100% found this document useful (1 vote)
901 views15 pages

Cs205 Mid by M. Qasim

Uploaded by

maryammuradawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
901 views15 pages

Cs205 Mid by M. Qasim

Uploaded by

maryammuradawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Cs 205 mid-term fie by M. Qasim Aii and Madam Sabahat Jabeen.

03337435091

M. Qasim Aii CS 205. 03337435091. U tube channei DIGITAL WORLD


MCQS:

1. An atack in hich atacker alter the system resurrces is called rrrrrr?


A. Active atack
B. Passive atack
C. Direct atack
D. Ind irect atack
2. Strd ents are nut Allu ed tu bring cell phune in the exam hall is example ufrrrrrrr?
A. Secrrity Pulicy
B. Secrrity cuntrul
C. Secrrity mechanism
D. Secrrity service
3. rrrrrrrrrrrr are three pillars uf infurmatiun secrrity secrrity?
ANS: cunfd entiality, integrity, availability.
4. Ransum are is _________?
Ans: a type uf atack that encrypt d ata un cumprter and servers.
5. NESSUS tuul is rsed at ______ layer in infurmatiun secrrity transfurmatiun frame urk?
A. Sec guvernance
B. Sec engineering
C. Vrlnerability management.
D. Sec hard ening
6. ______ mean efective management uf secrrity prugram ?
A. Sec guvernance
B. Sec engineering
C. Vrlnerability management.
D. Sec hard ening
7. Which uf the fullu ing ill be cunsid ered the must specifc stand ard / frame urk applicable unly
tu specifc type uf ind rstry?
A. ISO27002.2013
B. COBIT
C. PCI.DSS
D. ISO27001.2013
8. Which uf the fullu ing may be applied tu any type uf ind rstry in hich infurmatiun technulugy
is being rsed ?
A. ISO27002.2013
B. COBIT, and ISMS
C. COBIT, ISMS, PCI
D. PCI, DSS, ISMS

9. ____are challenges uf infurmatiun secrrity?

A. Lack uf brd get and insrfcient recurrse allucatiun


B. Highly specialized and cuntinrursly changing technulugy

C. Clurd and IOT

D. lack uf u ner ship, d epartment silus, missing secrrity hard ening ( I think D, may be A)

10. There are ____ main steps in infurmatiun secrrity life cycle

A. 6

B. 7

C. 9

D. 11

11. Regiunally the must ell d eveluped cyber secrrity strategy and frame urk

Develuped by Malaysia is at rank ________?

A. 1
B. 2
C. 3
D. 4

12. ____ is preventiun uf the rnarthurized rse uf a resurrce?

A. Access cuntrul

B. Data integrity

C. nunrreprd iatiun

D. availability

13. The next generatiun fre all shurld be placed at _______?

A. Insid e the d ata center

B. Where it is physically secrre

C. Insid e the DMZ

D. At the net urk perimeter and at the entrance tu the d ata center

14: Majur secrrity frnctiun perfurmed be the perimeter NGN NGN fre all are____?

A. Web sec and email sec.


B. Mal are fltering, access list fur trafc fltering band id th fltering
C. Wan interface
D. APPT atack preventiun
15. The key challenges ith mubile technulugy is that __________?NGN

A. It Is lead ing tu astage uf time and d istractiun

B. Trad itiunal enterprise secrrity perimeter burnd ary has d isappeared .

C. Lucatiun u the rser can be tracked

D. Apps un mubile d evice may be Trujans.

16. The recummend ed manners tu prutect sensitive d ata ith a VM is tu

A. Encrypt d ata stured un urkstatiun

B. Encrypted stured un virtral and clurd servers.

C. Encrypt d ata stured un USB

D. Encrypt d ata stured fle servers

17. One uf the main challenge in small sized urganizatiun related tu secrrity is_____?

A. Lack uf guud d ata center

B. Lack uf brd get and resurrces allucate fur secrrity.

C. Lack uf secrrity vend ur

D. Lack uf secrrity d evices

18. At hich puint a maliciurs entity/ black hat hackers atack fur ebsite d efacement in an IT
net urk____?

A. Ed ge rurter ur ed ge fre all

B. Web server in DMZ

C. Email gate ay

D. Data center s itch

19. Hu eb and email can be secrred against mal are and atacks in and Enterprise IT net urk?

A. BY blucking rnarthurized trafc at ed ge

B. By keeping a guud and rpd ated sulrtiun

C. By rsing eb secrrity an email antispam gate ay

D. By rsing mal are prutectiun at ed ge.


20. _____ are the main phases/steps in a brsiness cuntinrity life cycle.

A. analysis, d esign, implement and valid ate

B. id entity, analyze, d esign, execrte

C. Id entity, analyze, d esign, execrte, measrre,

D. Analyze, implementatiun and valid ate

21. ________ enterprises have their u n vrlnerability scanner ?

