Information Assurance
Pre-Test Questions
Course Introduction
Information Assurance is a comprehensive course that focuses on the principles and practices required to protect and manage information systems against threats and vulnerabilities. Students will explore key topics such as risk management, security policies, access controls, threat analysis, and methods for ensuring the confidentiality, integrity, and availability of data. Emphasis is placed on legal, ethical, and organizational issues, as well as the implementation of security measures to mitigate risks in both technical and administrative contexts. Through case studies and practical assignments, students will develop the skills necessary to assess, implement, and maintain effective information assurance strategies in various business and governmental environments.
Recommended Textbook
Security+ Guide to Network Security Fundamentals 4th Edition by Mark Ciampa
Available Study Resources on Quizplus
14 Chapters
588 Verified Questions
588 Flashcards
Source URL: https://quizplus.com/study-set/1054 Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20875
Sample Questions
Q1) In a ____ attack, attackers can attackers use hundreds or thousands of computers in an attack against a single computer or network.
A) centered
B) local
C) remote
D) distributed
Answer: D
Q2) What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it?
A) $100,000
B) $250,000
C) $500,000
D) $1,000,000
Answer: B
Q3) In a general sense, assurance may be defined as the necessary steps to protect a person or property from harm.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20876
Sample Questions
Q1) In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file.
A) stealth
B) appender
C) Swiss cheese
D) split
Answer: C
Q2) Malicious software, or ____________________, silently infiltrate computers with the intent to do harm.
Answer: malware
Q3) What is malware?
Answer: Malware is software that enters a computer system without the user's knowledge or consent and then performs an unwanted-and usually harmful-action. Malware is a general term that refers to a wide variety of damaging or annoying software programs. One way to classify malware is by its primary objective. Some malware has the primary goal of rapidly spreading its infection, while other malware has the goal of concealing its purpose. Another category of malware has the goal of making a profit for its creators.
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Application and Network Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20877
Sample Questions
Q1) What does a user need to perform a directory traversal attack?
Answer: To perform a directory traversal attack, an attacker, needs only a Web browser and knowledge of the location of default files and directories on the system under attack.
Q2) HTML is a markup language that uses specific ____ embedded in brackets. A) blocks B) marks C) taps
D) tags
Answer: D
Q3) ____ is a language used to view and manipulate data that is stored in a relational database.
A) C
B) DQL
C) SQL
D) ISL
Answer: C
Q4) Why would you want to limit access to the root directory of a Web server?
Answer: Limiting access to the root directory prevents unauthorized users from accessing sensitive files on the server.
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Vulnerability Assessment and Mitigating Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20878
Sample Questions
Q1) ____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.
A) Insourcing
B) Outsourcing
C) Outcasting
D) Inhousing
Q2) When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.
A) threat scanner
B) vulnerability profiler
C) port scanner
D) application profiler
Q3) List and describe the elements that make up a security posture.
Q4) List and describe the three categories that TCP/IP divides port numbers into.
Q5) When a security hardware device fails or a program aborts, which state should it go into?
Q6) ____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20879
Sample Questions
Q1) Instead of using a key or entering a code to open a door, a user can display a ____ to identify herself.
A) logical token
B) physical sensor
C) physical token
D) hybrid sensor
Q2) An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing.
A) flat collar
B) spiked collar
C) slippery collar
D) sharp collar
Q3) Each host (desktop, wireless laptop, smartphone, gateway server) runs a local application called a ____, which is sent over the network to the devices and runs as an OS service.
A) DLP manager
B) DLP control
C) DLP agent
D) DLP cipher
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20880
Sample Questions
Q1) A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
A) proxy server
B) DNS server
C) VPN server
D) telnet server
Q2) Describe how NAC works.
Q3) ____ switches are connected directly to the devices on a network.
A) Workgroup
B) Distribution
C) Core
D) Intermediate
Q4) What are the two TCP/IP protocols used by e-mail systems to send and receive messages?
Q5) The key to the OSI reference model is ____________________.
Q6) Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.
A)True
B)False
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20881
Sample Questions
Q1) List the steps in an 802.1x authentication procedure.
Q2) List and describe the three service models of cloud computing.
Q3) In the ____ cloud computing model, the customer has the highest level of control.
A) Cloud Application as a Service
B) Cloud Infrastructure as a Service
C) Cloud Software as a Service
D) Cloud System as a Service
Q4) ____ is a pay-per-use computing model in which customers pay only for the computing resources they need.
