Marks: 1 Which statement is not true for proxying? Choose one answer.

a. Proxy servers allow users to access internet services directly b. Proxy services are good at logging c. Proxy services lag behind non proxies services. d. Proxy services protect you from all protocol weaknesses.
Question2 Marks: 1 Cross site scripting allows attacker to embed malicious scripts into a vulnerable dynamic page to fool the user. The scripts are: Choose one answer.

a. JavaScript b. VB scripts c. Active X d. All of these

Question3 Marks: 1 With Discretionary Access Control (DAC), how are access rights to resources determined? Choose one answer.

a. Roles b. Rules c. Owner discretion d. Security label

Question4 Marks: 1 " Sensors use to offer security by themselves Choose one answer.

a. True b. False

Question5 Marks: 1 International third party auditing firm engaged in the activities of certifying organizations for ISO9001,ISO20000, ISO27001 Choose one answer.

a. CERT b. DNV c. RBI d. PNB

Question6 Marks: 1 The business impact analysis is noticed in any company or organization in case of Choose one answer.

a. Worst case ratio b. Best case ratio c. Moderate case ratio d. Not considered
Question7 Marks: 1 Which is the most serious attack due to which need for enhanced security arises all the more: Choose one answer.

a. Denial of service attack b. System attack c. Disclosure of Information d. Network attack

Question8 Marks: 1 Which protocol is easier to inspect, TCP or UDP? Choose one answer.

a. both b. udp

c. TCP d. no one
Question9 Marks: 1 A linux server should be installed as headless system i.e no monitor connected and administered remotely. Choose one answer.

a. True b. False c. Can d. It depends on certain cases of installation

Question10 Marks: 1 UMTS is based on.... Choose one answer.

a. W-CDMA technology b. TD-SCDMA c. CDMA2000 d. GSM

hile examining the company's website for vulnerabilities, you received the following error: Microsoft OLE DB Provider for ODBC Drivers error '80040e14'. What does it mean? Choose one answer.

a. The site has a scripting error. b. The site is vulnerable to SQL injection. c. The site is vulnerable to a buffer overflow. d. The site has a CGI error.
Question12 Marks: 1 A virus is a computer program that executes when an infected program is executed. Choose one answer.

a. True

b. False c. Cant say d. Depends on type of virus

Question13 Marks: 1 What is the full form of SSL? Choose one answer.

a. Secured system Layer b. Secure sockets Layer c. System secured layer d. Secure socket lane
Question14 Marks: 1 What is hacking? Choose one answer.

a. Artistic criminal offense of breaking into another remote system without owner consent for the purpose of stealing information b. Knowledgeable people when do crime c. When weak points of an organization get exposed d. Any bug, virus attack
Question15 Marks: 1 An IS auditor has completed a review of an organization that has a mainframe & a client/server environment where all production data resides. This review revealed several weaknesses, which of the following weakness is MOST SERIOUS? Choose one answer.

a. The security officer also serves as the DBA b. Password control are not administered over the client/server environment c. There is no BCP for the mainframe system d. Most LAN
Question16 Marks: 1

Which part of AAA determines what activities are allowed for the user? Choose one answer.

a. accounting b. Authorization c. authentication d. analyse

Question17 Marks: 1 Which malware consists of encrypted malicious code along with decryption module? Choose one answer.

a. Metamorphic b. Polymorphic c. Hybrid d. None above

Question18 Marks: 1 What is the full form of DNS Choose one answer.

a. Domain name system b. Domain name server c. Domain naming system d. Domain network server
Question19 Marks: 1 Which of the following is considered the act of inducing a person to commit a crime in order to bring criminal charges against him? Choose one answer.

a. Inducement b. Entrapment c. Honeypotting

d. Enticement
Question20 Marks: 1 At what layer of the TCP/IP protocol stack do translations occur? Choose one answer.

a. Translations occur at the IP layer of the udp/IP stack. b. Translations occur at the IP layer of the ip stack. c. Translations occur at the IP layer of the ftp stack. d. Translations occur at the IP layer of the TCP/IP stack.
A third party patch was released by Ilfak Guilfanov to temporarily disable the vulnerable function call in gdi32.dll. Choose one answer.

