NETWORK SECURITY DECEMBER 2022 PAST PAPER
TUESDAY: 6 December 2022. Afternoon Paper. Time Allowed: 2 hours. Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of fifty (50) Multiple Choice Questions. Each question is allocated two (2) marks. 1. Which of the following is a tool that inspects an application code to estimate the way it behaves while running? A. Dynamic analysis B. Static analysis C. Scanning analysis D. Maintenance analysis 2. During network security penetration testing, the results of the penetration test are compiled into a report detailing all of the following EXCEPT: A. None sensitive data that was accessed B. Specific vulnerabilities that were exploited C. Sensitive data that was accessed D. The amount of time the pen tester was able to remain in the system undetected 3. The motivation of internal threat that involves stealing information for another organisation is referred to as? A. Fraud B. Sabotage C. Espionage D. Revenge 4. The physical control that requires employees to tap their ID pass on a reader that will unlock the gate and allow them to pass through is referred to as? A. Turnstiles B. Electronic Doors C. Mantraps D. Security Guards 5. Employees in an organisation can contribute to data breaches in the following ways EXCEPT: A. Using unauthorised devices B. Improper access control C. Using unauthorised software D. Spoofing or sniffing 6. Which of the following is NOT a penetration testing method? A. External testing B. Triple blind testing C. Internal testing D. Blind testing 7. The type of cyber security attack where attackers access someone else’s computer for mining cryptocurrency is referred to as? A. Cryptojacking B. Cryptocurrency C. Insider threat D. Man in the middle attack 8. Which of the following is NOT a precautionary measure to be undertaken to prevent cyber-attacks? A. Frequent changing of passwords B. Regularly updating operating systems and applications C. Not opening emails from unknown senders D. Using single factor authentication 9. Which of the following is a BEST practice to protect against an insider attack? A. Protect non-critical assets B. Enforce policies C. Increase volatility D. Promote non-culture changes 10. An attack on confidentiality where the attacker gains access to an asset is referred to as? A. Modification B. Interception C. Interruption D. Fabrication 11. Which of the following is a type of passive attack? A. Denial of service B. Release of message contents C. Spoofing D. Sniffing 12. A cyber security attack that involves the creation of a false stream or modification of the data stream is referred to as? A. Active attack B. Passive attack C. Cryptographic attack D. Encryption 13. The type of cryptography that involves a pair of keys known as a public key and a private key which are associated with an entity that needs to authenticate its identity electronically is referred to as? A. Private key cryptography B. Universal key cryptography C. Public key cryptography D. Decryption key cryptography 14. The DES (Data Encryption Standard) cipher follows the fiestal structure. Which of the following properties are NOT shown by the fiestal structure? A. The plain text is converted into a matrix form first B. The input text is divided into two parts: one being left half and another one being right half. C. The input text is divided into two parts: one being left half and another one being right half. D. Swapping of the left and right halves are performed after each round. 15. The kind of symmetrical encryption algorithm where a set of bits is encoded with a specific secret key in electronic data blocks is referred to as? A. Stream algorithm B. Block algorithm C. Symmetrical algorithm D. Fixed algorithm 16. All of the following should be included in a network testing plan EXCEPT? A. Definition of test objectives B. Testing approach. C. Testing tools. D. Testing personnel 17. The type of network testing that describes how you can test that every possible client platform can operate with every possible server platform is referred to as? A. Functional testing B. Configuration testing C. Concurrency testing D. Peak load testing 18. Which of the following is the fourth stage to be executed when creating a network test plan? A. Analyze the product. B. Design the Test Strategy. C. Define Test Criteria. D. Resource Planning. 19. Which of the following is NOT a cyber essential control in network security? A. Patch management B. Firewall C. Digital certificate D. Access control 20. For a password based authentication, an organisation should: A. Protect against brute force password guessing B. Set a minimum password length of at least eight characters C. Change passwords promptly when the user knows or suspects they have been compromised D. Implement digital certificates to protect passwords 21. A type of attack where a perpetrator first investigates the intended victim to gather necessary background information such as potential points of entry and weak security protocols is referred to as? A. Man in the middle attack B. Social engineering C. Spoofing D. Sniffing 22. A cyber security methodology that combines best practices and technology to prevent the exposure of sensitive information outside of an organisation is referred to as? A. Email security B. Sandboxing C. Intrusion prevention system D. Data loss prevention 23. Robust network security will protect against all of the following EXCEPT A. Worms B. Viruses C. Intrusion D. Spyware 24. A social engineering attack technique where the attacker uses a false promise to lure users into a trap that steals their personal information is referred to as? A. Baiting B. Scareware C. Pretexting D. Phishing 25. Which of the following is NOT a network security policy objective? A. To determines policy enforcement B. To lay out the architecture of the organisation’s network security environment C. To keep malicious users out D. To enable users to access data 26. The activity of verifying the identity of a user is referred to as? A. Identification B. Authentication C. Verification D. Validation 27.
NETWORK SECURITY DECEMBER 2022 PAST PAPER Read Post »