Unit 1 Chap 2

1. A is a term used to describe where a threat originates and the path it

takes to reach a target.
a. threat vector
b. Malicious mobile code
c. Advanced Persistent Threats
d. Manual attacks
Correct answer: a. threat vector

2 Viruses infect the data running on top of an application by using the program’s
macro or scripting language
a. Boot sector
b. Macro
c. Computer worm
d. Trojans
Correct answer: b. Macro

3. is a self-replicating program that uses other host files or code to replicate

a. Malicious mobile code
b. Content Attack
c. Computer Virus
d. DNS spoofing
Correct answer: c. Computer Virus

4. Which one of the following is not an Application layer attack?

a. Content Attack
b. Buffer overflow
c. Packet Sniffing
d. Password cracking
Correct answer: c. Packet Sniffing

5. A virus prove that a virus can steal private encryption keys

a. Caligula
b. Remote access Trojan
c. Bugbear
d. Nimda
Correct answer: a. Caligula

6. is used in distributed denial of service (DDoS) attack

a. Zombie Trojans
b. Bugbear
c. Js. ExitW
d. Remote access Trojans
Correct answer: a. Zombie Trojans

7 Which one of the following is common content attack?

a. SQL injection attacks
b. DHCP Poisoning
c. ARP poisoning
d. Packet Sniffing
Correct answer: a. SQL injection attacks
8 The formal definition of risk is
a. Risk = Probability (Threat + Exploit of Vulnerability) * Cost of Asset Damage
b. Risk = Probability (Threat + Cost of Asset Damage) * Exploit of Vulnerability
c. Risk = Probability (Exploit of Vulnerability + Cost of Asset Damage) * Threat
d. Risk = Probability (Exploit of Vulnerability + Cost of Asset Damage+ Threat)
Correct answer: a.

9 attempt to guess a password by trying all the character combinations listed in an

accompanying dictionary.
a. Brute-force tools
b. File-system transversals
c. SQL injection attacks
d. Permutation
Correct answer: a. Brute force tools

10 is a type of man-in-the-middle attack in which server IP address that a user connects

to is also applied to the attacker’s system
a. DNS spoofing attack
b. IP spoofing attack
c. ICMP Poisoning
d. Intrusion prevention system
Correct answer: b. IP spoofing attack

11 Packet sniffing attack is also known as

a. Packet capturing attack
b. Spoofing attack
c. Address flooding
d. MAC flooding
Correct answer: a. Packet capturing attack

12 is an attack that is tailored to a specific individual rather than broadcast to everyone.

a. MAC Phishing
b. IP Phishing
c. Spear Phishing
d. Injection attack
Correct answer: c. Spear Phishing

13 The process of manipulating a web application to run SQL commands sent by an attacker
is referred as
a. SQL injection
b. MAC injection
c. Phishing
d. DNS Spoofing
Correct answer: a. SQL injection

14 Advanced persistent threats (APTs) means

a. An attacker connects to a web site with a SQL server back-end database
b. Try to guess passwords
c. Connect and intercept the victim’s network traffic
d. The use of sophisticated malware for targeted cybercrime
Correct answer: d. The use of sophisticated malware for targeted cybercrime
15 Which one of the following is wireless attack?
a. Use a fake Access Point and an “evil twin.”
b. File-system transversal
c. Buffer overflows
d. Traffic generators.
Correct answer: a. Use a fake Access Point and an “evil twin.”

Unit 1 Chap 3
16 What does CIA stand for?
A. Confidentiality, Integrity, Availability
B. Central Intelligence Agency
C. Cyber security, Investigation Agency
D. Cyber security, Internet, Accessibility
Answer: A Confidentiality, Integrity, Availability

17 means protecting the data from getting disclosed to those who are not authorized
to use it.
A. Integrity
B. Authorization
C. Confidentiality
D. Availability
Answer: C Confidentiality

18 The protection of data from modification by unknown users is known as

A. Confidentiality
B. Integrity
C. Authentication
D. Data theft
Answer: B Integrity

19 means that the sender must not be able to deny sending a message that he /
she has sent.
A. Authentication
B. Integrity
C. Confidentiality
D. Non-repudiation
Answer: D Non-
repudiation
20 Which direction access cannot happen using DMZ zone by default?
A. Company computer to DMZ
B. Internet to DMZ
C. Internet to company computer
D. Company computer to Internet
Answer: C Internet to company computer

21 Which of the following is a physical threat to companies?

A. Theft
B. Emergency
C. Availability
D. Network Failure
Answer: A Theft
22 Which among the following is a method that could be implemented to minimize the
risk of a successful attack?
A. Creating a computer security defence plan
B. By sharing passwords with unknown people
C. By allowing mobile codes to be run without malware scanning
D. By not using firewall
Answer: A Creating a computer security defence plan

23 The attack surface of the operating system is reduced by

A. Installing unnecessary software
B. Disabling unneeded services
C. Allowing access to everyone
D. Giving administrative privileges to everyone.
Answer: B Disabling unneeded services

24 is a famous technological medium for the spread of malware.

A. Pen drive
B. Cloud
C. Antivirus
D. Email
Answer: D
Email
25 Which of the following is not a proper method for email security?
A. Use Strong password
B. Spam filters and malware scanners
C. Click on unknown links to explore
D. Use email encryption
Answer: C Click on unknown links to explore

26 What is IEAK?
A. Internet Explorer Access Kit
B. Internet Explorer Administrative Kit
C. Internal Exclusive Access Kit
D. Internal E - Access Kit
Answer: B Internet Explorer Administrative Kit

27 Folders and files accessed remotely over the network should have to be applied
using the principle of least privilege and complex password.
A. DACLs
B. Email
C. SMB
D. FTP
Answer: A DACLs

28 Firewall examines each that are entering or leaving the internal network.
A. Updates
B. Email users
C. Connections
D. Data packets
Answer: D Data
packets
29 SSL stands for?
A. Secured Socket Layer
B. Secured Shell Layer
C. System Socket Layer
D. System Secured Layer
Answer: A Secured Socket Layer

30 Adopting encryption techniques improve

A. Performance
B. Security
C. Reliability
D. Longevity
Answer: B Security

Chap 4
31 What is Authentication?
A. Encryption
B. Proof of Identity
C. Access
D. Modification
Ans. B

32 Which of the following is the least secure method of authentication?

A. Fingerprint
B. Retina Pattern
C. Smart Card
D. Passwo
rd Ans. D

33 Which of the following is a strong password?

A. 22September99
B. !996543
C. India@4521
D. Mona57567
Ans. C

34 Which of the following method is based on tickets?

A. Central storage
B. Kerberos
C. Challenge and response
D. One-time passwords
Ans. B

35 Why is one-time password safe?

A. Easy to generate
B. Different for every access
C. Cannot be shared
D. It is a complex encrypted password
Ans. B
36 Which of the methods below uses a hash algorithm for authentication?
A. Sequential keys
B. Local storage
C. Certificate based authentication
D. Secure socket layer
Ans. A

37 What is the problem with Secure Socket Layer based authentication method?
A. Protection of the private key is very important
B. Key generation
C. No privacy
D. Different attacks
Ans. A

38 Which one of these methods uses One-time passwords for authentication?

A. Kerberos
B. Passwords
C. Time based keys
D. Secure socket layer
Ans. C

39 What special is required for Smart cards to provide communication between the
smart cards and the computer systems?
A. Smart Chip
B. Smart Pin
C. Smart Card Reader
D. Smart Card
Ans. C

40 Which EAP type is used for TLS authentication protocol to provide the ability to use
smart cards for remote authentication?
A. EAP/TLS
B. EAP/MD5-CHAP
C. EAP/MD5
D. EAP/CMOS
Ans. A

41 Which protocol is available for most versions of Unix as well as for Windows systems?
A. IPSEC
B. SSL
C. RBAC
D. SS
H Ans. D

42 What is counterpart to authentication called?

A. Authorization
B. Privileges
C. RBAC
D. Authenticate
Ans. A
43 Name the protocol that was developed to allow pluggable modules to be
incorporated in an overall authentication process?
A. EAP
B. Biometric
C. RBAC
D. ACLs
Ans. A

44 Where is the Information about the file, with the exception of the filename included?
A. Binode
B. Inode
C. File mode
D. Uid
Ans. B

45 Which list ACL is composed of?

A. Access control entries
B. Permission
C. SID
D. Access control rejection
Ans. A

Chap 5
46 The process of transforming plain text into unreadable text.
A. Decryption
B. Encryption
C. Network Security
D. Information Hiding
Ans. B

47 A process of making the encrypted text readable again.

A. Decryption
B. Encryption
C. Network Security
D. Information Hiding
Ans. A

48 A system for encryption and decryption is called as

A. Cryptosystem
B. Encryption
C. Decryption
D. Security System
Ans. A
49 What is the minimum number of cryptographic keys required for secure two-way
communications in symmetric key cryptography?
A. 1
B. 2
C. 3
D. 4
Ans. A
50 In Claude E. Shannon publishes an article called "A mathematical
theory" A. 1935
B. 1945
C. 1955
D. 1965
Ans. B

51 In U.S adopted a block cipher design as national standard- Data Encryption Standard.
A. 1963
B. 1973
C. 1983
D. 1993
Ans. B

52 In , DES is replaced by the

AES. A. 1997
B. 1998
C. 1999
D. 2000
Ans. D

53 Symmetric key cryptography uses the key for encryption and decryption.
A. Same
B. Different
C. Fixed
D. Variable
Ans. A

54 Which one of the following is a cryptographic goal that cannot be achieved by a

secret key cryptosystem?
A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity
Ans. A

