On This Page
This set of Information Security Multiple Choice Questions & Answers (MCQs) focuses on Information Security Set 2
Q1 | This was commonly used in cryptography during World War II.
- Tunneling
- Personalization
- Van Eck phreaking
- One-time pad
Q2 | Today, many Internet businesses and users take advantage of cryptography based onthis approach.
- Public key infrastructure
- Output feedback
- Encrypting File System
- Single sign on
Q3 | This is the name for the issuer of a PKI certificate.
- Man in the middle
- Certificate authority
- Resource Access Control Facility
- Script kiddy
Q4 | Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuringprogram by individuals and is also used by many corporations.
- DS
- OCSP
- Secure HTTP
- Pretty Good Privacy
Q5 | This is the encryption algorithm that will begin to supplant the Data Encryption Standard (DES) - and later Triple DES - over the next few years as the new standard encryption algorithm.
- Rijndael
- Kerberos
- Blowfish
- IPsec
Q6 | This is the inclusion of a secret message in otherwise unencrypted text or images.
- Masquerade
- Steganography
- Spoof
- Eye-in-hand system
Q7 | In password protection, this is a random string of data used to modify a password hash.
- Sheepdip
- Salt
- Bypass
- Dongle
Q8 | This is a mode of operation for a block cipher, with the characteristic that each possibleblock of plaintext has a defined corresponding cipher text value and vice versa.
- Foot printing
- Hash function
- Watermark
- Electronic Code Book
Q9 | This is a trial and error method used to decode encrypted data through exhaustiveeffort rather than employing intellectual strategies.
- Chaffing and winnowing
- Cryptanalysis
- Serendipity
- Brute force cracking
Q10 | An intruder might install this on a networked computer to collect user ids andpasswords from other machines on the network.
- Passphrase
- Root kit
- Ownership tag
- Token
Q11 | This type of intrusion relies on the intruder's ability to trick people into breakingnormal security procedures.
- Shoulder surfing
- Hijacking
- Brain fingerprinting
- Social engineering
Q12 | The developers of an operating system or vendor application might issue this to preventintruders from taking advantage of a weakness in their programming.
- Cookie
- Key fob
- Watermark
- Patch
Q13 | This is an attack on a computer system that takes advantage of a particularvulnerability that the system offers to intruders.
- Port scan
- Denial of service
- Exploit
- Logic bomb
Q14 | This is a program in which harmful code is contained inside apparently harmlessprogramming or data.
- Snort
- Honeypot
- Blue bomb
- Trojan horse
Q15 | This is the modification of personal information on a Web user's computer to gainunauthorized information with which to obtain access to the user's existing accounts.
- Identity theft
- Cookie poisoning
- Shoulder surfing
- Relative identifier
Q16 | This type of attack may cause additional damage by sending data containing codes designed to trigger specific actions - for example, changing data or disclosing confidential information.
- Buffer overflow
- Block cipher
- War dialing
- Distributed denial-of-service attack
Q17 | This is the forging of an e-mail header so that the message appears to have originatedfrom someone or somewhere other than the actual source.
- Foot printing
- Non repudiation
- E-mail spoofing
- Finger
Q18 | This is a type of network security attack in which the intruder takes control of acommunication between two entities and masquerades as one of them.
- Hijacking
- Identity theft
- Smurf attack
- Tunneling
Q19 | This is a compromised Web site that is being used as an attack launch point in a denialof-service attack.
- Bastion host
- Packet monkey
- Dongle
- Zombie
Q20 | This electronic "credit card" establishes a user's credentials when doing business orother transactions on the Web and is issued by a certification authority.
- Private key
- Digital certificate
- Smart card
- Ownership tag
Q21 | What "layer" of an e-mail message should you consider when evaluating e-mailsecurity?
- TCP/IP
- SMTP
- Body
- All of the above