Security Engineering
Solved Exam Questions
Course Introduction
Security Engineering is an interdisciplinary course focused on the principles, techniques, and practices required to design, implement, and manage secure systems. The course covers foundational concepts such as threat modeling, risk management, system hardening, and the architecture of secure software and hardware. Students explore topics including authentication, access control, cryptography, network security, and the secure development lifecycle. Practical cases and real-world examples illustrate common vulnerabilities, attack vectors, and defensive strategies. By integrating technical, procedural, and policy perspectives, this course prepares students to identify, analyze, and mitigate security threats across diverse computing environments.
Recommended Textbook
Computer Security Principles and Practice 2nd Edition by William Stallings
Available Study Resources on Quizplus
24 Chapters
1078 Verified Questions
1078 Flashcards
Source URL: https://quizplus.com/study-set/3971 Page 2
Chapter 1: Computer Systems Overview
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79799
Sample Questions
Q1) A loss of _________ is the unauthorized disclosure of information.
A)confidentiality
B)authenticity
C)integrity
D)availability
Answer: A
Q2) The "A" in the CIA triad stands for "authenticity".
A)True
B)False
Answer: False
Q3) The _________ prevents or inhibits the normal use or management of communications facilities.
A)passive attack
B)denial of service
C)traffic encryption
D)masquerade
Answer: B
Q4) Release of message contents and traffic analysis are two types of _________ attacks.
Answer: passive
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Cryptographic Tools
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79788
Sample Questions
Q1) A _________ protects against an attack in which one party generates a message for another party to sign.
A)data authenticator
B)strong hash function
C)weak hash function
D)digital signature
Answer: B
Q2) A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
A)mode of operation
B)hash function
C)cryptanalysis
D)brute-force attack
Answer: D
Q3) The original message or data that is fed into the algorithm is __________.
A)encryption algorithm
B)secret key
C)decryption algorithm
D)plaintext
Answer: D
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: User Authentication
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79782
Sample Questions
Q1) In a biometric scheme some physical characteristic of the individual is mapped into a digital representation.
A)True
B)False
Answer: True
Q2) To counter threats to remote user authentication,systems generally rely on some form of ___________ protocol.
A)eavesdropping
B)challenge-response
C)Trojan horse
D)denial-of-service
Answer: B
Q3) An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________.
A)cardholder
B)issuer
C)auditor
D)processor
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Access Control
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79781
Sample Questions
Q1) A concept that evolved out of requirements for military information security is ______ .
A)reliable input
B)mandatory access control
C)open and closed policies
D)discretionary input
Q2) A(n)__________ is a resource to which access is controlled.
A)object
B)owner
C)world
D)subject
Q3) X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
Q4) _________ specifications limit the availability of the permissions by placing constraints on the roles that can be activated within or across a user's sessions.
A)PSD
B)DSD
C)SSD
D)SDS ΒΈ
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Database Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79780
Sample Questions
Q1) A query language provides a uniform interface to the database.
A)True
B)False
Q2) With __________ the records in the database are clustered into a number of mutually exclusive groups and the user may only query the statistical properties of each group as a whole.
A)compromise
B)inference
C)partitioning
D)query restriction
Q3) In addition to granting and revoking access rights to a table,in a ___________ administration the owner of the table may grant and revoke authorization rights to other users,allowing them to grant and revoke access rights to the table.
Q4) A _________ is the result of a query that returns selected rows and columns from one or more tables.
Q5) Encryption can be applied to the entire database,at the record level,at the attribute level,or at the level of the individual field.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Malicious Software
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79779
Sample Questions
Q1) A __________ is code inserted into malware that lies dormant until a predefined condition,which triggers an unauthorized act,is met.
A)logic bomb
B)trapdoor
C)worm
D)Trojan horse
Q2) A __________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack.
Q3) Malicious software aims to trick users into revealing sensitive personal data.
A)True
B)False
Q4) In addition to propagating,a worm usually carries some form of payload.
A)True
B)False
Q5) A computer __________ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself.
Q6) Sometimes referred to as the "infection vector",the __________ is the means by which a virus spreads or propagates.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Denial-Of-Service Attacks
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79778
Sample Questions
Q1) Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______.
A)trailing
B)spidering
C)spoofing
D)crowding
Q2) The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.
A)DNS amplification attack
B)SYN spoofing attack
C)basic flooding attack
D)poison packet attack
Q3) ______ relates to the capacity of the network links connecting a server to the wider Internet.
A)Application resource
B)Network bandwidth
C)System payload
D)Directed broadcast
Q4) The standard protocol used for call setup in VoIP is the ________ Protocol.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Intrusion Detection
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79777
Sample Questions
Q1) The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.
Q2) A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.
Q3) __________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
A)Profile based detection
B)Signature detection
C)Threshold detection
D)Anomaly detection
Q4) The _________ (RFC 4766)document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF).
Q5) Signature-based approaches attempt to define normal,or expected, behavior,whereas anomaly approaches attempt to define proper behavior.
A)True
B)False
Q6) The three classes of intruders are masquerader,clandestine user and _________.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Firewalls and Intrusion Prevention Systems
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79776
Sample Questions
Q1) _________ control controls how particular services are used.
A)Service
B)Behavior
C)User
D)Direction
Q2) Typically the systems in the _________ require or foster external connectivity such as a corporate Web site,an e-mail server,or a DNS server.
A)DMZ
B)IP protocol field
C)boundary firewall
D)VPN
Q3) A prime disadvantage of an application-level gateway is the additional processing overhead on each connection.
A)True
B)False
Q4) The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.
A)True
B)False
Q5) Snort Inline adds three new rule types: drop,reject,and _________.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Buffer Overflow
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79798
Sample Questions
Q1) The possibility of overwriting the saved frame pointer and return address forms the core of a stack overflow attack.
A)True
B)False
Q2) A ______ is a structure where data are usually saved on the stack.
A)guard page
B)stack frame
C)heap
D)NOP sled
Q3) The first widely used occurrence of the buffer overflow attack was the _______.
A)Code Red Worm
B)Morris Internet Worm
C)Sasser Worm
D)Slammer Worm
Q4) The attacker is able to precisely specify the starting address of the instructions in the shellcode.
A)True
B)False
Q5) _______ was one of the earliest operating systems written in a high-level language.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Software Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79797
Sample Questions
Q1) Without suitable synchronization of accesses it is possible that values may be corrupted,or changes lost,due to over-lapping access,use, and replacement of shared values.
A)True
B)False
Q2) __________ programming is a form of design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of the software.
Q3) A ________ is a pattern composed of a sequence of characters that describe allowable input variants.
A)canonicalization
B)race condition
C)regular expression
D)shell script
Q4) Defensive programming is sometimes referred to as _________.
A)variable programming
B)secure programming
C)interpretive programming
D)chroot programming
Q5) Program input data may be broadly classified as textual or ______.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Operating System Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79796
Sample Questions
Q1) Security concerns that result from the use of virtualized systems include ______.
A)guest OS isolation
B)guest OS monitoring by the hypervisor
C)virtualized environment security
D)all of the above
Q2) Backup and archive processes are often linked and managed together.
A)True
B)False
Q3) Most large software systems do not have security weaknesses.
A)True
B)False
Q4) System security begins with the installation of the ________.
Q5) Unix and Linux systems grant access permissions for each resource using the ______ command.
Q6) ________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment.
Q7) The three operating system security layers are: physical hardware,operating system kernel,and _________.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Trusted Computing and Multilevel Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79795
Sample Questions
Q1) _________ secure is a class of system that has system resources at more than one security level and that permits concurrent access by users who differ in security clearance and need-to-know,but is able to prevent each user from accessing resources for which the user lacks authorization.
Q2) The BLP model includes a set of rules based on abstract operations that change the state of the system.