55 Which one of the following cipher types operates on large pieces of a message rather than
individual characters or bits of a message?
A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher
Ans. C

56 In which year Giovan Bellaso envisions the first cipher to use a proper encryption key?
A. 1834
B. 1553
C. 1854
D. 1556
Ans. B
57 Who invented the Play fair Cipher, which encrypts pairs of letters instead of single ones?
A. Edward Hebern
B. Poland
C. Charles Wheatstone
D. IBM
Ans. C

58 What is the name of the group that IBM have formed in 1970's to design a block cipher to
protect customer data?
A. Crypto Group
B. Stream Cipher Group
C. Block Cipher Group
D. Cipher Suites Group
Ans. A

59 Scrambling the data according to a secret key is known as?

A. Caesar Cipher
B. Decryption
C. Code cracking
D. Encrypti
on Ans. D

60 In encryption, the order of the letters in a message is rearranged by

A. substitution ciphers
B. quadratic ciphers
C. transpositional ciphers
D. both transpositional ciphers and substitution ciphers
Ans. C

61 What is the minimum number of keys required for secure two-way communications in
symmetric key cryptography?
A. One
B. Two
C. Three
D. Four
Ans. A

62 In asymmetric key cryptography, the private key is kept by

A. sender
B. receiver
C. sender and receiver
D. all the connected devices to the network
Ans. B

63 What is cipher?
A. both algorithm for performing encryption and decryption and encrypted message
B. encrypted message
C. decrypted message
D. algorithm for performing encryption and
decryption Ans. D
64 Which one of the following cipher types operates on large pieces of a message rather than
individual characters or bits of a message?
A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher
Ans. C

65 The is the original message before transformation.

A. ciphertext
B. plaintext
C. secret text
D. simple text
Ans. B

66 DES stands for?

A. Data Encryption Standard
B. Data Encryption Statistics
C. Data Encryption System
D. Data Encryption Sequence
Ans. A

67 Which of the following statements are true?

i) Stream Ciphers are fasters than Block Ciphers
ii) Block Ciphers can reuse keys
iii) Block ciphers use lesser code than stream ciphers

A. 1st only
B. 2nd and 3rd
C. 3rd only
D. 1st and
2nd Ans. D

68 The is a number or a set of numbers on which the cipher operates.

A. cipher
B. secret
C. key
D. plaintext
Ans. C

69 DES is a .
A. Block Cipher
B. Stream Cipher
C. Bit Cipher
D. Substitution Cipher
Ans. A

70 Symmetric-key encryption can be done using:

i) Stream Ciphers
ii) Block Ciphers
iii) Caesar Cipher
iv) Block Cipher
 A. 3rd only
B. 2 Only
C. 2 & 3 only
D. 1 & 2
only Ans. D

Chap 7
71 Database security measures include authenticated users access to
a) data
b) Network
c) database
d) all of the
above Answer: d

72 -------- is the most secured method of centrally storing important and sensitive data
a) Relational databases
b) OLTP
c) Server-side databases
d) object level databases
Answer: a

73 central repositories are

a. data warehouse
b. does the data analysis and reporting
c. both a and b
d. only a
Answer: c

74 OLTP stands for

a. Online transaction processing
b. Online termination processing
c. online transaction precedence
d. online termination program
Answer: a

75 ----- Command specifies that a particular user or role will have access to perform specific
action on database objects
a) REVOKE
b) GRANT
c) UPDATE
d) DENY
Answer: b

76 ------- command removes any current permission settings for the specified users or roles
a) REVOKE
b) GRANT
c) UPDATE
d) DENY
Answer: a
77 A----- is a logical relational database object that actually refers to one or more underlying
database
tables
a. REVOKE
b. VIEW
c. SELECT
d. DENY
Answer: b
78 A trigger is a
a. stored procedure in a database
b. automatically invoked if a specific action takes place within a database
c. does not automatically invoked if a specific action takes place within a database
d. both a and
b Answer: d

79 “Database system requires Granular permissions”

The above statement is
a. True
b. False
Answer: a

80 ------ is the process of replicating stored data of database

a) database backup
b) database recovery
c) both a and b
d) none
Answer: a

81 In Transactional Log backups

a) data modified are written in log file and then copied to actual database
b) data modified are directly written into the actual database
Answer a

82 if an unauthorized database transaction was performed at 4.00 p.m. on Monday, then the
database can be restored through which backup
a) differential backups
b) full backups
c) point- in time backups
d) transactional log backups
Answer: c
83 database auditing means
a) keeping a log of data
b) data modification
c) usage of permissions
d) all of the
above Answer: d
84 when an employee record changes, corresponding changes can be easily made by calling
a) SQL commands
b) stored procedures
c) view query
d) nested query
Answer: b
85 The process of determining permission that are granted to a particular login is called as
a) authentication
b) validation
c) authorization
d) verification
Answer: c

Chap 8
86 PSTN stand for
a) Private Switched Telephone Network
b) Public Switched Telephone Network
c) Private Switched Transmission Network
d) Public Switched Transport Network
Answer: b) Public Switched Telephone Network

87 The main layer of The Cisco Hierarchical Internetworking model.

a) Distribution
b) Core
c) Access
d) Performance
Answer: b) Core

88 Virtual terminal protocol supports layer.

a) Application Layer
b) Presentation Layer
c) Physical Layer
d) Data Link Layer
Answer: a) Application Layer

89 Extranet can be described as a private network that uses network to share information
with clients.
a) Private
b) Public
c) Personal
d) User
Answer: b) Public

90 Controlling access to network by analysing incoming and outgoing packets is called as

a) IP Filtering
b) Data Filtering
c) Packet Filtering
d) Firewall Filtering
Answer: c) Packet Filtering

91 TCP/IP previously used by

a) DECNET
b) ISO-NET
c) DECNET
d) ARPANET
Answer :D)
ARPANET
92 As the data packet moves from the upper to the lower layers, headers are .
a) Rearranged
b) Removed
c) Added
d) Modified
Answer: c) Added

93 a) Data Link Layer firewall works as a

a) Frame filter
b) Packet filter
c) Content filter
d) Virus filter
Answer: a) Frame filter

94 What types of protocols are used in VPNs?

a) Application level protocols
b) Tunnelling protocols
c) Network protocols
d) Mailing protocols
Answer: b) Tunnelling protocols

95 Intranet is a tool for sharing information throughout the

a) single organization
b) multiple organizations
c) multilevel organization
d) connected organizations
Answer: a) single organization

96 The Network media type that is used

a) internet
b) token ring
c) html
d) extranet
Answer: b) token ring

97 Network Topology is layout and connection of network hardware.

a) logical
b) physical
c) dependent
d) connected
Answer: b) physical

98 In networking firewall and systems are used for controlling traffic movement around
the network.
a) authorized
b) authentication
c) autogenerated
d) automatic
Answer: b) authentication
99 ADCs stands for
a) Application Delivery Controllers
b) Application Data Composers
c) Application Device Controllers
d) Apply Delivery Controllers
Answer: a) Application Delivery Controllers

100 provides an isolated tunnel across a public network for sending and
receiving data privately as if the computing devices were directly connected to the
private network.
a) Visual Private Network
b) Virtual Protocol Network
c) Virtual Protocol Networking
d) Virtual Private Network
Answer: d) Virtual Private
Network

Chap 10
101 A firewall is installed at the point where the secure internal network and untrusted external
network meet which is also known as
Chock point

102 Network layer firewall has two sub-categories as

State full firewall and stateless firewall

103 Which of the following is / are the types of firewall?

Packet Filtering Firewall

104 A proxy firewall filters at

Application layer

105 A packet filter firewall filter at

Network layer or Transport layer

106 A firewall needs to be so that it can grow proportionally with the network that it
protects.
Expansive
107 A firewall is a security system:
Network

108 A firewall is a network security system based that controls incoming and outgoing
network traffic based on a set of rules:
Both hardware or software

109 Firewalls are used to protect:

a) Home Networks
b) Corporate Networks
Both of Above

110 If you have more than one computer connected in the home, it is important to protect
every computer. You should have a firewall (such as a router) to protect your network:
Hardware
111 Firewalls are often categorized as:
Either Network firewalls or Host based firewalls

112 NAT stands for:

Network Address Translation

113 All memory units are expressed as powers of?

2

114 Firewall is a type of

Security

115 Firewalls can be of kinds.

3

116 Network layer firewall works as a

Packet filter

117 server effectively hides the true network addresses.

proxy

118 The first reported type of network firewall is called a , which inspect packets
transferred between computers.
packet filter

119 Data travels on the internet in small pieces; these are called
packets

120 firewalls do not just look at the metadata; they also look at the actual data
transported.
Application-layer

Chap 14
121 is the term for establishing a connection with a forged sender address.
a) Sequence Guessing.
b) Spam.
c) Spoofing.
d) Session hijacking.
Ans: C

122 that identifies the users and groups who are allowed or denied access.
a) DACL.
b) SACL.
c) ACE.
d) ISP.
Ans: A
123 Bell-Lapadula model was revolutionary when it was
published in a) 1969
b) 1976
c) 1987
d) 1990
Ans: B

124 Biba is often known as a version of Bell-Lapadula.

a) reserved
b) reversed
c) revolutionary
d) pure
Ans: B

125 Trusted Network Interpretation of the TCSEC also known as the book.
a) Orange
b) Red
c) Yellow
d) Pink
Ans: B

126 Mandatory access control (MAC) is implemented in

a) Solaries
b) Windows
c) Network
d) Trusted BSD and Trusted
Solaries Ans :D

127 Which if the following is not the functionality of a Discretionary access control.
a) Individual user may not determine the access control.
b) Work well in commercial and academic sector.
c) Not suited for the military
d) effective for private web site. etc
Ans: A

