SlideShare une entreprise Scribd logo

Security (IP)

Tanat Tonguthaisri
Tanat Tonguthaisri

Security IT

Formation
1  sur  30
Security by Tanat Tonguthaisri itpe@nstda.or.th
1. Public key cryptography is used for message encryption to prevent wiretapping.   Which of the following is the key used to encrypt the message to be sent? a) Receiver’s public key b) Receiver’s private key c) Sender’s public key d) Sender’s private key
2. Which of the following is the purpose of attaching a digital signature to software published on the Internet? a) To notify that the software author is responsible for its maintenance b) To restrict the software usage to certain users c) To express that the software copyright holder is the signer of the digital signature d) To assure that the software content has not been changed or tampered with
3. Which of the following is an effective measure against information leakage? a) A checksum should be appended to the data to be sent. b) Hard disks in which data is stored should be mirrored. c)Copies of data backup media should be stored at a remote site. d) Content of hard disks in notebook PCs should be encrypted.
4. Which of the following is the most appropriate description concerning worms? a) They infect the OS system files and repetitively intrude other computers over the network. b) Unauthorized functions, such as file destruction, are activated when a certain specific date or condition is met. c) They copy and multiply themselves, and move from one computer to the next through a network. d) They infect other programs and propagate themselves independently without using a network.
5. A Web server was invaded from the outside and tampered with its content. Which of the following is the appropriate sequence of actions to be taken? 1 Analyze the server, IDS (Intrusion Detection System), and firewall logs to identify the access method, the extent of the impact, and the route of entry. 2 Rebuild the system, and apply the latest patches and security setup data. 3 Disconnect the server from the network. 4 Connect the server to the network, and monitor its operation for a while. a) 1→2→3→4 b) 1→3→2→4 c) 2→3→1→4 d) 3→1→2→4
6. Which of the following can be realized by using SSL/TLS? a) Communication processing time between the client and server is reduced. b) Communication between the client and server is encrypted. c) Communication logs between the Web server and browser are recorded. d) SMTP connection from e-mail software to a Web server is enabled.
7. Which of the following is an appropriate description concerning information security policy? a) According to ISO/IEC 27001, corporate security policy must be approved at a general shareholders’ meeting. b) Corporate security policy must be defined for each system to be implemented. c) The company must externally disclose the vulnerability of the information system, which is a contributing factor of establishing the security policy. d) In order to achieve the target security level, it is necessary to clarify the way of thinking behind both actions to be followed and judgment.
8. In online electronic commerce, retail stores and customers are vulnerable to threats such as falsification, spoofing, and repudiation during order processing. Which of the following is a security technology applicable to prevent these three threats? a) Virus check b) Junk mail filtering c) Digital signature d) Packet filtering
9. Which of the following is an appropriate method to manage user IDs for a company’s in-house system? a) Shared IDs are recommended rather than personal IDs in order to reduce consumption of system resources. b) IDs for retired employees should be kept until removal is requested by them. c) Registered IDs and user privileges should be regularly inspected. d) When users are transferred, new access privileges should be granted in addition to the previously vested access privileges.
10. Which of the following describes how to use a virus definition file as a countermeasure against computer viruses? a) It is a file that is included in antivirus software, and is used to repair files infected with viruses. b) It is a file, containing signature codes of known viruses, which is used by antivirus software to detect viruses. c) It is a file, containing program codes of known viruses, which is used to reactivate the viruses and to determine the damage. d) It is a file that is required for recovery, and is used when data files are destroyed by viruses.
11. Which of the following is the main purpose of a penetration test? a)To confirm the strength of the in-use encryption method b)To confirm that the outputs resulting from various inputs to the target program are identical with the outputs defined in the specifications c) To confirm the number of sessions that the firewall can process per unit time d)To confirm that there is neither a security hole nor a setup error on the firewall and public servers
