Network Security Quiz

Question 1: The TLS record protocol performs the following operations EXCEPT:
Select one:
A. Establishing TLS session
B. Appending a TLS header to the data
C. Fragmenting application data
D. Encrypting application data

Solution: Establishing TLS session

Question 2: Which of the following is NOT a characteristic of network application?
Select one:
A. The application must be assigned a port number
B. The application needs to implement a communication protocol
C. The application must be assigned an IP address
D. The application needs to communicate with another application over the network

Solution: The application must be assigned an IP address

Question 3: HTTP cookies allows a website to do the following EXCEPT:
Select one:
A. Keep track of user's activities on the website
B. Provide content based on user's identify
C. Identify the IP address of the user's machine
D. Maintain user login session

Solution: Identify the IP address of the user's machine

Question 4: What is the use of the Message Authentication Code (MAC) in TLS?
Select one:
A. To ensure the data is not modified during transit
B. To ensure the data is compressed to a smaller size
C. To ensure the data cannot be read during transit
D. To ensure an attacker cannot spoof the IP address of the sender

Solution: To ensure the data is not modified during transit

Question 5: Which of the following application protocols send its data in clear text?
Select one:
A. HTTPS
B. SCP
C. SFTP
D. FTP

Solution: FTP

Question 6: Which of the following statements best describe the port forwarding feature of SSH?
Select one:
A. It enables secure data transmission of any network application
B. It enables a port number of an application to be transferred to another application
C. It enables the port number on a host to be transferred to another host
D. It enables the forwarding of data from one host to another

Solution: It enables secure data transmission of any network application

Question 7: Which of the following is NOT true when HTTPS is used?
Select one:
A. HTTP cookies can no longer be sniffed
B. An HTTP header line indicating the use of HTTPS will be added to the header HTTP header
C. Password transmitted using form-based authentication can no longer be sniffed
D. HTTP header is encrypted

Solution: An HTTP header line indicating the use of HTTPS will be added to the header HTTP header 

Question 8: HTTPS is the combination of which protocols?
Select one:
A. HTTP + TLS
B. HTTP + SSH
C. TLS + SSL
D. HTTP + TLS + SSH

Solution: HTTP + TLS

Question 9: Which of the following is NOT the function of a Web proxy?
Select one:
A. To enable faster Web browsing
B. To block illegal websites
C. To log browsing activities of users in an organization
D. To prevent malware from being downloaded during Web browsing 

Solution: To prevent malware from being downloaded during Web browsing

Question 10: The use of digital certificate in HTTPS ensures which of the following security properties?
Select one:
A. Authenticity of the server
B. Confidentiality of the HTTP messages
C. Integrity of the HTTP messages
D. Availability of the server

Solution: Authenticity of the server

Question 11: Which of the following command line tools can be used to invoke DNS service to convert Internet hostname to IP address? Check all that apply.
Select one or more:
A. nslookup
B. netstat
C. dig
D. ifconfig

Solution: nslookup
dig

Question 12: What are the security services provided by HTTPS? Check all that apply.
Select one or more:
A. Confidentiality
B. Availability
C. Integrity
D. Authenticity

Solution: Confidentiality
Integrity
Authenticity

Question 13: Which of the following services cause data transmission in TCP to be slightly slower than in UDP? Check all that apply.
Select one or more:
A. Process-to-process delivery
B. Error detection
C. Reliable data transfer
D. Congestion control 

Solution: Reliable data transfer
Congestion control

Question 14: In order to allow browsing of both HTTP and HTTPS websites, which of the following port number(s) need to be allowed by the firewall? Choose all that apply.
Select one or more:
A. 22
B. 21
C. 80
D. 443

Solution: 80
443

Question 15: Which of the following application-layer protocols utilize the SSH protocol? Check all that apply.
Select one or more:
A. SFTP
B. SHTTP
C. SMTP
D. SCP

Solution: SFTP
SCP


 

Human Computer Interactions Quiz

Q1: ____________ is a term used to refer to an attribute of an object that allows people to know how to use it.

a. Constraint
b. Visibility
c. Control
d. Affordance

Solution: Affordance

Q2: Which of the following is true about Short-Term memory?
a. Short-term memory has an unlimited capacity.
b. Short-term memory has large but limited capacity.
c. Short-term memory has no capacity.
d. Short-term memory has a limited capacity.

Solution: Short-term memory has a limited capacity

Q3: Menus

a. Offer access to all the system's functionality
b. Offer a choice of operations that can be performed at a given time
c. Are hard to learn how to use
d. Offer an easy way to learn an application

 Solution:  Offer a choice of operations that can be performed at a given time

Q4: The stages of the Norman model of interaction are

a. Establish goal, form intention, specify actions, execute actions, perceive system state, interpret state, evaluate state in terms of goals and intentions
b. Move towards goal, check, score goal, add one to total, repeat
c. Establish goal, perceive state, form intention, specify and execute action, interpret state
d. Think about what you want to do, do it, check you've done it

Solution: Establish goal, form intention, specify actions, execute actions, perceive system state, interpret state, evaluate state in terms of goals and intentions

Q5: To help users remember your design:
a. Provide them with easy to read manuals.
b. Provide them with handy shortcuts for important tasks.
c. None of the above.
d. Design for recognition.

Solution: Design for recognition.

Q6: Expert "slips" occur when

a. A person is skilled at a task and an element of the task changes
b. A person does not understand how the system works
c. A person misreads the display and issues the wrong command
d. A person is clumsy

Solution: A person is skilled at a task and an element of the task changes

Q7: Interaction design can only be carried out by people with expertise in Information Technology (IT). Only IT people can belong in a design team.
True
False

Solution: False

Q8: Cultural probes are small packs of items designed to provoke and record comments in various ways. which are given to people to take away and use it in their environment.

True
False

Solution:  True

Q9: Visible menus are preferable to typed in commands because it is easier to recall information than to recognize it

True
False

Solution: False

Q10: Icons are designed to represent objects and operations at the interface using symbols only.

True

False

Solution: False

Q11: Which of the following disciplines may contribute to the design process?

a. Ergonomics
b. Anthropology
c. Cognitive Science
d. All the above answers are correct

Solution: All the above answers are correct

Q12: The most common interface style nowadays is the

a. X system
b. WIMP System
c. Keyboard and mouse system
d. Command line system

Solution: WIMP System

Q13: The three types of human memory are sensory memory, short-term memory and working memory

True
False

Solution: False

Q14: Virtual reality refers to the experience of interacting with an artificial environment, which makes it feel virtually real.

True
False

Solution: True

Q15: Example of form fill interface is________.

a. Data entry form on some university web
b. All of the given answers
c. A dialog box
d. Pop up menu

Solution: Data entry form on some university web

Q16: Interaction design process includes four main phases plus an iteration loop. Which of the following is being executed
in the Analysis stage?

a. Task analysis
b. Help
c. Dialog notations
d. Interviews

Solution: Task analysis

Q17: Golden rule of design helps the designer to understand the computers and people. Which of the following may be used in understanding people?

a. Platforms
b. Computer capacities
c. Social aspects
d. Tools

Solution: Social aspects

Q18: System will fail if it is inappropriate to the user and do not fulfill the user needs.

True
False

Solution: True

Q19: Designers need to know many different things about users, technologies and interactions between them in order to create effective user experiences.

True
False

Solution: True

 Q20: Disadvantages of multidisciplinary teams are:
Select one:
a. Different perspectives and ways of seeing and talking about things.
b. Many ideas are generated.
c. None of the given answers.
d. Communication is not easy.

Solution: Communication is not easy.

 

Steganalysis

Question: The attacker focuses on stopping the message transmission
The attacker is:

a. Active attacker
b. Proactive attacker
c. Passive attacker
d. Reactive attacker

Solution: Active attacker

Question: A proactive steps that can be taken to overcome active attacker are the following EXCEPT:

a. Use distortion steganography technique
b. Replicate the message on multiple location of the message
c. Encrypt the message
d. Use hash functions

Solution: Encrypt the message

Question: The attacker changes the format of every message that goes through his monitored channel
The attacker is:

a. Proactive attacker
b. Active attacker
c. Reactive attacker
d. Passive attacker

Solution: Active attacker

Question: The attacker focuses on message extraction instead of stopping the communication
The attacker is:

a. passive attacker
b. active attacker
c. reactive attacker
d. proactive attacker

Solution: passive attacker

Question: The following scenario can limit the type of media that can be used for steganography EXCEPT

a. Use external drive to sensitive information storage's machine
b. Configure ports connected to sensitive information storage to receive only mode
c. Restrict physical access and hardware to sensitive information's location
d. Configure the firewall to restrict specific filetypes from being transmitted

Solution: Use external drive to sensitive information storage's machine

Question: The attacker focuses on traffic analysis and user identification
The attacker is:

a. Passive attacker
b. Reactive attacker
c. Proactive attacker
d. Active attacker

Solution: Passive attacker

Question: A possible advantage scenario of steganography over cryptography is:

a. Message can be bigger than the carrier media
b. Message is hard to read because it is jumbled up
c. Messages are smaller than encrypted message
d. Message won't raise suspicion because everyone received it

Solution: Message won't raise suspicion because everyone received it

Question: Understanding the steganography triad is important when designing a stego-system because:

a. the strength of a stego-system could be known from the triad
b. the amount of payload could be known from the triad
c. the amount of robustness could be known from the triad
d. the amount of invisibility could be known from the triad

Solution:  the strength of a stego-system could be known from the triad

Question: Steganography is different from cryptography because

a. Steganography is hashed and unreadable
b. Steganography looks like another media or message
c. Steganography is not anonymous
d. Steganography is faster than encryption

Solution: Steganography looks like another media or message

Question: Which of the following shows a scenario for a secure stego-system:-

    1. Warden does not have the key to generate the stego-object.
    2. The cover object is also the stego-object.
    3. The stego-object is hard to differentiate than normal object.
    4. The attacker is the agent that generates the stego-object.

Select one:
a. 3 and 4
b. 1 and 3
c. all of the above
d. 1 and 2

Solution: 1 and 3

Risk Management

Question: Generally, most risk management activities will consist of the following activities EXCEPT:

a. Control Identification
b. Target group awareness
c. Risk assessment
d. Control Implementation

Solution: Target group awareness

Question: Security policy and procedures on e-mail safety practice is an example of

a. Acceptance risk control
b. Avoidance risk control
c. Transference risk control
d. Mitigation risk control

Solution: Avoidance risk control

Question: Placing security camera around building that has valuable asset is an example of

a. Transference risk control
b. Acceptance risk control
c. Avoidance risk control
d. Mitigation risk control

Solution: Avoidance risk control

Question: Insuring the office building with fire insurance is example of

a. Avoidance risk control
b. Acceptance risk control
c. Transference risk control
d. Mitigation risk control

Solution: Transference risk control

Question: Hiring vendors to set up firewall and Intrusion Detection System to protect the server is an example of

a. Mitigation risk control
b. Transference risk control
c. Avoidance risk control
d. Acceptance risk control

Solution: Avoidance risk control

Question: The core consideration in a cost benefit analysis is:

a. weighing the pros and cons of implementing a risk control choices
b. selecting which vendor is the best to provide backup, security and insurance
c. giving monetary value to each of the asset that needs to be protected
d. identifying the risk, threat and vulnerabilities of each asset that needs to be analyzed

Solution: weighing the pros and cons of implementing a risk control choices

Question: The following scenario could be considered as an asset valuation component, EXCEPT

a. The amount of discount our client gets from black Friday's sale
b. Poor Internet connection effect the order tracking that comes in from the customer
c. The secret recipe to that makes up for our famous fried chicken
d. Heavy rain causes difficulty in delivering item to the customer

