1. What are the means of authenticating a user’s identity?
A. Something the individual knows
B. Something the individual possesses
C. Something the individual is
D. Something the individual does
E. All of the above
F. None of the above
2. Lower the false match rate, better the quality of the security application
True False
3. Countermeasure for the theft of system password file
A. Lockout all passwords
B. Fast reissuance of all passwords
C. Enforce a password policy that makes very difficult to guess password
D. User training
E. All of the above
4. List basic techniques to avoid guessable passwords
5. Smart card contains
A. Microprocessor
B. Small database of password and user information
C. A self-erase mechanism in case of suspected misuse
D. All of the above
6. Biometric system can authorize an user to use a computer system, but it cannot authenticate
True False
7. The function of processor in ATM architecture
8. Type of Access control based on how sensitive and important the Object is
A. DAC – Discretionary Access Control
B. MAC – Mandatory Access Control
C. RBAC – Role based Access Control
D. All of the above
9. Kind of constraint that stipulates that a user can be assigned to a role only if that user was already given another role.
A. Cardinality
B. Mutually Exclusive
C. Prerequisite
D. Any one of the above
10. Match the following
A. Subject 1) That can create resource
B. Object 2) That accesses objects
C. Owner 3) Subjects to give minimal access
D. World 4) Entity whose access to control
11. Write down the main difference between Core RBAC and Hierarchical RBAC
12. The protection mechanism that detects potential attack and alerts the administrators
A. Firewalls
B. Port Scanner
C. TACACS
D. IDPS
E. All of the above
13. The protection mechanism used to authenticate remote users
A. Firewalls
B. Port Scanner
C. TACACS
D. IDPS
E. All of the above
14. Administrators can use this tool to check what Servers are offering what services and are vulnerable to what type of attacks
A. Firewalls
B. Port Scanner
C. TACACS
D. IDPS
E. All of the above
15. Following technology (technologies) help to secure emails
A. PGP
B. S/MIME
C. PEM
D. Digital Certificate
E. All of the above
16. Following technology (technologies) help to secure general web browsing and web-based applications such as this class
A. SET
B. SSL
C. SHTTP
D. SSH
E. All of the above
17. Which one of the following is User authentication protocol
A. X.509
B. Kerboros
C. S/MIME
D. All of the above
18. Write down the improvements made in Version 5 Kerboros
19. Which one of the following is Directory authentication protocol
A. X.509
B. Kerboros
C. S/MIME
D. All of the above
20. This Language support remote procedure calls involving complex data objects
A. XML
B. SOAP
C. WS-Security
D. SAML
E. All of the above
21. This Language helps to exchange security information between desperate systems.
A. XML
B. SOAP
C. WS-Security
D. SAML
E. All of the above
22. List the elements of PKIX Model
23. The Components of CIA triangle are
A. Corporate secrecy, Integrity, and Availability
B. Confidentiality, Integrity, and Access
C. Confidentiality, Integrity, and Availability
D. Confidentiality, Information Security, and Availability
24. Kind of attack wherein, the Server tricks the browser to send more data from client machine
A. XSS
B. SQL Injection
C. CSRF
D. XML Injection
25. Kind of attack wherein, the Server tricks the browser to execute a script, which in turn causes a malicious script from to be returned to browser and e executed
A. XSS
B. SQL Injection
C. CSRF
D. XML Injection
26. Technique to crash a website to find bugs in it
27. Kernel component of operating system responsible to run virtual servers
28. Two Kinds of ACLs
29. In windows, following is a kind of defense needed for the attacks caused primarily by the usage of particular programming languages
A. Account defenses
B. Network defenses
C. Buffer overrun defenses
D. Browser defenses
30. Following technique helps to mitigate stealing of data in Windows
A. Data protection API
B. BitLocker
C. TPM
D. All of the above
E. None of the above
31. Difference between WinLogon and NetLogon.
