Which one of the following actions is not done under formal control?

(a) Create and terminate the rules or standards created

(b) Decide which technical tools to be deployed

(c) Establish De-militarized zones and firewalls to the enterprise network

(d) Create a well-structured information flow system within organization

(e) Come up with strategic decisions.

Question 12

Which statement best explains the reason for the fact that technical control is not enough in Information Security Management?

(a) Many data breaches happen due to human error.

(b) Hackers can easily break the next-generation firewalls.

(c) Over-engineered technical systems add more complexity.

(d) Deploying AI-based solutions cost more money

(e) It is impossible to delete all virus in a system

Question 13

What is the correct order of the vulnerability threats that the following example cases belong to?

(i) An insider of the organization alters the existing company records about sales income.

(ii) Inject new messages to the network impersonating a legitimate sender.

(iii) A virus program deletes all the data from a database

(iv) Sniffs encrypted packets by passive monitoring.

(a) Fabrication, Modification, Destruction, Interception

(b) Modification, Fabrication, Disclosure, Destruction

(c) Modification, Fabrication, Destruction, Interception

(d) Disclosure, Fabrication, Destruction, Interception

(e) Fabrication, Interception, Destruction, Disclosure

Question 14

Select the correct order of potential violation of basic principles of security for the following cases

(i) Some sensitive details from over 100000 customer records are altered in a company database.

(ii) A company CEO sends a letter to his employees only with the company letter head and without the signing on it.

(iii) A person tries to impersonate a legitimate customer of retail delivery service through their mobile app.

(a) Confidentiality, Integrity, Authentication

(b) Non-repudiation, Confidentiality, Integrity

(c) Integrity, Non-repudiation, Authentication

(d) Integrity, Confidentiality, Non-repudiation

(e) Integrity, Non-repudiation, Confidentiality

Question 15

Which one of the following is (are) not a modification attack?

(a) An adversary changes the encrypted traffic pattern over a communication network.

(b) An attacker adds forged login links/buttons to an organization’s website to collect user authentication data

(c) An internal staff of an organization alter customer data in unauthorized manner.

(d) Software hackers modify a website/software of an organization which results in additional computational tasks.

(e) Insider from an organization induces faults in their database hard drives with malicious intent.

Question 16

Interception occurs when

(a) Hardware, software, or the data is destroyed

(b) Data is made available or accessible to an unauthorized software

(c) An unauthorized person or application gains access to restricted computer resources

(d) Data is accessed and changed in an unauthorized manner

(e) Computer system becomes unavailable for use

Question 17

Which one of the following statements is(are) true about network system attacks?

(a) Attackers can get a complete control of ongoing communication and replace himself/her self with the sender or receiver.

(b) Attacks such as injecting overloaded network traffic making the systems unavailable to the users can be easily identified.

(c) Eavesdroppers can intercept encrypted messages by passively monitoring the network interfaces.

(d) (a) and (c)

(e) All the above

Question 18

Which one is an act of certification authorities (CA)?

(a) Collect public keys and proof of identities from different entities (person, websites, or ganizations etc.)

(b) Create certificate binding public keys of different entities.

(c) Share the CA’s public keys to decrypt the certificates of entities to get the corresponding public key of an entity.

(d) Only (a) and (b)

(e) All the above

Question 19

Which of the following is True about Biba model?

(a) Biba model control access to the objects in an organization

(b) Person with a certain integrity level clearance cannot read the content from the same integrity level.

(c) Person with lower integrity level clearance can read the content from higher integrity levels.

(d) Integrity levels provided by the Biba model cannot be adjusted once they are defined.

(e) Biba model only allows modifying the data from a higher integrity level by a person from a lower integrity level.

Question 20

Which of the following is True about the security model?

(a) BLP model focuses on who can change the data while Biba model focuses on who can read the data

(b) Lattice model shows the primitive operations can be taken according to a given security model

(c) According to BLP model L1 subject which dominates L2 object has the reading access.

(d) Clark-Wilson model assures users to invoke any transformation procedures.

(e) With the Clark-Wilson models, now the companies can safely reduce the cost of the auditing system.