Solution: The amount of discount our client gets from black Friday's sale

Question: The correct order in a risk assessment activity is:

a. Asset - Vulnerability - Threat
b. Asset - Threat - Vulnerability
c. Threat - Vulnerability - Asset
d. Vulnerability - Asset - Threat

Solution: Asset - Threat - Vulnerability

Question: Providing cold site and hot site for important business transaction is an example of

a. Mitigation risk control
b. Transference risk control
c. Acceptance risk control
d. Avoidance risk control

Solution: Mitigation risk control

Question: If the cost from a risk occurrence could be absorbed by the organization, it is an example of

a. Avoidance risk control
b. Transference risk control
c. Mitigation risk control
d. Acceptance risk control

Solution: Acceptance risk control

Security Planning

Question: A malware released into the system causing machines in financial department to be locked.

This event should be covered in:

a. Damage Assessment
b. Business Continuity Planning
c. Incident Response Planning
d. Disaster Response Planning

Solution: Disaster Response Planning

Question:  Register the guest at the reception counter
Escort the guest to their designated meeting area
Leave the guest only if they are received by another employee at the meeting area.

This is an example of:

a. Standard
b. Guideline
c. Policy
d. Procedure 

Solution: Procedure

Question: Only registered guest will be allowed access into the premise

This is an example of:
Select one:
a. Guideline
b. Standard
c. Procedure
d. Policy

Solution: Policy

Question: All critical department computers should always be backed up regularly to another site.

This event should be included in the:
Select one:
a. Disaster Recovery Planning
b. Incident Response Planning
c. Business Continuity Planning
d. Damage Assessment

Solution: Business Continuity Planning

Question: An employee accidentally clicked on a phishing link causing his machine to be locked by ransomware.

This event should be covered in:
Select one:
a. Disaster Response Planning
b. Damage Assessment
c. Business Continuity Planning
d. Incident Response Planning

Solution: Incident Response Planning

Question: Guest(s) will be given keycard to enter only the location that they have registered to.
Guest(s) entering the premise must always be escorted by an employee.

This is an example of:
Select one:
a. Standard
b. Procedure
c. Guideline
d. Policy

Solution: Standard

Question: Employer will be able to indicate employee's awareness and behavior of a certain security policy by the following method EXCEPT
Select one:
a. Putting up posters and leaflet around the workplace
b. Reviewing comments and feedback from the clients
c. Observation based on weekly walkabouts around the workplace
d. Employee engagement

Solution: Putting up posters and leaflet around the workplace

Question: Employee log files should be saved, stored and documented.

The event is related to:
Select one:
a. Business Continuity Planning
b. Damage Assessment
c. Disaster Recovery Planning
d. Incident Response Planning

Solution: Damage Assessment

Question: Policy should be easy to understand and contain less technical jargon because:
Select one:
a. People are basically ignorant and selfish
b. People comes from all walks of life and background
c. Employees and clients are not paid to follow technical policy
d. The employer needs to train them harder if it is too technical

Solution: People comes from all walks of life and background

Question: The following could be a successful awareness program approach EXCEPT:
Select one:
a. Highlight the achievement and success related to compliance
b. Produce and distribute easy to understand content over a planned timeline
c. Have a specific target group and a more customize the content
d. Focuses on spanned groups that could understand technical details

Solution: Focuses on spanned groups that could understand technical details

Laws & Ethics

Question: The main dilemma when handling a computer related cases is that sometimes it involved trans-national individuals and criminals. This dilemma is directly related to which part organizational concerns when enforcing or investing cases?

a. Jurisdiction
b. Due Diligence
c. Liability
d. Due Care 

Solution: Jurisdiction 

Question: If an incident occurs and causes lost to a client and even an organization's employee, the organization is responsible to provide compensation to the affected party. This is an example of:

a. Due care
b. Liability
c. Jurisdiction
d. Due diligence 

Solution: Liability

Question: An attacker performs DDoS attack towards an important server for McDonald's causing it to shutdown. This is:

a. Computer is incidental
b. Computer assisted crime
c. Computer is not related to this crime
d. Computer specific crime 

