CS205 MID TERM SOLVED MCQs || PAST PAPERS || GROUP-3 || INFORMATION SECURITY || VuTech
Visit Website For More Solutions
www.vutechofficial.blogspot.com
CS205
Information Security
Solved Mid Term Past Papers
______________________________
MCQs
______________________________
Group-3
Question No: 1
Which of the following security practices come under "construction" function of software assurance maturity model?
a) Threat assessment, security requirements, security architecture
b) Design review, code review, security testing
c) Threat assessment, vulnerability management, security testing
d) Education & guidance, policy & compliance, strategy & metrics
Correct Answer:
The correct answer is 'a'.
Question No: 2
What do you mean by minimum security baseline?
a) Count all IT assets
b) Threshold which is the minimum expectation from security program
c) Prioritizing the assets for hardening
d) Establishing project tracks for security hardening
Correct Answer:
The correct answer is 'b'.
Question No: 3
What does check content explain about rule in DISA STIG?
a) Tells how to check whether control is implemented or not
b) Describes the benefit of implementing control
c) Tells how to apply control
d) Describes the control
Correct Answer:
The correct answer is 'a'.
Visit Website For More Solutions
www.vutechofficial.blogspot.com
Question No: 4
What is a Business Continuity Plan (BCP)?
a) A document that consists of critical information an organization needs to continue operating during an unplanned event
b) Plan of action which ensures regular business will continue even during a disaster.
c) A documented structured approach to deal with unplanned incidents.
d) An area of security that allows an organization to quickly resume mission-critical (IT) functions following a disaster.
Correct Answer:
The correct answer is 'a'.
Question No: 5
How many configuration levels CIS benchmarks describe under profile applicability?
a) Two: level 1 domain controller, level 1 member server
b) Two: level 1 domain controller, level 2 domain controller
c) Four: level 1 domain controller, level 1 member server, level 2 domain controller, level 2 member server
d) Three: level 1 domain controller, level 1 member server, level 2 domain controller
Correct Answer:
The correct answer is 'c'.
Visit Website For More Solutions
www.vutechofficial.blogspot.com
Question No: 6
Which of the following is considered an IT asset?
a) Information
b) All of the given
c) Hardware Equipment
d) Software Applications
Correct Answer:
The correct answer is 'b'.
Question No: 7
What does DR plan include?
a) Key personnel and DR team contact details
b) A diagram of entire network and recovery site
c) Directions for how to reach recovery site
d) All of the given
Correct Answer:
The correct answer is 'd'.
Question No: 8
In which categories vulnerability can fall as per DISA STIG?
a) Critical, High, Medium
b) High, Medium, Low
c) Severe, Moderate, Informational
d) Cat 1, Cat 2, Cat 3
Correct Answer:
The correct answer is 'd'.
Visit Website For More Solutions
www.vutechofficial.blogspot.com
Question No: 9
STIG stands for ________ .
a) Security Technical Improvement Guide F
b) Security Technical Implementation Guide F
c) Security Technical International Guide F
d) Security Technical Interior Guide F
Correct Answer:
The correct answer is 'b'.
Question No: 10
If account lockout feature value is set to "0" on a ms 2012 member server than?
a) The account will never be locked despite of several failed login attempts
b) Will require administrator to unlock the account
c) The account will be locked and system will have to be rebooting
d) Will have to disconnect from network
Correct Answer: