Reference no: EM132391145
Unit Code - SBM4304
Unit Name - IS Security and Risk Management
Name of Program - Bachelor of Business Information Systems
Asia Pacific International College, APIC, Australia
SECTION A - Multiple Choice Questions
Answer all multiple choice questions.
Q1. The term ____ is frequently used to describe the tasks of securing information that is in a digital format.
a. network security
b. information security
c. physical security
d. logical security
Q2. In information security, an example of a threat agent can be ____.
a. a force of nature such as a tornado that could destroy computer equipment
b. a virus that attacks a computer network
c. an unsecured computer network
d. both a and b
Q3. _______is when an attacker tricks users into giving out information or performing
a compromising action.
a. Phreaking
b. Hacking
c. Social engineering
d. Reverse engineering
Q4. Which of the following malware can transfer via network without the need of the user action?
a. Virus
b. Worm
c. Adware
d. Spyware
Q5. Unlike other malware, a ____ is heavily dependent upon the user for its survival.
a. Trojan
b. worm
c. rootkit
d. virus
Q6. _________is a language used to view and manipulate data that is stored in a relational database.
a. C
b. DQL
c. SQL
d. ISL
Q7. HTML is a markup language that uses specific ____ embedded in brackets.
a. blocks
b. marks
c. taps
d. tags
Q8. Web application attacks are considered ____ attacks.
a. client-side
b. hybrid
c. server-side
d. relationship
Q9. ____ substitutes DNS addresses so that the computer is automatically redirected to another device.
a. DNS poisoning
b. Phishing
c. DNS marking
d. DNS overloading
Q10. _______is the probability that a risk will occur in a particular year.
a. SLE
b. ALE
c. ARO
d. EF
Q11. A(n) ____ is hardware or software that captures packets to decode and analyze its contents.
a. application analyzer
b. protocol analyzer
c. threat profiler
d. system analyser
Q12. ________is a technology that can help to evenly distribute work across a network.
a. Stateful packet filtering
b. Load balancing
c. DNS caching
d. DNS poisoning
Q13. A(n) ____ encrypts all data that is transmitted between the remote device and the network.
a. IKE tunnel
b. VPN
c. endpoint
d. router
Q14. A user or a process functioning on behalf of the user that attempts to access an object is known as the ____.
a. subject
b. reference monitor
c. entity
d. label
Q15. A(n) ____ model is a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.
a. accounting
b. user control
c. access control
d. authorization control
Q16. ____ accounts are user accounts that remain active after an employee has left an organization.
a. Active
b. Stale
c. Orphaned
d. Fragmented
Q17. The ____ function is a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
a. Registration Authority
b. Certificate Authority
c. Repudiation Authority
d. Intermediate Authority
Q18. With the ____ model, there is one CA that acts as a "facilitator" to interconnect all other CAs.
a. bridge trust
b. distributed trust
c. third-party trust
d. transitive trust
Q19. The ____ algorithm is the most common asymmetric cryptography algorithm and is the basis for several products.
a. AES
b. RSA
c. Twofish
d. Blowfish
Q20. ____ can be used to ensure the integrity of a file by guaranteeing that no one has tampered with it.
a. Blocking
b. Hashing
c. Encrypting
d. Cloning
SECTION B - Short Answer Questions
Answer any five questions from a choice of nine.
Q1. Discuss information protection using CIA with examples.
Q2. Illustrate Gary hat hackers explaining their main goals.
Q3. Discuss the process of private key encryption with the support of diagram.
Q4. Discuss hashing explaining its main characteristics.
Q5. Differentiate between the three main types of malware: Viruses, worms and Trojans.
Q6. Layering is one of the techniques the IT team used to protect organization information. Illustrate the layering security principle.
Q7 Discuss the least of privilege control and its benefits for access control.
Q8. Explain the main weakness of symmetric cryptographic algorithms and how asymmetric cryptographic algorithms can be used overcome the weakness.
Q9. Discuss Phishing attack and illustrate three variations of phishing.
SECTION C - Application Question
Q1. Use the keyword "RISE" and apply a transposition cipher (show both encryption and decryption) on the following plain text - "YOU ARE STRONGER THAN WHAT YOU BELIEVE".