SEC 280 Final Exam

SEC 280 Final Exam

1.Which of the following is true about the server virtualization (Hypervisor)?

a.Virtualization can only exist in one location

b.Virtualization can only access local disk storage

c.Virtualization cluster can use different type and brand of processors

d.Virtualization is useful for the software testing purposes, e.g., snapshotting.

2.Which of the following is true about Cloud Computing?

a.It is best for a small startup company

b.It is best for security sensitive information, e.g., top secret documents

c.It is best for a company cannot afford to lose the information, e.g., bank transactions

d.It is best for a company is in a remote area and it cannot obtain a reliable Internet connection

3.Which of the following is NOT an example of the business continuity?

a.Power outage for 3 hours

b.Chief Financial Officer involves an auto accident and cannot come to work for 3 days

c.A terrorist attack

d.An employee’s own laptop has been affected by virus

4.Which of the following is NOT a consideration of a backup strategy?

a.How much time do you have?

b.What is your network backbone speed?

c.How many monitor do you have?

d.What time to start the backup?

5.Comparing the difference between backup to disk and tape. What is one reason the tape is preferred?

a.Tape is much faster

b.Tape is much more expensive

c.Tape is water proof

d.Tape can be transport out of site for DR purpose

6.Which of the following is true about the SAN Snapshot?

a.It is taking a picture of the raw image of the disk

b.It makes a backup copy of the operating system

c.It makes a backup copy of the VMDK files

d.None of the above

7.Which of the following backup method requires the most of tape to restore?




d.Delta (application)

8.What is NOT the purpose of colocation?

a.To prevent power outage

b.To prevent data loss

c.To prevent nature disaster, e.g., flood

d.To prevent denial of services attack (DoS)

9.Which of the following is the most common and least expensive backup method?

a.File level (e.g., Windows file system)

b.Operating System level (e.g., VMware datastore)

c.Image level (e.g., SAN snapshot, Ghost)

d.All of the above

10.What is FALSE about data retention?

a.How much data I can write on the tape?

b.When I can re-write the tape?

c.When I must send my tapes to offsite vault such as Iron Mountain for monthly or weekly end backup

d.When I can erase the tape?

11.Which of the following about a wireless access point (in 802.11g standard) is true?

a.It operates like a hub and in half-duplex mode

b.It operates like a hub and in full-duplex mode

c.It operates like a switch and in half-duplex mode

d.It operates like a switch and in full-duplex mode

12.Which of the following 802.1x protocol (in a wireless setting) uses mutual authentication?





13.Per class lecture, which of the following technology is for Power Over Ethernet?





14.A bank has a Class-C IP address and is to be subdivided into 2 branches. How many bit(s) need to be borrowed to accommodate 3 branches? (We are using the zero subnet 2s formula)





15.Which of the following is true regarding to the RADIUS?

a.It forwards the username and password to an Active Directory for validation

b.The overall function of a RADIUS is similar to a Cisco Wireless LAN controller

c.RADIUS uses Mandatory Access Control

d.RADIUS is a client / server protocol. An RADIUS uses UDP port 1812 for authentication and UDP 1813 for accounting

16.Which of the following is true when your boss asks you to make sure the company’s website is available 24x7x365?





17.Updating Windows patch on a server is best described as?

a.Network Security

b.Host Security

c.Physical Security

d.Social Engineering Security

18.Which of the following would be best described as Network Security?

a.Implementing Intrusion Detection System (IDS) on the network

b.Run Windows Update on a user’s workstation

c.Make sure a server cannot use USB drive

d.Having a wireless access point deploy on every departments

19.Most of today’s firewalls are executing rules base on which of the following:

a.Implicit deny

b.Implicit allow

c.Explicit deny

d.Explicit allow

20.To provide an evidence to prove one is indeed sign the document electronically:





21.A target received a spoof email (such as BankofAmerica) and calls back to the sender. The target will not question the authenticity of the tech support. This is an example of:

a.Social Engineering

b.Reverse social engineering

c.Forward social engineering


22.The simple tactic of following closely behind a person who has just used their own access card to gain physical access to a building is called?

a.Shoulder surfing


c.Access drafting

d.Man trap

23.A sender uses his private key to encrypt the message then the receiver uses sender’s public key to decrypt the message.

a.Message digest

b.Simple digital signature

c.Complex digital signature


24.Which of the following is special mathematical function to perform one-way encryption?





25.Which of the following makes an encryption algorithm more robust (harder to crack)?


b.Message Digest



26.An ________ can be viewed as an extension of a company’s intranet that is extended to users outside the company, usually partners, vendors, and suppliers.





27.Which of the following OSI layers uses logical addressing?





28.Which of the following OSI layers formats and encrypts data to be sent across a network?





29.Which of the following is the best reason uses UDP?

a.Broadcasting message


c.Telnet to a router

d.Web surfing

30.In an IP address network, what is means?



c.This network

d.This node

31.Which of the following PKI component is responsible for checking the identity of a company during the certificate application process?

a.Registration Authority

b.Department of Licensing

c.Certificate Authority

d.Digital Signature

32.Which of the following is not a part of digital certificate?

a.Validity period

b.Issuer’s unique name

c.Digital signature of the CA

d.A private key

33.What is the best method to exchange the shared secret when establishing a site-to-site VPN?


b.Instant messaging


d.US Postal Service

34.What is the best method to obtain a party’s public key?

a.Digital Certificate



d.Cell Phone

35.Which PKI components issue the digital certificate?

a.Registration Authority

b.Certificate Authority

c.Licensing Authority

d.Digital Signature

36.Which of the following method is one of the ways for customers to find out the digital certificate has expired and/or revoked?

a.Certificate Revocation List (CRL)

b.Notification from CA

c.Email from the vendor

d.CA’s public key cannot open the certificate’s digital signature

37.Which of the following is true regarding to the certificate validation procedure?

a.We need to use the public key of the CA to decrypt the CA’s digital signature

b.We need to use the private key of the CA to encrypt the CA’s digital signature

c.We need to use the public key of the Vendor to encrypt the Vendor’s digital signature

d.We need to use the private key of the Vendor to decrypt the Vendor’s digital signature

38.Which of the following is the best method to obtain FREE digital certificates (Assuming you are in a Windows Domain environment)?

a.Microsoft Certificate Authority

b.Verisign Certificate Authority

c.Third party certificate authority

d.All of the above

39.What is used to increase the complexity of an encryption algorithm?

a.Message Digest

b.Digital Signature

c.Symmetric Algorithms


40.Which of the following is a mathematical function that performs one-way encryption? The main purpose is to verify the integrity of a plaintext.


b.Symmetric Algorithms

c.Asymmetric Algorithms

d.Digital Signature

41.Which of the following cryptography provides the fastest encrypt and decrypt process?




d.Digital Signature

42.What is a digital signature?

a.You will sign a message with your private key

b.You will sign a message with your public key

c.You will sign a message with the recipient’s private key

d.You will sign a message with the recipient’s public key

43.How to verify the integrity of a downloaded file?

a.Comparing the message digests

b.Comparing the encryption algorithm

c.Comparing the hashing algorithm

d.Comparing the public keys

44.Which of the following is an example of asymmetric algorithm?

a.Both encryption and decryption keys are the same

b.Both encryption and decryption keys are different

c.Both message digests are the same

d.Both message digests are different

45.Which of the following best describe ONE private IP address (internal workstations) is translated into ONE public IP address to access the Internet?

a.Static NAT

b.Dynamic NAT


d.All of the above

46.Which protocol is “to request the MAC address for a given IP address”?





47.What service is use to resolve a fully qualified domain name (FQDN) into an IP address?





48.Which of the following is not an example of a routing protocol?





49.Which of the following about this “” is true?

a.The subnet mask is

b.The host ID is 55

c.The network ID is 55

d.The is an IP address of a Windows server

50.What is the purpose of DMZ?

a.So if the corporate web server is hacked the Internal network is not compromised

b.So if the corporate web server is hacked the Internet network is compromised

c.So you can place all the internal servers (such as a domain controller) in the DMZ network

d.So you can place all the remote workers in DMZ network