Hamster
Search
Open menu
CM243_v2
考前須知
CISA及CISSP:成為訊息安全審查員或訊息安全專員課程自我檢查
1. It is estimated that for the moment the computers in your company will be infected by viruses about 3 times annually. Each time it will cost $4000. Which of the following solution would you consider for better security?
A.
Set up a thin client environment at the cost of $13000 annually.
B.
Migrate to Linux at the cost of $13000 annually.
C.
Install anti-virus software at the cost of $10000 annually.
D.
Install a firewall at the cost of $20000 annually.
2. Which of the followings can be accomplished by applying a Digital Signature to an email?
A.
The identity of the receiver can be assured.
B.
The contents of the email cannot be read by others except the receiver.
C.
The identity of the sender can be assured.
D.
The receiver will notice if the contents of the email is altered during the transmission.
3. What are the characteristics of the encryption used in PKI? (Choose two)
A.
Reversible
B.
Asymmetric
C.
Symmetric
D.
Non-reversible
4. In order to ensure constant redundancy and fault-tolerance, which of the following type of spare is recommended?
A.
Hot spare.
B.
Warm spare.
C.
Cold spare.
D.
Archives.
5. Which of the following would be an indicator of the effectiveness of a computer security incident response team?
A.
Number of security vulnerabilities that were patched.
B.
Number of successful penetration tests.
C.
Financial impact per security incident.
D.
Percentage of business applications that are being protected.
6. Personal identity verification systems which use hand or fingerprint, handwriting, eye pattern, voice, face, or any other physical characteristics for authentication are:
A.
Physiometric devices.
B.
Technological systems.
C.
Biometric devices.
D.
Physical analysis devices.
7. Which of the following protocol is usually used in a site-to-site VPN?
A.
IPSec
B.
RSA
C.
DES
D.
PPP
8. When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to:
A.
Assure management that you will not lose the flash drive.
B.
Request that management deliver the flash drive by courier.
C.
Carry the flash drive in a portable safe.
D.
Encrypt the folder containing the data with a strong key.
9. Which of the following would MOST effectively enhance the security of a challenge-response based authentication system?
A.
Increasing the length of authentication strings.
B.
Selecting a more robust algorithm to generate challenge strings.
C.
Implementing measures to prevent session hijacking attacks.
D.
Increasing the frequency of associated password changes.
10. A program that does not reproduce itself but pretends to be performing a legitimate action, which acting performing malicious operations in the background is the characteristic of which of the following?
A.
Virus.
B.
Trapdoor.
C.
Worms.
D.
Trojan.
11. The goals of integrity do NOT include:
A.
Prevention of unauthorized or unintentional modification of information by users.
B.
Prevention of the modification of information by unauthorized users.
C.
Accountability of responsible individuals.
D.
Preservation of internal and external consistency.
12. While downloading software, a hash may be provided to:
A.
Ensure that the software has not been modified.
B.
Serve as a license key for paid users of the software.
C.
Ensure that the software is the correct revision number.
D.
Ensure that the software comes from a genuine source.
13. The role of the certificate authority (CA) as a third party is to:
A.
Provide secured communication and networking services based on certificates.
B.
Act as a trusted intermediary between two communication partners.
C.
Host a repository of certificates with the corresponding public and secret keys issued by that CA.
D.
Confirm the identity of the entity owning a certificate issued by that CA.
14. Which of the following is a problem with symmetric key encryption?
A.
Work factor is not a function of the key size
B.
Is slower than asymmetric key encryption
C.
Most algorithms are kept proprietary
D.
Secure distribution of the secret key
15. The primary function of a physical protection system is?
A.
Display, develop, initiate and apprehend.
B.
Evaluate, dispatch and detain.
C.
Detection, delay and response.
D.
Determine, direct and dispatch.