Information Assurance
Question Bank
Course Introduction
Information Assurance is an interdisciplinary field focused on managing risks related to the use, processing, storage, and transmission of information and data. The course explores principles and practices for protecting the confidentiality, integrity, availability, authenticity, and non-repudiation of information systems. Topics include risk assessment, security policies and models, cryptography basics, network and system defenses, legal and ethical considerations, and incident response strategies. Through case studies and practical exercises, students learn to design and implement comprehensive frameworks to safeguard digital assets in a constantly evolving threat landscape.
Recommended Textbook
Security+ Guide to Network Security Fundamentals 4th Edition by Mark Ciampa
Available Study Resources on Quizplus
14 Chapters
588 Verified Questions
588 Flashcards
Source URL: https://quizplus.com/study-set/1054 Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20875
Sample Questions
Q1) Under the ____, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
A) HIPAA
B) HLPDA
C) HCPA
D) USHIPA
Answer: A
Q2) ____ ensures that only authorized parties can view information.
A) Security
B) Availability
C) Integrity
D) Confidentiality
Answer: D
Q3) The CompTIA Security+ Certification is aimed at an IT security professional with the recommended background of a minimum of two years experience in IT administration, with a focus on security.
A)True
B)False Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20876
Sample Questions
Q1) What are botnets?
Answer: One of the popular payloads of malware today that is carried by Trojan horses, worms, and viruses is a program that will allow the infected computer to be placed under the remote control of an attacker. This infected "robot" computer is known as a zombie. When hundreds, thousands, or even tens of thousands of zombie computers are under the control of an attacker, this creates a botnet. Early botnets under the control of the attacker, known as a bot herder, used Internet Relay Chat (IRC) to remotely control the zombies. IRC is an open communication protocol that is used for real-time "chatting" with other IRC users over the Internet. It is mainly designed for group or one-to-many communication in discussion forums. Users access IRC networks by connecting a local IRC client to a remote IRC server, and multiple IRC servers can connect to other IRC servers to create large IRC networks. After infecting a computer to turn it into a zombie, bot herders would secretly connect it to a remote IRC server using its built-in client program and instruct it to wait for instructions, known as command and control (C&C). The bot herder could then remotely direct the zombies to steal information from the victims' computers and to launch attacks against other computers.
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Application and Network Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20877
Sample Questions
Q1) The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
A) HTTP header
B) HTML header
C) XML header
D) SSL header
Answer: A
Q2) All Web traffic is based on the ____________________ protocol.
Answer: HTTP
Q3) Explain the HTTP header referrer attack.
Answer: Because some Web sites check the Referer field to ensure that the request came from a page generated by that site, an attacker can bypass this security by modifying the Referer field to hide that it came from another site. This would allow the attacker to save the original Web page, modify it, and then host it from her own computer.
Q4) A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
Answer: markup language
To view all questions and flashcards with answers, click on the resource link above.
5
Chapter 4: Vulnerability Assessment and Mitigating Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20878
Sample Questions
Q1) ____ is a comparison of the present state of a system compared to its baseline.
A) Baseline reporting
B) Compliance reporting
C) Baseline assessment
D) Compliance review
Q2) List two types of hardening techniques.
Q3) The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
A) threat mitigation
B) threat profiling
C) risk modeling
D) threat modeling.
Q4) The first step in a vulnerability assessment is to determine the assets that need to be protected.
A)True
B)False
Q5) List and describe the elements that make up a security posture.
Q6) When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20879
Sample Questions
Q1) Describe a mantrap.
Q2) Passive tags have ranges from about 1/3 inch to ____ feet.
A) 12
B) 15
C) 19
D) 25
Q3) Securing a restricted area by erecting a barrier is called ____.
A) blocking
B) boundary placement
C) fencing
D) moating
Q4) A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object.
A) U-lock
B) safe lock
C) shield lock
D) cable lock
Q5) ____________________ security involves restricting access to the areas in which equipment is located.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20880
Sample Questions
Q1) Describe the difference between an active NIDS and a passive NIDS.
Q2) ____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
A) PAT
B) NAT
C) PAN
D) PNAT
Q3) ____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
A) Stateful frame filtering
B) Stateless frame filtering
C) Stateful packet filtering.
D) Stateless packet filtering
Q4) Describe all-in-one network security appliances.
Q5) List and describe two advantages of a proxy server.
Q6) Describe the difference between subnetting and VLANs.
Q7) List and describe three features of Internet content filters.
Q9) List and describe three advantages to subnetting. Page 8
Q8) NAT replaces a private IP address with a(n) ____________________ IP address.
To view all questions and flashcards with answers, click on the resource link above.
Page 9
Chapter 7: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20881
Sample Questions
Q1) IEEE 802.1x is commonly used on wireless networks.
A)True
B)False
Q2) Server virtualization typically relies on the ____, which is software that runs on a physical computer to manage one or more virtual machine operating systems.
