(Doubt)

 

Home » Security » MCQ » Computer Security MCQs – Multiple Choice Questions and Answers – Part 1

MCQ

Computer Security MCQs – Multiple Choice Questions and

Answers – Part 1
 June 22, 2021  0 Comments  computer security exam questions and answers, computer security mcq online test , computer security mcq

pdf, computer security mcq questions pdf , computer security mcqs , computer security quiz answers, computer security quiz questions and answers pdf,

computer security test questions , cyber security quiz questions and answers pdf, mcq on computer security , mcq on system security , multiple choice

questions on data security, network and information security mcq, network security attacks mcq, network security consists of, network security mcq with

answers pdf

M ultiple choice questions and answers (MCQs) on Computer Security to prepare for exams, tests, and
certifications. These questions are taken from a real written exam and some parts are taken from an interview. So
you will find questions on basic techniques such as encryption, signature, certificates, authentication, and more. This
MCQ will easily prepare anyone to pass their exam.

1. In computer security, _______ means that active computer systems can only be
modified by authorized persons.
A Confidentiality

B Integrity

C Availability

D Authenticity

Answer

B

Integrity, in terms of data and network security, is the fact that information can only be accessed and
modified by those authorized to do so.
2. In computer security, _______ means that the information contained in a computer
system can only be read by authorized persons.
A Confidentiality

B Integrity

C Availability

D Authenticity

Answer

A

Confidentiality means that the information in a computer system can only be read by authorized
persons.

3. The types of threats to the security of a computer system or network are _______?
A Interruption

B Interception

C Modification

D Creation

E Fabrication

Answer

 A, B, C, E

4. Which of the following is an independent malicious program that does not require
any other program?
A Trap door

B Trojan Horse

C Virus

D Worm

Answer

D
 A computer worm is an independent malicious computer program that replicates itself to spread to
other computers. Often, it uses a computer network to spread, relying on security failures on the
target computer to gain access.

5. The _______ is a code that recognizes a special input sequence or is triggered by an

unlikely sequence of events.
A Trap door

B Trojan Horse

C Logic bomb

D Virus

Answer

A

Trap doors, also known as backdoors, are code fragments embedded in programs by the
programmer(s) to allow quick access later, often during the testing or debugging phase. If an
inattentive programmer leaves this code or forgets to remove it, a potential security hole is
introduced.

6. The _______ is a code embedded in a legitimate program configured to “explode”

when certain conditions are met.
A Trap door

B Trojan Horse

C Logic bomb

D Virus

Answer

C

A logic bomb is a piece of code inserted into an operating system or software application that
implements a malicious function after a certain time, or if specific conditions are met.

7. Which of the following malware does not replicate automatically?

A Trojan Horse
B Virus

C Worm

D Zombie

Answer

A

Trojan horse is a malicious computer program that presents itself as legitimate software. Also called
Trojan horse, it hides malware in a file on a normal appearance.

8. ________ is a form of virus explicitly designed to avoid detection by antivirus

software.
A Stealth virus

B Polymorphic virus

C Parasitic virus

D Macro virus

Answer

A

Stealth virus is a computer virus that uses differents mechanisms to avoid detection by antivirus
software.

9. A worm runs a copy of itself on another system?

A True

B False

Answer

A

10. A worm sends a copy of itself to other systems?

A True

B False
 

Home » Security » MCQ » Computer Security MCQs – Multiple Choice Questions and Answers – Part 2

MCQ

Computer Security MCQs – Multiple Choice Questions and

Answers – Part 2
 June 22, 2021  0 Comments  computer security exam questions and answers, computer security mcq online test , computer security mcq

pdf, computer security mcq questions pdf , computer security mcqs , computer security quiz answers, computer security quiz questions and answers pdf,

computer security test questions , cyber security quiz questions and answers pdf, mcq on computer security , mcq on system security , multiple choice

questions on data security, network and information security mcq, network security attacks mcq, network security consists of, network security mcq with

answers pdf

M ultiple choice questions and answers (MCQs) on Computer Security to prepare for exams, tests, and
certifications. These questions are taken from a real written exam and some parts are taken from an interview. So
you will find questions on basic techniques such as encryption, signature, certificates, authentication, and more. This
MCQ will easily prepare anyone to pass their exam.

1. ______ is a program that can infect other programs by modifying them. This
modification includes a copy of the virus program, which can then infect other
programs.
A Worm

B Virus

C Zombie

D Trap doors

Answer

B

A virus is a type of malicious software (malware) consisting of small pieces of code associated with
legitimate programs. When this program is run, the virus is executed.
2. ______ are used in denial-of-service (DOS) attacks, usually against targeted
websites.
A Worm

B Virus

C Zombie

D Trojan horse

Answer

C

A zombie is a computer that has been implanted with a demon that puts it under the control of a
malicious hacker without the knowledge of the computer owner. Zombies are used by malicious
hackers to launch denial-of-service attacks.

3. The type of encoding in which the manipulation of bit stream without taking into
account the meaning of bits is called _________?
A Destination Encoding

B Entropic Encoding

C Source Encoding

D Differential Encoding

Answer

B

Entropic encoding is a type of lossless encoding. Huffman encoding is a type of entropy encoding.
Entropy encoding appears everywhere in modern digital systems. It is an essential part of data
compression, which is generally necessary, especially for the Internet, video, audio, communication,
etc.

4. What is the protocol used to secure emails?

A POP

B PGP

C SNMP
D HTTP

Answer

B

PGP is used to sign, encrypt and decrypt text, email, files, directories and entire disk partitions, as well
as to enhance the security of email communications.

5. The art of breaking ciphers is known as ____?

A Cryptology

B Cryptography

C Cryptanalysis

D Encryption

Answer

C

Cryptanalysts seek to decrypt cipher texts without knowing the source of the plaintext, the encryption
key, or the algorithm used to encrypt it; Cryptanalysts also targets secure hashing, digital signatures,
and other cryptographic algorithms.

6. Which of the following statements is correct?

A Integer – represented by ASCII

B Character – represented by the complement of two

C Character – represented by Unicode

D Character – represented by a complement

Answer

C

Unicode is a character encoding standard published by the Unicode Consortium. Computers store
numbers that represent a character. Unicode provides a unique number for each character.
7. The number of subkeys generated in the IDEA algorithm is _______?
A 54

B 48

C 52

D 50

Answer

C

IDEA (International Data Encryption Algorithm) uses 52 subkeys each of 16 bits. Two are used in each
turn, and four are used before each turn and after the last turn. It has eight towers.

(6 * 8 = 48 + 4 = 52 in total) are used in both encryption and decryption processes.

