Notes

1. Which one of the following is responsible for storage, maintenance and protection of information?

a) data owner
b) data custodian
c) data users
d) CISO

2. In which phase of the SecSDLC must the InfoSec IT teams adapt to new threats of their information systems?

a) analysis
b) design
c) maintenance
d) implementation

3. Contingency planning is done in the ___________ phase of the SecSDLC
a) analysis
b) design
c) maintenance
d) implementation

4. System and network administrators create some policies to improve the security of their systems. This approach is called the _____ approach.
a) admin approach
b) technical approach
c) bottom-up
d) top-down

5. Which one of the following statements is true?
a) increasing the functionality and usability will also increase security of an information system
b) increasing security increases functionality and usability of an information system
c) increasing security decreases functionality and usability of an information system
d) increasing security has no effect on functionality and usability of an information system

6. Which one of the following components of an information system does not need to be secured?
a) people
b) hardware
c) software
d) networks
e) none

7. An employee while entering details of one customer enters some wrong information unintentionally. This is a violation of _________.
a) confidentiality
b) integrity
c) availability

8. For conducting a DDoS attack hackers will be using many _________.

a) IDS
b) Firewalls
c) zombie computers <<<<<<<

9. DDoS attacks are usually done to affect the ________ of an information system.
a) confidentiality
b) integrity
c) availability
d) authenticity

10. The college data centre is secured with fingerprint scanners, cameras and security guards and allows access to certain authorised persons only. This is an example of ______
a) physical security
b) personal security
c) communications security
d) network security

11. The first phase of SecSDLC begins with _______.
a) Business continuity plan (BCP)
b) Incident response plan (IRP)
c) Disaster Recovery Plan (DRP)
d) Enterprise Information Security Policy (EISP)

12. A computer is the _____________of an attack when it is used to conduct the attack
a) subject
b) object
c) target
d) facilitator

13. A company is using a large number of computers installed wiht windows XP which is no longer supported or updated by Microsoft. What category of threat does this situation represent?
a) compromise to intellectual proerty
b) deiation in quality of service
c) techincal software failure
d)technological obsolesence

14. Which plan is used to handle threats due to forces of nature?
a) Business Continuity Plan (BCP)
b) Incident Response Plan (IRP)
c) Disaster Recovery Plan (DRP)
d) Enterprise Information Security Policy (EISP)

15. Which one of the following is true?
a) When a threat is exploited it becomes a vulnerability
b) Threat and vulnerability are the same
c) a threat can lead to a vulnerability
d) a vulnerability can lead to a threat

16. Mail bombing is a _______ attack.
a) virus
b) worm
c) Dos
d) Trojan

17. A Programmer who recently left the company had made some changes in the application code to delete records randomly from the company databases at the end of every week. What type of attack is this?
a) Trojan horse
b) Logic bomb
c) Back door or trap door
d) polymorphic threat

18. A hacker is using the wireshark program to monitor all the data travelling on the network and he can see some login IDs and unencrypted passwords also. Which one of the following is this type of attack?

a) Man-in-the-Middle
b) spoofing
c)sniffing
d) Dos

19. You receive an email from nobody claiming to be from a bank saying that they immediately need you to login by clicking not the link provided and correct information about your office address details. Which one of the following is this type of attack?

a) social engineering
b) phishing
c) Pharming
d) Spoofing

20. Employees from a company A are using Facebook and linkdin to become friends with employees from company B to get details about their information systems and security. Which one of the following is this type of attack?

a) Social engineering
b) Phishing
c) Pharming
d) spoofing

21. Which one of the following malware will spread by copying itself to other machines on the network?
a) Viruses
b) worms
c) trojan horses
d) Logic bombs

22. You detect that your web servers are currently under a DoS attack. Which plan would you follow to hand this situation

a) Business Continuity plan (BCP)
b) incident Response plan (IRP)
c) disaster recovery plan (DROP)
d) Enterprise Information security policy (EISP)

23. _______ are the greatest threat to an organisations' information security

a) software attacks
b) hackers
c) crackers
d) employees

24. Mathkids company made an app to help kids practice basic maths and send detailed reports to parents.
MyInfoApps took the same ideas from the MathKids app but changed the colours and user interface to be more friendly to kids. Which one of the following is true regarding the situatuon?

a) Mathkids is violation intellectual property of MyInfoApps
b) MyInfoApps is violation intellectual proper of mathkids
c) This is case of information extortion by myinfoapps
d) myinfoapps can take legac action against mathkids

25. The technique in which a hacker modifies the source IP address of his requests to be the same as that of the network he is trying to hack into is called ________________________
a) sniffing
b) spoofing
c) spamming
d) main-in-the-middle