Information Security Fundamentals
Chapter Exam Questions
Course Introduction
Information Security Fundamentals introduces students to the essential concepts, principles, and practices that are critical to securing information systems and data. The course covers topics such as threats and vulnerabilities, risk management, security policies, authentication and access control, cryptography, network security, and incident response. Through theoretical and practical learning, students develop a foundational understanding of how to protect digital assets against various security challenges, as well as an awareness of the ethical, legal, and procedural considerations in the field of information security.
Recommended Textbook
CompTIA Security+ Guide to Network Security Fundamentals 5th Edition by Mark Ciampa
Available Study Resources on Quizplus
15 Chapters
750 Verified Questions
750 Flashcards
Source URL: https://quizplus.com/study-set/3831
Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76425
Sample Questions
Q1) What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?
A)Remote Access Server
B)VPN server
C)Serial server
D)HTTP server
Answer: C
Q2) Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?
A)$100,000
B)$250,000
C)$500,000
D)$1,500,000
Answer: D
Q3) Today's software attack tools do not require any sophisticated knowledge on the part of the attacker.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76418
Sample Questions
Q1) Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?
A)Oligomorphic malware
B)Polymorphic malware
C)Metamorphic malware
D)Statimorphic malware
Answer: A
Q2) Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.
A)True
B)False
Answer: True
Q3) What are botnets?
Answer: Botnets are collections of thousands or even hundreds of thousands of zombie computers are gathered into a logical computer network under the control of an attacker, or bot herder.
Q4) Malicious software, or ____________________, silently infiltrate computers with the intent to do harm.
Answer: malware
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Application and Networking-Based Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76417
Sample Questions
Q1) Which SQL injection statement can be used to erase an entire database table?
A)whatever'; DROP TABLE members; --
B)whatever'; DELETE TABLE members; --
C)whatever'; UPDATE TABLE members; --
D)whatever'; RENAME TABLE members; --
Answer: A
Q2) An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
A)Session replay
B)Session spoofing
C)Session hijacking
D)Session blocking
Answer: C
Q3) In a drive-by download attack, provide an example of how an attacker might avoid visual detection.
Answer: An attacker might make use of a zero-pixel IFrame (or inline frame), which is an HTML element that allows for embedding another HTML document inside the main document.
Q4) A web browser makes a request for a web page using the ________________.
Answer: Hypertext Transport Protocol (HTTP)
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76416
Sample Questions
Q1) How can an area be made secure from a non-secured area via two interlocking doors to a small room?
A)Using a lockout
B)Using a mantrap
C)Using a closet
D)Using a pit
Q2) DLP agent sensors are unable to read inside compressed files and binary files.
A)True
B)False
Q3) What are the three states of data that DLP typically examines?
Q4) Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique?
A)heuristic detection
B)pattern detection
C)hybrid detection
D)combination detection
Q5) Describe a mantrap.
Q6) How does an RFID tag embedded into an ID badge function without a power supply?
Q7) How does DLP index matching work?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76415
Sample Questions
Q1) The Data Encryption Standard is a(n) ______________ cipher.
Q2) A(n) ____________________ is a method used by operating systems to store, retrieve, and organize files.
Q3) What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?
A)FCC
B)RSA
C)ECC
D)IKE
Q4) What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX, and Linux systems, and is compatible with PGP?
A)GPG
B)OGP
C)CGP
D)GPP
Q5) A block cipher works on a single character at a time, and is faster than a stream cipher.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76414
Sample Questions
Q1) SSL and TLS keys of what length are generally considered to be strong?
A)128
B)1024
C)2048
D)4096
Q2) In the SSH suite, the ____________________ command allows a user to copy files between remote computers. Match the following terms to the appropriate definitions.
a.Bridge trust model
b.Certificate Authority (CA)
c.Certificate Repository
d.Digital certificate
e.Distributed trust model
Q3) List and describe the entities for which IPsec is transparent.
Q4) A(n) ____________________ trust model can be used in an organization where one CA is responsible for only the digital certificates for that organization.
Q5) Explain how digital certificates are managed.
Q6) In the SSH suite, the ____________________ command allows a user to log on to a remote computer.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76413
Sample Questions
Q1) Workgroup switches must work faster than core switches.
A)True
B)False
Q2) A network _________________ isolates connected devices by learning MAC addresses and only sending frames intended for specific MAC addresses to the ports they're connected to, unless the MAC address is unknown.
Q3) Select below the layer of the OSI model at which the route a packet is to take is determined, and the addressing of the packet is performed.
A)Network
B)Data Link
C)Session
D)Presentation
Q4) What kind of networking device forwards packets across different computer networks by reading destination addresses?