A. 90%

B. 75%

C. 50%

D. 5%

22. _______ pruject seqrence is fullu ed in infurmatiun prujects.

A. Establish track, implement acruss IT

B. Pilut, implement acruss IT, cuntinrurs impruvement.

C. Establish track, MSB, pilut, implement acruss IT, cuntinrurs impruvement

D. Establish track, MSB, implement acruss IT

23. ____ categury has maximrm nrmber uf CIS benchmark

A. Operating system

B. Mubile d evice.

C. net urk d evice.

D. Clurd pruvid ers

24. _____ categury has minimrm nrmber uf CIS benchmark

A. Mrltifrnctiun puint d evice.

B. mubile d evice

C. net urk d evice.

D. Clurd pruvid er

25. What d ues ard it explain aburt cuntrul in CIS benchmark?

A. Describe the cuntrul

B. Describe the beneft

C. Tells hu tu check the cuntruls.


D. Tells hu tu apply cuntruls

26. Accurd ing tu applicability CIS d evice cuntrul in ______ categury?

A. Level1 and level 2

B. Scured and rn scured .

C. Cat1 , Cat2, Cat3

D. High critical, lu critical

27. Freqrency uf rpd ating the signatrre fle fur antivirrs prugram mrst be set tu ___?

A. Daily basis

B. eekly basis

C. furtnightly basis

D. Munthly basis

28. The d irect cunsule rser interface shurld be ______ ?

A. Disable

B. Enable

C. Partially enabled

D. Munitured

29. A prugram ur d evice that can munitur d ata traveling uver a net urk is called ____ ?

A. Huax

B. Rurter

C. Snifer ( Cunfurm frum guugle)

D. Spuuf

30. Internatiunalized d umain name are d isplayed as

A. Litle ENDIAN

B. Big ENDIAN

C. UTFr32

D. UNICODE

31. Infurmatiun secrrity is cumbinatiun uf ______?

ANS: Peuple prucess and technulugy


32. Und er hich categury uf CIS benchmark MS ind u servers fall?

A. server suf are

B. Mubile d evice

C. Operating system

D. Clurd pruvid ers

33. OWASP, clurd secrrity alliance, ISACA and ISC2 are example uf _____?

A. Cyber secrrity guvernment urganizatiun

B. cyber secrrity prufessiunal assuciatiuns

C. Research urganizatiun

D. Internatiunal secrrity uperatiuns

34. MS Exchange serve falls rnd er _________ categury uf CIS benchmark.

A. Operating system

B. server suf are

C. Desktup suf are

D. Clurd pruvid ers

35. What is the frnctiun uf active d irectury AD in an enterprise net urk.

A. Prshing urt secrrity pulicies thrurgh GPO

B. Wind u s rpd ate and cunfgrratiuns

C. Lug cullectiun and analysis

D. Net urk uperatiun and perfurmance management ( nut srre) r can alsu verify.

36. DISA gives rs the fullu ing featrre set as cumpared tu CIS

A. Excellent cuntrul cuverage ith sume rseable terminulugy

B. User friend ly and fur small/med irm size urganizatiun

C. Guud cuntrul ith nu rnrsable terminulugy ( Nut srre may be A. see cumparisun table)

D. Cat tuul tu check the cumpliance ith stand ard

37. N+1 red rnd ancy patern is sumetimes referred As_________?

A. High Availability

B. parallel red rnd ancy

C. activer passive
D. Active Active

38. The best mud el in Pakistan tu efectively ad d ress the eakness in the cyber secrrity is tu
ad upt_________?

A. ISMS

B. Furr layer secrrity transfurmatiun

C. COBIT

D. CIS secrrity benchmarks

39. ____________ is techniqre rsed tu gain rnarthurized access tu cumprter, herein the intrrd er
send messages ith a surrce IP ad d ress that has been furged tu ind icate that the messages are cuming
frum a trrsted surrce?

A. Man in mid d le

B. Denial uf the service


C. Zumbie
D. Spuufng

40. The key and must impurtant element in the management prucess is ____r?

A. Risk d ucrmentatiun

B. Risk d eterminatiun

C. Risk assessment

D. Risk pulicy

41. _______ is the frst layer in the infurmatiun secrrity transfurmatiun frame urk?

A. Secrrity guvernance

B. secrrity engineering

C. Vrlnerability management

D. Secrrity hard ening

42. Prrpuse uf SIEM sulrtiun is ________?

A. Mal are fltering, access list fur trafc fltering, band id th fltering

B. Lug aggregatiun, secrrity events d ashbuard , event currelatiun and ruut carse analysis

C. Lug cullectiun

D. Maliciurs trafc d etectiun


43. _______ are furr layers uf transfurmatiun mud el in seqrence?

Ans: Secrrity hard ening, vrlnerability management, secrrity engineering, secrrity guvernance

44. Srrprisingly in ____________ uf all urganizatiun in Pakistan (All type) secrrity pustrre has been
furnd tu be d efcient.

A. 80%

B. 85%

C. 90%

D. 95%

45. If a system enters intu ____________ state, it is a secrrity viulatiun.

A. initial

B. Final

C. Secrre

D. Unsecrre

CS 205 Mid term short notes for Sprimng 2023


Made By Muhammad Qasim Ali For any Query 03337435091

Question no 01: What is Cyber Security?


− Precartiuns taken tu grard against rnarthurized access tu d ata (in electrunic furm) ur infurmatiun
Systems cunnected tu the internet

1. Infurmatiun secrrity by SANS d efne

Ans: Protecting information and information systems from unauthorized


access, use, disclosure, disruption, modifcation, or destruction.

Qrestiun Nu 02: There are three pillars related tu implementatiun uf infurmatiun secrrity .
mentiun the name? •
Three piiiars of informaton security Impiementonn ( yeh impiementaton hai)
– Peuple
– Prucess
– Technulugy
Qrestiun Nu.03: Yur are reqrired tu id entify and rite the name uf three main pillars uf
infurmatiun secrrity?
(Just names main ap name he likhna.)
− Confdentaiity: keeping infurmatiun secret
− Integrity: keeping infurmatiun in its uriginal furm
− Avaiiabiiityn keeping infurmatiun and infurmatiun systems available fur rse

Qrestiun nu 04: Hu many layers invulved in infurmatiun secrrity transfurmatiun frame urk?
yur are reqrired tu rite the name.
Ans: There are Furr main layers ur steps invulved in infurmatiun secrrity transfurmatiun
frame urk. Names riten as rnd er
A. Secrrity Hard ening
B. Vrlnerability management
C. Secrrity Engineering
D. Secrrity Guvernance

Qrestiun Nu 05: Enlist the frst fve CIS cuntruls that eliminate the vast majurity uf yurr
urganizatiun vrlnerability
Ans: Fullu ing are the frst fve CIS cuntrul amung CIS 20 cuntruls.
A. Inventury uf Arthurized and rnarthurized d evices.
B. Inventury uf Arthurized and rnarthurized suf are.
C. Secrre cunfgrratiun fur suf are uf hard are
D. Cuntinrurs vrlnerability assessment and remed iatiun.
E. Cuntrulled rse uf ad ministrative privilege.
Qrestiun nu 06: Write the name uf any t u Famurs SIEM sulrtiun that are available in market
Ans: Lead ing SIEM sulrtiuns:
LugRhythm,

IBM QrRad ar,

Splrnk,

Elastic Search

Qrestiun# 07: Write the name uf d iferent stake huld er that ill cund rct the secrrity
hard ening.
Ans: Invulvement uf variurs stakehuld ers fur secrrity hard ening
– Operatiuns teams

– Secrrity team

– IT management

– Cunsrltant

– Brsiness

Qrestiun# 08: Hu d iferent versiuns SSH prutuculs srppurt? Write the names?
Ans: : SSH srppurts 2 d iferent and incumpatible prutuculs:

SSH1 and SSH2. ( jrst name likh d ain yeh bhe kaf hai)

SSH1 as the uriginal prutucul & as srbject tu secrrity issres.

SSH2 is mure ad vanced and secrre.

Qrestiun# 09: Three types uf red rnd ant site mud els:
• Hut site

• Culd site

• Warm site

Qrestiun#10: n SECURITY HARDENING – SOFTWARE APPLICATIONS SOFTWARE SECURITY


WORKFLOW ? (Most Repeated queston)
1. Research Secrrity Cuntruls
2. 2. Apply Secrrity Cuntruls (Hard ening)
3. 3. Cud e Revie & Artumated Testing (Valid atiun)
4. 4. Hard en Server Envirunment
5. 5. Pen Test & Accred itatiun (Muve tu PROD)

Qrestiun#11: Write any fve steps in informaton security program

Ans: A. Assessing secrrity risks and gaps

B. Implementing secrrity cuntruls


C. Munituring, measrrement, & analysis
D. Management revie s and internal ard it
E. Accred itatiun/testing
Qrestiun#12: CIS benchmark in profie appiicabiiity (aiso see page no 94, 95 too L1,L2)

− Prufle applicability (ASA 8.X,, ASA 9.X,)


− Descriptiun
− Ratiunale
− Ard it
− Remed iatiun
− Defarlt valre
− References
Queston#13: OSI Secrrity Architectrre
• Secrrity service is a service that ensrres ad eqrate secrrity uf the system ur d ata transfer
– Arthenticatiun – Access cuntrul – Data cunfd entiality – Data integrity – Nunrreprd iatiun – Availability
Queston#14n Queston 05n Pre-requisites For Security Hardening?
1. Secrrity prugram appruved
2. Cunsrltant un buard
3. Pruject kickruf meeting held
4. ISMC team id entifed and their luad ing fur this pruject cummrnicated
5. Appraisal linkage uf cure resurrces annurnced by CIO

