Answer Table

 

TRUE/FALSE QUESTIONS:

1.    In general, an employer is allowed to see what is on an employee’s computer while working in the workplace.

2.    One of the weaknesses of the DAC (discretionary access control) in SQL is that it does not facilitate management of access rights.

3.    if a service has inherent vulnerabilities and that service is moved from a non-virtualized server to a virtualized server, the service is still just as vulnerable to exploitation

4.    The security of a full virtualization is dependent only on the security of the hypervisor.

5.    In Unix-like systems, user-level activities are implemented by running processes.

 

MULTIPLE CHOICES QUESTIONS

6.    Which of the following is not a federal law that addresses privacy, confidentiality and security

a.    HIPAA

b.    SAMHSA

c.    FDCA

d.    CAA

 

7.    Each level entity in the OSI Layered architecture exchanges information with three other entities. Which of the following entities is not part of this exchange?

a.    The layer above the current layer (if it exists)

b.    The layer below the current layer (if it exists)

c.    The user application layer

d.    The peer layer in another machine

 

8.    What are the major disadvantages of the layered approach to protocols?

a.    The potential for increased communications overhead                          

b.    The potential for increased processing at each node

c.    The impact on transmission unit length

d.    All of the above

 

9.    The file system that comes with your computer is________.

a.    A very primitive kind of database management systems           

b.    A very advances kind of database management systems

c.    Not even close to a database management system

d.    Exactly like a database management system

 

10.  A database management system is adequate if it has the following properties

a.    atomicity                          

b.    consistency

c.    durability

d.    all of the above

 

11.  In a relational database system, Entity Integrity requires that no tuple in a relation instance can have NULL (undefined) values for any of the__________

a.    Foreign key attributes

b.    Primary key attributes

c.    Candidate key attributes.

d.    All of the above

 

12.  Which of the following is a Windows 10 operating systems feature?

a.    Eliminate entire classes of vulnerabilities

b.    Break exploitation techniques

c.    Contain the damage and prevent persistence

d.    All of the above

 

13.  Windows 10 mitigation of security threat includes________

a.    Windows Defender SmartScreen

b.    Credential Guard

c.    Device Guard

d.    All of the above

 

14.  Which of the followings is not a Windows 10 mitigation to protect against memory exploits?

a.    Enterprise certificate pinning

a.    Data execution prevention

b.    SEHOP

c.    ASLR

 

15.  Microsoft Edge has several security features. Which of the followings is not a security feature of MS Edge?

a.    Includes memory garbage collection

b.    Includes heap allocation randomization

c.    Simplifies security configuration tasks

d.    Designed as a universal windows app

 

16.  Which of the following is a security feature of Windows 8?

a.    Malware resistance

b.    Data protection

c.    Access control

d.    All of the above

 

17.  Which of the following is not a primary form of network access that is offered by hypervisors?

a.    Media access control (MAC)

b.    Network bridging

c.    Network address translation (NAT)

d.    Host only networking

 

18.  Which of the following is not a server security principle?

a.    simplicity

b.    least privilege

c.    defense in depth

d.    access control

 

19.  Which of the following is a method to secure an operating system?      

a.    Patch and update the OS

b.    Harden and configure the OS to address security adequately

c.    Install and configure additional security controls, if needed

d.    All of the above

 

20.  Which of the following is not a type of server backup types?     

a.    full

b.    partial

c.    incremental

d.    differential

 

21.  which of the followings is not an access control method?          

a.    mandatory

b.    discretionary

c.    role-based

d.    privilege

 

22.  Which of the following is not security threat mitigation? 

                                                 a.      Anti-virus software.

                                                b.      Intrusion detection/prevention systems

                                                 c.      encryption

                                                d.      firewall

 

23.  Which of the following is part of the security defensive architecture?    

a.    BIOS protection

b.    sandboxing

c.    browser separation

d.    all of the above

 

24.  Which of the following is an activity for malware containment?

a.    Stopping the spread of malware

b.    Preventing further damages to hosts

c.    Both a and b

d.    none of a and b

 

25.  Which of the following is not a runtime defense against buffer overflow?         

a.    Executable address space protection

b.    Stack protection

c.    Address space randomization

d.    Guard pages

 

SHORT ANSWER QUESTION