128 1. is a model that help is determining the protection right for example, read or
write in computers system.
a) Chinese wall
b) Take Grant
c) Clark Wilson
d) Biba
Ans: B

129 Which of the following is not the main element of an effective reference monitor?
a) Always on
b) not subject to pre-emption
c) Tamper proof
d) Heavy
weight Ans: D
130 maintain access control policy.
a) Bell-Lapadula
b) Labels
c) Reference Monitor.
d) Windows
Ans: C

131 Which of the following is not the goal of the trust worthy computing initiative?
a) Security
b) Privacy
c) Reliability
d) Authenticatio
n. Ans: D

132 defines a standard set of security requirement for a specific type of a product (e.g. OS,
database or firewall)
a) Protection profile.
b) Security Targets.
c) EAL
d) TOE
Ans: A

133 Common criteria part details the specific security functional requirements and details
a criterion for expressing the security functional requirements for target of evaluation
a) 1
b) 2
c) 3
d) 4
Ans: B

134 According to classifications of operating system security ‘D’ determines

a) Minimal protection
b) Discretionary protection
c) Structured Protection
d) Security Domains
Ans: A
135 are security-related information that has been associated with object such as files,
process devices.
a) Reference monitor.
b) MAC.
c) Labels
d) DAC
Ans: C

Chap 15
136 How many types of firewalls are there?
a) 1
b) 2
c) 3
d) 4
ANS: C
137 which is that software installed using an internet connection as they come by-default with
operating systems?
a) Hardware
b) Software
c) stateful Inspection firewall
d) Microsoft firewall
ANS: B

138 While entering or leaving the internal network, firewalls examine which of the following?
a) emails users
b) updates
c) connections
d) data
packets ANS: D

139 which of the below defines the packet filtering firewall rules.
a) Access Control List
b) Protocols
c) Policies
d) Ports
ANS: A

140 Which port number is used to effectively manage the firewall?

a) 70
b) 71
c) 80
d) 72
ANS: C

141 Which address results in same address translation?

a) NAT
b) Static NAT
c) Dynamic NAT
d) PAT
ANS: B

142 Which of the following is used to filter, analyse and perform heuristic behaviour detection
to help the network security administrators?
a) UDP
b) ICMP
c) SIEM
d) DNS
ANS: C

143 Q.8 Using which filtering methods, firewalls can subtract the spam from your email
messages?
a) URL filtering
b) Web content filtering
c) application filtering
d) Email spam
filtering ANS: D
144 What actually generates the traffic on servers and workstations?
a) Firewalls
b) Web content
c) Applications
d) spam
ANS: C

145 Which layer of OSI model, packet filtering firewalls are implemented?
a) Application layer
b) Session layer
c) Presentation layer
d) Network
layer ANS: D

146 Which is the following process does convert one IP address to another, and logging of traffic?
a) NAT
b) Static NAT
c) Dynamic NAT
d) PAT
ANS: A

147 A proxy firewall works at which layer?

a) Network Layer
b) Session layer
c) Presentation layer
d) Application
layer ANS: D

148 Which of the following involves submitting as many requests as possible to a single internet
service, overloading it and preventing it servicing legitimate requests?
a) DOS attack
b) Masquerading
c) phishing
d) Backdoor
ANS: A

149 What does IP mean?

a) Instance protocol
b) Internet protocol
c) Instant Protocol
d) Intellectual property
ANS: B

150 which of the following are types of firewall?

a) Packet filtering firewall
b) Dual homed network firewall
c) Screen host firewall
d) Application filtering firewall
ANS: A
 Chap 16
151 A program must be conducted for development teams which includes
technical security awareness training and role-specific training.
1. Security training
2. Security coding
3. Security Testing
4. Documentation
Ans. Security training

152 Security is performed to find security issues by running application code.

1. Documentation
2. Monitoring
3. Testing
4. Modelling
Ans. Testing

153 is a technique for reviewing the security properties of a design and identifying
potential issues and fixes.
1. Threat Modelling
2. Code Review
3. Cookies
4. SQL injection attack
Ans. Threat Modelling

154 Scripts are used for performing validations like limiting the size of the input
fields, disallow certain characters.
1. Server side
2. Client side
3. SQL query
4. Application
Ans. Client side

155 Limiting the number of connections per second per IP address and use of strong
passwords can prevent attack.
1. Brute-force
2. SQL injection
3. Buffer overflow
4. Cookies
Ans. Brute-force

156 Application security is mainly controlled by the of the application, as he/she

requires extensive knowledge about various areas like GUI, network connectivity, OS
interaction and sensitive data management for writing secure programs.
1. Server
2. Developer
3. Client
4. Company
Ans. Developer
157 is common method of verifying that the person on the other end is a human
being by showing a distorted image of letters and numbers and requiring the user to type
them in correctly.
1. OTP
2. password
3. CAPTCHA
4. graphics
Ans. CAPTCHA
158 Web interface has quick development time than GUI.
1. slow
2. fast
3. medium
4. regular
Ans. Fast

159 A web interface can be accessed from any location through internet.
1. Remote
2. low
3. high
4. source
Ans. Remote

160 Customized client GUIs can be used to display that cannot be shown using
a regular web administration interface.
1. Complex graphics
2. header
3. footer
4. image
Ans. Complex graphics

161 One of the following is a disadvantage of custom web administration.

1. Availability
2. encryption
3. specific OS
4. complex graphics
Ans. Specific OS

162 Keeping applications up to date with the latest security is one of the most
important security measures.
1. patches
2. forms
3. OS
4. Release
Ans. Patches

163 is a technique to find security issues by inspecting application

code, using static analysis tools or manual code review or a combination.
1. Security code review
2. secure design
3. Testing
4. Documentation
Ans. Security code review
164 is a technique to inject crafted SQL into user input fields that are the
part of the web forms.
1. SQL injection
2. brute-force
3. buffer overflow
4. cookies
Ans. SQL injection

165 Attacks are those that do not come under any specific category but still
they are considered as risk to website security.
1. General
2. cookies
3. forms
4. scripts
Ans. General

Chap 17
166 Switches and Firewall come under the category of assets
a) Technical equipment
b) Computer equipment
c) Communication equipment
d) Security equipment

167 Racks and NEMA-rated enclosures come under the category of assets
a) Technical equipment
b) Furniture and Fixtures
c) Communication equipment
d) Storage equipment

168 One of the following comes under the category of Technical equipment
a) Air-conditioners
b) Servers
c) Fax machine
d) Credit-cards

169 The main areas of Physical Vulnerability assessment are

a) Buildings
b) Computing devices and peripherals
c) Documents and Records
d) All of the Above

170 Threats to Employee safety and break-inns are due to

a) Poor lighting
b) No security guards
c) Remotely located offices
d) High crime areas
171 Power outages can cause irreparable damages to
a) Remote offices running PCs
b) Servers
c) Data centres
d) None of above

172 Power outages can cause irreparable damages to

a) Remote offices running PCs
b) Servers
c) Data centres
d) None of above

173 Anti-tail gating mechanism is used to prevent person from closely following
an authorized person through an open door
a) All Authorized
b) Unauthorized
c) Both Authorized and Unauthorized
d) Few Authorized

174 is used to confirm the identification of an individual through fingerprint,

voice, face, retina, iris etc
a) Passwords
b) Signature verification
c) PCMC Card
d) Biometric device

175 Forcible entry or intrusion into the premises of an organization can be prevented by using
a) Security Guards
b) CCTV Cameras
c) Infra-red sensors
d) RF devices

176 For Intrusion detection is/are used

a) CCTV cameras
b) Alarms
c) Both a and b
d) Radio Frequency Sensor

177 standard is concerned with the Physical Security of Computer resources

a) ISO 45002
b) ISO 37002
c) ISO 1700
d) ISO 27002
178 The COBIT is an Acronym for
a) Control Operation for Information and Related Terminologies
b) Computer Organization and Information Related Technologies
c) Computer Operation for Information and Related Terminologies
d) Control Objectives for Information and Related Technologies
179 One of the following is not a criterion for selecting site location for Security
a) Construction and excavation
b) RF and wireless transmission interception
c) Lighting
d) Markets and Malls

180 One of the following does not comes under the duty of Security Guards
a) Prevention of forcible intrusion
b) Prevention of Theft
c) Repairing of faulty CCTV
d) Prevention of Abuse and Arson

Chap 17, 18, 19

181 Omnidirectional antennas are used ................. wireless network topologies.
a) Point to point
b) Point to multipoint
c) Multipoint to point
d) All of the above
Ans: Point to multipoint

182 In ....................... a pseudorandom sequence of frequency changes is followed by all host

participating in wireless network.
a) FHSS
b) DSSS
c) Spread Spectrum
d) Option a & b
Ans: FHSS

183 CSMA/CA is based on receiving a positive............... For every successfully transmitted frame
a) response
b) ACK
c) reply
d) request
Ans: ACK

184 What WLAN device provides communications management services to wireless

workstations?
a) Antenna
b) Network adapter
c) Repeater
d) Access
point Ans: Access
point
185 DSSS system spreads the baseband signal by the baseband pulses with a
pseudo noise sequence.
a) Adding
b) Subtracting
c) Multiplying
d) Dividing
Ans: Multiplying

186 Frequency hopping involves a periodic change of transmission

a) Signal
b) Frequency
c) Phase
d) Amplitude
Ans: Frequency

187 The family of wireless LAN protocols, collectively known as Wi-Fi and commonly
found in many organizations and households
a) 802.11
b) 803
c) 801
d) 804
Ans: 802.11