A) Cloud computing
B) Virtualization
C) Cloud Software as a Service
D) Infrastructure as a Service
Q5) Why is the Physical Layer omitted in the TCP/IP model?
Q6) A(n) ____________________ is a record of events that occur.
Q7) ____________________ servers are intermediate hosts through which Web sites are accessed.
Q8) What are the two types of community strings?
Q9) Discuss one security advantage to hosts running virtualization.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20882
Sample Questions
Q1) Describe a piconet.
Q2) A group of piconets in which connections exist between different piconets is called a ____.
A) broadnet
B) honeynet
C) boundnet
D) scatternet
Q3) ____ is the encryption protocol standard for WPA2.
A) AES-CCMP
B) AES-CTR
C) AES-TKIP
D) AES-SCMP
Q4) List and describe the major parts of an access point.
Q5) ____ is designed to detect any changes in a packet, whether accidental or intentional.
A) CBC
B) CRC
C) AES
D) TKIP
Q6) Explain what war driving is.
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20883
Sample Questions
Q1) TACACS+ and RADIUS are designed to support hundreds of remote connections.
A)True
B)False
Q2) A shield icon warns users if they attempt to access any feature that requires UAC permission.
A)True
B)False
Q3) ____ indicates when an account is no longer active.
A) Password expiration
B) Account expiration
C) Last login
D) Account last used
Q4) Describe LDAP injection attacks.
Q5) ____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
A) Aurora
B) Kerberos
C) CHAP
D) TACACS
Q6) Discuss the two significant weaknesses of DAC.
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20884
Sample Questions
Q1) The set of letters, symbols, and characters that make up the password are known as a ____ set.
A) result
B) problem
C) character
D) search
Q2) ____ holds the promise of reducing the number of usernames and passwords that users must memorize.
A) ISO
B) SSO
C) SSL
D) IAM
Q3) Identify two basic flows that operating systems can have.
Q4) Discuss the types of shortcuts that users take to help them recall their passwords.
Q5) What are the three broad categories on which authentication can be based?
Q6) Discuss the weaknesses of OpenID.
Q7) Why do passwords place a heavy load on human memory?
Q8) Explain how an attacker can use a resetting attack.
Q9) List and describe two of the common password setting objects.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20885
Sample Questions
Q1) The basis for a digital signature rests on the ability of ____ keys to work in both directions.
A) symmetric
B) shared
C) unique
D) asymmetric
Q2) Describe how Message Digest2 (MD2) works.
Q3) Describe the origins of cryptography.
Q4) One of the most famous ancient cryptographers was ____.
A) Albert Einstein
B) Isaac Newton
C) Julius Caesar
D) Caesar Augustus
Q5) Cleartext data that is to be encrypted is called ____________________.
Q6) In MD5, the length of a message is padded to ____ bits.
A) 32
B) 64
C) 128
D) 512
Q7) Discuss how HMAC works.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20886
Sample Questions
Q1) The ____ function is a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
A) Registration Authority
B) Certificate Authority
C) Repudiation Authority
D) Intermediate Authority
Q2) A(n) ____________________ trust model can be used in an organization where one CA is responsible for only the digital certificates for that organization.
Q3) A(n) ____ serves as the trusted third-party agency that is responsible for issuing the digital certificates.
A) RA
B) DA
C) CA
D) PA
Q4) In SSH, the ____________________ command allows a user to copy files between remote computers.
Q5) List the four stages of a certificate life cycle.
Q6) Discuss the three areas of protection that are provided by IPsec.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20887
Sample Questions
Q1) A ____ is a metallic enclosure that prevents the entry or escape of an electromagnetic field.
A) bollard
B) mantrap
C) Faraday cage
D) Newton cage
Q2) ____ could contain remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer.
A) RAM slack
B) Edge slack
C) Drive file slack
D) Sector slack
Q3) A ____ has all of the equipment installed, but does not have active Internet or telecommunications facilities, and does not have current backups of data.
A) cold site
B) hot site
C) spare site
D) warm site
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20888
Sample Questions
Q1) List one reason why social networking sites are popular with attackers.
Q2) At the heart of information security is the concept of ____.
A) threat
B) mitigation
C) risk
D) management
Q3) A ____ is a written document that states how an organization plans to protect the company's information technology assets.
A) security policy
B) guideline
C) security procedure
D) standard
Q4) A(n) ____ approach is the art of helping an adult learn.
A) andragogical
B) pedagogical
C) deontological
D) metagogical
Q5) List and describe two risk categories.
Q6) ____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Page 16
To view all questions and flashcards with answers, click on the resource link above.