ITIL SCNP - SCNP Strategic Infrastructure Security Exam

Page:    1 / 47   
Total 233 questions

In the process of public key cryptography, which of the following is true?

  • A. Only the public key is used to encrypt and decrypt
  • B. Only the private key can encrypt and only the public key can decrypt
  • C. Only the public key can encrypt and only the private key can decrypt
  • D. The private key is used to encrypt and decrypt
  • E. If the public key encrypts, then only the private key can decrypt


Answer : E

As per the guidelines in the ISO Security Policy standard, what is the purpose of the section on Physical and Environmental Security?

  • A. The objectives of this section are to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements, and to ensure compliance of systems with organizational security policies and standards.
  • B. The objectives of this section are to prevent unauthorized access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.
  • C. The objectives of this section are to provide management direction and support for information security.
  • D. The objectives of this section are to maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
  • E. The objectives of this section are to control access to information, to prevent unauthorized access to information systems, to ensure the protection of networked services, and to prevent unauthorized computer access.


Answer : B

During a one week investigation into the security of your network you work on identifying the information that is leaked to the Internet, either directly or indirectly. One thing you decide to evaluate is the information stored in the Whois lookup of your organizational website. Of the following, what pieces of information can be identified via this method?

  • A. Registrar
  • B. Mailing Address
  • C. Contact Name
  • D. Record Update
  • E. Network Addresses (Private)


Answer : A,B,C,D

You are aware of the significance and security risk that Social Engineering plays on your company. Of the following Scenarios, select those that, just as described, represent potentially dangerous Social
Engineering:

  • A. A writer from a local college newspapers calls and speaks to a network administrator. On the call the writer requests an interview about the current trends in technology and offers to invite the administrator to speak at a seminar.
  • B. An anonymous caller calls and wishes to speak with the receptionist. On the call the caller asks the receptionist the normal business hours that the organization is open to the public.
  • C. An anonymous caller calls and wishes to speak with the purchaser of IT hardware and software. On the call the caller lists several new products that the purchaser may be interested in evaluating. The caller asks for a time to come and visit to demonstrate the new products.
  • D. An email, sent by the Vice President of Sales and Marketing, is received by the Help Desk asking to reset the password of the VP of Sales and Marketing.
  • E. An email is received by the Chief Security Officer (CSO) about a possible upgrade coming from the ISP to a different brand of router. The CSO is asked for the current network's configuration data and the emailer discusses the method, plan, and expected dates for the rollover to the new equipment.


Answer : D,E

During the review of the security logs you notice some unusual traffic. It seems that a user has connected to your Web site ten times in the last week, and each time has visited every single page on the site. You are concerned this may be leading up to some sort of attack.
What is this user most likely getting ready to do?

  • A. Mirror the entire web site.
  • B. Download entire DNS entries.
  • C. Scan all ports on a web server.
  • D. Perform a Distributed Denial of Service attack through the Web server.
  • E. Allow users to log on to the Internet without an ISP.


Answer : A

Page:    1 / 47   
Total 233 questions