8. The number of “S-boxes” used in the DES algorithm is _______?

A 4

B 8

C 16

D 32

Answer

B

In cryptography, S-box (substitution-box) is a basic component of symmetric key algorithms that

performs a substitution. In block ciphers, they are usually used to hide the relationship between the
key and the ciphertext.

9. ______ is an example of a public key algorithm.

A RSA

B DES

C IREA

D RC5

Answer
 A

RSA is an algorithm used to encrypt and decrypt messages. It is an asymmetric cryptographic

algorithm. Asymmetric means that there are two different keys. This is also called public key
cryptography, because one of the keys can be given to anyone.

10. The Caesar cipher is represented by _______?

A C = (p + 3) mod3

B C = (p + 26) mod3

C C = (p – 3) mod26

D C = (p + 3) mod26

Answer

A

Caesar’s cipher is one of the earliest known ciphers. It is a type of substitution cipher in which each
letter is replaced by another letter.

MCQ
Practice competitive and technical Multiple Choice Questions and Answers (MCQs) with simple and
logical explanations to prepare for tests and interviews.

READ MORE

Computer Security MCQs – Multiple Choice Questions and Answers – Part 1

Computer Security MCQs – Multiple Choice Questions and Answers – Part 2
Computer Security MCQs – Multiple Choice Questions and Answers – Part 3
Computer Security MCQs – Multiple Choice Questions and Answers – Part 4

COMPUTER SECURITY MCQS –

C++ OOPS MCQ QUESTIONS AND MULTIPLE CHOICE QUESTIONS
ANSWERS – PART 1 AND ANSWERS – PART 1

 You May Also Like

Computer Security MCQs – Multiple Choice Questions and Answers – Part 3

 December 12, 2021  0
 

Home » Security » MCQ » Computer Security MCQs – Multiple Choice Questions and Answers – Part 3

MCQ

Computer Security MCQs – Multiple Choice Questions and

Answers – Part 3
 December 12, 2021  0 Comments  computer security exam questions and answers, computer security mcq online test , computer security

mcq pdf, computer security mcq questions pdf , computer security mcqs , computer security quiz answers, computer security quiz questions and answers

pdf, computer security test questions , cyber security quiz questions and answers pdf, mcq on computer security , mcq on system security , multiple choice

questions on data security, network and information security mcq, network security attacks mcq, network security consists of, network security mcq with

answers pdf

M ultiple choice questions and answers (MCQs) on Computer Security to prepare for exams, tests, and
certifications. These questions are taken from a real written exam and some parts are taken from an interview. So
you will find questions on basic techniques such as encryption, signature, certificates, authentication, and more. This
MCQ will easily prepare anyone to pass their exam.

1. The ______ attaches itself to executable files and replicates itself, when the infected
program is executed, looking for other executable files to infect.
A Stealth Virus

B Polymorphic Virus

C Parasitic Virus

D Macro Virus

Answer

C

Parasitic viruses attach themselves to programs, also called executables. When a user launches a
program containing a parasitic virus, the virus is launched first. To hide its presence from the user, the
virus then triggers the original program to open. Because the operating system understands that it is
 part of the program, the parasite virus has the same rights as the program to which the virus is
attached. These rights allow the virus to replicate itself, install itself in memory or release its payload.
In the absence of antivirus software, only the payload can arouse the suspicion of the normal user. A
famous parasitic virus called Jerusalem has the power to slow down the system and eventually delete
all programs launched by the user.

2. Number of rounds in the DES (Data Encryption Standard) algorithm is ______?

A 8 rounds

B 12 rounds

C 16 rounds

D 24 rounds

Answer

C

DES uses the Feistel structure with 16 rounds.

3. ________ transforms the message into a format that cannot be read by hackers.
A Decryption

B Encryption

C Transforming

D None of the above

Answer

B

Encryption is a way of transforming data in such a way that only approved persons can decipher it and
then transform it into something understandable.

4. What is the port number for HTTPS (HTTP Secure)?

A 43

B 443

C 445
D 444

Answer

B

5. The encryption and decryption of data is the responsibility of which layer?

A Session layer

B Network layer

C Transport layer

D Presentation layer

Answer

D

The presentation layer is concerned with maintaining the correct meaning of information in a
network. The presentation layer can represent data in a variety of ways (e.g., encryption), but the
recipient converts the encoding back to its original meaning.

6. What is the algorithm of key exchange used in the parameter of a Cipher Suite?
A RSA

B Fixed Diffie-Hellman

C Ephemeral Diffie-Hellman

D All the answers are true

Answer

D

We can use any of the following for the key exchange of a cryptographic suite.

RSA
Fixed Diffie-Hellman
Ephemeral Diffie-Hellman
Anonymous Diffie-Hellman
Fortezza.
7. The certificate message is required for any agreed key exchange method,
except__________.
A Ephemeral Diffie-Hellman

B Anonymous Diffie-Hellman

C Fixed Diffie-Hellman

D RSA

Answer

B

The certificate message is required for any agreed key exchange method except Anonymous Diffie-
Hellman.

Anonymous Diffie-Hellman uses Diffie-Hellman, but without authentication. As the keys used in the
exchange are not authenticated, the protocol is susceptible to Man-in-the-Middle attacks.

8. The types of threats to the security of a computer system or a network are _______
?
A Interruption

B Interception

C Modification

D Creation

E Fabrication

Answer

 A, B, C, E

9. Firewalls are used for __________

A Routing

B Security

C Tunneling

D Congestion control
 Answer

B

10. _________ is used to validate the identity of the message sender to the recipient.
A Encryption

B Decryption

C Digital certificate

D None of the above

Answer

C

Digital certificates allow a user to verify to whom a certificate is issued as well as its issuer. Digital
certificates are used by SSL for public key cryptography. Public key cryptography uses two keys: a
private key and a public key.

MCQ
Practice competitive and technical Multiple Choice Questions and Answers (MCQs) with simple and
logical explanations to prepare for tests and interviews.

READ MORE

Computer Security MCQs – Multiple Choice Questions and Answers – Part 1

Computer Security MCQs – Multiple Choice Questions and Answers – Part 2
Computer Security MCQs – Multiple Choice Questions and Answers – Part 3
Computer Security MCQs – Multiple Choice Questions and Answers – Part 4

JAVASCRIPT MCQS – MULTIPLE

COMPUTER SECURITY MCQS – CHOICE QUESTIONS AND
MULTIPLE CHOICE QUESTIONS ANSWERS – PART 6
AND ANSWERS – PART 4

 You May Also Like

 

Home » Security » MCQ » Computer Security MCQs – Multiple Choice Questions and Answers – Part 4

MCQ

Computer Security MCQs – Multiple Choice Questions and

Answers – Part 4
 December 12, 2021  0 Comments  computer security exam questions and answers, computer security mcq online test , computer security

mcq pdf, computer security mcq questions pdf , computer security mcqs , computer security quiz answers, computer security quiz questions and answers

pdf, computer security test questions , cyber security quiz questions and answers pdf, mcq on computer security , mcq on system security , multiple choice

questions on data security, network and information security mcq, network security attacks mcq, network security consists of, network security mcq with

answers pdf

M ultiple choice questions and answers (MCQs) on Computer Security to prepare for exams, tests, and
certifications. These questions are taken from a real written exam and some parts are taken from an interview. So
you will find questions on basic techniques such as encryption, signature, certificates, authentication, and more. This
MCQ will easily prepare anyone to pass their exam.