188 All IEEE standards–defined wireless networks employ spread spectrum

band technology.
a) 802.11
b) 802.15
c) 803
d) both a & b
Ans: both a & b

189 The must be installed and designed in such a way as to encompass your
premises’ territory and minimize outside signal leakage as much as possible.
a) LAN
b) VPN
c) ETHERNET
d) WLA
N Ans: d)
WLAN
190 There are generic types of antennas, which can be further divided into subtypes
a) 3
b) 4
c) 2
d) 5
Ans: 3
191 As such, Bluetooth is very resistant to interference unless the interfering
signal covers the whole middle ISM band
a) microwave
b) radio
c) infrared
d) media
Ans: radio
192 WECA stands for
a) Wireless Ethernet Compatibility Alliance
b) Wired Ethernet Compatibility Alliance
c) Wireless Ethernet Collision Allocation
d) Wired Ethernet Collision Alliance
Ans: Wireless Ethernet Compatibility Alliance

193 The range of networks uses DSSS.

a) 802.11
b) 802.15
c) 803
d) both b & c
Ans: 802.11

194 One way to control your wireless signal spread is correct

a) Antenna positioning
b) Order
c) sequence
d) transmitting power
Ans: Antenna positioning

195 There are generic types of antennas, which can be further divided into
subtypes.
a) four
b) two
c) three
d) five
Ans: c) Three
196 A radio transceiver can only transmit or receive at a given time on a given frequency, all
802.11- compliant networks are
a) full duplex
b) simplex
c) half duplex
d) complex
Ans: c) Half duplex

197 CSMA/CD stands for

a) Code Sense Media Access / Collision Detection
b) Carrier Sense Media Access / Collision Detection
c) Carrier Segment Media Access / Collision Detection
d) Carrier Sense Media Access / Code Detection
Ans: b) Carrier Sense Media Access / Collision Detection

198 MTU rate stands for

a) Maximum Transfer Unit
b) Minimum Transfer Unit
c) Maximum Trans receive Unit
d) Minimum Trans receive Unit
Ans: a) Maximum Transfer Unit
199 Databases can be used in various capacities, except:
a) Application support
b) Secure storage of sensitive information
c) Online transaction processing (OLTP)
d) VP
N
Answer:
D
200 . Microsoft SQL Server database platform uses a default TCP
port of a) 1527
b) 1433
c) 3306
d) None of the above
Answer: b

201 Encryption in databases can be done

a) by storing encrypted data in the DB.
b) Through VPN
c) Providing passwords
d) Restricting Access
Answer: a

202 The various Database Security Layers are:

a) Server Security Layer
b) Network Level Security
c) Transport Level Layer
d) Encryption Level
Answer: c

203 The ANSI Standard SQL language provides for the ability to use three commands for
administering permissions to tables and other database objects, the fourth wrong
command being
a) Grant
b) Revoke
c) Deny
d) Comm
it Answer: d
204 Perhaps the most commonly used method of controlling data access is
a) cursors
b) views
c) trigger
d) sequence
Answer: b

205 Instead of layers DBAs provide access to objects, some objects are given except
a) View
b) Stored procedure
c) Trigger
d) Applicati
on Answer d
206 To what granular level can security be provided
a. Application
b. Table
c. Column
d. Schema
Answer: c

207 Triggers are used as security objects except

a) to fire creation of a row in another table
b) to perform detailed auditing
c) to create views
d) enforce complex data-base related rules
Answer: c

208 Web based developers would handle security at the level of

a) Application
b) User
c) Operating System
d) Column
Answer: a

209 Data validation in multiple places prevents the following except

a) errors
b) malware
c) data corruption
d) System crashes
Answer: b

210 The most important data validation feature using hidden fields is called
a. hacking
b. SQL injection
c. spoofing
d. masquerading
Answer: b

211 If you back up 13GB of data to tape media and then the database becomes corrupted, the
recovery time might be
a) two hours.
b) three hours
c) four hours
d) five hours
Answer: a

212 Backups can be of these types except

a. Full
b. Differential
c. Transaction log
d. user-
defined Answer: d
213 Backup taken while system is up and running is called:
a. Cold backup
b. Hot backup
c. Severe Backup
d. mild Backup
Answer: b

214 Which of the following is the most commonly used VoIP standard?
a) SDP
b) IMS
c) SIP
d) MGCP
answer: b

215 Which of the following is the more lightweight protocol listed

below? a) H.323
b) MGCP
c) SIP
d) IMS
answer: b

216 VOIP stands for:

a) Voice Over Internet Protocol
b) Voice Over Internal Protocol
c) Voice Over International Premises
d) Over Internal Premises
answer: a

217 VOIP networks use primarily what kind of switching technology

a) Protocol switching
b) Packet switching
c) Constantly switching
d) Cellular switching
answer: b
218 . In a VOIP network, it is possible to use which devices to make a call
a) An IP phones
b) A traditional phone (with a gateway)
c) A computer with VOIP software
d) Voice Over International Premises
answer: a
219 SRTP stands for
a) Secure Real-Time Transfer Protocol
b) Secure Real-Time Transmission Protocol
c) Secure Real-Time Transport Protocol
d) Secure Real-Time traffic Protocol
answer: c
220 PBX stands for
a) public Branch Exchange
b) Public Branch Element
c) Private Branch Element
d) Private Branch
Exchange answer: d
221 provide intelligence and control certain routing and authentication,
authorization, and accounting (AAA) security functions.
a) Gatekeepers
b) Bridge
c) PBX
d) TEM
answer: a

222 The two core components of any call centre are

a) laptop and mobile
b) automatic call detection (ACD) and interactive voice response (IVR).
c) billing and laptop
d) None of the above
answers: b
223 The PBX features are
a) Multiple extensions
b) Voicemail
c) Call forwarding
d) All of the
above answer: d

224 Attackers hack PBXs for several reasons:

a) To gain confidential information (espionage)
b) To place outgoing calls that are charged to the organization’s account (and thus
free to the attacker)
c) To cause damages by crashing the PBX
d) All of the
above answer: d

225 An attacker can gain information from voicemail or even make long-distance phone calls
using
service.
a) through-dial
b) Dial in
c) Keypad
d) None of the above
answer: a
226 PBXs store their voicemail data on a
a) hard drive
b) external storage
c) internal storage
d) All of the above
answer: a

227 checklist for securing a PBX:

a) Connect administrative ports only when necessary.
b) Protect remote access with a third-party device or a dial-back.
c) Review the password strength of your users’ passwords.
d) All of the
above answer: d
 EXTRA MCQS

1. The security program must include the right level of responsibility and
authorization to be effective.
a) Authority
b) Framework
c) Planning
d) Gap Analysis
Answer: Authority

2. for the use of software, computer systems, and networks should be clearly
documented for the sake of the people who use these technologies
a) Rules
b) Guidelines
c) Program
d) Network
Answer: Guidelines

3. A is a plan of action for how to implement the security remediation plans.

a) Planning
b) Road
c) Roadmap
d) Gap Analysis
Answer: Roadmap

4. is concerned with protecting information in all its forms, whether written,

spoken, electronic, graphical, or using other methods of communication.
a) Information security
b) Network Security
c) Computer Security
d) Graphics Security
Answer: Information Security

5. is an important asset.

a) Information
b) Algorithm
c) Program
d) Science
Answer : Information

6. The field of is concerned with protecting assets in general

a) Network
b) Information
c) Security
d) Program
Answer: Security

.
 7. Which is not a Fundamental storage infrastructure?
a) Storage networks
b) Arrays
c) Servers
d) Vectors
Answer : Vectors

8. The alternative to port zoning, in which the zones are created relative to the ports the servers
are connected to on the switch, is
a) Arrays
b) Server
c) WNN zoning
d) Administration channel
Answer: WNN zoning

9. refers to the unauthorized interception of network traffic for the purpose

of gaining information intentionally.
a) Packet sniffing
b) Espionage
c) Packet replay
d) Packet spoofing
Answer: Espionage

10. of loss of information, such as confidential data and intellectual

property, through intentional or unintentional means.
a) Data leakage
b) Theft
c) Exposure
d) Data forwarding
Answer: Data leakage

11. Computer and storage failures that corrupt data , damage the integrity of that data is called
a) Data deletion
b) Data loss
c) Data corruption
d) Malfunctions
Answer: Malfunctions

12. The most common cause of data integrity loss is

a) Accidental modification
b) Data corruption
c) Data deletion
d) Malfunctions

Answer: Accidental modification

13. are 48-bit hexadecimal numbers that are uniquely assigned to each
hardware network interface by the manufacturer.
a) MAC addresses
b) IP addresses
 c) Application Specific addresses
d) Port Addresses
Answer. MAC addresses

14. are 32-bit numbers assigned by the network administrator that allow for the
creation of logical and ordered addressing on a local network.
a) Port Addresses
b) MAC addresses
c) IPv4 addresses
d) IPv6 addresses

Answer. IPv4 addresses

15. OSI Model has layers.

a) 4
b) 5
c) 6
d) 7

Answer. 7

16. HTTP works on which of the following layer of the TCP/IP Protocol suite?
a) Network
b) Application
c) Transport
d) Datalink

Answer. Application

17. layer is used to define and control electrical signals over the physical media.
a) Physical
b) Network
c) Application
d) Transport

Answer. Physical

18. are dumb devices which are used for connecting two or more devices.
a) Switch
b) Gateway
c) Router
d) Hub

Answer. Hub

19. An attacker can trick a local network segment into sending it another device’s traffic with an
attack known as .
a) DNS poisoning
b) Eaves dropping
c) Social Engineering
d) ARP poisoning

Answer. ARP poisoning

 20. The main areas of Physical Vulnerability assessment are
a) Buildings
b) Computing devices and not peripherals
c) Documents and raw calculations
d) Temperature

Answer: Buildings

1. The ____________security program must include the right level of responsibility and authorization to be effective.
a. Authority
b. Framework
c. Planning
d. Gap Analysis

Answer: a
2. ________________for the use of software, computer systems, and networks should be clearly
documented for the sake of the people who use these technologies
a. Rules
b. Guidelines
c. Program
d. Network
Answer: b

3. A _________________ is a plan of action for how to implement the security remediation plans.
a. Planning
b. Road
c. Roadmap
d. Gap Analysis
Answer: c

4. ______________is concerned with protecting information in all its forms, whether written, spoken,
electronic, graphical, or using other methods of communication.
a. Information security
b. Network Security
c. Computer Security
d. Graphics Security
Answer: a

5. ___________is an important asset.

a. Information
b. Algorithm
c. Program
d. All of the Above
Answer :a
6. FUD stands for ___________
a. fear,understanding,defense
b. fear, uncertainty, and doubt
c. fact,uncertainity,defense
d. None of the Above
Answer: b
7. The field of __________ is concerned with protecting assets in general
a. Network
b. Information
c. Security
d. Program
Answer: c
8. The basic assumptions of security are as follows
a. We want to protect our assets.
b. There are threats to our assets.
c. We want to mitigate those threats.
d. All of the above

Answer: d
9. __________Assessing what needs to be protected, why, and how leads to a strategy for improving the
security posture.
a. Assessment
b. Planning
c. Frame Work
d. Roadmap
Answer: a

10. A universal truth of security, regardless of the application, is that the job of the attacker is always
___________ than the job of the defender.
a. Difficult
b. Easy
c. Moderate
d. None of the Above
Answer: b
11. The three Ds of security are _____________
a. delete,desired,defect
b. defense, detection, and deterrence
c. Defect,Deterrent,Dial
d. None of the Above
Answer: b

12. A ______________ compares the desired state of the security program with the actual current state and
identifies the differences.
a. risk analysis
b. Remediation planning
c. gap analysis
d. Planning
Answer: c
13. ___________are used to educate employees, business partners, and other stakeholders about what
behaviours are expected of them, what actions they should take under various circumstances to comply
with security policies

a. Security awareness programs

b. Training Program
c. Notes
d. All of the above
Answer:a

14. You can never be _____________percent secure about security.

a. 10%
b. 20%
c. 30%
d. 100%
Answer: d

15.Which is not a part of Building a Security Program

a. Authority
b. Framework
c. Planning
d. Défense
Answer: d

1. Which of the following is not a layer of security?

a. Physical Security
b. Intermediate Security
c. Operations Security
d. Network Security
2. VPN stands for ______
a. Visual Private Network
b. Visual Private Networking
c. Virtual Private Network
d. Virtual Private Networking
3. Which of the following is not a benefit of Security Program?
a. Business Agility
b. Cost Reduction
c. Portability
d. Frees RAM
4. Firewalls, network access control, spam and malware filtering are ______ types of controls
a. Defensive
b. Detective
c. Deterrent
d. Managerial
5. Which of the following is not a type of detective control?
a. Surveillance camera
b. Web content filtering
c. Motion sensors
d. Car alarm systems
6. A ______ analysis compares the desired state of the security program with the current state and
identifies the differences
a. risk
b. security
c. remedy
d. gap

7. A ________ is a plan of action for how to implement the security remediation plans.
a. Incident plan
b. Response plan
c. Roadmap
d. Risk plan
8. The actions that should be taken when security event occurs are defined in the_________
a. Project Plan
b. Remedy Plan
c. Incident response plan
d. Policy plan
9. “The job of the attacker is difficult than the job of the defender”
a. False
b. True
10. What is transitive Security?
a. All security controls need not complement each other and each should be equally as strong as the
others
b. All security controls need not complement each other and should be unequal
c. All security controls should complement each other and each should be equally as strong as the
others
d. All security controls should complement each other and should be unequal
11. PBX stands for _________
a. Public Branch Exchange
b. Private Branch Exchange
c. Public Branch Environment
d. Private Branch Environment
12. What is difference between strategy and tactic?
a. Strategy are done in small time frame whereas tactic is small time goal
b. Strategy are smaller steps whereas tactic are large concrete steps
c. Strategy are small-term goals whereas tactic are large concrete steps
d. Strategy are long-term goals whereas tactic are small concrete steps
13. Content attacks, Buffer overflows and Password cracking are attacks of which layer?
a. Transport
b. Physical
c. Application
d. Network

14. _______ occurs when an unauthorized third party captures network packets destined for
computers other than their own.
a. Tracking
b. SQL Injection
c. Sniffing
d. Traffic replay
15. NIC stands for ___________
a. Network Interface Card
b. Network Intermediate Card
c. Network Interface Configuration
d. Network Intermediate Configuration
16. _____ refers to the restriction of access to data only to those who are authorized to use it
a. Integrity
b. Confidentiality
c. Availability
d. Privacy
17. Perimeter model is like ___________
a. Onion
b. layer
c. lollipop
d. sponge
18. What is the threat from “Windows Shell Command File”?
 a. It can execute malicious code
b. It can contain malicious code
c. It can install malicious code
d. It can change security settings
19. A self-replicating program that uses other host file or code to replicate is called _____
a. Worms
b. Virus
c. Trojan
d. Ransomware
20. How can we defend network from ARP poisoning?
a. Firewall
b. Use Encryption
c. Secure P2P Services
d. Configure Port Rate Limiting

Unit II
21. One-time password, Biometrics are types of ____________
a. Authorization
b. Authentication
c. Encryption
d. None of the above
22. ____________ authentication requires user to authenticate with more than one authentication
factor
a. Mobile Authentication
b. Continuous Authentication
c. Multifactor Authentication
d. Three-Factor Authentication
23. Which of the following is incorrect about OAuth Authentication?
a. It is an open standard for token-based authentication and authorization on internet
b. It allows user’s account information to be used by third party services without exposing user’s
password
c. OAuth acts as an intermediary on behalf of user
d. OAuth stands for Onion-route Authorization
24. Which of the following is not a synonym of crypt?
a. light
b. vault
c. chamber
d. hidden
25. Confidentiality, Integrity, Non-repudiation and Authentication are objectives of ______
a. Risk Management
b. Cryptography
c. Authorization
d. Administration
26. From below which of the following is not a property of “Public key encryption Scheme”-
i. Different keys are used for encryption and decryption
ii. Receiver needs to publish an encryption key referred to as his private key
iii. Each sender possesses a unique decryption key generally known as public key
a. i. and ii.
b. i. and iii.
c. ii. only
d. ii. and iii.
27. NAS can be accessed by most of the computers and other devices on the network, while SAN is
typically used by servers.
a. False
b. True

28. ___________ is an attempt to trick the victim into disclosing personal information
a. Hijacking
b. Theft
c. Phishing
d. Packet sniffing
29. The HTTP cookies used to maintain a session on a website is stolen by attacker and now attacker is
using it to gain access to privileged information posing as a genuine user.
What type of attack is this?
a. Hijacking
b. Theft
c. Phishing
d. Packet sniffing
30. A _____ type of attack is an attempt to make a computer resource unavailable to its intended users.
a. Application failure
b. Outage
c. Denial of Service
d. Backup failure
31. _____ is any unexpected downtime or unreachability of a computer system or network
a. Application failure
b. Outage
 c. Denial of Service
d. Backup failure
32. __________improves security through control of the connections between hosts and storage array
a. Server
b. Offsite Data Storage
c. Arrays
d. Post-based Zoning

33. How many layers are there in Database Security?

a. 3
b. 7
c. 5
d. 8
34. Once a legitimate user has connected to the server, the user will be given only permissions that are
granted to that login. This process is generally known as ___________
a. Authentication
b. Protection
c. Authorization
d. None of the above
35. Which of the following are application level threats to Database?
a. XSS attack
b. Phishing
c. Cookie Poisoning
d. Theft
36. Which of the following are type of Database backups?
a. Half Backup
b. Full Backup
c. Transaction log backup
d. Semi Backup
37. Which of the following are Database Monitoring software?
a. DB2
b. Oracle Database 12c
c. Windows performance toolkit
d. SolarWinds Database Performance Analyser
38. What are two major concerns while using application level security in DB?
a. Any defects or vulnerabilities in the application will compromise DB’s security
b. Difficult to handle
 c. Implementing is very tough
d. It does not provide any type of protection for users that can bypass the application
39. When the response time of a computer or network is considered unacceptably slow, its availability
is affected. This is known as _______
a. High Availability Failure
b. Slowness
c. DOS
d. Response Failure
40. In ____ encryption each computer has a secret key that it can use to encrypt a packet of
information before it is sent over the network to another computer
a. Private Key
b. Public Key
c. Asymmetric-Key
d. Symmetric-Key

Unit III
41. Network analysis, architecture and design are processes used to produce designs that are _____
a. logical
b. reproducible
c. available
d. attacking
42. Following statements are right about Acceptable risks
a. It is management’s responsibility to set their company’s level of risk
b. It is security professional’s responsibility to set their company’s level of risk
c. Acceptable risk is derived from legal and regulatory compliance responsibilities etc.
d. Not all companies have acceptable risk
43. ___________ and ___________ systems are used to control traffic of the network
a. Authentication
b. Authorization
c. Firewall
d. Network Traffic control
44. _________ is a network not available to outside world, only those who are granted can access
network for sharing and viewing purpose
a. Extranet
b. Intranet
c. Internet
d. PBX
45. In DMZ configuration the____ layer consists web server that interacts with end users whereas the
_____ layer contains logic necessary for processing those queries and extracting the data that is
stored in DB.
a. Presentation, session
b. Session, presentation
c. Application, presentation
d. Presentation, application