a. 28 December 2005 b. 29 December 2005 c. 20th December 2005 d. 31st December 2005
Question22 Marks: 1 What is IPS? Choose one answer.

a. Intrusion prevention system b. Intrusion prevention synchronus c. Intrusion prevention system admin d. Intrusion private system
Question23 Marks: 1 Which one of the following is considered a physical security component? Choose one answer.

a. VPN tunnel b. Man trap

c. Bastion host d. IPSec

Question24 Marks: 1 Which proxy focuses on traffic over the world wide web? Choose one answer.

a. Transparent b. Web c. Reverse d. Distorting

Question25 Marks: 1 The DOD model has four layers. which layer of the DOD model is equivalent to the network layer of the osi model? Choose one answer.

a. application b. host-to-host c. internet d. network access

Question26 Marks: 1 ISO 17799 evolved from what regional standard? Choose one answer.

a. British standard 7799 b. Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) c. Information Technology Security Evaluation Criteria (ITSEC) d. Trusted Computer System Evaluation Criteria (TCSEC)
Question27 Marks: 1 ssh uses which port? Choose one answer.

a. 21 b. 22 c. 80 d. 25
Question28 Marks: 1 Why HTTP and SMTP applications are frequently attacked? Choose one answer.

a. Most firewalls and other security mechanism are configured to allow full access to these programs. b. Malwares are mostly seen compatible with these applications only. c. Both are transfer protocols so virus get transferred by them easily. d. None of above statement is true
Question29 Marks: 1 which of the following describe router function? Choose one answer.

a. packet switching and path selection b. collision prevention c. broadcast domain enlargement d. broadcast forwarding
Question30 Marks: 1 Which protocol provides a simple, standardized way for users to access mailboxes and download messages to their computers? Choose one answer.

a. FTP b. HTTP c. ICMP

d. POP
Suicide hacker is also known as ethical hacker. Choose one answer.

a. True b. False c. Don d. Depends on type of hacking

Question32 Marks: 1 Computer forensics is really the marriage of computer science, information technology & engineering with Choose one answer.

a. Law b. Information System c. Analytical throught d. The scientific method

Question33 Marks: 1 Select two ways to secure hardware from threats. Choose one answer.

a. The room must have steel walls and doors. b. The room must be static free. c. The room must be locked, with only authorized people allowed access. d. none of the above
Question34 Marks: 1 Which statement is true when considering the information security objectives that the military would use versus the objectives used for commercial systems? Choose one answer.

a. A military system requires higher security because the risks are greater.

b. Military systems base their controls on confidentiality, whereas commercial systems are based on availability and data integrity. c. Only the military can make systems really secure. d. Military systems base their controls on availability and data integrity, whereas commercial systems are based on confidentiality.
Question35 Marks: 1 Internet connected systems face a consistent and real threat from DOS attack because: Choose one answer.

a. Internet is comprised of limited and consumable resources. b. Internet security is highly interdependent. c. Both A and B d. None above
Question36 Marks: 1 Which element of intellectual property law provides the creator of a work exclusive rights for 17 years? Choose one answer.

a. Patent b. Copyright c. Trade secret d. Trademark

Question37 Marks: 1 The name given to interface between hardware and user is: Choose one answer.

a. Application b. Program c. Operating system d. None

Question38 Marks: 1 TDMA stands for.... Choose one answer.

a. Time divison multiple access b. Time divison mono application c. Time data mutiple authority
Question39 Marks: 1 What are the common mistakes at the time of forensics investigation? Choose one answer.

a. Failure to maintain proper documentation b. Failure to notify decision makers that may jeopardize the legality of any evidence gathered c. Failure to report the fraud on time d. All of the above
Question40 Marks: 1 Security is a process not a permanent state. Choose one answer.

a. True b. False c. Can d. Depends on the circumstances

which of the following would be MOST appropriate to ensure the confidenciality of transaction via the internet Choose one answer.