12. A document was received via e-mail as an attachment while at work. When the document was opened by using a word processing program, it was abnormally terminated. When the received e-mail or attached document is possibly contaminated with a computer virus, which of the following is an appropriate action to be taken? a) Disconnecting the PC from the network, and then reinstalling the OS b) Disconnecting the PC from the network, and immediately reporting to the person in charge of the system management department c) Checking whether the problem is reproducible, if necessary, by reinstalling the word processing program d) Sending an e-mail to all employees, and alerting them to the virus infection
13. Which of the following is an appropriate description concerning cryptography? a) The process of turning the encrypted text back into its original plain text is called reset. b) In common key cryptography, the encrypted text and common key are transmitted together. c) In public key cryptography, the key used for encryption is different from that for recovering the plain text from the encrypted text. d) Common key cryptography is used for digital signature.
14. Which of the following can be made possible by using a digital signature in electronic commerce? a)Preventing an unintended third party from accessing any confidential file b)Checking that a file is not infected with a virus c) Preventing the contents of a transaction from being leaked through wiretapping d)Authenticating the trading partner and checking that the contents of a transaction are not falsified
15. Which of the following is the purpose of a DoS attack against a server? a) Takeover of server administrator’s privileges b) Blocking of services c) Falsification of data d) Stealing of data
16. Which of the following is the self- propagating program that can send its replication attached to an e-mail message via a network, such as the Internet, or copy itself onto other computers in the network? a) Cookie b) Spyware c) Trojan horse d) Worm
17. Which of the following is an appropriate explanation of spam mail? a) E-mail that is indiscriminately sent to users without their consent b) E-mail that is distributed to all participants registered previously for a specific purpose c) E-mail that is sent or forwarded with the same content by a receiver to multiple destinations and causes the number of receivers to continue increasing d) A message exchange system that provides a message posting function using e-mail or Web page to enable information exchange with the general public
18. Which of the following is a security incident categorized as being caused by a physical threat? a) The server room is flooded because of heavy rain, which causes the equipment to stop. b) A large amount of data is sent from the external network to the public server, which causes the server to stop. c) An attacker intrudes into the corporate server over the network and destroys files. d) An employee makes an operational error on the computer, and data is destroyed.
19. A cookie is a small data file that a web site can transfer to a browser to maintain records of the visit to the web site. Among descriptions A through C concerning such a cookie, which of the following is a list of only the appropriate descriptions? A: Since the cookie always inherits the ID and password entered during the last visit to a Web site, it is not necessary to enter them again when the Web site is viewed using another PC. B: After a Web site is viewed from a temporarily PC rented at an Internet cafe or other places, the cookie should be deleted. C: When personal information is stored in the cookie, such information may be stolen using cross site scripting or some other means. a) A, B b) A, B, C c) A, C d) B, C
20. Which of the following is an appropriate guideline for users concerning protection against computer viruses? a) When software is installed, the “read-me” file or other instructions should be read and followed prior to running a virus check. b) The autostart function should be enabled as a preventive measure against virus infection via removable disc media. c) The auto preview function should be disabled as a preventive measure against virus infection via e-mail. d) File extension names should be hidden to prevent application software from being started automatically by identifying the type of file.
21. Which of the following is an appropriate description concerning a method used for phishing? a) If data entered in a Web page is displayed as is, a malicious script embedded in the page causes damage to users and servers. b) Computers infected with a virus are controlled from outside via a network such as the Internet. c) Computer user’s personal information, such as IP address or Web browsing history, is secretly collected and sent outside. d) E-mails, which pretend to be from an existing business or organization, are sent to lead recipients to a bogus Web site and to steal their personal information.
22. When portable computers are used for remote access to data on an office server, which of the following is an effective security measure? a) The login screen of portable computers should be set up so that the previously entered user ID and password can be reused. b) As much of the required data as possible should be copied onto the portable computers in order to keep network use to a minimum. c) User IDs should be shared among multiple users so that unauthorized access can be detected easily. d) One-time passwords should be used to allow access to the office server from a remote location.
23. Among information security measures A through D implemented in the workplace to maintain the “confidentiality” and “integrity” of information, which of the following is a list of only the appropriate measures? A: PCs should remain unlocked to keep them ready for operation from the start to the end of the business day. B: Documents and electronic storage media, such as CD-R containing important information, should be stored in locked cabinets except when they are used. C: Documents sent or received by facsimile should be picked up immediately without leaving them unattended on the tray. D: Messages or information written on the whiteboard should be erased immediately after use. a) A, B b) A, B, D c) B, D d) B, C, D
24. A PC was checked for computer viruses, and a certain number of infected files were discovered. Which of the following is an appropriate course of action that should be taken by the person who found the infected files? a) Contacting the recipients to whom the files infected by an unknown virus were forwarded, after identifying the virus so that they can take corrective action b) Forwarding the infected files to the system administrator by e-mail so that the administrator can promptly take measures c) Disconnecting the infected PC immediately from the network in order to prevent other PCs from being infected d) Enabling the write protection of removable media that were used for a day-old backup in order to prevent other files from being infected
25. There exists a model of communication from A to B based on public key cryptography as shown below. Which of the following is an appropriate description concerning this model? The message sent by A is used to generate a message authentication code. This authentication code is encrypted using A’s private key to generate a bit string that is sent to B by e-mail along with the original message. B obtains A’s public key from a trusted organization, and in addition to decrypting the received bit string, B generates the message authentication code from the received message to verify that both codes are the same before the message is used. a) A can confirm that the message is delivered to B. b) A can guarantee to B that the message is not wiretapped. c) B is guaranteed to receive the message from A. d) B can confirm that the message is from A and is not falsified.
26. Which of the following is an appropriate description concerning the information security policy? a) The security policy of a company is intended to define what should be set for each security system, so its contents vary depending on the security-related product to be installed. b) The security policy of a company provides guidelines on the action and judgment to be followed and does not cover the stance and direction on security measures. c) It is desirable for top management of a company to disclose the vulnerability of the information system that forces the company to create the security policy. d) It is necessary to clarify the vision about the action and judgment to be followed to achieve the target security level.
27. Which of the following is the term that refers to the act of setting up a bogus Web page imitating a bank, a credit card company, or other organization, and tricking a user with an e-mail disguised as an official message from the financial organization or a public organization in order to guide a user to the bogus Web page and steal personal information such as the personal identification number and credit card number? a) Cracking b) Buffer overflow c) Phishing d) Bot
28. Which of the following is an appropriate description concerning a macro virus? a) It is a new virus that is created by combing multiple viruses into one. b) It moves across computers connected via a network while replicating itself. c) It is an executable file that is sent as an attachment to an e-mail message. d) It infects data files used by word processing software or spreadsheet software.
29. Which of the following is a method that may cause a mail server to go down by sending a large number of unsolicited e- mails to a lot of e-mail users in a short period of time with the aim of advertising or selling goods or services? a) Spam mail b) Chain mail c) E-mail bomb d) Multi-posting

