Question

Subject: Principles of Information Security

True/False

1. Traffic that is encrypted will typically pass by an intrusion prevention system untouched.
2. Performing cloud-based data loss prevention (DLP) is as simple as moving the enterprise edge methodology to the cloud.
3. General UNIX baselining follows similar concepts as baselining for Windows OSs.
4. Defense against attack begins by eliminating threats.
5. A worm is malicious code that has to attach itself to something else to survive.
6. With the availability of DNS blacklisting, pattern matching is no longer utilized for filtering spam.
7. Sender Policy Framework (SPF) validates the receiving address of the e-mail.
8. S/MIME uses the X.509 format for certificates

Multiple choice

9. What is an advantage of a network-based IDS? he differences between misuse and anomaly IDS models is

A. An IDS can examine data after it has been decrypted.

B. An IDS coverage requires fewer systems.

C. An IDS can be very application specific.

D. An IDS can determine whether or not an alarm may impact that specific system.

10. __________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources.

A. Port scanning

B. Honeypot

C. Network security monitoring (NSM)

D. Security information and event management (SIEM)

11. Which term refers to the quarantine or isolation of a system from its surroundings?

A. Demilitarized zoning

B. Read-only domain controller pruning

C. Egress filtering

D. Sandboxing

12. __________ technologies involve the miniaturization of the various circuits needed for a working computer system.

A. TCP wrappers

B. System on a Chip (SoC)

C. Daemon

D. Supervisory control and data acquisition (SCADA)

13. Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection?

A. Spoofing

B. Man-in-the-middle attack

C. Sniffing

D. Injecting

14. DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in which an attacker changes a DNS record through any of a multitude of means.

A. poisoning

B. smurfing

C. caching

D. kiting

15. Which protocol allows the exchange of different kinds of data across text-based e-mail systems?

A. MTA

B. MUA

C. MIME

D. MDA

16. In PGP, the content is encrypted with the generated __________ key.

A. encrypt e-mail content

B. asymmetric

C. shared key

D. elliptical

17. Few instant messaging programs currently support __________.

A. the ability to share files

B. encryption

C. video transmission

D. connection to a smart device

Answer 1

Subject: Principles of Information Security

True/False

* Sender Policy Framework (SPF) validates the receiving address of the e-mail.
Answer: False

SPF, as the name suggests, validates the sending address (sender's email) of the e-mail, NOT the receiver or the receiving address of the e-mail.
The SPF is a mechanism to authenticate emails. This technique is used to prevent spammers from sending messages on behalf of your domain. It works with the DMARC configuration and related information, giving the receiver or receiving systems information on how trustworthy the origin (the sender) of an email is. It validates the authenticity of the source (sender's email address). It is, in some way, even involves the signature of the sender for this validation purpose. It identifies and validates which mail servers are permitted to send emails on behalf of your domain. Its intention is to detect and prevent spammers from sending messages with forged 'From' (sender) addresses on your domain.

* S/MIME uses the X.509 format for certificates
Answer: True
S/MIME uses the Cryptographic Message Syntax (CMS). CMS depends on X.509 certificates for public key distribution. An X.509 certificate contains a public key, entity's name it identifies, an expiry date, the Certificate Authority's (CA) name issuing the certificate, a serial number, and various other information.

* A worm is malicious code that has to attach itself to something else to survive.
Answer: False

A computer 'virus' is a malicious code that has to attach itself to something else to survive. However, a computer 'worm' is a standalone malware computer code or program replicating itself to spread to other computers. It is self-replicating. It uses a computer network to spread itself. They replicate functional copies of themselves and cause the same type of damage. As computer worms are standalone software, they do not require a host program or human help to replicate or propagate.

Multiple Choice:

11. The term that refers to the quarantine or isolation of a system from its surroundings:
Answer: D. Sandboxing
It is a software management strategy providing the capability to isolate applications from critical system resources and other programs. It is a security mechanism to separate running programs to mitigate system failures or software vulnerabilities from spreading.

12. __System on a Chip (SoC)______ technologies involve the miniaturization of the various circuits needed for a working computer system.
Answer: B. System on a Chip (SoC)
SoC designs are optimized minimizing waste heat output that is generated due to high power density which is the bottleneck on the integrated circuit chips, thus leading miniaturization of components. A system on a chip or system on chip (SoC) is an integrated circuit integrating all components of a computer or other electronic systems, such as a Central Processing Unit (CPU), memory, input or output ports, and secondary storage. All these components will be on a single substrate or a microchip which is of the size of a coin.

13. The type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection:
Answer: Spoofing
In a spoofing attack, a person or a program disguises as another falsifying addresses and data gaining an illegitimate advantage and thus can impose their packets in the middle of an existing connection.

14. DNS __poisoning____ is a variant of a larger attack class referred to as DNS spoofing, in which an attacker changes a DNS record through any of a multitude of means.
Answer: A. poisoning
'DNS cache poisoning' is also called as 'DNS spoofing'. It can attack type exploiting vulnerabilities in the Domain Name System (DNS) diverting Internet traffic away from legitimate servers and towards illegitimate ones changing DNS records. In this type of attack, basically, corrupt data is inserted into the DNS name server's cache database.

15. The protocol that allows the exchange of different kinds of data across text-based e-mail systems:
Answer: C. MIME
Multipurpose Internet Mail Extensions (MIME) is an Internet standard extending the format of email supporting:
* Text in character sets along with ASCII.
* Non-text attachments in files such as audio, video, images, application programs, etc. in their respective file formats.
* Message bodies in the email with multiple parts.
* Header information in non-ASCII character sets.

Servers insert the MIME header at the beginning of a Web transmission, whereas clients use this content or media type header to select an appropriate viewer application for the type of data the header indicates.

MIME is an extension to the Internet email protocol. It is an Internet email protocol that lets users exchange different kinds of data files over the Internet.