a. Digital signature b. Data encryption standard (DES) c. Virtual Private Network (VPN) d. Public Key Encryption

Question42 Marks: 1 when data is encapsulated,which is the correct order? Choose one answer.

a. data,frame,packet,segment,bit b. segment,data,packet,frame,bit c. data,segment,packet,frame,bit d. data,segment,frame,packet,bit

Question43 Marks: 1 The first step in the WinLogon process is: Choose one answer.

a. CTRL + ALT + Insert b. CTRL + ALT + DEL c. CTRL + ALT + Tab d. CTRL + ALT + home
Question44 Marks: 1 Dial back modem uses which of the following features for external access control? Choose one answer.

a. SLIP protocol b. Port protection c. Point To Point Protocol d. Blue Boxes

Question45 Marks: 1 When data corrupted by viruses cannot be restored by using antivirus software. Choose one answer.

a. True b. False

c. Depends on antivirus software d. Dont know

Question46 Marks: 1 For a stand alone syetem, the best security control is to have Choose one answer.

a. User ID and Password b. Detailed logical access control procedures c. Restricted physical access d. Regular backups taken at periodic intervals
Question47 Marks: 1 Which type of virus is difficult to detect as can hide from anti-virus software? Choose one answer.

a. Boot sector b. File infecting c. Polymorphic d. Stealth

Question48 Marks: 1 A document driven approach is used in: Choose one answer.

a. The prototype model b. The waterfall model c. The spiral model d. the iterative model
Question49 Marks: 1 What is the proper way to dispose of confidential documents? Choose one answer.

a. Rip them into small pieces and put them in the trash. b. Shred them and put them in the trash. c. Have them destroyed by an authorized destruction company. d. Put them in the recycle bin.
Question50 Marks: 1 vulnerability assessment isChoose one answer.

a. not a critical process b. concerned with only IT assets c. systematic process of scanning the operating systems d. none of above
You would like to scan for WIRELESS devices that are used in the office. Which of the following tools would NOT work ? Choose one answer.

a. Airsnort b. Aeropeek c. RedFang d. NetStumbler

Question52 Marks: 1 The duty of the Quality Assurance group is: { Choose one answer.

a. Ensuring completeness of the output on processing b. Adherence of established standards by programs, program changes and documentation. c. Developing and designing standards and procedure to protect data in case of accidental disclosure, modification or destruction. d. Reviewing execution of computer processing tasks
Question53 Marks: 1

SOCKS proxy server cannot work with which protocol? Choose one answer.

a. HTTP b. FTP c. POP3 d. UDP

Question54 Marks: 1 COBIT stands for Choose one answer.

a. Control of business in IT b. Control of business objective in IT c. Commission of Business in IT d. Commission of Business Objective in IT
Question55 Marks: 1 Which of the following is used to verify the proof of identity? Choose one answer.

a. Asymmetric encryption b. Symmetric encryption c. Non-repudiation d. Hashing

Question56 Marks: 1 Types of multi tasking are: Choose one answer.

a. Pre-emptive and co-operative b. Pre-emptive and distributed c. Co-operative and configurational

d. All of these
Question57 Marks: 1 During a review of system access rules, an IS auditor noted that technical support personal have unlimited access to all data and program files. Such access authority is Choose one answer.

a. Appropriate, but all access should be logged b. Appropriate because technical support personal can access all data & program files c. Inappropriate, since access should be limited to a need to know basis, regardless of position d. Inappropriate because technical support personal have the capacity to run the system
Question58 Marks: 1 Breach of confidenciality belongs to Choose one answer.

a. Input fraud b. output Fraud c. Processing Fraud d. None of these

Question59 Marks: 1 Vulnerability scanner is needed to be run periodically to: Choose one answer.

a. Check binaries b. Check for remote vulnerabilities c. Audit password Strength d. Monitor log files
Question60 Marks: 1 Information Security is concerned with which main area: Choose one answer.

a. Confidentiality b. Availability c. Integrity d. All of above