Recommandé

Network (IP)
Network (IP)Network (IP)
Network (IP)
Tanat Tonguthaisri
 
Network (FE)
Network (FE)Network (FE)
Network (FE)
Tanat Tonguthaisri
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
Tanat Tonguthaisri
 
Human Interface & Multimedia
Human Interface & MultimediaHuman Interface & Multimedia
Human Interface & Multimedia
Tanat Tonguthaisri
 
Chapter3 transport
Chapter3 transportChapter3 transport
Chapter3 transport
Diego Corrales
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
United International University
 
Chapter1 intro
Chapter1 introChapter1 intro
Chapter1 intro
Diego Corrales
 
Chapter4 Network
Chapter4 NetworkChapter4 Network
Chapter4 Network
Diego Corrales
 

Recommandé

Network (IP)
Network (IP)Network (IP)
Network (IP)
Tanat Tonguthaisri
 
Network (FE)
Network (FE)Network (FE)
Network (FE)
Tanat Tonguthaisri
 
Security (FE)
Security (FE)Security (FE)
Security (FE)
Tanat Tonguthaisri
 
Human Interface & Multimedia
Human Interface & MultimediaHuman Interface & Multimedia
Human Interface & Multimedia
Tanat Tonguthaisri
 
Chapter3 transport
Chapter3 transportChapter3 transport
Chapter3 transport
Diego Corrales
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
United International University
 
Chapter1 intro
Chapter1 introChapter1 intro
Chapter1 intro
Diego Corrales
 
Chapter4 Network
Chapter4 NetworkChapter4 Network
Chapter4 Network
Diego Corrales
 
Wireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solutionWireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solution
United International University
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
Aram Mohammed
 
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338qCisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
keiko277
 
Ch02 e commerce
Ch02 e commerceCh02 e commerce
Ch02 e commerce
Muzammil Faisal
 
Operating system Interview Questions
Operating system Interview QuestionsOperating system Interview Questions
Operating system Interview Questions
Kuntal Bhowmick
 
The Network Protocol Stack Revisited
The Network Protocol Stack RevisitedThe Network Protocol Stack Revisited
The Network Protocol Stack Revisited
inbroker
 
Computer Network Interview Questions
Computer Network Interview QuestionsComputer Network Interview Questions
Computer Network Interview Questions
Kuntal Bhowmick
 
Week3 lec3-bscs1
Week3 lec3-bscs1Week3 lec3-bscs1
Week3 lec3-bscs1
syedhaiderraza
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
Rio Ap
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources
Freddy Buenaño
 
Chapter 9 security
Chapter 9 securityChapter 9 security
Chapter 9 security
Naiyan Noor
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
mithilak
 
security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suitesecurity problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suite
Yash Kotak
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet Protocols
Anil Neupane
 
Web Dev Research
Web Dev ResearchWeb Dev Research
Web Dev Research
nathomas82
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manual
Jaya Prasanna
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2
CAS
 
The Internet and World Wide Web
The Internet and World Wide WebThe Internet and World Wide Web
The Internet and World Wide Web
webhostingguy
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
Freddy Buenaño
 
Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
stacio
 
What are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdfWhat are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdf
arishmarketing21
 

Contenu connexe

Tendances

Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338qCisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
keiko277
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources
Freddy Buenaño
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manual
Jaya Prasanna
 
The Internet and World Wide Web
The Internet and World Wide WebThe Internet and World Wide Web
The Internet and World Wide Web
webhostingguy
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
Freddy Buenaño
 

Tendances (20)

Wireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solutionWireshark Lab HTTP, DNS and ARP v7 solution
Wireshark Lab HTTP, DNS and ARP v7 solution
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
 
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338qCisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
Cisco.exactquestions.200 120.v2014-12-23.by.konrad.338q
 
Ch02 e commerce
Ch02 e commerceCh02 e commerce
Ch02 e commerce
 
Operating system Interview Questions
Operating system Interview QuestionsOperating system Interview Questions
Operating system Interview Questions
 
The Network Protocol Stack Revisited
The Network Protocol Stack RevisitedThe Network Protocol Stack Revisited
The Network Protocol Stack Revisited
 
Computer Network Interview Questions
Computer Network Interview QuestionsComputer Network Interview Questions
Computer Network Interview Questions
 
Week3 lec3-bscs1
Week3 lec3-bscs1Week3 lec3-bscs1
Week3 lec3-bscs1
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
 
25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources
 
Chapter 9 security
Chapter 9 securityChapter 9 security
Chapter 9 security
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
 
security problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suitesecurity problems in the tcp/ip protocol suite
security problems in the tcp/ip protocol suite
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet Protocols
 
Web Dev Research
Web Dev ResearchWeb Dev Research
Web Dev Research
 
Final networks lab manual
Final networks lab manualFinal networks lab manual
Final networks lab manual
 
RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2RRB JE Stage 2 Computer and Applications Questions Part 2
RRB JE Stage 2 Computer and Applications Questions Part 2
 
The Internet and World Wide Web
The Internet and World Wide WebThe Internet and World Wide Web
The Internet and World Wide Web
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
 

Similaire à Security (IP)

What are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdfWhat are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdf
arishmarketing21
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
ambersalomon88660
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
Google
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
Google
 
1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology
sandibabcock
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
praveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
ijdmtaiir
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdf
RoysLoudes
 
1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx
SONU61709
 
Embedded
EmbeddedEmbedded
Embedded
Abindas
 
Which of the following is NOT a reason for the difficulties in prosecu.docx
Which of the following is NOT a reason for the difficulties in prosecu.docxWhich of the following is NOT a reason for the difficulties in prosecu.docx
Which of the following is NOT a reason for the difficulties in prosecu.docx
SUKHI5
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 

Similaire à Security (IP) (20)

Modul 1-sample-test
Modul 1-sample-testModul 1-sample-test
Modul 1-sample-test
 
What are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdfWhat are the security requirements and challenges of Grid and Cloud .pdf
What are the security requirements and challenges of Grid and Cloud .pdf
 
1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx1. The sale of sensitive or confidential company information to a .docx
1. The sale of sensitive or confidential company information to a .docx
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
 
Bangladesh Bank Assistant Maintenance Engineer Question Solution.
Bangladesh Bank Assistant Maintenance Engineer Question Solution.Bangladesh Bank Assistant Maintenance Engineer Question Solution.
Bangladesh Bank Assistant Maintenance Engineer Question Solution.
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
shubhangi.pptx
shubhangi.pptxshubhangi.pptx
shubhangi.pptx
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology1)Which of the following are Penetration testing methodology
1)Which of the following are Penetration testing methodology
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
SCOR-350-701-V6.pdf
SCOR-350-701-V6.pdfSCOR-350-701-V6.pdf
SCOR-350-701-V6.pdf
 
1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx1) Which of the following are Penetration testing methodology .docx
1) Which of the following are Penetration testing methodology .docx
 
The CCleaner Infection
The CCleaner InfectionThe CCleaner Infection
The CCleaner Infection
 
Embedded
EmbeddedEmbedded
Embedded
 
Ccna 1 8
Ccna 1 8Ccna 1 8
Ccna 1 8
 
Which of the following is NOT a reason for the difficulties in prosecu.docx
Which of the following is NOT a reason for the difficulties in prosecu.docxWhich of the following is NOT a reason for the difficulties in prosecu.docx
Which of the following is NOT a reason for the difficulties in prosecu.docx
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 

Plus de Tanat Tonguthaisri

Plus de Tanat Tonguthaisri (16)

Siam RegTech for Fintech Challenge
Siam RegTech for Fintech ChallengeSiam RegTech for Fintech Challenge
Siam RegTech for Fintech Challenge
 
Siam RegTech
Siam RegTechSiam RegTech
Siam RegTech
 
Messaging 20170615
Messaging 20170615Messaging 20170615
Messaging 20170615
 
Learn SABAI for YC Startup School
Learn SABAI for YC Startup SchoolLearn SABAI for YC Startup School
Learn SABAI for YC Startup School
 
Narration 20170615
Narration 20170615Narration 20170615
Narration 20170615
 
Configuration management - certificate of achievement
Configuration management - certificate of achievementConfiguration management - certificate of achievement
Configuration management - certificate of achievement
 
Siam RegTech
Siam RegTechSiam RegTech
Siam RegTech
 
IBM Blockchain for developers
IBM Blockchain for developersIBM Blockchain for developers
IBM Blockchain for developers
 
Learn SABAI for Research Gap Fund
Learn SABAI for Research Gap FundLearn SABAI for Research Gap Fund
Learn SABAI for Research Gap Fund
 