Queston#15n Disa STIG component/content names


STIG contentn
– General infurmatiun (title)
– Discrssiun
– Check cuntent
– Fix text
– CCI (References)
Queston#16nOWASP Software Assurance Maturity Model (SAMM) Governance Phase:
– Strategy & Metrics
– Ed rcatiun & Grid ance
– Pulicy & Cumpliance
Queston#17n OWASP Software Assurance Maturity Model (SAMM) Construction Phase:
– Secrrity Reqrirements
– Threat Assessment
Secrre Architectrre
Queston#18n What is business continuity? (BC.)
– Brsiness Cuntinrity (BC) is the capability uf the urg tu cuntinre d elivery uf prud rcts ur
services
at acceptable pred efned levels fullu ing a d isrrptive incid ent
Queston#19n What is the frnctiun uf active d irectury in an enterprise net urk?
Active Directury is a d irectury service by Micrusuf that pruvid es centralized management and
arthenticatiun fur rsers, cumprters, and resurrces in an enterprise net urk, facilitating secrre access
and efcient ad ministratiun.

Or
: ACTIVE DIRECTORY (AD) • Active Directury (AD) is essential nut unly tu regrlate accurnt management
(arthenticatiun and arthurizatiun) brt alsu tu enfurce and manage secrrity cuntruls

Queston#20n Hu eb and email can secrred against mal are and atacks in enterprise.
Tu secrre eb and email in an enterprise, implement antivirrs suf are, fre alls, and intrrsiun
d etectiun systems. Train empluyees un secrrity best practices, rse email encryptiun, rpd ate suf are,
empluy MFA, munitur trafc, backrp d ata, and cund rct secrrity assessments.

Queston#21n Suf are secrrity fu ?


Suf are secrrity fu refers tu the systematic prucess uf id entifying, assessing, and mitigating secrrity
risks and vrlnerabilities in suf are applicatiuns, fullu ing a strrctrred appruach tu ensrre the
d evelupment uf secrre and rubrst suf are systems.

Queston#22n What is an IT asset?


– An IT asset is any resurrce srch as hard are, suf are, and infurmatiun, hrman
O ned ur rtilized by the urganizatiun fur IT prucessing

Queston#23n Typical security tools used in an enterprise:


– Enterprise antivirrs
– MS Active Directury (AD)
– Vrlnerability manager
– Lugs management
– Net urk & perfurmance munituring
Artumated backrps

Queston#24n Topic No 25: Major Components: Enterprise IT Network


• Ed ge rurter
• NGN FW
• DMZ:
• IPS & NrDLP
• Distribrtiun s itch
• Data center s itch & FW
• Access s itch
• NAC
• SOC:
– SIEM
– VM
• System AV
• Server HIPS
• UTM
• Mubile d evice – MDM
Queston#25n Backup considerations:
– What tu back rp?
– Backrp lucatiun?
– Freqrency uf backrp?
– Backrp uperatur?
– Backrp checker (verifcatiun)?
– Backrp test & secrrity methud s?
– Technulugy & tuuls rsed fur backrp?

Queston#26: Common chaiienges with box security?


1: Other challenges ith “bux secrrity” appruach: –

2: Shurtage uf staf (IT & secrrity)

3: Training and skill reqrired tu uperate the suphisticated d evices and featrres

What is box security


“Bux Secrrity” refers tu a prevalent appruach in the ind rstry, especially in larger urganizatiuns
in hich
the sulrtiun fur every secrrity challenge is in the furm uf a “bux” ur d evice
• Box for n
− Email secrrity
− Web secrrity
− FW
− IPS
− APT atack preventiun
− DDOS preventiun
− Net urk DLP
− Net urk Furensics
− Others
Queston#27n What is a disaster?
– Any signifcant event that carses d isrrptiun uf infurmatiun technulugy prucessing facilities,
thrs afecting the uperatiuns uf the brsiness.
Queston#28n What is disaster recovery (DR)?
– DR is an area uf secrrity that allu s an urganizatiun tu maintain ur qrickly resrme missiun
critical (IT) frnctiuns fullu ing a d isaster
Queston#29n Secrrity hard ening 8 step methulugy

M. Qasim Aii CS 205. 03337435091. U tube chanei DIGITAL WORLD


Queston#30n IT Asset life cycle:
CIS and DISA comparission

M. Qasim Ali CS 205 . 03337435091


Qasim.tahir@sngpl.cum.pk. Qasimali106376@gmail.cum

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy