On This Page

This set of Information Security Multiple Choice Questions & Answers (MCQs) focuses on Information Security Set 2

Q1 | This was commonly used in cryptography during World War II.
  • Tunneling
  • Personalization
  • Van Eck phreaking
  • One-time pad
Q2 | Today, many Internet businesses and users take advantage of cryptography based onthis approach.
  • Public key infrastructure
  • Output feedback
  • Encrypting File System
  • Single sign on
Q3 | This is the name for the issuer of a PKI certificate.
  • Man in the middle
  • Certificate authority
  • Resource Access Control Facility
  • Script kiddy
Q4 | Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuringprogram by individuals and is also used by many corporations.
  • DS
  • OCSP
  • Secure HTTP
  • Pretty Good Privacy
Q5 | This is the encryption algorithm that will begin to supplant the Data Encryption Standard (DES) - and later Triple DES - over the next few years as the new standard encryption algorithm.
  • Rijndael
  • Kerberos
  • Blowfish
  • IPsec
Q6 | This is the inclusion of a secret message in otherwise unencrypted text or images.
  • Masquerade
  • Steganography
  • Spoof
  • Eye-in-hand system
Q7 | In password protection, this is a random string of data used to modify a password hash.
  • Sheepdip
  • Salt
  • Bypass
  • Dongle
Q8 | This is a mode of operation for a block cipher, with the characteristic that each possibleblock of plaintext has a defined corresponding cipher text value and vice versa.
  • Foot printing
  • Hash function
  • Watermark
  • Electronic Code Book
Q9 | This is a trial and error method used to decode encrypted data through exhaustiveeffort rather than employing intellectual strategies.
  • Chaffing and winnowing
  • Cryptanalysis
  • Serendipity
  • Brute force cracking
Q10 | An intruder might install this on a networked computer to collect user ids andpasswords from other machines on the network.
  • Passphrase
  • Root kit
  • Ownership tag
  • Token
Q11 | This type of intrusion relies on the intruder's ability to trick people into breakingnormal security procedures.
  • Shoulder surfing
  • Hijacking
  • Brain fingerprinting
  • Social engineering
Q12 | The developers of an operating system or vendor application might issue this to preventintruders from taking advantage of a weakness in their programming.
  • Cookie
  • Key fob
  • Watermark
  • Patch
Q13 | This is an attack on a computer system that takes advantage of a particularvulnerability that the system offers to intruders.
  • Port scan
  • Denial of service
  • Exploit
  • Logic bomb
Q14 | This is a program in which harmful code is contained inside apparently harmlessprogramming or data.
  • Snort
  • Honeypot
  • Blue bomb
  • Trojan horse
Q15 | This is the modification of personal information on a Web user's computer to gainunauthorized information with which to obtain access to the user's existing accounts.
  • Identity theft
  • Cookie poisoning
  • Shoulder surfing
  • Relative identifier
Q16 | This type of attack may cause additional damage by sending data containing codes designed to trigger specific actions - for example, changing data or disclosing confidential information.
  • Buffer overflow
  • Block cipher
  • War dialing
  • Distributed denial-of-service attack
Q17 | This is the forging of an e-mail header so that the message appears to have originatedfrom someone or somewhere other than the actual source.
  • Foot printing
  • Non repudiation
  • E-mail spoofing
  • Finger
Q18 | This is a type of network security attack in which the intruder takes control of acommunication between two entities and masquerades as one of them.
  • Hijacking
  • Identity theft
  • Smurf attack
  • Tunneling
Q19 | This is a compromised Web site that is being used as an attack launch point in a denialof-service attack.
  • Bastion host
  • Packet monkey
  • Dongle
  • Zombie
Q20 | This electronic "credit card" establishes a user's credentials when doing business orother transactions on the Web and is issued by a certification authority.
  • Private key
  • Digital certificate
  • Smart card
  • Ownership tag
Q21 | What "layer" of an e-mail message should you consider when evaluating e-mailsecurity?
  • TCP/IP
  • SMTP
  • Body
  • All of the above