

 

Options

1. Trap doors

2. Trojan horse

3. Logic bomb

4. Virus

 

5. which of the following malicious prog do not replicate authomatically ?

 

Options

1. Trojan Horse

2. Virus

3. Worm

4. Zombie

 

6. ......................Programs can be used to accomplish functions indirectly that an unauthorized user not accomplish directly

 

Options

1. Zombie

2. worm

3. Trojan horse

4. Logic Bomb

 

7. state whether true of falls 1.A worm mails a copy of itself to other system 2.a worm executes a copy of itself on another system

 

Options

1. true, false

2. false, true

3. true, true

4. false, false

 

8. ............ are used in denial of service attacks, typically against targeted web sites

 

Options

1. Worm

2. Zombie

3. Virus

4. Trojan horse

 

9. ..................... is a form of virus explicitely designed to hide itself from detection by antivirus software

 

Options

1. Stealth Virus

2. Polymorphic virus

3. Parastic virus

4. macro virus

 

10. State whether the following statement is true 1. A macro virus is paltform indepecent 2. Macro viruese infect documents, not executabel portions of code

 

Options

1. 1 only

2. 2 only

3. both 1 & 2

4. none

 

11. The type of auto executing macros, in microsoft word is/are

 

Options

1. auto execute

2. auto macro

3. command macro

4. all of the above

 

12. In.................... the virus places an identical copy of itself into other programs or into certain sytem areas on the disk

 

Options

1. Dormat phase

2. Propagation phase

3. Triggering Phase

4. execution phase

 

13. In the world of computing, the essential element that controls how computers are used is

Options

1. ethics

2. legal laws

3. security requiremnts

4. business demands

 

14. The guidelines for the morally acceptable use of computers in socitey are

 

Options

1. computer ethics

2. privacy

3. morality

4. legal system

 

15. The issues that deal with the collection and use of data about individuals is

 

Options

1. access

2. property

3. accuracy

4. privacy

 

16. The ethical issue concerned with the correctness of data collected is

 

Options

1. access

2. property

3. Exactness

4. Privacy

 

17. The ethical issue that involves who is able to read and use data is

 

Options

1. access

2. property

3. accuracy

4. privacy

 

18. The vast industry  involves the gathering and selling of personal data is

 

Options

1. direct marketing

2. fund raising

3. information reselling

4. government agencies

 

Question No.  19

The first step in developing a Business Continuity Plan (BCP) is developing a:

Options

1.  Business Impact Analysis

2.  Risk Analysis Sheet

3.  Risk Mitigation Document

4.  Risk Assess ment Sheet

Question No.  20

An analysis of threats based on impacts and prioritizing business disruptions based on severity and occurrence comes under the second step of developing a BCP, which is:

Options

1.  Risk Monitoring

2.  Risk Assessment

3.  BIA

4.  Risk Management

 

Question No.  21

Testing the BCP regularly comes under the phase:

 

Options

1.  Risk Assessment

2.  BIA

3.  Risk Monitoring

4.  Risk Management

 

Question No.  22

Effectiveness of a BCP can be validated through

 

Options

1.  Monitoring

2.  Assessment

3.  Feedback

4.  Testing

 

Question No.  23

By using "__________" option in Windows, you can limit the ability of users and groups to perform various actions by assigning permissions.  

Options

1.  Network and Internet

2.  Hardware and Sound

3.  Programs

4.  Local Users and Groups

 

Question No.  24

A Windows NT ______ is the administrative unit of directory services.

Options

1.  Directory

2.  File

3.  Domain

4.  Folder

Question No.  25

Domains, Folders, Objects are a part of ________ structure of Windows OS.

 

Options

1.  Physical

2.  Logical

3.  Both Physical and Logical

4.  None of the above

 

Question No.  26

Encrypting File System (EFS) is a feature of:

Options

1.  Microsoft Windows

2.  iOS

3.  Linux

4.  Unix

 

Question No.  27

Cyber-attack is a kind of:  

Options

1.  Natural Disaster

2.  Man-Made disaster

3.  Both

4.  None of the above

 

Question No.  28

Which password management feature ensures that a user cannot re use a password for a specific time?  

Options

1.  Account Locking

2.  Password Verification

3.  Password History

4.  Password Ageing

 

Question No.  29

Composing hard-to-guess passwords is a good practice.

Options

1.  FALSE

2. May or May not be TRUE

3.  TRUE

4.  Not Sure

 

Question No.  30

Study of encryption algorithms in order to find weaknesses in the system so as to retrieve plain text from cipher text without knowing the key/algorithm.  

Options

1.  Cryptography

2.  Key Analysis

3.  Algorithm Analysis

4.  Cryptanalysis

 

Question No.  31

Capital 'A' in CIA triangle stands for:  

Options

1.  Availability

2.  Authorization

3.  Authentication

4.  Algorithm

 

Question No.  32

When the sender and receiver do not have a possibility of denying sending or receiving data, it is called the principle of:  

Options

1.  Confidentiality

2.  Non-repudiation

3.  Repudiation

4.  Integrity

 

Question No.  33

While Symmetric key cryptography utilizes ___ key(s) for encryption, the asymmetric key cryptography uses ___ key(s).  

Options

1.  1,2

2.  2,1

3.  1,1

4.  2,3

 

Question No.  34 Marks - 10

A software application that monitors network and system activities for malicious content and policy violations is termed as:

Options

1.  Firewall

2.  Anti-Virus

3.  Anti-Malware

4.  Intrusion Detection System

 

Question No.  35

During an earthquake in Nepal, many computers were destroyed with significant data. This is a kind of:  

Options

1.  Accidental Error

2.  Malicious use

3.  Unauthorized access

4.  Physical Threat

 

Question No.  36

Process to eliminate means of attack by patching vulnerabilities and turning off inessential services is called:

Options

1.  Malicious Code elimination

2.  Attack Prevention Mechanism

3.  Hardening

4.  Disaster Management

 

Question No.  37

The local security policy of a system is a set of information regarding the security of a local computer. It includes trusted _____, ______ accounts and ______ assigned to the accounts. 

Options

1. Users, domain, privileges

2. Domains, user, privileges

3. Privileges, user, domains

4.  None of the above

 

Question No.  38

Administrator and Guest are examples of ____ user accounts.

Options

1.  Default

2.  Explicit

3.  Implicit

4.  None of the above

 

Question No.  39

Rahul, an IT Engineer, while working on his system, noticed that a new Notepad tab has popped out and a message is being typed. This is an example of  

Options

1.  Unauthorized Access

2.  Malicious Code

3.  Network Attack

4.  Password Attack

 

Question No.  40

A secret entry point in the code which could be exploited by malicious users is called:

Options

1.  Virus

2.  Worm

3.  Trapdoor

4.  Trojan Horse