A) kernel
B) supervisor
C) hypercard
D) hypervisor
Q3) TCP is the main ____ protocol that is responsible for establishing connections and the reliable data transport between devices.
A) Application Layer
B) Presentation Layer
C) Network Layer
D) Transport Layer
Q4) Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 8: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20882
Sample Questions
Q1) APs use antennas that radiate a signal in all directions.
A)True
B)False
Q2) ____ is the encryption protocol standard for WPA2.
A) AES-CCMP
B) AES-CTR
C) AES-TKIP
D) AES-SCMP
Q3) Bluetooth devices are not backward compatible with previous versions.
A)True
B)False
Q4) ____________________ technology enables users to connect wirelessly to a wide range of computing and telecommunications devices.
Q5) Describe how wireless VLANs can be configured.
Q6) Explain why it is important to be able to control the power level at which the WLAN transmits.
Q7) List and describe the major parts of an access point.
Q8) On a piconet, slave devices that are connected but are not actively participating are called ____________________ slaves.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20883
Sample Questions
Q1) The action that is taken by the subject over the object is called a(n) ____.
A) authorization
B) access
C) control
D) operation
Q2) ____ requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.
A) Separation of duties
B) Job rotation
C) Mandatory vacation
D) Role reversal
Q3) A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
Q4) Describe the MAC lattice model.
Q5) Describe LDAP injection attacks.
Q6) In the DAC model, ____________________ can create and access their objects freely.
Q7) Describe how Kerberos works.
Q8) List two major access control models.
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 10: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20884
Sample Questions
Q1) What are the three advantages of a rainbow table over other password attacks?
Q2) Although brute force and dictionary attacks were once the primary tools used by attackers to crack an encrypted password, today attackers usually prefer ____.
A) rainbow tables
B) online cracking
C) offline cracking
D) cascade tables
Q3) List and describe two of the common password setting objects.
Q4) Discuss the types of shortcuts that users take to help them recall their passwords.
Q5) A ____ is a secret combination of letters, numbers, and/or characters that only the user should know.
A) token
B) password
C) biometric detail
D) challenge
Q6) A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 11: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20885
Sample Questions
Q1) Describe the origins of cryptography.
Q2) Cryptography cannot be applied to entire disks.
A)True
B)False
Q3) The original cryptographic algorithms for encrypting and decrypting documents are ____________________ cryptographic algorithms.
Q4) In information technology, ____________________ is the process of proving that a user performed an action, such as sending an e-mail message or a specific document.
Q5) In MD5, the length of a message is padded to ____ bits.
A) 32
B) 64
C) 128
D) 512
Q6) A ____ cipher rearranges letters without changing them.
A) substitution
B) block
C) loop
D) transposition
Q7) Discuss how HMAC works.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 12: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20886
Sample Questions
Q1) ____ can verify the authenticity of the sender and enforce nonrepudiation to prove that the sender is who he claims to be and cannot deny sending it.
A) Symmetric encryption
B) Private encryption
C) Asymmetric encryption
D) Elliptic encryption
Q2) List the four stages of a certificate life cycle.
Q3) The ____ function is a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
A) Registration Authority
B) Certificate Authority
C) Repudiation Authority
D) Intermediate Authority
Q4) List three general duties of a CA.
Q5) A(n) ____________________ trust model can be used in an organization where one CA is responsible for only the digital certificates for that organization.
Q6) Identify the general duties of an RA.
Q7) List the three PKI trust models that use a CA.
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20887
Sample Questions
Q1) ____ could contain remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer.
A) RAM slack
B) Edge slack
C) Drive file slack
D) Sector slack
Q2) ____ is designed to ensure that an organization can continue to function in the event of a natural or man-made disaster.
A) Business continuity planning and testing
B) Disaster planning
C) Business management planning and testing
D) Enterprise disaster planning
Q3) Discuss the purpose and importance of the chain of custody.
Q4) What are the objectives of disaster exercises?
Q5) Windows stores files on a hard drive in 512-byte blocks called ____________________.
Q6) RAID 0 technology is based on ____________________.
Q7) Identify two scenarios that could be used in a BIA.
Q8) ____________________ is data about data.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20888
Sample Questions
Q1) List and describe two risk categories.
Q2) List four attributes that should be compiled for new equipment in the change management documentation.
Q3) A(n) ____ approach is the art of helping an adult learn.
A) andragogical
B) pedagogical
C) deontological
D) metagogical
Q4) A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
Q5) When designing a security policy, many organizations follow a standard set of ____________________.
Q6) ____ may be defined as the components required to identify, analyze, and contain that incident.
A) Vulnerability response
B) Incident response
C) Risk response
D) Threat response
Q7) List one reason why social networking sites are popular with attackers.
Page 17
To view all questions and flashcards with answers, click on the resource link above.