RIAN SABAI
RIAN SABAIRIAN SABAI
RIAN SABAI
 
Management (IP)
Management (IP)Management (IP)
Management (IP)
 
Strategy (IP)
Strategy (IP)Strategy (IP)
Strategy (IP)
 
Basic Theory (IP)
Basic Theory (IP)Basic Theory (IP)
Basic Theory (IP)
 
Database (IP)
Database (IP)Database (IP)
Database (IP)
 
Medium Questions
Medium QuestionsMedium Questions
Medium Questions
 
Basic Theory (FE)
Basic Theory (FE)Basic Theory (FE)
Basic Theory (FE)
 

Dernier

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Dernier (20)

Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 

Security (IP)

  • 1. Security by Tanat Tonguthaisri itpe@nstda.or.th
  • 2. 1. Public key cryptography is used for message encryption to prevent wiretapping.   Which of the following is the key used to encrypt the message to be sent? a) Receiver’s public key b) Receiver’s private key c) Sender’s public key d) Sender’s private key
  • 3. 2. Which of the following is the purpose of attaching a digital signature to software published on the Internet? a) To notify that the software author is responsible for its maintenance b) To restrict the software usage to certain users c) To express that the software copyright holder is the signer of the digital signature d) To assure that the software content has not been changed or tampered with
  • 4. 3. Which of the following is an effective measure against information leakage? a) A checksum should be appended to the data to be sent. b) Hard disks in which data is stored should be mirrored. c)Copies of data backup media should be stored at a remote site. d) Content of hard disks in notebook PCs should be encrypted.
  • 5. 4. Which of the following is the most appropriate description concerning worms? a) They infect the OS system files and repetitively intrude other computers over the network. b) Unauthorized functions, such as file destruction, are activated when a certain specific date or condition is met. c) They copy and multiply themselves, and move from one computer to the next through a network. d) They infect other programs and propagate themselves independently without using a network.
  • 6. 5. A Web server was invaded from the outside and tampered with its content. Which of the following is the appropriate sequence of actions to be taken? 1 Analyze the server, IDS (Intrusion Detection System), and firewall logs to identify the access method, the extent of the impact, and the route of entry. 2 Rebuild the system, and apply the latest patches and security setup data. 3 Disconnect the server from the network. 4 Connect the server to the network, and monitor its operation for a while. a) 1→2→3→4 b) 1→3→2→4 c) 2→3→1→4 d) 3→1→2→4
  • 7. 6. Which of the following can be realized by using SSL/TLS? a) Communication processing time between the client and server is reduced. b) Communication between the client and server is encrypted. c) Communication logs between the Web server and browser are recorded. d) SMTP connection from e-mail software to a Web server is enabled.
  • 8. 7. Which of the following is an appropriate description concerning information security policy? a) According to ISO/IEC 27001, corporate security policy must be approved at a general shareholders’ meeting. b) Corporate security policy must be defined for each system to be implemented. c) The company must externally disclose the vulnerability of the information system, which is a contributing factor of establishing the security policy. d) In order to achieve the target security level, it is necessary to clarify the way of thinking behind both actions to be followed and judgment.
  • 9. 8. In online electronic commerce, retail stores and customers are vulnerable to threats such as falsification, spoofing, and repudiation during order processing. Which of the following is a security technology applicable to prevent these three threats? a) Virus check b) Junk mail filtering c) Digital signature d) Packet filtering
  • 10. 9. Which of the following is an appropriate method to manage user IDs for a company’s in-house system? a) Shared IDs are recommended rather than personal IDs in order to reduce consumption of system resources. b) IDs for retired employees should be kept until removal is requested by them. c) Registered IDs and user privileges should be regularly inspected. d) When users are transferred, new access privileges should be granted in addition to the previously vested access privileges.
  • 11. 10. Which of the following describes how to use a virus definition file as a countermeasure against computer viruses? a) It is a file that is included in antivirus software, and is used to repair files infected with viruses. b) It is a file, containing signature codes of known viruses, which is used by antivirus software to detect viruses. c) It is a file, containing program codes of known viruses, which is used to reactivate the viruses and to determine the damage. d) It is a file that is required for recovery, and is used when data files are destroyed by viruses.
  • 12. 11. Which of the following is the main purpose of a penetration test? a)To confirm the strength of the in-use encryption method b)To confirm that the outputs resulting from various inputs to the target program are identical with the outputs defined in the specifications c) To confirm the number of sessions that the firewall can process per unit time d)To confirm that there is neither a security hole nor a setup error on the firewall and public servers
  • 13. 12. A document was received via e-mail as an attachment while at work. When the document was opened by using a word processing program, it was abnormally terminated. When the received e-mail or attached document is possibly contaminated with a computer virus, which of the following is an appropriate action to be taken? a) Disconnecting the PC from the network, and then reinstalling the OS b) Disconnecting the PC from the network, and immediately reporting to the person in charge of the system management department c) Checking whether the problem is reproducible, if necessary, by reinstalling the word processing program d) Sending an e-mail to all employees, and alerting them to the virus infection
  • 14. 13. Which of the following is an appropriate description concerning cryptography? a) The process of turning the encrypted text back into its original plain text is called reset. b) In common key cryptography, the encrypted text and common key are transmitted together. c) In public key cryptography, the key used for encryption is different from that for recovering the plain text from the encrypted text. d) Common key cryptography is used for digital signature.
  • 15. 14. Which of the following can be made possible by using a digital signature in electronic commerce? a)Preventing an unintended third party from accessing any confidential file b)Checking that a file is not infected with a virus c) Preventing the contents of a transaction from being leaked through wiretapping d)Authenticating the trading partner and checking that the contents of a transaction are not falsified
  • 16. 15. Which of the following is the purpose of a DoS attack against a server? a) Takeover of server administrator’s privileges b) Blocking of services c) Falsification of data d) Stealing of data
  • 17. 16. Which of the following is the self- propagating program that can send its replication attached to an e-mail message via a network, such as the Internet, or copy itself onto other computers in the network? a) Cookie b) Spyware c) Trojan horse d) Worm
  • 18. 17. Which of the following is an appropriate explanation of spam mail? a) E-mail that is indiscriminately sent to users without their consent b) E-mail that is distributed to all participants registered previously for a specific purpose c) E-mail that is sent or forwarded with the same content by a receiver to multiple destinations and causes the number of receivers to continue increasing d) A message exchange system that provides a message posting function using e-mail or Web page to enable information exchange with the general public
  • 19. 18. Which of the following is a security incident categorized as being caused by a physical threat? a) The server room is flooded because of heavy rain, which causes the equipment to stop. b) A large amount of data is sent from the external network to the public server, which causes the server to stop. c) An attacker intrudes into the corporate server over the network and destroys files. d) An employee makes an operational error on the computer, and data is destroyed.
  • 20. 19. A cookie is a small data file that a web site can transfer to a browser to maintain records of the visit to the web site. Among descriptions A through C concerning such a cookie, which of the following is a list of only the appropriate descriptions? A: Since the cookie always inherits the ID and password entered during the last visit to a Web site, it is not necessary to enter them again when the Web site is viewed using another PC. B: After a Web site is viewed from a temporarily PC rented at an Internet cafe or other places, the cookie should be deleted. C: When personal information is stored in the cookie, such information may be stolen using cross site scripting or some other means. a) A, B b) A, B, C c) A, C d) B, C
  • 21. 20. Which of the following is an appropriate guideline for users concerning protection against computer viruses? a) When software is installed, the “read-me” file or other instructions should be read and followed prior to running a virus check. b) The autostart function should be enabled as a preventive measure against virus infection via removable disc media. c) The auto preview function should be disabled as a preventive measure against virus infection via e-mail. d) File extension names should be hidden to prevent application software from being started automatically by identifying the type of file.
  • 22. 21. Which of the following is an appropriate description concerning a method used for phishing? a) If data entered in a Web page is displayed as is, a malicious script embedded in the page causes damage to users and servers. b) Computers infected with a virus are controlled from outside via a network such as the Internet. c) Computer user’s personal information, such as IP address or Web browsing history, is secretly collected and sent outside. d) E-mails, which pretend to be from an existing business or organization, are sent to lead recipients to a bogus Web site and to steal their personal information.
  • 23. 22. When portable computers are used for remote access to data on an office server, which of the following is an effective security measure? a) The login screen of portable computers should be set up so that the previously entered user ID and password can be reused. b) As much of the required data as possible should be copied onto the portable computers in order to keep network use to a minimum. c) User IDs should be shared among multiple users so that unauthorized access can be detected easily. d) One-time passwords should be used to allow access to the office server from a remote location.
  • 24. 23. Among information security measures A through D implemented in the workplace to maintain the “confidentiality” and “integrity” of information, which of the following is a list of only the appropriate measures? A: PCs should remain unlocked to keep them ready for operation from the start to the end of the business day. B: Documents and electronic storage media, such as CD-R containing important information, should be stored in locked cabinets except when they are used. C: Documents sent or received by facsimile should be picked up immediately without leaving them unattended on the tray. D: Messages or information written on the whiteboard should be erased immediately after use. a) A, B b) A, B, D c) B, D d) B, C, D
  • 25. 24. A PC was checked for computer viruses, and a certain number of infected files were discovered. Which of the following is an appropriate course of action that should be taken by the person who found the infected files? a) Contacting the recipients to whom the files infected by an unknown virus were forwarded, after identifying the virus so that they can take corrective action b) Forwarding the infected files to the system administrator by e-mail so that the administrator can promptly take measures c) Disconnecting the infected PC immediately from the network in order to prevent other PCs from being infected d) Enabling the write protection of removable media that were used for a day-old backup in order to prevent other files from being infected
  • 26. 25. There exists a model of communication from A to B based on public key cryptography as shown below. Which of the following is an appropriate description concerning this model? The message sent by A is used to generate a message authentication code. This authentication code is encrypted using A’s private key to generate a bit string that is sent to B by e-mail along with the original message. B obtains A’s public key from a trusted organization, and in addition to decrypting the received bit string, B generates the message authentication code from the received message to verify that both codes are the same before the message is used. a) A can confirm that the message is delivered to B. b) A can guarantee to B that the message is not wiretapped. c) B is guaranteed to receive the message from A. d) B can confirm that the message is from A and is not falsified.
  • 27. 26. Which of the following is an appropriate description concerning the information security policy? a) The security policy of a company is intended to define what should be set for each security system, so its contents vary depending on the security-related product to be installed. b) The security policy of a company provides guidelines on the action and judgment to be followed and does not cover the stance and direction on security measures. c) It is desirable for top management of a company to disclose the vulnerability of the information system that forces the company to create the security policy. d) It is necessary to clarify the vision about the action and judgment to be followed to achieve the target security level.
  • 28. 27. Which of the following is the term that refers to the act of setting up a bogus Web page imitating a bank, a credit card company, or other organization, and tricking a user with an e-mail disguised as an official message from the financial organization or a public organization in order to guide a user to the bogus Web page and steal personal information such as the personal identification number and credit card number? a) Cracking b) Buffer overflow c) Phishing d) Bot
  • 29. 28. Which of the following is an appropriate description concerning a macro virus? a) It is a new virus that is created by combing multiple viruses into one. b) It moves across computers connected via a network while replicating itself. c) It is an executable file that is sent as an attachment to an e-mail message. d) It infects data files used by word processing software or spreadsheet software.
  • 30. 29. Which of the following is a method that may cause a mail server to go down by sending a large number of unsolicited e- mails to a lot of e-mail users in a short period of time with the aim of advertising or selling goods or services? a) Spam mail b) Chain mail c) E-mail bomb d) Multi-posting