1. When you log in to an online service, you are asked to provide some sort of
identification, such as your name, account number, and password. What is the
name given to this brief interaction?
A Security procedures

B Connection procedure

C Backup procedure

D Identification procedure

Answer

B

2. Which hash algorithm does the DSS signature use?

A MD5

B SHA-2

C SHA-1

D Does not use a hash algorithm

Answer

C

The DSS digital signature uses SHA-1.

Digital Signature Standard (DSS) are used to detect unauthorized data changes and to authenticate the
identity of the signer.

3. ________ is a form of virus explicitly designed to avoid detection by antivirus

software.
A Stealth virus

B Polymorphic virus

C Parasitic virus

D Macro viruses

Answer

A

The stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus
software.

4. One part of the polymorphic virus, usually called ________, creates a random cipher
and a key to encrypt the rest of the virus.
A mutual engine

B mutation engine

C multiple engine

D polymorphic engine

Answer
 B

The polymorphic virus uses its mutation engine called MtE (the Mutation Engine) to generate a new
decryption routine each time it infects a new program.

5. Indicate whether the following statement is true:

“Macro virus is a platform-independent virus.”
A True

B False

Answer

A

6.Indicate whether the following statement is true:

“Macro viruses infect documents, not parts of the executable code.”
A True

B False

Answer

A

7. A _________ is a program that takes control of another computer connected to the

Internet, then uses that computer to launch attacks.
A Worm

B Zombie

C Virus

D Trap doors

Answer

B
8. Which hash algorithm does RSA signature use?
A MD5

B SHA-1

C MD5 and SHA-1

D Trap doors

Answer

C

The MD5 and SHA-1 hash is concatenated and then encrypted with the server’s private key.

9. “certificate_request” has two parameters, one of them is _____?

A certificate_extension

B certificate_creation

C certificate_exchange

D certificate_type

Answer

D

“certificate_request” includes two parameters: “certificate_type” and “certificate_authorities.

10. What is the size of an RSA signature after MD5 and SHA-1 processing?
A 42 bytes

B 32 bytes

C 36 bytes

D 48 bytes

Answer

C

The size is 36 bytes after MD5 and SHA-1 processing.

1. The field that covers a variety of computer networks, both public and private, that are used
in everyday jobs.
a) Artificial Intelligence
b) ML
c) Network Security
d) IT

View Answer
Answer: c
Explanation: Network security covers a variety of computer networks, both private and
public. Everyday jobs like conducting transactions and communications among
business and government agencies etc.

2. Network Security provides authentication and access control for resources.

a) True
b) False

View Answer
Answer: a
Explanation: The statement is true. AFS is an example. It helps us protect vital information.

3. Which is not an objective of network security?

a) Identification
b) Authentication
c) Access control
d) Lock

View Answer
Answer: d
Explanation: The Identification, Authentication and Access control are the objectives
of network security. There is no such thing called lock.

4. Which of these is a part of network identification?

a) UserID
b) Password
c) OTP
d) fingerprint

View Answer
Answer: a
Explanation: The answer is UserID. UserID is a part of identification. UserID can be a
combination of username, user student number etc.

5. The process of verifying the identity of a user.

a) Authentication
b) Identification
c) Validation
d) Verification

View Answer
Answer: a
Explanation: It is called an authentication. It is typically based on passwords, smart card,
fingerprint, etc.

6. A concern of authentication that deals with user rights.

a) General access
b) Functional authentication
c) Functional authorization
d) Auto verification

View Answer
Answer: c
Explanation: Functional authorization is concerned with individual user rights. Authorization
is the function of specifying access rights to resources related to information security.

7. CHAP stands for?

a) Challenge Handshake authentication protocol
b) Challenge Hardware authentication protocol
c) Circuit Hardware authentication protocol
d) Circuit Handshake authentication protocol

View Answer
Answer: a
Explanation: CHAP stands for Challenge Handshake authentication protocol. Features of
CHAP: plaintext, memorized token. Protocol uses Telnet, HTTP.

8. Security features that control that can access resources in the OS.
a) Authentication
b) Identification
c) Validation
d) Access control

View Answer
Answer: d
Explanation: Access control refers to the security features. Applications call access control to
provide resources.

9. An algorithm in encryption is called _____________

a) Algorithm
b) Procedure
c) Cipher
d) Module

View Answer
Answer: c
Explanation: An algorithm used in encryption is referred to as a cipher. cipher is an algorithm
for performing encryption or decryption
10. The information that gets transformed in encryption is ____________
a) Plain text
b) Parallel text
c) Encrypted text
d) Decrypted text

View Answer
Answer: a
Explanation: The text that gets transformed is called plain text. The algorithm used is called
cipher.

1. WTLS stands for?

a) Wireless Transport Security Layer
b) Wireless Transfer System Layer
c) Wireless Transfer Security Layer
d) Wireless Transport System Layer

View Answer
Answer: a
Explanation: WTLS is Wireless Transport Security Layer. It provides security between the
mobile device and the WAP gateway to internet.

2. The protocol designed to make the security of wireless LAN as good as that of wired LAN.
a) WTLS
b) WEP
c) RSN
d) WP

View Answer
Answer: b
Explanation: WEP stands for Wired Equivalent Privacy. WEP has been broken already in
2001. WEP protocol designed to make the security of wireless LAN as good as that of
wired LAN.

3. A person who enjoys learning details about computers and how to enhance their
capabilities.
a) Cracker
b) Hacker
c) App controller
d) Site controller

View Answer
Answer: b
Explanation: The person is called hacker. A person who enjoys learning the details of
computer systems and how to stretch their capabilities is called hacker.

4. A program created by Farmer and Venema for auditing capability.

a) SAAS
b) SATAN
c) SAN
d) SAT

View Answer
Answer: b
Explanation: SATAN is the Security analysis tool for auditing networks. It is created by
farmer and venema.

5. A small program that changes the way a computer operates.

a) Worm
b) Trojan
c) Bomb
d) Virus

View Answer
Answer: d
Explanation: The program is called virus. It alters the way that the computer operates. It often
does damages like deleting and corrupting files and data.