Solution: Computer specific crime

Question: Alex accidentally deletes the copy of his client's record from the database. This is a :

a. Computer is incidental crime
b. Computer assisted crime
c. Computer specific crime
d. Computer is not related to the crime 

Solution: Computer is incidental crime

Question: An organization is doing everything within its capacity to ensure the client's data is protected through authentication, backup and even recovery process. This is an example of:

a. Liability
b. Due diligence
c. Jurisdiction
d. Due care 

Solution: Due diligence

Question: As the manager, Suria pass judgment and decision based on the facts that is presented to him. This is an example of:

a. Self evaluation
b. Responsible behavior
c. Ethical dilemma
d. Professionally aligned behavior, action and decision

Solution: Professionally aligned behavior, action and decision

Question: A robber uses the information from a hacked CCTV to study his victim while plotting the action. This is a:

a. computer assisted crime
b. computer is incidental
c. computer is not involved
d. computer specific crime 

Solution:  computer assisted crime 

Question: Doing the ethically correct thing requires us to always reevaluate our moral values before certain action. This is an example of:

a. Responsible behaviour
b. Professionally aligned behavior, action and decision
c. Ethical dilemmas
d. Self evaluation 

Solution: Self evaluation

Question: Zachary is unsure whether to report a wrongdoing involving his fellow friend at work. This is an example of:

a. Responsible behavior
b. Self evaluation
c. Ethical dilemmas
d. Professionally aligned behavior, action and decision 

Solution: Ethical dilemmas

Question: Explaining a policy and making sure it is understood by every employee falls under the category of:

a. Due Diligence
b. Liability
c. Due care
d. Jurisdiction

Solution: Due care

Security Maintenance

Question: Acceptable action and practice can be obtained from:

a. Baseline study
b. Policy
c. Audit
d. Monitoring

Solution: Policy

Question: The one that should have the most on-the-field skills in a security team is the:

a. Chief Executive Officer
b. Chief Information Security Officer
c. Security manager
d. Security technician

Solution: Security technician

Question: The following can be used for background checks for prospective employee EXCEPT:

a. Social media presence
b. Lecturer's recommendation letter
c. Parent's phone call verification
d. Medical information history 

Solution: Parent's phone call verification

Question: Which of the following could BEST describe the importance of job or task rotation from security perspective

a. Sharing responsibility of doing the job among employees
b. Ease the burden of the employee from being responsible for one task in a long time
c. Prevent corruption of having too much control over a task
d. Jobs or tasks can be done much faster and more efficient

Solution: Prevent corruption of having too much control over a task

Question: The following are related to EXTERNAL Environment EXCEPT

a. Public network
b. Vendors
c. Virus and malware
d. Employee 

Solution: Employee

Question: If you want to check for malware and virus activity in a network, which log will you look at?

a. Event log
b. Entry log
c. Access log
d. Manager's log 

Solution: Event log

Question: The following are related to INTERNAL monitoring EXCEPT:

a. Organization's network
b. Cross site scripting threat
c. Office's software patches !
d. Security awareness

Solution: Cross site scripting threat

Question: Change management is important when implementing new security control because

a. It was described in the security model and must be followed
b. It involves changes affecting people and technicalities of doing things
c. It involves risk assessment to identify asset, threat and risk for an information asset
d. It addresses the cost benefit analysis to be presented to the management

Solution: It involves changes affecting people and technicalities of doing things

Question: Which of the following could best describe the reason why organization must omit job description that
describe access privileges?

a. The information is not important for the job being offered
b. It might leak possible guesses of interview questions based on the information
c. It reveals access level and possible control related to those privileges
d. Prospective employee could demand more pay when looking at the information

Solution:  It reveals access level and possible control related to those privileges

Question: Which of the following is related to CHANGE MANAGEMENT

a. External Monitoring
b. Cost Benefit Analysis
c. Risk Assessment
d. IT Governance

Solution: IT Governance