SEC280 Final Exam Student ID: Name:
1. Which of the following is true about the server virtualization (Hypervisor)?
a. Virtualization can only exist in one location
b. Virtualization can only access local disk storage
c. Virtualization cluster can use different type and brand of processors
d. Virtualization is useful for the software testing purposes, e.g., snapshotting.
2. Which of the following is true about Cloud Computing?
a. It is best for a small startup company
b. It is best for security sensitive information, e.g., top secret documents
c. It is best for a company cannot afford to lose the information, e.g., bank transactions
d. It is best for a company is in a remote area and it cannot obtain a reliable Internet connection
3. Which of the following is NOT an example of the business continuity?
a. Power outage for 3 hours
b. Chief Financial Officer involves an auto accident and cannot come to work for 3 days
c. A terrorist attack
d. An employee's own laptop has been affected by virus
4. Which of the following is NOT a consideration of a backup strategy?
a. How much time do you have?
b. What is your network backbone speed?
c. How many monitor do you have?
d. What time to start the backup?
5. Comparing the difference between backup to disk and tape. What is one reason the tape is preferred?
a. Tape is much faster
b. Tape is much more expensive
c. Tape is water proof
d. Tape can be transport out of site for DR purpose
6. Which of the following is true about the SAN Snapshot?
a. It is taking a picture of the raw image of the disk
b. It makes a backup copy of the operating system
c. It makes a backup copy of the VMDK files
d. None of the above
7. Which of the following backup method requires the most of tape to restore?
a. Incremental
b. Differential
c. Full
d. Delta (application)
8. What is NOT the purpose of colocation?
a. To prevent power outage
b. To prevent data loss
c. To prevent nature disaster, e.g., flood
d. To prevent denial of services attack (DoS)
9. Which of the following is the most common and least expensive backup method?
a. File level (e.g., Windows file system)
b. Operating System level (e.g., VMware datastore)
c. Image level (e.g., SAN snapshot, Ghost)
d. All of the above
10. What is FALSE about data retention?
a. How much data I can write on the tape?
b. When I can re-write the tape?
c. When I must send my tapes to offsite vault such as Iron Mountain for monthly or weekly end backup
d. When I can erasethe tape?
11. Which of the following about a wireless access point (in 802.11g standard) is true?
a. It operates like a hub and in half-duplex mode
b. It operates like a hub and in full-duplex mode
c. It operates like a switch and in half-duplex mode
d. It operates like a switch and in full-duplex mode
12. Which of the following 802.1x protocol (in a wireless setting) uses mutual authentication?
a. EAP-TLS
b. LEAP
c. PEAP
d. EAP-FAST
13. Per class lecture, which of the following technology is for Power Over Ethernet?
a. 802.11n
b. 802.3af
c. 802.1x
d. 802.11g
14. A bank has a Class-C IP address 192.168.10.0 and is to be subdivided into 2 branches. How many bit(s) need to be borrowed to accommodate 3 branches? (We are using the zero subnet 2s formula)
a. 1
b. 2
c. 3
d. 4
15. Which of the following is true regarding to the RADIUS?
a. It forwards the username and password to an Active Directory for validation
b. The overall function of a RADIUS is similar to a Cisco Wireless LAN controller
c. RADIUS uses Mandatory Access Control
d. RADIUS is a client / server protocol. An RADIUS uses UDP port 1812 for authentication and UDP 1813 for accounting
16. Which of the following is true when your boss asks you to make sure the company's website is available 24x7x365?
a. Integrity
b. Authentication
c. Confidentiality
d. Assurance
17. Updating Windows patch on a server is best described as?
a. Network Security
b. Host Security
c. Physical Security
d. Social Engineering Security
18. Which of the following would be best described as Network Security?
a. Implementing Intrusion Detection System (IDS) on the network
b. Run Windows Update on a user's workstation
c. Make sure a server cannot use USB drive
d. Having a wireless access point deploy on every departments
19. Most of today's firewalls are executing rules base on which of the following:
a. Implicit deny
b. Implicit allow
c. Explicit deny
d. Explicit allow
20. To provide an evidence to prove one is indeed sign the document electronically:
a. Authentication
b. Integrity
c. Assurance
d. Nonrepudiation
21. A target received a spoof email (such as BankofAmerica) and calls back to the sender. The target will not question the authenticity of the tech support. This is an example of:
a. Social Engineering
b. Reverse social engineering
c. Forward social engineering
d. Hoaxes
22. The simple tactic of following closely behind a person who has just used their own access card to gain physical access to a building is called?
a. Shoulder surfing
b. Piggybacking
c. Access drafting
d. Man trap
23. A sender uses his private key to encrypt the message then the receiver uses sender's public key to decrypt the message.
a. Message digest
b. Simple digital signature
c. Complex digital signature
d. Cryptography
24. Which of the following is special mathematical function to perform one-way encryption?
a. Hashing
b. Algorithm
c. Symmetric
d. Asymmetric
25. Which of the following makes an encryption algorithm more robust (harder to crack)?
a. Keyspace
b. Message Digest
c. Algorithm
d. Hashing
26. An ________ can be viewed as an extension of a company's intranet that is extended to users outside the company, usually partners, vendors, and suppliers.
a. Extranet
b. Internet
c. Intranet
d. DMZ
27. Which of the following OSI layers uses logical addressing?
a. Datalink
b. Network
c. Transport
d. Physical
28. Which of the following OSI layers formats and encrypts data to be sent across a network?
a. Presentation
b. Session
c. Application
d. Transport
29. Which of the following is the best reason uses UDP?
a. Broadcasting message
b. Email
c. Telnet to a router
d. Web surfing
30. In an IP address network 192.168.1.0/24, what is 192.168.1.255 means?
a. Broadcast
b. Unicast
c. This network
d. This node
31. Which of the following PKI component is responsible for checking the identity of a company during the certificate application process?
a. Registration Authority
b. Department of Licensing
c. Certificate Authority
d. Digital Signature
32. Which of the following is not a part of digital certificate?
a. Validity period
b. Issuer's unique name
c. Digital signature of the CA
d. A private key
33. What is the best method to exchange the shared secret when establishing a site-to-site VPN?
a. Email
b. Instant messaging
c. Facebook
d. US Postal Service
34. What is the best method to obtain a party's public key?
a. Digital Certificate
b. Email
c. Facebook
d. Cell Phone
35. Which PKI components issue the digital certificate?
a. Registration Authority
b. Certificate Authority
c. Licensing Authority
d. Digital Signature
36. Which of the following method is one of the ways for customers to find out the digital certificate has expired and/or revoked?
a. Certificate Revocation List (CRL)
b. Notification from CA
c. Email from the vendor
d. CA's public key cannot open the certificate's digital signature
37. Which of the following is true regarding to the certificate validation procedure?
a. We need to use the public key of the CA to decrypt the CA's digital signature
b. We need to use the private key of the CA to encrypt the CA's digital signature
c. We need to use the public key of the Vendor to encrypt the Vendor's digital signature
d. We need to use the private key of the Vendor to decrypt the Vendor's digital signature
38. Which of the following is the best method to obtain FREE digital certificates (Assuming you are in a Windows Domain environment)?
a. Microsoft Certificate Authority
b. Verisign Certificate Authority
c. Third party certificate authority
d. All of the above
39. What is used to increase the complexity of an encryption algorithm?
a. Message Digest
b. Digital Signature
c. Symmetric Algorithms
d. Keyspace
40. Which of the following is a mathematical function that performs one-way encryption? The main purpose is to verify the integrity of a plaintext.
a. Hashing
b. Symmetric Algorithms
c. Asymmetric Algorithms
d. Digital Signature
41. Which of the following cryptography provides the fastest encrypt and decrypt process?
a. Symmetric
b. Asymmetric
c. PKI
d. Digital Signature
42. What is a digital signature?
a. You will sign a message with your private key
b. You will sign a message with your public key
c. You will sign a message with the recipient's private key
d. You will sign a message with the recipient's public key
43. How to verify the integrity of a downloaded file?
a. Comparing the message digests
b. Comparing the encryption algorithm
c. Comparing the hashing algorithm
d. Comparing the public keys
44. Which of the following is an example of asymmetric algorithm?
a. Both encryption and decryption keys are the same
b. Both encryption and decryption keys are different
c. Both message digests are the same
d. Both message digests are different
45. Which of the following best describe ONE private IP address (internal workstations) is translated into ONE public IP address to access the Internet?
a. Static NAT
b. Dynamic NAT
c. PAT
d. All of the above
46. Which protocol is "to request the MAC address for a given IP address"?
a. ARP
b. DHCP
c. OSPF
d. ICMP
47. What service is use to resolve a fully qualified domain name (FQDN) into an IP address?
a. ARP
b. DNS
c. DHCP
d. ICMP
48. Which of the following is not an example of a routing protocol?
a. PPTP
b. RIP
c. EIGRP
d. OSPF
49. Which of the following about this "192.168.5.55/24" is true?
a. The subnet mask is 255.255.0.0
b. The host ID is 55
c. The network ID is 55
d. The 192.168.5.0 is an IP address of a Windows server
50. What is the purpose of DMZ?
a. So if the corporate web server is hacked the Internal network is not compromised
b. So if the corporate web server is hacked the Internet network is compromised
c. So you can place all the internal servers (such as a domain controller) in the DMZ network
d. So you can place all the remote workers in DMZ network