CSIA 300 Final Prep | 100% Correct
Answers | Verified | Latest 2024 Version
Which of the following phases of a system development life-cycle is most concerned with authenticating
users and processes to ensure appropriate access control decisions? - ✔✔Operation and maintenance
What is the effective key size of DES? - ✔✔56 bit
What are two types of ciphers? - ✔✔Transposition and substitution
When block chaining cryptography is used, what type of code is calculated and appended to the data to
ensure authenticity? - ✔✔Message authentication code
Which of the following is the most secure form of triple-DES encryption? - ✔✔DES-EDE3
Cryptography does not help in - ✔✔Detecting fraudulent disclosure
All of the following statements about a security incident plan are correct EXCEPT - ✔✔The plan should
be published annually
Two separate employees are required to open a safe containing sensitive information. One employee has
part of the safe combination, and a second employee has another part of the safe combination. This
arrangement follows the principle of - ✔✔Split custody
Within the realm of IT security, which of the following combinations best defines
risk? - ✔✔Threat coupled with a vulnerability
The purpose of a security incident debrief is all of the following EXCEPT: - ✔✔Review of log files
,The primary impact of a pandemic on an organization is: - ✔✔Long periods of employee absenteeism
that impact the organization's ability to provide services
In what phase of a business continuity plan does a company proceed when it is ready to move back into
its original site or a new site? - ✔✔Reconstitution phase
The process of erasing magnetic media through the use of a strong magnetic field is known as: -
✔✔Degaussing
A security manager has instructed a system administrator to wipe files on a hard disk. This means that
the administrator needs to: - ✔✔Use a tool to overwrite files multiple times
Which of the following processes is concerned with not only identifying the root cause but also
addressing the underlying issue? - ✔✔Problem Management
What is the minimum and customary practice of responsible protection of assets that affects a
community or societal norm? - ✔✔Due care
What is one disadvantage of content-dependent protection of information? - ✔✔increases processing
overhead
In the event of a security incident, one of the primary objectives of the operations staff is to ensure that..
- ✔✔there is minimal disruption to the organization's mission
Which of the following statements pertaining to block ciphers is incorrect? - ✔✔Plain text is encrypted
with a public key and decrypted with a private key.
Cryptography does not help in: - ✔✔Detecting fraudulent disclosure
Where is firmware primarily stored on a computer system? - ✔✔Read-only memory
, What size is an MD5 message digest (hash)? - ✔✔128 bits
Which of the following mail standards relies on a "Web of Trust" ? - ✔✔Pretty Good Privacy (PGP
How many bits is the effective length of the key of the Data Encryption Standard Algorithm? - ✔✔56
A demilitarized zone on a computer network exists for all of the following reasons except: - ✔✔Reduces
the load on firewalls
The primary advantage of the use of a central management console for anti-virus is: - ✔✔Consolidation
of reporting and centralized signature file distribution
Which attack is primarily based on the fragmentation implementation of IP and uses large ICMP packets?
- ✔✔Ping of Death
TCP and UDP use port numbers of what length? - ✔✔16 bits
A screening router can perform packet filtering based on which type of data? - ✔✔Source and
destination addresses and port numbers.
In the OSI model, at what level are TCP and UDP provided? - ✔✔Transport
A workstation that can remotely access the organization's network through a VPN and access the local
LAN where the workstation is connected, all through the same physical network connection, is using: -
✔✔Split tunneling
The purpose of a password policy that locks an account after five unsuccessful login attempts is: - ✔✔To
prevent an intruder from carrying out a dictionary attack against a password
Answers | Verified | Latest 2024 Version
Which of the following phases of a system development life-cycle is most concerned with authenticating
users and processes to ensure appropriate access control decisions? - ✔✔Operation and maintenance
What is the effective key size of DES? - ✔✔56 bit
What are two types of ciphers? - ✔✔Transposition and substitution
When block chaining cryptography is used, what type of code is calculated and appended to the data to
ensure authenticity? - ✔✔Message authentication code
Which of the following is the most secure form of triple-DES encryption? - ✔✔DES-EDE3
Cryptography does not help in - ✔✔Detecting fraudulent disclosure
All of the following statements about a security incident plan are correct EXCEPT - ✔✔The plan should
be published annually
Two separate employees are required to open a safe containing sensitive information. One employee has
part of the safe combination, and a second employee has another part of the safe combination. This
arrangement follows the principle of - ✔✔Split custody
Within the realm of IT security, which of the following combinations best defines
risk? - ✔✔Threat coupled with a vulnerability
The purpose of a security incident debrief is all of the following EXCEPT: - ✔✔Review of log files
,The primary impact of a pandemic on an organization is: - ✔✔Long periods of employee absenteeism
that impact the organization's ability to provide services
In what phase of a business continuity plan does a company proceed when it is ready to move back into
its original site or a new site? - ✔✔Reconstitution phase
The process of erasing magnetic media through the use of a strong magnetic field is known as: -
✔✔Degaussing
A security manager has instructed a system administrator to wipe files on a hard disk. This means that
the administrator needs to: - ✔✔Use a tool to overwrite files multiple times
Which of the following processes is concerned with not only identifying the root cause but also
addressing the underlying issue? - ✔✔Problem Management
What is the minimum and customary practice of responsible protection of assets that affects a
community or societal norm? - ✔✔Due care
What is one disadvantage of content-dependent protection of information? - ✔✔increases processing
overhead
In the event of a security incident, one of the primary objectives of the operations staff is to ensure that..
- ✔✔there is minimal disruption to the organization's mission
Which of the following statements pertaining to block ciphers is incorrect? - ✔✔Plain text is encrypted
with a public key and decrypted with a private key.
Cryptography does not help in: - ✔✔Detecting fraudulent disclosure
Where is firmware primarily stored on a computer system? - ✔✔Read-only memory
, What size is an MD5 message digest (hash)? - ✔✔128 bits
Which of the following mail standards relies on a "Web of Trust" ? - ✔✔Pretty Good Privacy (PGP
How many bits is the effective length of the key of the Data Encryption Standard Algorithm? - ✔✔56
A demilitarized zone on a computer network exists for all of the following reasons except: - ✔✔Reduces
the load on firewalls
The primary advantage of the use of a central management console for anti-virus is: - ✔✔Consolidation
of reporting and centralized signature file distribution
Which attack is primarily based on the fragmentation implementation of IP and uses large ICMP packets?
- ✔✔Ping of Death
TCP and UDP use port numbers of what length? - ✔✔16 bits
A screening router can perform packet filtering based on which type of data? - ✔✔Source and
destination addresses and port numbers.
In the OSI model, at what level are TCP and UDP provided? - ✔✔Transport
A workstation that can remotely access the organization's network through a VPN and access the local
LAN where the workstation is connected, all through the same physical network connection, is using: -
✔✔Split tunneling
The purpose of a password policy that locks an account after five unsuccessful login attempts is: - ✔✔To
prevent an intruder from carrying out a dictionary attack against a password
