cs205 final term past papers
MCQs (11-40)
MCQs (11-40)
-
Should be used to ensure that critical system files have not been altered:
- A. CIS cat pro
- B. Qualys vulnerability scanner
- C. Security information and event monitoring tools
- D. File integrity monitoring tool
-
An authentic information head always:
- A. Takes credit for everything
- B. Never admits mistakes and failure
- C. Gives credit where it is due
- D. Is very strict and disciplined
-
Network performance degradation can be faced in the step of the VM cycle:
- A. Preparing the scanner
- B. Analyzing the asset
- C. Running the scanner
- D. Applying the patches
-
Category vulnerabilities have the highest severity in Qualys scan:
- A. Level 2
- B. Level 3
- C. Level 4
- D. Level 5
-
ISO31000 guidelines are centered on:
- A. Organization context
- B. Leadership and commitment
- C. Planning
- D. Operation
-
Plays an instrumental role in the success of a security transformation program:
- A. IT team led by CIO
- B. Business team
- C. Internal team
- D. Highest management
-
Should be deployed to limit and control which devices can be connected to the network:
- A. 802.1x
- B. 802.11g
- C. 802.11b
- D. 802.11n
-
All network traffic to or from the internet must pass through to filter unauthenticated connections:
- A. Application layering proxy
- B. Session layer filtering proxy
- C. Network layer filtering proxy
- D. System layer filtering proxy
-
In which phase of security assessment, assessment methods based on report format are decided:
- A. Report finding
- B. Build plan, scope, and objectives
- C. Assign roles
- D. Conduct assessment
-
Automated tools should be used to verify and compare the network device configuration with:
- A. Approved security configuration
- B. Recommended security configuration by vendor
- C. Latest security configuration released by vendor
- D. Default security configuration released by vendor
-
Under the security transformation model, which team is responsible for validation of control?
- A. Business team
- B. Info security team or consultant
- C. IT operation team
- D. IT help desk team
-
The computer security resources center (CSRC) website guides users to resources:
- A. CIS resources on computer, cyber, information security, and privacy
- B. SANS resources on computer, cyber, information security, and privacy
- C. NITS resources on computer, cyber, information security, and privacy
- D. PCI resources on computer, cyber, information security, and privacy
-
Complex passwords should be enforced to survive:
- A. Dictionary attack
- B. Injection attack
- C. DOS attack
- D. Phishing attack
-
Activities are carried out in phase 1 (Pilot phase) of the information security transformation program:
- A. Perform hardening of key IT assets in the test environment
- B. Understand the organization and its security issues
- C. Develop ISMC
- D. Identify assets for various phases
-
Candidness quality of the information security head means that he:
- A. Promotes performance and merit
- B. Encourages solo flight of team members
- C. Honesty and straight talk
- D. Adjusts players in the right position
-
Protocol used for assigning addresses dynamically:
- A. DCP
- B. HTTP
- C. DHCP
- D. IP
-
Team has primary ownership of the vulnerability management process:
- A. Information security team
- B. IT operation team
- C. Business team
- D. Risk and compliance team
-
Rules are mentioned related to C++ security hardening:
- A. Seven
- B. Eight
- C. Nine
- D. Ten
-
The goal of performing an audit:
- A. Testing security that is assumed to be secure
- B. Technical assessment designed to achieve specific goals
- C. To fix as many things as possible and efficiently as possible
- D. Focuses on how existing configuration compares to standards
-
Under the security transformation model, which team is responsible for implementing controls?
- A. IT operation team
- B. Security consultant
- C. Risk compliance team
- D. Business team
-
In assessment, the tester has full access to all internal information about the target:
- A. White box assessment
- B. Grey box assessment
- C. Black box assessment
- D. Risk assessment
-
Assessment is designed to determine whether an attacker can achieve specific goals when facing your current security posture:
- A. Threat assessment
- B. Bug bounty hunting
- C. Penetration testing
- D. Red team exercise
-
Are the key benefits of security transformation project implementation to an organization:
- A. IT team gets experience and aware of security
- B. Prevention of attack
- C. IT team gets incentives
- D. Management becomes aware of IT team capability
-
Action is recommended for an organization having a very good security posture and a score higher than 85%:
- A. Go for risk assessment
- B. Third-party security review
- C. Go for ISO27001 certification
- D. Information security transformation program
-
Version of security-related updates should be applied to network devices:
- A. Latest
- B. Default
- C. Latest and stable
- D. Oldest
-
Most of the problems associated with a weak security posture are due to:
- A. Lack of awareness
- B. Lack of funds
- C. Lack of experience
- D. Lack of commitment
-
The information security policy needs to be:
- A. Reviewed once in three years
- B. Updated once in five years
- C. Locked in a drawer and kept confidential
- D. Regularly reviewed and approved for the changes
-
In the case of the financial sector, regulations need to be reviewed and understood to raise management support for security transformation:
- A. SBP
- B. PTA
- C. PEMRA
- D. PEPRA
-
Inventory of authorized and unauthorized software control requires making a list of:
- A. Authorized access and version
- B. Authorized operating system and version
- C. Authorized software and version
- D. Unauthorized software and version
-
Which principle should be used when setting up a user in a database?
- A. Principle of normal user
- B. Principle of administrative user
- C. Principle of least privilege
- D. Principle of highest privilege
0 Comments