A)True
B)False
Q3) The __________ is a controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on the basis of security parameters of the subject and object.
Q4) An object is said to have a security ________ of a given level.
Q5) "An individual (or role)may grant to another individual (or role)access to a document based on the owner's discretion,constrained by the MAC rules" describes the
A)ss-property
B)ds-property
C)*-property
D)cc-property
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: It Security Management and Risk Assessment
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79794
Sample Questions
Q1) The four approaches to identifying and mitigating risks to an organization's IT infrastructure are: baseline approach,detailed risk analysis,combined approach,and __________ approach.
Q2) A(n)_________ is a weakness in an asset or group of assets that can be exploited by one or more threats.
Q3) IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems.
A)True
B)False
Q4) Not proceeding with the activity or system that creates the risk is _________.
Q5) The term ________ refers to a document that details not only the overall security objectives and strategies,but also procedural policies that define acceptable behavior,expected practices,and responsibilities.
Q6) The advantages of the _________ risk assessment approach are that it provides the most detailed examination of the security risks of an organization's IT system and produces strong justification for expenditure on the controls proposed.
Q7) The level of risk the organization views as acceptable is the organization's
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: It Security Controls, plans, and Procedures
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79793
Sample Questions
Q1) The recommended controls need to be compatible with the organization's systems and policies.
A)True
B)False
Q2) ________ controls involve the correct use of hardware and software security capabilities in systems.
Q3) All controls are applicable to all technologies.
A)True
B)False
Q4) The objective of the ________ control category is to avoid breaches of any law,statutory,regulatory,or contractual obligations,and of any security requirements.
A)access
B)asset management
C)compliance
D)business continuity management
Q5) The _________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.
To view all questions and flashcards with answers, click on the resource link above.
Page 17
Chapter 16: Physical and Infrastructure Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79792
Sample Questions
Q1) A prevalent concern that is often overlooked is ________.
A)overvoltage
B)undervoltage
C)dust
D)noise
Q2) _______ includes destruction of equipment and data.
A)Misuse
B)Vandalism
C)Theft
D)Unauthorized physical access
Q3) Physical security must prevent misuse of the physical infrastructure that leads to the misuse or damage of the protected information.
A)True
B)False
Q4) _________ threats encompass conditions in the environment that can damage or interrupt the service of information systems and the data they contain.
Q5) _______ threats encompass threats related to electrical power and electromagnetic emission.
Q6) The most essential element of recovery from physical security breaches is ____.
To view all questions and flashcards with answers, click on the resource link above. Page 18
Chapter 17: Human Resources Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79791
Sample Questions
Q1) The goal of the _______ function is to ensure that all information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service.
Q2) Employees cannot be expected to follow policies and procedures of which they are unaware.
A)True
B)False
Q3) Security awareness,training,and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________ and of potential penalties.
A)regulations
B)accountability
C)liability
D)incidents
Q4) The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness,security basics and literacy,roles and responsibilities relative to IT systems,and the _________ level.
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Security Auditing
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79790
Sample Questions
Q1) Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises.
A)True
B)False
Q2) _________ is a form of auditing that focuses on the security of an organization's IS assets.
Q3) All UNIX implementations will have the same variants of the syslog facility.
A)True
B)False
Q4) ______ is detection of events within a given set of parameters,such as within a given time period or outside a given time period.
Q5) Monitoring areas suggested in ISO 27002 include: authorized access,all privileged operations,unauthorized access attempts,changes to (or attempts to change)system security settings and controls,and __________.
Q6) The ______ repository contains the auditing code to be inserted into an application.
Q7) Messages in the BSD syslog format consist of three parts: PRI,Header,and ___.
Page 20
To view all questions and flashcards with answers, click on the resource link above.
Chapter 19: Legal and Ethical Aspects
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79789
Sample Questions
Q1) A servicemark is the same as a trademark except that it identifies and distinguishes the source of a service rather than a product.
A)True
B)False
Q2) The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users.