46. Media Access Control (MAC) is also known as _____, _______

a. Internet Address
b. Hardware Address
c. Physical Address
d. Network Address
47. _______________ is one of the most effective and hard-to-defend attack technique.
a. Hijacking
b. Packet Sniffing
c. ARP Poisoning
d. Data Theft
48. Select two protocols of Application layer
a. IMAP
b. POPS
c. UDP
d. TCP
49. Select two protocols of Transport layer
a. IMAP
b. POPS
c. UDP
d. TCP
50. Which of the following two services uses TCP protocol?
a. SNMP Traps
b. DNS(queries)
c. Telnet
d. FTP
51. Which of the following are routing Protocol?
a. ICMP
b. RIP
c. OSPF
d. HTTP
52. Which 2 protocols are required by access devices to perform device-level AAA communication?
a. RADIUS
b. SNMP
c. TACACS
d. UDP

53. Echo request, replies are more commonly known as ____

a. Reiteration
b. Reverberation
c. Resounding
d. Ping
54. ____________ is a type of attack in which the attacker sends ICMP traffic to the broadcast address
of a number of large network, inserting the source address of the victim
a. Data Theft
b. Smurf
c. Broadcast Attack
d. MITM Attack
55. Firewall can be implemented as __________
a. Software only
b. Hardware only
c. Hardware and Software both
d. Combination of hardware and Software
56. ______ message occurs when a host sends a datagram to its(destination) gateway, which in turn
forwards the same datagram to the next gateway and this second gateway is on the same network
host
a. Fail
b. Redirect
c. Forwarded
d. Rejected
57. Which of the following are advanced capabilities of firewalls?
a. Block Traffic
b. Granular Application Control
c. Application Awareness
d. None of the above
58. Which of the following statements are incorrect about the Firewall?
a. Firewall cannot alert appropriate people of specific events
b. Firewalls can stop social engineering attacks
c. It can install malicious code
 d. It can change security settings

59. What are flaws of Data-Link Layer?

a. Unlimited in Distance
b. Vulnerable to Interference
c. At risk of network hijacking
d. Battery operated
60. Which of the following are techniques of network hardening?
a. Turn on guest networking
b. Disable MAC address filtering
c. Hide your wireless network SSID name
d. Enable network encryption
Unit IV
61. IDS stands for ________
a. Internet Detection System
b. Intrusion Detection System
c. Information Detection System
d. Intrusion Detection Service
62. SIEM stands for _______
a. Security Information and Event Management
b. Service Information Exchange Management
c. Security Intrusion Event Management
d. Security Information Exchange Management

63. ______ is a device or software application that monitors a network or system for malicious activity
or policy violation.
a. Host-based Intrusion Detection System
b. Intrusion Prevention System
c. Security Information and Event Management
d. Intrusion Detection System
64. IDS and ______ are important tools in a computer security arsenal.
a. Network-based Intrusion Detection System
b. Host-based Intrusion Detection System
c. Intrusion Prevention System
d. Security Information and Event Management
65. PSTN stands for _________
a. Private Switch Telecom Network
b. Public Switched Telephone Network
c. Public Service Telephone Network
d. Private System Telecom Network
66. VoIP stands for __________
a. Voice on Internet Protocol
b. Voice of Internal Protocol
c. Voice on Inter Protocol
d. Voice over Internet Protocol
67. TDM stands for _____
a. Time Division Multiplexing
b. Time Divide Management
c. Time Division Management
d. Time Depend Message
68. ACL stands for ______
a. Access Control List
b. Application Control List
c. Application Complex List
d. Access Control Least
69. MCU stands for _________.
a. Multi-Call Unit
b. Multi-Conference Unit
c. Multiple Choice Unit
d. Multiple Cell Unit
70. TEM stands for ________
a. Telecom Expense Management
b. Time Exchange Management
c. Telecommunication Export Management
d. Time Export Management
71. MAC stands for __________
a. Main Access Control
b. Mandatory Access Control
c. Management Access Control
d. Mandatory Appeal Contact
72. DACL stands for _________
a. Discretionary Access Control List
b. Discrete Access Complex List
c. Direct Access Complex List
d. Discrete Access Control List
73. RABC stands for ________
a. Right Bound Access Control
b. Rule Bind Access Control
c. Rule-Based Access Control
d. Role Based Access Control
74. TCSEC stands for ________
a. Trusted Computer System Evolution Criteria
b. Time Complex System Evaluation Criteria
c. Time Correction System Evolution Criteria
d. Trusted Computer System Evaluation Criteria
75. PP stands for ______
a. Protection Profile
b. Probability Protection
c. Protection protocol
d. Private Profile
76. ST stands for _______
a. Security Time
b. Service Time
c. Security Target
d. Security Tax
77. HIDS stands for _____
a. House-based Intrusion Detection System
b. Host-based Information Detection System
c. House-based Information Detection System
d. Host-based Intrusion Detection System
78. ______ is often known as a reversed version of Bell-LaPadula
a. Biba
b. TCSEC
c. Clark-Wilson
d. Security Target
79. ______ is computer-based switch that can be thought of as a local phone company
a. Denial of Service
b. Private Branch Exchange
c. Voicemail
d. Telecom Expense Management
80. _______ can be network-based or host-based
a. Intrusion Prevention System
b. Intrusion Detection System
c. Private Branch Exchange
d. Protection Profile
Unit V
81. A virtual machine is a ____________
a. Computer application
b. Computer file
c. Computer image
d. Physical computer
82. __________ is typically called an image
a. Virtual machine
b. Virtual hardware
c. Computer memory
d. Computer resources
83. Virtual machine includes _________________
a. Beta releases
b. Accessing virus-infected data
c. Creating OS backup
d. All of the above
84. Virtual machine can be run simultaneously on the same _____________
a. Physical computer
b. Operating system
c. Hardware system
d. Cloud computing
85. For a server, the multiple OS run side-by-side with a piece of software called as____________
a. Supervisor
b. Biometric
c. Hypervisor
d. Thread

86. Virtual machine provides __________________

 a. Virtual hardware
b. CPU
c. Memory
d. All of the above
87. A virtual machine usually known as_______________
a. Operating system
b. Guest
c. File
d. Image
88. Virtual machine can be divided into _______________
a. Super VM, System VM
b. Super VM, Cloud computing
c. System VM, Process VM
d. Cloud computing, System VM
89. ______________ that support the sharing of the host computers physical resources between
multiple VM
a. System VM
b. Cloud computing
c. Process VM
d. Unsupervised VM
90. Following is not the advantage of virtual machine
a. Allow multiple OS
b. Widely available and are easy to manage and maintain
c. Multiple VM run on single physical machine
d. Offers application provisioning and disaster recovery option
91. Cloud computing uses various services such as _______________
a. Software development platform
b. Server, storage
c. Business applications
d. Both a and b
92. Point the wrong statement
a. Back end application
b. User only pays for services
c. Hardware resources are distributed in an individual way
d. Services are sellable
93. _______________ is also known as cloud-based application
a. SDLC
b. SaaS
 c. SAST
d. DAST
94. Following is not consider SDL phase
a. Requirement phase
b. Coding phase
c. Monitoring phase
d. Testing phase
95. Cloud computing resource are ______________
a. IaaS
b. PaaS
c. SaaS
d. All of the above
96. Web application sort into ______________ categories
a. 1
b. 2
c. 3
d. 4
97. A thick client also known as _______________
a. Fat client
b. Client server
c. Thin client
d. Programmable client
98. Example of thick client are ________________
a. G-Talk, Yahoo messenger
b. Microsoft outlook, online trading portal
c. Windows application, G-Talk
d. Both a and b
99. _______________is the web-based application.
a. Thick client
b. Thin client
c. Fat client
d. Programmable client
100. Thick client application is classified into ___________ type
a. 1 b. 2 c. 3 d. 4
1. The ____________security program must include the right level of responsibility and authorization to be
effective.
a) Authority
b) Framework
c) Planning
d) Gap Analysis
Answer: a

2. ________________for the use of software, computer systems, and networks should be clearly
documented for the sake of the people who use these technologies
a) Rules
b) Guidelines
c) Program
d) Network
Answer: b

3. A _________________ is a plan of action for how to implement the security remediation plans.
a) Planning
b) Road
c) Roadmap
d) Gap Analysis
Answer: c

4. ______________is concerned with protecting information in all its forms, whether written, spoken,
electronic, graphical, or using other methods of communication.
a) Information security
b) Network Security
c) Computer Security
d) Graphics Security
Answer: a

5. ___________is an important asset.

a) Information
b) Algorithm
c) Program
d) Science
Answer :a

6. The field of __________ is concerned with protecting assets in general

a) Network
b) Information
c) Security
d) Program
Answer: c

7. What is Authentication ?
a) Encryption
b) Proof of Identity
c) Access
d) Modification
Ans . b
 8. Which of the following is the least secure method of authentication ?
a) Fingerprint
b) Retina Pattern
c) Smart Card
d) Password
Ans. d
9. Which of the following is a strong password ?
a. 22September99
b. !996543
c. India@4521
d. Mona57567
Ans. c

10. Which of the following method is based on tickets?

a) Central storage
b) Kerberos
c) Challenge and response
d) One time passwords
Ans. B

11. Why is one time password safe?

a) Easy to generate
b) Different for every access
c) Cannot be shared
d) It is a complex encrypted password
Ans. B