A)switch
B)router
C)bridge
D)firewall
Q5) List and describe three features of Internet content filters.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76412
Sample Questions
Q1) IEEE 802.1x is commonly used on wireless networks.
A)True
B)False
Q2) A log that is used to record which user performed an action and what that action was.
A)Audit log
B)Event log
C)File Transfer Protocol (FTP)
D)Flood guard
E)FTP Secure (FTPS)
F)Host elasticity
G)Loop protection
H)Snapshot
I)Telnet
J)Virtualization
Q3) TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
Page 10
Chapter 9: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76411
Sample Questions
Q1) Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.
A)Bluejacking
B)Bluesnarfing
C)Initialization vector (IV)
D)Near field communication (NFC)
E)Preshared key (PSK)
F)RF Jamming
G)War driving
H)Wi-Fi Protected Setup (WPS)
I)Wi-Fi Protected Access 2 (WPA 2)
J)Wired Equivalent Privacy (WEP)
Q2) List and describe the major parts of an access point.
Q3) A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?
A)Bluejacking
B)Bluecracking
C)Bluesnarfing
D)Bluetalking
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Mobile Device Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76424
Sample Questions
Q1) A technology that prevents a mobile device from being used until the user enters the correct passcode.
A)Asset tracking
B)Geo-fencing
C)Geo-tagging
D)Location services
E)Lock screen
F)Mobile application management (MAM)
G)Off-boarding
H)On-boarding
I)Remote wiping
J) Secure digital (SD)
Q2) Mobile devices such as laptops are stolen on average once every 20 seconds.
A)True
B)False
Q3) The Apple _____________ operating system, developed by Apple for their mobile devices, is a closed and proprietary architecture.
Q4) What are the three sizes of SD cards available, and how are they typically used?
Q5) Describe a subnotebook computer.
Q6) What is the difference between a feature phone and a smartphone?
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76423
Sample Questions
Q1) A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
A)ACE
B)DAC
C)entity
D)ACL
Q2) During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
A)accounting request
B)access request
C)verification request
D)authentication request
Q3) A user or a process functioning on behalf of the user that attempts to access an object is known as the:
A)subject
B)reference monitor
C)entity
D)label
To view all questions and flashcards with answers, click on the resource link above.
Page 13
Chapter 12: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76422
Sample Questions
Q1) A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.
Q2) List and describe two of the common password setting objects.
Q3) What type of one-time password (OTP) changes after a set time period?
A)HMAC-Based one-time password (HOTP)
B)Period-based one-time password (POTP)
C)Time-based one-time password (TOTP)
D)Interval-based one-time password (IOTP)
Q4) Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.
A)True
B)False
Q5) Why do passwords place a heavy load on human memory?
Q6) Passwords that are transmitted can be captured by what type of software?
A)application analyzer
B)system analyzer
C)function analyzer
D)protocol analyzer
To view all questions and flashcards with answers, click on the resource link above. Page 14
Q7) What are the three advantages of a rainbow table over other password attacks?
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76421
Sample Questions
Q1) ____________________ is data about data.
Q2) What kind of data can be lost when a computer is turned off?
A)Volatile
B)Static
C)Non-volatile
D)Persistent
Q3) What kind of slack is created from information stored on a hard drive, which can contain remnants of previously deleted files or data?
A)RAM slack
B)Edge slack
C)Drive file slack
D)Sector slack
Q4) What is required upon completion of an evidence examination?
Q5) What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?
A)baseline
B)mirror image
C)logical image
D)thin image
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76420
Sample Questions
Q1) What may be defined as the components required to identify, analyze, and contain an incident?
A)Vulnerability response
B)Incident response
C)Risk response
D)Threat response
Q2) List and describe two of the seven risk categories.
Q3) Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?
A)Peer
B)Client-server
C)P2P
D)Share
Q4) What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?
A)Morals
B)Ethics
C)Standards
D)Morays
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Vulnerability Assessment and Third Party Integration
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76419
Sample Questions
Q1) What is the name of the process that takes a snapshot of the current security of an organization?
A)threat analysis
B)vulnerability appraisal
C)risk assessment
D)threat assessment
Q2) Discuss the purpose of OVAL.
Q3) Describe the purpose of a honeypot.
Q4) Describe a penetration testing report.
Q5) List and describe the three categories that TCP/IP divides port numbers into.
Q6) A healthy security posture results from a sound and workable strategy toward managing risks.
A)True
B)False
Q7) Which scan examines the current security, in a passive method?
A)application scan
B)system scan
C)threat scan
D)vulnerability scan
Q8) List two types of hardening techniques. Page 17
To view all questions and flashcards with answers, click on the resource link above.
Page 18