6. A program that copies itself.

a) Worm
b) Virus
c) Trojan
d) Bomb

View Answer
Answer: a
Explanation: A worm copies itself from one system to another over a network without the
assistance of human.

7. An attack in which the site is not capable of answering valid request.

a) Smurfing
b) Denial of service
c) E-mail bombing
d) Ping storm

View Answer
Answer: b
Explanation: The answer is Denial of service. In case of denial of service attacks, a computer
site is bombarded with a lot of messages.

8. Creating a computer or paper audit that can help detect wrong doings.
a) Auditing
b) Validation
c) RSN
d) Verification

View Answer
Answer: a
Explanation: The answer is auditing. It is done to keep an eye on wrong doings. Auditing can
be used as a deterrent.

9. An indirect form of surveillance.

a) Honey pot
b) Logical
c) Security
d) Intrusion

View Answer
Answer: a
Explanation: Honey pot is an indirect form of surveillance. Network personnel create a trap,
watching for unscrupulous acts.

10. A malicious code hidden inside a seemingly harmless piece of code.

a) Worm
b) Bomb
c) Trojan Horse
d) Virus

View Answer
Answer: c
Explanation: The answer is Trojan horse. Trojan horse is a code that is present in a program
that appears harmless.

11. Attack in which a user creates a packet that appears to be something else.
a) Smurfing
b) Trojan
c) E-mail bombing
d) Spoofing

View Answer
Answer: d
Explanation: The attack is a spoofing attack. It is when a user creates a packet that appears to
be something else or from someone else.

13. A technique in which a program attacks a network by exploiting IP broadcast addressing

operations.
a) Smurfing
b) Denial of service
c) E-mail bombing
d) Ping storm

View Answer
Answer: a
Explanation: Smurfing is a technique in which a program attacks a network by exploiting IP
 broadcast addressing operations.

14. An attack in which the user receives unwanted amount of e-mails.

a) Smurfing
b) Denial of service
c) E-mail bombing
d) Ping storm

View Answer
Answer: c
Explanation: In the case of denial of e-mail bombing, a user sends an excessive amount of
unwanted e-mail to someone.

15. A cipher in which the order is not preserved.

a) Polyalphabetic substitution based
b) Transposition-based
c) Substitution based
d) Public key based

View Answer
Answer: b
Explanation: In transposition-based cipher, the order of the plain text is not preserved. They
can be very simple to identify.

16. Plain text is the data after encryption is performed.

a) True
b) False
View Answer
Answer: b
Explanation: The statement is false. Cipher is the algorithm used in encryption. Ciphertext is
the data after encryption is performed.

17. A unique piece of information that is used in encryption.

a) Cipher
b) Plain Text
c) Key
d) Cipher

View Answer
Answer: c
Explanation: The key is the unique piece of information. It is used to create the cipher text
and decrypt it back.

18. Study of creating a d using encryption and decryption techniques.

a) Cipher
b) Cryptography
c) Encryption
d) Decryption

View Answer
Answer: b
Explanation: It is called as cryptography. It is the study of creating and using the encryption
techniques.

19. The process of transforming plain text into unreadable text.

a) Decryption
b) Encryption
c) Network Security
d) Information Hiding

View Answer
Answer: b
Explanation: Encryption is the process of transforming readable text i.e. plain text to make it
unreadable to anyone except those possessing special knowledge, usually referred to as
a key.

20. An algorithm used in encryption is referred to as cipher.

a) True
b) False

View Answer
Answer: a
Explanation: The statement is true. Cipher is the algorithm used in encryption. Encryption is
making readable text as unreadable to keep it secured.

21. A process of making the encrypted text readable again.

a) Decryption
b) Encryption
c) Network Security
d) Information Hiding
View Answer
Answer: a
Explanation: The reverse process is called decryption. It is the process of making the
information readable again.

22. These ciphers replace a character or characters with a different character or characters,
based on some key.
a) Polyalphabetic substitution based
b) Transposition-based
c) Substitution based
d) Mono alphabetic substitution based

View Answer
Answer: d
Explanation: In mono alphabetic substitution-based cipher, a character is replaced with some
other character or multiple characters, based on some key.

23. Encryption is the study of creating and using decryption techniques.

a) True
b) False

View Answer
Answer: b
Explanation: The statement is false. Cryptography is the study of creating and using
encryption and decryption techniques.

24. A type of cipher that uses multiple alphabetic strings.

a) Substitution based
b) Transposition-based
c) Polyalphabetic substitution based
d) Mono alphabetic substitution based

View Answer
Answer: c
Explanation: These ciphers are similar to that of mono alphabetic ciphers. Multiple strings are
used to encode the plain text.

25. An encryption technique with 2 keys is ______________

a) Monoalphabetic Cipher
b) Cryptography
c) Private key cryptography
d) Public key cryptography

View Answer
Answer: d
Explanation: It is called as public key cryptography. It has 2 keys: a private key and a public
key.

26. In public key cryptography, a key that decrypts the message.

a) public key
b) unique key
c) private key
d) security key

View Answer
Answer: c
Explanation: Public key cryptography has 2 keys. They are private key and a public key. The
public key encrypts the message. The private key decrypts the message.

27. DES stands for?

a) Data Encryption Standard
b) Data Encryption Statistics
c) Data Encryption System
d) Data Encryption Sequence

View Answer
Answer: a
Explanation: DES stands for Data Encryption Standard. It was created in 1977 and went into
operation from 1990s.

28. Under DES, the data encryption standard took a 64-bit block of data and subjected it to
______ levels of encryption.
a) 64
b) 8
c) 16
d) 4

View Answer
Answer: c
Explanation: The answer is 16. It was subjected to 16 levels of encryption. DES is the data
encryption standard.

29. Triple-DES has ______ keys.

a) 1
b) 2
c) 5
d) 4

View Answer
Answer: b
Explanation: There are 2 keys in triple DES as well. The private and the public key. It can
also have 3 unique keys.

30. Encryption standard that is selected by the US government to replace DES.

a) AES
b) BES
c) CES
d) DES

View Answer
Answer: a
Explanation: AES is Advanced Encryption Standard. It was selected by the US government.
It is used to replace DES.

31. An electronic document that establishes your credentials when you are performing
transactions.
a) Digital code
b) OTP
c) E-mail
d) Digital certificate

View Answer
Answer: d
Explanation: Digital certificate is an electronic document that is responsible for secure
internet transactions.

32. Identify the term which denotes that only authorized users are capable of accessing the
information
Confidentiality
Availability
Integrity
Non-repudiation

Answer: B) The term which denotes that only authorized users are capable of accessing the
information is known as availability.

33. State whether True or False: Data encryption is primarily used to ensure confidentiality.
True
False
Cannot be interpreted
None

Answer: A) True. Data encryption is primarily used to ensure confidentiality.

