Top 50+ Solved Information Security MCQ Questions Answer
Q. "Semantics-aware" signatures automatically generated by Nemean are based on trafficat which two layers?
a. Application layer
b. Network layer
c. Session layer
d. Both a and c
Q. In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?
a. Cross-site scripting
b. Command injection
c. SQL injection
d. Path traversal attacks
Q. Which of the following is true of improper error handling?
a. Attackers can use error messages to extract specific information from a system.
b. Attackers can use unexpected errors to knock an application off line, creating a denial-of- service attack.
c. Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
d. All of the above.
Q. Which of the following is NOT recommended for securing Web applications against authenticated users?
a. Client-side data validation
b. Filtering data with a default deny regular expression
c. Running the application under least privileges necessary
d. Using parameterized queries to access a database
Q. In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?
a. Cross-site scripting
b. Command injection
c. Path traversal attack
d. Buffer overflow
Q. In which of the following exploits does an attacker add SQL code to a Web form inputbox to gain access to resources or make changes to data?
a. Cross-site scripting
b. Command injection
c. SQL injection
d. Buffer overflow
Q. Which of the following is characteristic of spyware?
a. Blocking access to antivirus and antispyware updates
b. Aggregating surfing habits across multiple users for advertising
c. Customizing search results based on an advertiser's needs
d. All of the above
Q. One of the most obvious places to put an IDS sensor is near the firewall. Where exactlyin relation to the firewall is the most productive placement?
a. Inside the firewall
b. Outside the firewall
c. Both
d. None
Q. This was commonly used in cryptography during World War II.
a. Tunneling
b. Personalization
c. Van Eck phreaking
d. One-time pad
Q. Today, many Internet businesses and users take advantage of cryptography based onthis approach.
a. Public key infrastructure
b. Output feedback
c. Encrypting File System
d. Single sign on
Q. This is the name for the issuer of a PKI certificate.
a. Man in the middle
b. Certificate authority
c. Resource Access Control Facility
d. Script kiddy
Q. Developed by Philip R. Zimmermann, this is the most widely used privacy-ensuringprogram by individuals and is also used by many corporations.
a. DS
b. OCSP
c. Secure HTTP
d. Pretty Good Privacy
Q. This is the inclusion of a secret message in otherwise unencrypted text or images.
a. Masquerade
b. Steganography
c. Spoof
d. Eye-in-hand system
Q. In password protection, this is a random string of data used to modify a password hash.
a. Sheepdip
b. Salt
c. Bypass
d. Dongle