12. Which of the methods below uses a hash algorithm for authentication?
a) Sequential keys
b) Local storage
c) Certificate based authentication
d) Secure socket layer
Ans. a
13. What does CIA stand for
a) Confidentiality, Integrity, Availability
b) Central Intelligence Agency
c) Cyber security ,Investigation Agency
d) Cyber security, Internet, Accessibility
Answer : a
14. _________ means protecting the data from getting disclosed to those who are not authorized to use
it.
a) Integrity
b) Authorization
c) Confidentiality
d) Availability
Answer: c
15. The protection of data from modification by unknown users is known as _____________
a) Confidentiality
b) Integrity
c) Authentication
d) Data theft
Answer: b
16. _____________ means that the sender must not be able to deny sending a message that he / she has
sent.
a) Authentication
b) Integrity
c) Confidentiality
d) Non-repudiation
Answer: d

17. Which direction access cannot happen using the DMZ zone by default?
a) Company computer to DMZ
b) Internet to DMZ
c) Internet to company computer
d) Company computer to Internet
Answer: c

18. Which of the following is a physical threat to companies?

a) Theft
b) Emergency
c) Availability
d) Network Failure
Answer: a

19. Which is not a Fundamental storage infrastructure?

a) Storage networks
b) Arrays
c) Servers
d) Vectors
Answer : d
20. The alternative to port zoning, in which the zones are created relative to the ports the servers are
connected to on the switch, is
a) Arrays
b) Server
c) WNN zoning
d) Administration channel
Answer: c
21. _______ refers to the unauthorized interception of network traffic for the purpose of gaining
information intentionally.
a) Packet sniffing
b) Espionage
c) Packet replay
d) Packet spoofing
Answer: b

22. of loss of information, such as confidential data and intellectual

property, through intentional or unintentional means.
a) Data leakage
b) Theft
c) Exposure
d) Data forwarding
Answer: a

23. Computer and storage failures that corrupt data , damage the integrity of that data is called
 a) Data deletion
b) Data loss
c) Data corruption
d) Malfunctions
Answer: d
24. The most common cause of data integrity loss is
a) Accidental modification
b) Data corruption
c) Data deletion
d) Malfunctions

Answer: a

25. Database security measures include authenticated users access to

a) data
b) Network
c) database
d) all of the above
Answer: d
26. .-------- is the most secured method of centrally storing important and sensitive data
a) Relational databases
b) OLTP
c) server side databases
d) object level databases
Answer: a
27. central repositories are
a) data warehouse
b) does the data analysis and reporting
c) both a and b
d) only a
Answer: c
28. OLTP stands for
a) Online transaction processing
b) Online termination processing
c) online transaction precedence
d) online termination program
Answer: a
29 . ----- Command specifies that a particular user or role will have access to perform specific action on database
objects
a) REVOKE
b) GRANT
c) UPDATE
 d) DENY
Answer: b
30.------- command removes any current permission settings for the specified users or roles
a) REVOKE
b) GRANT
c) UPDATE
d) DENY
Answer: a
31. A ----- is a logical relational database object that actually refers to one or more underlying database tables
a) REVOKE
b) VIEW
c) SELECT
d) DENY
Answer: b
32. PSTN stand for_____
a) Private Switched Telephone Network
b) Public Switched Telephone Network
c) Private Switched Transmission Network
d) Public Switched Transport Network
Answer: b)
33. The main layer of The Cisco Hierarchical Internetworking model.
a) Distribution
b) Core
c) Access
d) Performance
Answer: b)

34. Virtual terminal protocol supports _______ layer.

a) Application Layer
b) Presentation Layer
c) Physical Layer
d) Data Link Layer
Answer: a)
35. Extranet can be described as a private network that uses _____ network to share information with clients.
a) Private
b) Public
c) Personal
d) User
Answer: b)
36. Controlling access to network by analyzing incoming and outgoing packets is called as
a) IP Filtering
b) Data Filtering
c) Packet Filtering
 d) Firewall Filtering
Answer: c)

37. TCP/IP previously used by______

a) DECNET
b) ISO-NET
c) DECNET
d) ARPANET
Answer :d)

38. ______________ are 48-bit hexadecimal numbers that are uniquely assigned to each hardware network
interface by the manufacturer.
a) MAC addresses
b) IP addresses
c) Application Specific addresses
d) Port Addresses
Answer. a

39. ___________ are 32-bit numbers assigned by the network administrator that allow for the creation of
logical and ordered addressing on a local network.
a) Port Addresses
b) MAC addresses
c) IPv4 addresses
d) IPv6 addresses
Answer. c

40. OSI Model has ____________ layers.

a) 4
b) 5
c) 6
d) 7
Answer. d

41. HTTP works on which of the following layer of the TCP/IP Protocol suite?
a) Network
b) Application
c) Transport
d) Datalink
Answer. b

42.____________ layer is used to define and control electrical signals over the physical media.
a) Physical
b) Network
c) Application
d) Transport
Answer. a

43. ________ are dumb devices which are used for connecting two or more devices.
a) Switch
b) Gateway
c) Router
d) Hub
Answer. d
44. An attacker can trick a local network segment into sending it another device’s traffic with an attack known as
_____________.
a) DNS poisoning
b) Eaves dropping
c) Social Engineering
d) ARP poisoning
Answer. D

45. Databases can be used in various capacities, except:

a) Application support
b) Secure storage of sensitive information
c) Online transaction processing (OLTP)
d) VPN
Answer: d

46. Microsoft SQL Server database platform uses a default TCP port of
a) 1527
b) 1433
c) 3306
d) 2231
Answer: b

47. Encryption in databases can be done

a) by storing encrypted data in the DB.
b) Through VPN
c) Providing passwords
d) Restricting Access
Answer: a
48. The various Database Security Layers are:
a) Server Security Layer
b) Network Level Security
c) Transport Level Layer
d) Encryption Level
Answer: c
49. The ANSI Standard SQL language provides for the ability to use three commands for administering
permissions to tables and other database objects, the fourth wrong command being
a) Grant
b) Revoke
c) Deny
d) Commit
Answer: d
50. Perhaps the most commonly used method of controlling data access is
a) cursors
b) views
c) trigger
d) sequence
Answer: b

51. Instead of layers DBAs provide access to objects, some objects are given except
a) view
b) Stored procedure
c) trigger
d) application
 Answer d

52. To what granular level can security be provided

a) Application
b) Table
c) Column
d) Schema
Answer: c

53. Triggers are used as security objects except

a) to fire creation of a row in another table
b) to perform detailed auditing
c) to create views
d) enforce complex data-base related rules
Answer: c

54.. Web based developers would handle security at the level of

a) Application
b) User
c) Operating System
d) Column
Answer: a
55. How many types of firewalls are there?
a) 1
b) 2
c) 3
d) 4

ANS: c

56. which is that software installed using an internet connection as they come by-default with operating systems?
a) Hardware
b) Software
c) stateful Inspection firewall
d) Microsoft firewall

ANS:b

57. While entering or leaving the internal network,firewalls examine which of the following?
a) emails users
b) updates
c) connections
d) data packets

ANS:d
58. which of the below defines the packet filtering firewall rules
a) .Access Control List
b) Protocols
c) Policies
d) Ports
ANS:a
59. Which port number is used to effectively manage the firewall?
a) 70
b) 71
 c) 80
d) 72

ANS:c
60. Which address results in same address translation?
a) NAT
b) Static NAT
c) Dynamic NAT
d) PAT

ANS:b
61. Which of the following is used to filter, analyse and perform heuristic behavior detection to help the network
security administrators?
a) UDP
b) ICMP
c) SIEM
d) DNS
ANS:c
62. Using which filtering methods, firewalls can subtract the spam from your email messages?
a) URL filtering
b) Web content filtering
c) capplication filtering
d) Email spam filtering
ANS:d

63. What actually generates the traffic on servers and workstations?

a) Firewalls
b) Web content
c) Applications
d) spam

ANS: c
64. Which layer of OSI model, packet filtering firewalls are implemented?
a) Application layer
b) Session layer
c) Presentation layer
d) Network layer

ANS:d
65. which is the following process does converting one IP address to another, and logging of traffic?
a) NAT
b) Static NAT
c) Dynamic NAT
d) PAT

ANS: a

66. A proxy firewall works at which layer?

 a) Network Layer
b) Session layer
c) Presentation layer
d) Application layer
ANS: d
67. A ___________ program must be conducted for development teams which includes technical security
awareness training and role-specific training.
a) Security training
b) Security coding
c) Security Testing
d) Documentation
Ans. a
68. Security __________ is performed to find security issues by running application code.
a) Documentation
b) Monitoring
c) Testing
d) Modeling
Ans. c

69.__________ is a technique for reviewing the security properties of a design and identifying potential issues
and fixes.
a) Threat Modeling
b) Code Review
c) Cookies
d) SQL injection attack
Ans. a

70. ___________ Scripts are used for performing validations like limiting the size of the input fields, disallow
certain characters.
a) Server side
b) Client side
c) SQL query
d) Application
Ans. b

71. Limiting the number of connections per second per IP address and use of strong passwords can prevent
___________ attack.
a) Brute-force
b) SQL injection
c) Buffer overflow
d) Cookies
Ans. a

72. Application security is mainly controlled by the ____________ of the application, as he/she requires extensive
knowledge about various areas like GUI, network connectivity, OS interaction and sensitive data management for
writing secure programs.

a) Server
b) Developer
c) Client
d) Company
Ans. b

73.___________ is common method of verifying that the person on the other end is a human being by showing a
distorted image of letters and numbers and requiring the user to type them in correctly.
a) OTP
 b) password
c) CAPTCHA
d) graphics
Ans. c

74. Web interface has _________ quick development time than GUI.
a) slow
b) fast
c) medium
d) regular
Ans. b

75. A web interface can be accessed from any ________ location through internet.
a) Remote
b) low
c) high
d) source
Ans. a

