b. Physical, Data, Network, Transport, Session, User, User Application

1. b. Physical, Data, Network, Transport, Session, User, User Application
Choose the seven layers of the OSI model ordered from 1 (lowest) to 7 (highest):

a. User Application, Media Access, Presentation, Network, Data, Transport, Physical

c. Physical, Session, Transport, Network, Presentation, Data Link, Application

d. Data, Synchronization, TCP, LAN, Wire, Presentation, User Application

e. Physical, Data Link, Network, Transport, Session, Presentation, Application

Answer: E

2. What is a common network connectivity problem that can be identified by starting at the physical layer?

a. A locked network application

b. An IP conflict

c. An unplugged network cable

d. A locked network application

Answer: C

3. What services does the presentation layer offer?

a. Connection oriented and connectionless

b. Data representation and encryption

c. Packetizing and flow control

d. Sliding windows and datagram

Answer: B

4. Why is the presentation layer a better place than lower layers to use encryption? (Choose all that apply)

a. The transport layer is not secure because it is an Internet protocol.

b. Using the physical layer would not encrypt the application content.

c. Onlythe application content is being encrypted.

d. The data is still together as an application entity.

Answer: D & B, C

5. What layer of the OSI model coordinates communication between software applications?

a. Session layer

b. Application layer

c. Data Link layer

d. Network layer

e. Communication layer

Answer: B

6. What do transport layer protocols do?

a. Provide flow control, error handling, and transmission problem resolution.

b. Perform syntax translations when necessary between two hosts.

c. Control access to the network medium.

d. Define the nature of the network’s hardware elements.

Answer: A

7. What is created when a TCP/IP address is combined with an established port number?

a. A data offset

b. A socket sequence number

c. A checksum

d. A socket

Answer: D

8. What kind of information does the network layer handle?

a. Bits

b. Packets

c. Frames

d. Segments

Answer: B

9. What is a distinct advantage of SCTP over TCP?

a. Support of TLS

b. Error-free packet delivery

c. Multi-homing

d. None of the above

Answer: C

10. True or False

Copyright law protects the tangible or fixed expression of an idea, not the idea itself.

Answer: True

11. True of False

Software can both be patented and copyrighted. One problem with the copyrighting software is that the code must be published. If the code is published, someone can re-implement the algorithm or the technique embodied in the code.

Answer: False

12. Data can be labeled at several levels, which of these levels is not correct:

a. At the field level

b. At the access level

c. At the record level

d. At the file level

Answer: B

13. True or False

At a high level, database security boils down to answering four questions: Who is it? (Authentication), Who can do it? (Authorization), Who can see it? (Encryption), Who did it? (Audit)

Answer: True

14. All modern operating systems implement access control. What kind of access control does an Android smartphone or Iphone have right out of the box?

a. MAC

b. DAC

c. RBAC

d. ABAC

Answer: C

15. Advanced malware typically comes via distribution channels. All of these are potential distribution channels except:

a. Drive-by download

b. Unsolicited email

c. Social media

d. Self propagation

e. Physical media

Answer: D

16. You try to log into your free personal email account, but you are asked to change your password for security purposes, they also send a text message to your cellphone with a number to enter on the website for verification purposes. What kind of authentication process is this?

a. Password reset authentication

b. Identity protection identification

c. Multi-Factor authentication

d. Fingerprint access authentication

Answer: C

17. True or False

You are the security/software engineer at XYZ company, you are tasked to write some code to encrypt messages. You don’t want to use the usual encryption algorithms, so you use Diffie-Hellman algorithm which is a great algorithm that is directly used to encrypt messages. Is this true or false?

Answer: FALSE

18. Continuing from question 17 above. You are also tasked with encrypting all website traffic in other words going from HTTP to HTTPS. What will be needed in terms of securing the website. Choose one of the following:

a. Digital Certificate

b. ACL list

c. Multi-Factor authentication

d. Biometrics

Answer: A

19. Continuing from question 17 above. You are also tasked with some of the database work for the company. Which one of the following key types is used to enforce referential integrity between database tables?

a. Session key

b. Foreign key

c. Primary key

d. Public key

Answer: B

20. Continuing from question 17 above. You have a Top Secret clearance, but you are briefed into a “Secret” project because you have a need to know in order to access the data. What model is used in this example.

a. BIBA

b. Bell-La-Padula

c. Clark Wilson

d. SABSA

Answer: B

21. Continuing from question 17 above. You joined the C&A team that oversees the certification and accreditation of one of your government customer’s system. Your job is to make sure the documentation and processes are being followed according to which proper guidance?

a. RMF

b. ISO/IEC 27000

c. ISO/IEC 27001

d. ISO/IEC 27002

Answer: A

22. Continuing from question 17 above. You are also part of the business continuity committee for the company. Which business continuity planning technique can help you prepare the business unit prioritization task of disaster recovery planning?

a. Risk management

b. Vulnerability analysis

c. Business impact assessment

d. Continuity planning

Answer: A

23. True or False

Information Assurance (IA) is the practice of protecting and defending information systems by ensuring non-availability, disclosure and integrity.

Answer: TRUE

24. Employers generally can monitor your activity on a workplace computer or workstation. There are several types of monitoring, which of these is not allowed.

a. Employee’s computer software to see what is on your screen or stored in the employees’ computer terminals and hard disks.

b. Employers can keep track of the amount of time an employee spends away from the computer or idle time at the terminal.

c. Employers can read data from your personal cell phone that is connected to the computer’s USB cable.

d. Keystroke monitoring tell an employer how many keystrokes per hour each employee is performing.

Answer:C

25. True or False

The Foreign Intelligence Surveillance Act (FISA) 1978. Increased the surveillance and investigative powers of law enforcement agencies in the United States to monitor private communications and access personal information for the purpose of locating terrorists and preventing terrorist acts.

Answer: TRUE