34. Identify the Debian-based OS which has 2 virtual machines and focuses on preserving
users’ data.
Ubuntu
Fedora
Whonix
Kubuntu

Answer: C) Whonix has two virtual machines and focuses on preserving users’ data.

35. Identify the oldest phone hacking technique used by hackers to make free calls.
Spamming
Phreaking
Cracking
Phishing

Answer: B) Phreaking is the oldest phone hacking technique used by hackers to make free
calls.

36. Which of the following platforms is used for the safety and protection of information in
the cloud?
AWS
Cloud workload protection platforms
Cloud security protocols
One Drive
Answer: B) Cloud workload protection platforms are used for the safety and protection of
information in the cloud.
37. Identify the type of attack which uses a fraudulent server with a relay address.
MITM
NTLM
SMB
NetBIOS

Answer: A) MITM uses a fraudulent server with a relay address.

38. Identify the port used to connect to Active Directory in Windows 2000.
139
445
80
389

Answer: D) The port used to connect to Active Directory in Windows 2000 is 389.

39. Choose among the following techniques, which are used to information inside a picture.
Image rendering
Steganography
Rootkits
Bitmapping

Answer: B) Steganography is the technique used to information inside a picture.

40. Identify among the following which is used to avoid browser-based hacking.
Adware remover in browser
Incognito mode in the browser
Anti-malware in browser
Remote browser access

Answer: D) Remote browser access is used to avoid browser-based hacking.

41. EDR stands for _____?

Endless detection and response
Endpoint detection and response
Endless detection and recovery
Endpoint detection and recovery
Answer: B) EDR stands for Endpoint detection and response.

42. Which of the following is used for monitoring traffic and analyzing network flow?
Managed detection and response
Cloud access security broker
Network traffic analysis
Network security firewall

Answer: C) Network traffic analysis is used for monitoring traffic and analyzing network
flow.

43.
In which category does compromising confidential information fall?
Threat
Bug
Attack
Vulnerability

Answer: A) Compromising confidential information falls under threat.

44. In which category does the lack access control policy fall?
Threat
Bug
Attack
Vulnerability

Answer: D) Lack of access control policy falls under Vulnerability.

45. Identify the class of computer threats.

Phishing
DOS attack
Soliciting
Both B and C

Answer: B) DOS attacks can be considered a class of computer threats.

46. Which software is mainly used to help users detect viruses and avoid them?
Antivirus
Adware
Malware
None of the above

Answer: A) Antivirus is used to help users detect viruses and avoid them.
47. Identify the term which denotes the violation of principle if the computer is no more
accessible.
Access control
Availability
Confidentiality
All of the above

Answer: B) Availability denotes the violation of principle if a computer is no more accessible.

48. Which of the following tool is used in Wi-fi hacking?

Aircrack-ng
Wireshark
Norton
None

Answer: A) Aircrack-ng is used in Wi-fi hacking.

49. Total types of scanning in cyber security is?

1
2
3
4

Answer: C) There are a total of 3 types of scanning in cyber security.

50. Identify the incorrect type of scanning?

SYN Stealth
Null Scan
Xmas tree Scan
Cloud scan

Answer: D) Cloud scan is an incorrect type of scanning.

51. Identify the first computer virus among the following.

Blaster
Creeper
Sasser
Both b and c

Answer: B) Creeper is the first computer virus identified.

52. Which of the following is considered an element of cyber security?
Network security
Operational security
Application security
All of the above

Answer: D) All of the above are considered elements of cyber security.

53. Which protocol is mostly used in Wi-fi security?

WPS
WPA
WPA2
Both b and c.

Answer: C) WPA2 is mostly used in Wi-fi security.

54. Full form of TCP/IP?

Transmission Control Protocol/ internet protocol
Transmission Control Protocol/ internet protocol
Transaction Control protocol/ internet protocol
Transmission Contribution protocol/ internet protocol

Answer: A) TCP/IP is Transmission Control Protocol/ internet protocol.

55. Why is response and transit time used?

To measure reliability
To measure security
To measure longevity
To measure performance

Answer: C) Response and transit time are used to measure longevity.

56. Identify which of the following can be considered instances of Open design.
DVD Player
CSS
Only B
Both A and B

Answer: D) Both DVD Player and CSS are instances of open design and their documentation
is publicly available.
57. What is transformed using cipher algorithms?
Scalar text
Complex text
Plain text
None

Answer: C) Plain text is transformed using cipher algorithms.

58. CHAP stands for?

Challenge Hardware Authentication Protocols
Circuit Hardware Authentication Protocols
Challenge Handshake Authentication Protocols
Circuit Handshake Authentication Protocols

Answer: C) CHAP stands for Challenge Handshake Authentication Protocols.

59. Identify the malware which does not replicate or clone through an infection?
Trojans
Worms
Rootkits
Virus

Answer: A) Trojans do not replicate or clone through infection.

60. Choose the features which violate cyber security.

Exploit
Attack
Compliance
None

Answer: B). Attack violates cyber security.

61. Identify the legal form of hacking.

Cracking
Non-ethical hacking
Ethical hacking
Hacktivism

Answer: C) Ethical hacking is a legal form of hacking.

62. Malware stands for?

Multipurpose software
Malfunctioned software
Malicious software
Malfunctioning of security

Answer: C) Malware stands for Malicious software.

63. Identify the least strong security encryption.

WPA2
WEP
WPA3
WPA

Answer: B) WEP is the least strong security encryption

64. Identify the security protocol which is not strong.

SMTP
SSL
SFTP
HTTPS

Answer: A) SMTP is not a strong security protocol.

65. Identify the mail transferring methodology which isn’t secured.

SSMTP
S/MIME
POP3
Mail using PGP

Answer: C) POP3 isn’t a secured mail transferring methodology.

66. Which of the following is used for encrypting data at the network level?
HTTPS
SMTP
S/MIME
IPSec

Answer: D) IPSecis used for encrypting data at the network level.

67. PCT stands for _____

Private Communication Technique
Private Connecting Technology
Private Communication Technology
Personal Communication Technology

Answer: C) PCT stands for private Communication Technology.

68. Identify the private search engine.

Bing
Duckduckgo
Google
Yahoo

Answer: B) Duckduckgo is a private search engine.

69. The most common way to maintain data availability?

Data clustering
Data Altering
Data Backup
Data Recovery

Answer: C) Data backup is a common way to maintain data availability.

70. Identify the term among the following which is the first phase of ethical hacking.
Footprinting
ARP Poisoning
DNS Poisoning
Enumeration

Answer: A) The first phase of ethical hacking is footprinting.