A)True
B)False
Q3) ________ ensures that a user may make multiple uses of resources or services without others being able to link these uses together.
A)Anonymity
B)Pseudonymity
C)Unobservability
D)Unlinkability
Q4) The ___________ Act places restrictions on online organizations in the collection of data from children under the age of 13.
Q5) The invasion of the rights secured by patents,copyrights,and trademarks is ________.
Q6) The three types of patents are: utility patents,design patents,and ________.
To view all questions and flashcards with answers, click on the resource link above. Page 21
Chapter 20: Symmetric Encryption and Message
Confidentiality
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79787
Sample Questions
Q1) "Each block of 64 plaintext bits is encoded independently using the same key" is a description of the CBC mode of operation.
A)True
B)False
Q2) __________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.
A)Session key
B)Subkey
C)Key distribution technique
D)Ciphertext key
Q3) Cryptographic systems are generically classified by _________.
A)the type of operations used for transforming plaintext to ciphertext
B)the number of keys used
C)the way in which the plaintext is processed
D)all of the above
Q4) A ________ cipher processes the input elements continuously,producing output one element at a time as it goes along.
Q5) Unlike ECB and CBC modes,________ mode requires only the implementation of the encryption algorithm and not the decryption algorithm.
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Public-Key Cryptography and Message
Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79786
Sample Questions
Q1) The principal attraction of __________ compared to RSA is that it appears to offer equal security for a far smaller bit size,thereby reducing processing overhead.
A)ECC
B)MD5
C)Diffie-Hellman
D)none of the above
Q2) SHA is perhaps the most widely used family of hash functions.
A)True
B)False
Q3) __________ are alarming for two reasons: they come from a completely unexpected direction and they are a ciphertext-only attack.
Q4) The DSS makes use of the _________ and presents a new digital signature technique,the Digital Signature Algorithm (DSA).
A)HMAC
B)XOR
C)RSA
D)SHA-1
Q5) NIST has published FIPS PUB 186,which is known as the ___________.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Internet Security Protocols and Standards
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79785
Sample Questions
Q1) DKIM has been widely adopted by a range of e-mail providers and many Internet service providers.
A)True
B)False
Q2) IP-level security encompasses three functional areas: authentication,confidentiality,and _________.
Q3) The default algorithms used for signing S/MIME messages are SHA-1 and the _________.
Q4) To protect the data,either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base64mapping.
A)radix-64
B)ASCII-64
C)ESP-64
D)safe mapping
Q5) IPsec provides two main functions: a combined authentication/encryption function called ___________ and a key exchange function.
Q6) The ________ is housed in the user's computer and is referred to as a client e-mail program or a local network e-mail server.
Page 24
To view all questions and flashcards with answers, click on the resource link above.
Chapter 23: Internet Authentication Applications
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79784
Sample Questions
Q1) Federated identity management makes use of a number of standards that provide the building blocks for secure identity information exchange across different domains or heterogeneous systems.
A)True
B)False
Q2) Kerberos is designed to counter only one specific threat to the security of a client/server dialogue.
A)True
B)False
Q3) _____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance,function,meaning,or context.
A)HML
B)HTTP
C)XML
D)SOAP
Q4) The ticket contains the user's ID,the server's ID,a __________,a lifetime after which the ticket is invalid,and a copy of the same session key sent in the outer message to the client.
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79783
Sample Questions
Q1) Like TKIP,CCMP provides two services: message integrity and ________.
Q2) The purpose of the discovery phase is for an STA and an AP to recognize each other,agree on a set of security capabilities,and establish an association for future communication using those security capabilities.
A)True
B)False
Q3) The final form of the 802.11i standard is referred to as ________.
A)WEP
B)RSN
C)Wi-Fi
D)WPA
Q4) The wireless access point provides a connection to the network or service.
A)True
B)False
Q5) The fields preceding the MSDU field are referred to as the _________.
Q6) At the top level of the group key hierarchy is the ___________.
Q7) CRC is an error detecting code.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 26