Security Quiz

1. Most security vulnerabilities are from new or previously unknown problems. True or False?

2. What is one of the protocols IPsec uses to secure IP layer communications?


3. What is defense in depth (or DiD)?

a. A type of highly-secure cryptography for data at rest.
b. A type of highly-secure cryptography for data in transit.
c. Both of the above.
d. The implementation of a combination of security measures that may be disparate and redundant for achieving security from a pragmatic perspective.
e. A certified protocol recognized by a third party auditing company.
f. None of the above.

Choose the best answer.

4. What does ISMS stand for? ____________________

5. How long does it take for a security breach to be detected usually?

a. Within 60 seconds
b. Within one day
c. Within one week
d. More than 180 days

6. Who usually finds a security breach?

a. The hacker tells the enterprise about what he/she did (e.g., for ransom).
b. The company's internal auditing/security team of professionals.
c. A third party hired by the company that had the breach.
d. The U.S. government.
e. The company's internal auditing/security monitoring tools.

Choose the best answer.

7. What is spear phishing?

a. Phishing against random people.
b. Phishing where the malicious actor knows the target.
c. Phishing against large numbers of people who are part of businesses.
d. Phishing for consumer credit cards.
e. Phishing where the emails fraudulently look like they are from a trusted source.

8. How does SSH work in detail?


9. What does DSA stand for?

a. Defense Shamir Adleman
b. Delay Shamir Adelman
c. Digital Signature Algorithm
d. Direct Symmetric Algorithm
e. None of the above

10. What does the file named "secure" normally have in Red Hat distributions? (It could be found with this command "sudo find / -name secure -type f".) Choose the best answer.

a. Login and access messages.
b. Configuration settings related to Kerberos, Active Directory, Novel, OpenLDAP, NIS, etc.
c. Server-wide configuration settings related to SSH
d. None of the above

11. What is smishing?


12. What is vishing?


13. It is acceptable to run OS shell commands from Node.js programs. True or False?

14. What packages are more likely to be updated, Python or Ruby?

15. Secure random number generation (e.g., for computations related to cryptographic keys) is preferably performed with seeding a number via which of the following? Choose the best answer.

a) The Mod or modulo arithmetical function
b) A sequence of unique numbers fixed in the code
c) The system clock
d) The quantified duration between keystrokes
e) All of the above
f) None of the above

For the answers to this quiz, click here.

Leave a comment

Your email address will not be published. Required fields are marked *