71. Which of the following suite is used for NTP enumeration?

DNS
SNMP
NTP
HTTP

Answer: NTP suite is used for NTP enumeration.

72. Why is the proxy server used by a hacker?

For obtaining remote access connection
Hiding malicious activity on the network
Create a ghost server on the network
Create a stronger connection with the target

Answer: B) A proxy server is used to malicious activity on the network.

73. Identify the type of symmetric key algorithm which uses a streaming cipher to encrypt
information.
SHA
MD5
RC4
Blowfish

Answer: C) RC4 uses a streaming cipher to encrypt information.

74. Identify the maximum character which Linux OS supports in its file names.
32
64
128
256

Answer: D) Linux OS supports 256 character limit in its file names.

75. Among the following, identify the one which does not need any host program and is
independent.
Worm
Virus
Trojan horse
Trap door

Answer: A) Worm does not need any host program and is independent.

76. Why is Code red?

Antivirus
Virus
Word processing software
Photo editing software

Answer: B) Code red is a virus.

77. Which of the following is considered as the unsolicited commercial email?

Virus
Malware
Spam
All of the above

Answer: C) It is a type of unsolicited email which is generally sent in bulk to an

indiscriminate recipient list for commercial purposes.

78. Which one of the following can be considered as the class of computer threats?
Dos Attack
Phishing
Soliciting
Both B and C

Answer: A) A dos attack refers to the denial of service attack.

79. Choose the default port number for Apache and other web servers.
20
27
80
87

Answer: C) Default port number of apache and another webserver is 80.

80. To what does a DNS translate a domain name

Hex
IP
Binary
URL

Answer: B) A DNS translates a domain name to IP.

81. Identify the element which is not considered in the triad, according to the CIA.
Authenticity
Availability
Integrity
Confidentiality
Answer: D) Confidentiality is not considered in the triad according to the CIA.

82. What is the CIA triad also known as?

AIC(Availability, Integrity, Confidentiality)
NIC(Non-repudiation, Integrity, Confidentiality)
AIN(Availability, Integrity, Non-repudiation)
ANC(Availability, Non-repudiation, Confidentiality)

Answer: A) CIA triad is also known as AIC(Availability, Integrity, Confidentiality).

83. Identify the term which denotes the protection of data from modification by unknown
users.
Confidentiality
Authentication
Integrity
Non-repudiation

Answer: C) The term which denotes the protection of data from modification by unknown
users is known as integrity.
 COMPUTER NETWORK SECURITY
MCQ

1. In computer security, _______ means that active computer systems can only
be modified by authorized persons.
a) Confidentiality
b) Integrity
c) Availability
d) Authenticity

2. In computer security, _______ means that the information contained in a

computer system can only be read by authorized persons.

a) Confidentiality
b) Integrity
c) Availability
d) Authenticity

3. The types of threats to the security of a computer system or network are

_______?
a) Interruption
b) Interception
c) Modification
d) Fabrication Creation
e) All of the above E
4. Which of the following is an independent malicious program
that does not require any other program?
a) Trap door
b) Trojan Horse
c) Virus
d) Worm
5. The _______ is a code that recognizes a special input sequence or is triggered
by an unlikely sequence of events.
a) Trap door
b) Trojan Horse
c) Logic bomb
d) Virus

6. The _______ is a code embedded in a legitimate program

configured to “explode” when certain conditions are met.
a) Trap door
b) Trojan Horse
c) Logic bomb
d) Virus
7. Which of the following malware does not replicate
automatically?
a) Trojan Horse
b) Virus
c) Worm
d) Zombie
8. ________ is a form of virus explicitly designed to avoid
detection by antivirus software.
a) Stealth virus
b) Polymorphic virus
c) Parasitic virus
d) Macro virus
9. A worm runs a copy of itself on another system?
a) True
b) False
10. A worm sends a copy of itself to other systems?
a) True
b) False
11. ______ is a program that can infect other programs by modifying them. This
modification includes a copy of the virus program, which can then infect
other programs.
a) Worm
b) Virus
c) Zombie
d) Trap doors
12. ______ are used in denial-of-service (DOS) attacks, usually against targeted
websites.
a) Worm
b) Virus
c) Zombie
d) Trojan horse
13. The type of encoding in which the manipulation of bit stream without taking
into account the meaning of bits is called _________?
a) Destination Encoding
b) Entropic Encoding
c) Source Encoding
d) Differential Encoding
14. What is the protocol used to secure emails?
a) POP
b) PGP
c) SNMP
d) HTTP
15. The art of breaking ciphers is known as ____?
a) Cryptology
b) Cryptography
c) Cryptanalysis
d) Encryption
16. Which of the following statements is correct?
a) Integer – represented by ASCII
b) Character – represented by the complement of two
c) Character – represented by Unicode
d) Character – represented by a complement
17. The number of sub keys generated in the IDEA algorithm is _______?
a) 54
b) 48
c) 52
d) 50
18. The number of “S-boxes” used in the DES algorithm is _______?
a) 4
b) 8
c) 16
d) 32
19. ______ is an example of a public key algorithm.
a) RSA
b) DES
c) IREA
d) RC5
20. The Caesar cipher is represented by _______?
a) C = (p + 3) mod3
b) C = (p + 26) mod3
c) C = (p – 3) mod26
d) C = (p + 3) mod26
21. The ______ attaches itself to executable files and replicates itself, when the
infected program is executed, looking for other executable files to infect.

a) Stealth Virus
b) Polymorphic Virus
c) Parasitic Virus
d) Macro Virus

22. Number of rounds in the DES (Data Encryption Standard) algorithm is

______?

a) 8 rounds
b) 12 rounds
c) 16 rounds
 d) 24 rounds

23. ________ transforms the message into a format that cannot be read by
hackers.

a) Decryption
b) Encryption
c) Transforming
d) None of the above

24. What is the port number for HTTPS (HTTP Secure)?

a) 43
b) 443
c) 445
d) 444

25. The encryption and decryption of data is the responsibility of which layer?

a) Session layer
b) Network layer
c) Transport layer
d) Presentation layer

26. What is the algorithm of key exchange used in the parameter of a Cipher
Suite?

a) RSA
b) Fixed Diffie-Hellman
c) Ephemeral Diffie-Hellman
d) All the answers are true

27. The certificate message is required for any agreed key exchange method,
except__________.

a) Ephemeral Diffie-Hellman
b) Anonymous Diffie-Hellman
c) Fixed Diffie-Hellman
d) RSA
28. Firewalls are used for __________

a) Routing
b) Security
c) Tunneling
d) Congestion control

29. _________ is used to validate the identity of the message sender to the

recipient.

a) Encryption
b) Decryption
c) Digital certificate
d) None of the above

30. When you log in to an online service, you are asked to provide some sort of
Identification, such as your name, account number, and password. What is
the name given to this brief interaction?