76. Customized client GUIs can be used to display ________________ that cannot be shown using a regular web
administration interface.
a) Complex graphics
b) header
c) footer
d) image
Ans. a

77.One of the following is a disadvantage of custom web administration.

a) Availability
b) encryption
c) specific OS
d) complex graphics
Ans. c
78. Switches and Firewall come under the category of _______________ assets
a) Technical equipment
b) Computer equipment
c) Communication equipment
d) Security equipment
Answer: c
79. Racks and NEMA-rated enclosures come under the category of _______________ assets
a) Technical equipment
b) Furniture and Fixtures
c) Communication equipment
d) Storage equipment
Answer: b

80. One of the following comes under the category of Technical equipment
a) Air-conditioners
b) Servers
c) Fax machine
d) Credit-cards
Answer: a

81. The main areas of Physical Vulnerability assessment are

a) Buildings
b) Computing devices and not peripherals
c) Documents and raw calculations
d) temperature
Answer: a

82. Threats to Employee safety and break-inns are due to

a) Poor lighting
b) No security guard
c) Remotely located offices
d) High crime areas
Answer: a

83. Power outages can cause irreparable damages to

a) Remote offices running PCs
b) Servers
c) Data centers
d) Power cut down

Answer: c

84. _______________ is an area designed to allow only one authorized person to enter in
a) Mantrap
b) Human trap
c) One pass
d) Secure Pass
Answer: a

85. Antitailgating mechanism is used to prevent _________________ person from closely following an authorized person
through an open door
a) All Authorized
b) Unauthorized
c) Both Authorized and Unauthorized
d) Few Authorized

Answer: b

86. ______________ is used to confirm the identification of an individual through fingerprint, voice, face, retina, iris etc
a) Passwords
b) Signature verification
c) PCMC Card
d) Biometric device
Answer: d

87. Forcible entry or intrusion into the premises of an organization can be prevented by using
a) Security Guards
b) CCTV Cameras
c) Infra-red sensors
d) RF devices
Answer: a

88. For Intrusion detection ___________ is/are used

a) CCTV cameras
b) voice
c) rays
d) Radio Frequency Sensor
Answer: a
89. Which of the following is the most commonly used VoIP standard?
a) SDP
b) IMS
c) SIP
d) MGCP
answer: b
90. Which of the following is the more lightweight protocol listed below?
a) H.323
b) MGCP
c) SIP
d) IMS
answer: b
91.VOIP stands for:
a) Voice Over Internet Protocol
b) Voice Over Internal Protocol
c) Voice Over International Premises
d) Over Internal Premises

answer: a
92. VOIP networks use primarily what kind of switching technology
a) Protocol switching
b) Packet switching
c) Constantly switching
d) Cellular switching
answer: b
93. In a VOIP network, it is possible to use which devices to make a call
a) An IP phone
b) A traditional phone (with a gateway)
c) A computer with VOIP software
d) Voice Over International Premises

answer: a
94. SRTP stands for_______________
a) Secure Real-Time Transfer Protocol
b) Secure Real-Time Transmission Protocol
c) Secure Real-Time Transport Protocol
d) Secure Real-Time traffic Protocol
answer: c
95. PBX stands for________
a) public Branch Exchange
b) Public Branch Element
c) Private Branch Element
d) Private Branch Exchange
answer: d
96. _____________provide intelligence and control certain routing and authentication, authorization, and
accounting (AAA) security functions.
a) Gatekeepers
b) Bridge
c) PBX
d) TEM
answer: a
97. The most important data validation feature using hidden fields is called
a) hacking
b) SQL injection
c) spoofing
d) masquerading
Answer :b

98. If you back up 13GB of data to tape media and then the database becomes corrupted, the recovery time might
be
a) two hours.
b) three hours
c) four hours
d) five hours
Answer: a

99. Backups can be of these types except

a) Full
b) Differential
c) Transaction log
d) user-defined
Answer: d

100. Backup taken while system is up and running is called:

a) Cold backup
b) Hot backup
c) Severe Backup
d) mild Backup
Answer: b

1.To send a packet, the source should know the following addresses
a. MAC Address
b. IP address
c. DNS
d. Both IP address and MAC Address
Answer : d

2.DNS Stands for

a. Domain Name Service
b. Domain Name System
c. Data Name Service
d. Data Name System
Answer: a

3. The protocol used to find the IP address when Mac address is given
a. RARP
b.ARP
c. DNS
d. IP
Answer :b

4. There are ____ layers in OSI reference model

a.5
b.6
c.7
d.8
Answer:c

5. The connection less protocol used in transport layer in OSI reference model is
a. TCP
b. UDP
c. IP
d. RARP
Answer: b

6. The dumb device used to provide solution to connectivity in network is

a. hub
b. switch
c. modem
d.cables
Answer: a

7.The port no of HTTP is

a. 23
b.25
c.80
d.443
Anwer : c

8. The device that operates at layer 3 of the OSI reference model

a. hubs
b. switch
c. modem
d.Rourters
answer :d

9. ____________ is a routing protocol

a. Internet protocol
b. Hyper text transfer protocol
c. Border Gateway protocol
d. User datagram protocol
Answer :C

10. _________ are the updates released by the product vendor which should be applied in a timely manner
a. Patches
b. Updates
c. Instants
d. Data
Answer : a

11 The ______can be queried to see who logged on to the router from where
a. TFTP Server
b. Web server
c. Diagnostic Services
d. Finger Services
Answer :D

12. Web interface accessed by a browser can be monitored by _______

a. Secure Shell Protocol
b. Diagnostic Services
c. SNMP
d. Network Protocol
Answer :C
13. AAA stands for
a. Accessing, Authorization, Accounting
b. Accounting Amending, Authorization
c. Authorization, Accounting, Accessing
d. Authentication, Authorization, Accounting
Answer :D

14. ___________ is the component that determines if an incoming connection is allowed.

a. Accounting
b. Accessing
c. Authentication
d. Authorization
Answer:C

15. ___________-is used to trouble shoot the network layer connectivity by mapping the network path between
the source and destination
a. Traceroute
b. Echo
c. SNMP
d. ICMP
Answer :a

16. The code 3 of the ICMP error message refers to

a. Network unreachable
b. port unreachable.
c. Protocol unreachable
d. Port unreachable
Answer : D

17. ___________ is an attempt to slip through the external defenses by masquerading as an internal host.
a. Sniffing
b. Address spoofing
c. Trojan horse
d. Worms
Answer: B

18. The fragmentation needed is which code of the ICMP error message
a. 1
b. 2
c. 3
d. 4
Answer :D

19. TTL stands for

a. Time to leave
b. Take to leave
c. Time to live
d. Take to live
Answer : C

20. ICMP works in which layer of the OSI reference model

a. Network layer
b. Transport layer
c. Session layer
d. Data link layer
Answer:B
Sr. Question Option 1 Option 2 Option 3 Option 4 Correct
No. answer
1 Which is not a Storage Arrays Servers Vectors Option 4
Fundamental networks
storage
infrastructure?
2 What is full form logical unit linear unit linear uniary linear uniion Option 1
of LUNs? numbers numbers numbers numbers
3 _______ refers to Packet Sniffing Espionage Packet Replay Packet Spoofing Option 2
the unauthorized
interception of
network traffic for
the purpose of
gaining
information
intentionally.
4 The alternative to Arrays Servers WWN zoning, Administration Option 3
port zoning, in Channel
which the zones
are created relative
to the ports the
servers are
connected to on
the switch, is
________.
5 ________ is the Data leakage Theft Exposure Forwarding Option 1
risk of loss of
information, such
as confidential
data and
intellectual
property, through
intentional or
unintentional
means.
6 Computer and Data Deletion Data Loss Data Corruption Malfunctions Option 4
storage failures
that corrupt data ,
damage the
integrity of that
data is called
___________.
7 The most common Accidental Data Data Deletion Malfunctions Option 1
cause of data Modification Corruption
integrity loss is
_________.
8 _______ is any Denial of An Outage Ddos Slowness Option 2
unexpected Service
downtime or
unreachability of a
computer system
or network.
9 What is full form New-attached New- Network- Neutral attached Option 3
of NAS? storage available attached storage storage
storage
10 What is full form Service area Storage area Selected area Single area Option 2
of SANs? networks networks networks netwroks
11 ________storage Permanent Temporary Secondary Primary Option 4
is composed of a
storage device
such as a NAS
appliance or a
storage array.
12 Administration of Corporate Personal Public Protected Option 1
the storage
environment
should be done
through a network
that is separate
from the main
_______network.
13 Using tools to Packet Packet Packet relay Packet replay Option 2
capture network spoofing sniffing
packets is called ,
14 _______ have the Users Mangement Administrators Manger Option 3
authority to bypass
all security
controls, and this
can be used to
intentionally or
mistakenly
compromise
private data.
15 _____may be Fraud Crime Misuse Inception Option 1
perpetrated by
outsiders but is
usually committed
by trusted
employees.
16 _____ in the Inception Fraud Crime Hijacking Option 4
context of
computing refers
to the exploitation
of a valid
computer session.
17 ______ is an Spam Phishing Fraud Hijacking Option 2
attempt to trick a
victim into
disclosing personal
information.
18 ______risks affect Integrity Avialability Confidentiality Authority Option 1
both the validity of
information and
the assurance that
the information is
correct.
19 Using tools to Packet Packet Packet replay Packet relay Option 3
reproduce traffic spoofing sniffing
and data that was
previously sent on
a network is called
_________.
20 A denial of service Unavailable Available Private Public Option 1
(DoS) attack or
distributed DoS
(DDoS) attack is
an attempt to make
a computer
resource _____to
its intended users.