a) Security procedures
b) Connection procedure
c) Backup procedure
d) Identification procedure

31. Which hash algorithm does the DSS signature use?

a) MD5
b) SHA-2
c) SHA-1
d) Does not use a hash algorithm

32 . ________ is a form of virus explicitly designed to avoid detection by antivirus

Software.

a) Stealth virus
b) Polymorphic virus
c) Parasitic virus
d) Macro viruses
33. One part of the polymorphic virus, usually called ________, creates a random
cipher and a key to encrypt the rest of the virus.

a) mutual engine
b) mutation engine
c) multiple engine
d) polymorphic engine

34. Indicate whether the following statement is true:

“Macro virus is a platform-independent virus.”

a) True
b) False

35. Indicate whether the following statement is true:

“Macro viruses infect documents, not parts of the executable code.”

a) True
b) False

36. A _________ is a program that takes control of another computer connected

to the Internet, then uses that computer to launch attacks.

a) Worm
b) Zombie
c) Virus
d) Trap doors

37. Which hash algorithm does RSA signature use?

a) MD5
b) SHA-1
c) MD5 and SHA-1
d) Trap doors

38. “certificate_ request” has two parameters, one of them is _____?

a) certificate_ extension
b) certificate_ creation
c) certificate_ exchange
d) certificate_ type
39. What is the size of an RSA signature after MD5 and SHA-1 processing?

a) 42 bytes
b) 32 bytes
c) 36 bytes
d) 48 bytes

40. Firewalls are to protect against

a) Virus Attacks
b) Fire Attacks
c) Data Driven Attacks
d) Unauthorized Attacks
41. The first computer virus is
a) The famous
b) HARLIE
c) PARAM
d) Creeper
42. Which one of the following is a key function of firewall?

a) Copying
b) Moving
c) Deleting
d) Monitoring
43. Which memory is nonvolatile and may be written only once?

a) PROM
b) RAM
c) EP-ROM
d) SRAM
44. Unauthorized copying of software to be used for personal gain of personal backups is called

a) Program looting
b) Program thievery
c) Data snatching
d) Software piracy
45. Like a virus , it is a self-replicating program it also propagates through computer network

a) Phishing scam
b) Worm
c) Spyware
d) Cracker
46. The terminal device often used in checking charge cards that offers both a limited keyboard

input and visual output is the

a) Audio response unit

b) Video display terminal
c) Pas terminal
d) Intelligent terminal
47. Multiple processor configurations

a) Are very efficient, but only on some applications

b) Work equally well on all applications
c) Are less efficient than scalar configurations
d) Are more efficient than scalar configurations
48. Applications:-

a) Must usually be re-complied to use multiple processors

b) Can always be made efficient on multiple processors
c) Immediately run on multiple processors
d) Cannot run on multiple processors
49. Seeks analysis is

a) Only shown on real-time displays

b) Used for analyzing control-unit busy problems
c) Used for analyzing device busy problems
d) Used for analyzing paging problems
50. The most common security failure is

a) Depending on passwords
b) Carelessness by users
c) Too much emphasis on preventing physical access
d) Insufficient technology used to prevent breaches
51. Trojan-Horse programs:-

a) Usually are immediately discovered

b) Really do not usually work
c) Are hacker programs that do not show up on the system
d) Are legitimate programs that allow unauthorized access
52. First boot sector virus is

a) Computed
b) Mind
c) Brain
d) Elk cloner
53. The linking of computers with a communication system is called

a) Assembling
b) Interlocking
c) Pairing
d) Networking
54. The phrase ____ describe viruses, worms, Trojan horse attack applets and attack scripts.

a) Spam
b) Phishing
c) Malware
d) Virus
55. Abuse messaging systems to send unsolicited is

a) Phishing
b) Adware
c) Firewall
d) Spam
56. A person who uses his or her expertise to gain access to other people’s computers to get

information illegally or do damage is a

a) Hacker
b) Analyst
c) Spammer
d) Programmer
57. Malicious access are unauthorized

a) Destruction of data
b) Modification of data
c) Reading of data
d) All of these
58. Encrypted passwords are used for

a) Security purpose
b) Passwords list secret
c) Faster execution
d) Both (a) and (b)
59. A firewall

a) Separates a network into multiple domains

b) May need to allow http to pass
c) Limits network access between the two security domains and maintains and logs all
connections
d) is a computer or router that sits between the trusted and un trusted
60. Link encryption:-
a) Is used only to detect errors
b) Cannot be used in a large network
c) Is less secure than end-to-end encryption
d) Is more secure than end-to-end encryption
61. A high paging rate

a) Always creates a slow system

b) Is a symptom of too much processor activity
c) Keeps the system running well
d) May also cause a high I/O rate
Network Security MCQ
1. Any action that compromises the security of information owned by an organization is
called ___.
Ans: Security attack

2. ___ is a weakness in the security system.

Ans: Vulnerability

3. When one entity pretends to be a different entity, we call it ___.

Ans: Masquerade

4. ___ means that assets can be modified only by authorized parties or only in
authorized ways.
Ans: Integrity

5. Confidentiality can be achieved with ___.

Ans: Encryption

6. A control is an action, device, procedure, or technique that removes or reduces ___.

Ans: Vulnerability

7. Cryptography is the art of ___.

Ans: secret writing

8. The encrypted text is also called ___.

Ans: Ciphertext

9. Ciphertext depends on the original plaintext message, the algorithm, and the ___.
Ans: key-value

10. ___ is a rearrangement of the characters of the plaintext into columns.

Ans: columnar transposition

11. Because a transposition is a rearrangement of the symbols of a message, it is also

known as ___.
Ans: permutation

12. DES stands for ___.

Ans: Data Encryption Standard.

13. The size of the enciphered text should be no larger than the text of the original
message. True / False
Ans: True
14. Symmetric algorithms use ___ key(s).
Ans: one.

15. ___ enables such an analyst to infer data that should be kept confidential in the
database.
Ans: Linear programming.

16. ___ is a person who attempts to break a cypher text message to obtain the original
plaintext message.
Ans: Cryptanalyst

17. The public key algorithm uses ___.

Ans: Pair of keys (two keys).

18. The columnar transposition and other transpositions are examples of ___.
Ans: Block cyphers.

19. The data encryption algorithm developed by IBM for NBS was based on ___.
Ans: Lucifer

20. DES encrypting the plaintext as blocks of ___ bits.

Ans: 64

21. The DES algorithm is fixed for a ___ bit key.

Ans: 56

22. Triple-DES procedure is C = E (k1, D (k2, E (k1,m))). True /False

Ans: True

23. The ___ is likely to be the commercial-grade symmetric algorithm of choice for
years, if not decades.
Ans: AES

24. AES is a ___ algorithm.

Ans: symmetric key encryption

25. Asymmetric or public-key encryption systems use two keys, ___, and ___.
Ans: A public key, a private key

26. ___ can be used to distribute other keys.

Ans: Public key

27. Diffie-Hellman Scheme is based on ___.

Ans: Discrete logarithm problem
28. Because the users share a common secret key S, the Diffie-Hellman scheme is an
example of an asymmetric key exchange protocol. True/False
Ans: True

29. ___ gives us a reliable means to prove the origin of data or code.
Ans: Digital signatures

30. ___ are ideally suited to digital signatures.

Ans: Public key encryption systems

31. A digital signature must meet two primary conditions ___ and ___.
Ans: Unforgeable, authentic

32. Flaws are first divided into ___ and ___ flaws.
Ans: Intentional, inadvertent

33. The inadvertent flaws fall into ___ categories

Ans: Six

34. ___ runs under the user’s authority.

Ans: Malicious code

35. Virus attaches itself to the program and propagates copies of it to other programs.
True/ False
Ans: True

36. Controls, encouraged by managers and administrators, are called ___.

Ans: Administrative controls.

37. ___ is often used as a safe way for general users to access sensitive data.
Ans: Trusted software.

38. ___ is an undocumented entry point to a module.

Ans: Trapdoor

39. ___ is a feature in a program by which someone can access the program other than
by the obvious, direct call, perhaps with special privileges.
Ans: Backdoor

40. In ___ separation, processes conceal their data and computations in such a way that
they are unintelligible to outside processes.
Ans: Cryptographic

41. Separation in an operating system cannot occur in several ways.

Ans: False
42. The most obvious problem of ___ is preventing one program from affecting the
memory of other programs.
Ans: Multiprogramming

43. A key advantage of the group protection approach is its ease of implementation.
True/False
Ans: True

44. ___ are mutually agreed-upon code words, assumed to be known only to the user
and the system.
Ans: Passwords

45. A key advantage of the group protection approach is its ___.

Ans: Ease of implementation

46. In ___, each piece of information is ranked at a particular sensitivity level, such as
unclassified, restricted, confidential, secret, or top secret.
Ans: Military security.

47. The military security model is representative of a more general scheme, called a
___.
Ans: Lattice

48. Unlike regular operating systems, trusted systems incorporate technology to address
both ___ and ___
Ans: Features, assurance

49. Memory protection is usually performed by hardware mechanisms, such as ___ or

___.
Ans: paging, segmentation

50. ___ is a characteristic that often grows over time, in accordance with evidence and
experience.
Ans: Trust

51. A single computing system in a network is often called ___ and its processor
(computer) is called ___.
Ans: A node, a host

52. The way a network is configured, in terms of nodes and connections, is called the
network firewall. True/False
Ans: False

53. To maintain or improve reliability and performance, routings between two

endpoints are ___.
Ans: Dynamic
54. Impersonation is a more significant threat in a wide area network than in a local
one. True/ False
Ans: True

55. ___ can be used to implement a VPN.

Ans: Firewalls

56. ___ is another way to segment the network.

Ans: Separate access

57. ___ is a process created to enable users to implement public-key cryptography.

Ans: PKI

58. You can protect the IP datagrams by using one of the IPSec protocol elements, the
___ or the ___.
Ans: Encapsulating Security Payload (ESP), Authentication Header (AH).

59. The modes of operation of IPSec are ___ and ___.

Ans: Tunnel mode and Transport mode.

60. The security association that applies to a given IPSec header is determined by the
packets ___ and the ___ in the packet header.
Ans: Destination IP address, Security parameter index (SPI).

61. The management of SAs can be either manual or through an Internet standard
called___.
Ans: Key management protocol

62. ESP seeks to provide ___ and ___ by encrypting data to be protected and placing
the encrypted data in the data portion of the IP ESP.
Ans: Confidentiality and Integrity

63. IKE is considered a hybrid protocol because it combines (and supplements) the
functions of three other protocols ___ and ___.
Ans: ISAKMP, OAKLEY, and SKEME

64. ___ is a generic protocol that supports many different key exchange methods.
Ans: ISAKMP

65. The ___ has established a service for assessing the security of commercial websites.
Ans: National Computer Security Association (NCSA)

66. On the upper layer, a protocol for initial authentication and transfer of encryption
keys is called ___.
Ans: SSL Handshake Protocol
67. The combination of key exchange, hash, and encryption algorithm for each SSL
session is defined as ___.
Ans: Cipher suite

68. SSL uses the ___ for reporting errors and abnormal conditions.
Ans: Alert protocol

69. A ___ is an association between a client and a server.

Ans: Session

70. In SET ___ is used to link two messages that are intended for two different
recipients.
Ans: Dual Signature.

71. ___ is an open encryption and security specification designed to protect credit card
transactions on the Internet.
Ans: Secure Electronic Transaction (SET)

72. Confidentiality and content forgery are often handled by___.

Ans: Encryption

73. Symmetric encryption can protect against forgery by a recipient. True/False

Ans: False

74. Encrypted e-mail messages always carry a digital signature, so the ___ and ___ of
the sender are assured.
Ans: Authenticity, non-repudiability

75. DES stands for ___.

Ans: Data Encryption Standard

76. ___ cannot protect against forgery by a recipient, since both sender and recipient
share a common key.
Ans: Symmetric encryption

77. The principal difference between S/MIME and PGP is ___.

Ans: Method of key exchange

78. PGP stands for ___.

Ans: Pretty Good Privacy

79. Encrypted e-mail messages always carry a ___, so the authenticity and non-
reputability of the sender are assured.
Ans: Digital signature
80. ___ is a device that filters all traffic between a protected or “inside” network and a
less trustworthy or “outside” network.
Ans: Firewall

81. A packet filtering gateway controls access to packets based on packet address (source
or destination) or ___.
Ans: Specific transport protocol type

82. An application proxy gateway is also called ___.

Ans: Bastion host

83. ___ maintains state information from one packet to another in the input stream.
Ans: Stateful inspection firewall

84. The primary disadvantage of packet filtering routers is a combination of ___ and
___.
Ans: Simplicity, complexity

85. ___ identifies and organizes the security activities for a computing system.
Ans: Security plan

86. ___ is the difference in risk exposure divided by the cost of reducing the risk.
Ans: Risk leverage

87. A security policy should not be comprehensive. True/False

Ans: False

88. Security policy must be realistic. True/False

Ans: True

89. ___ and ___ address external security threats.

Ans: Redundancy, physical controls

90. Risk assessment is a technique supporting ___.

Ans: Security planning

91. ___ is a process that drives the rest of the security administration.
Ans: Security planning