BCS Level 4 Certificate in Cyber Security Introduction QAN 603/0830/8

Transcription

1 S Level 4 ertificate in yber Security Introduction QN 603/0830/8 Specimen Paper Record your surname/ last/ family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark awarded to each question. Mark only one answer for each question. There are no trick questions. number of possible answers are given for each question, indicated by either... or. Your answers should be clearly indicated on the nswer Sheet. The pass mark is 13/20. This is a specimen examination paper only. The full paper will contain 40 questions with a pass mark for the full paper of 26/40. opying of this paper is expressly forbidden without the direct approval of S, The hartered Institute for IT. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 1 of 6

2 1 Which of the following actions EST describes a directive control? It instructs a user to do something in a particular way. It stops a user from doing the wrong thing. It identifies if a user has done something wrong. It corrects the erroneous input from a user. 2 What is the MIN purpose of penetration testing? To determine if it is easy to access a network from outside the host organisation. To check the patching state of application software packages. To identify vulnerabilities in IT systems that could be exploited. To determine which is the best way for authorised users to access the system. 3 Which of the following are required for a ransomware attack to be successful? a) n that looks genuine b) Trojan that carries an encryption virus. c) Users who routinely click on attachments. d) poorly configured firewall. a, b and c only. a, c and d only. a, b, c and d. b, c and d only. 4 lassifying people as nation state actors is an example of which process? Vulnerability assessment. Hazard listing. Risk management. Threat profiling. 5 Which of the following is an example of a vulnerability? The chance of an attack being successful. known weakness in an IT system. danger of software not working as intended. Someone who wants unauthorised access to the system. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 2 of 6

3 6 What is the difference between common law and criminal law? riminal law only covers crimes, whereas common law covers anything that people do wrong. riminal law is only administered by judges, whilst common law can be used by anyone. There is no difference between them - someone can choose which set of laws to use. ommon law is governed by precedents, whilst statutes govern criminal law. 7 The following activities are parts of the Kill hain principle. In which order do they NORMLLY happen? a) Weaponsiation. b) ctions on objective. c) elivery. d) Reconnaissance. c, d, b, a. d, a, c, b. d, b, a, c. c, d, a, b. 8 When determining the value of assets, which of the following would be the MOST IMPORTNT aspect to consider? The size of the data set. The sensitivity of the data set. The media on which the data set is stored. The connection to the data store. 9 What sort of control is anti-virus software? Procedural. Perceptive. Protective. Proactive. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 3 of 6

4 10 Why, from a security point of view, is the use of cloud storage sometimes considered a bad idea? It is never considered a bad idea to store information in the cloud because there are no risks involved. The cloud providers are known to be untrustworthy and are likely to steal the most valuable information. The information could become corrupted if it is stored alongside other people's information in the cloud. It may be difficult to determine exactly where information is stored in order to meet legal requirements. 11 What is horizon scanning? Looking at developments in technology to try and identify future trends or issues. Identifying known threats appearing on the boundaries of a company's network. etermining what new inventions in technology your competitors are bringing to market. Scanning for vulnerabilities in the software that has been installed on the company's networks. 12 Which of the following is a technical control? TV. n acceptable use policy. Locks on server room doors. User logon password requirements. 13 Which device is designed primarily to direct traffic on a network to a designated IP address? Hub. Firewall. Router. Scanner. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 4 of 6

5 14 Which of the following would result directly in information suffering from a lack of confidentiality? ccidentally overwriting sensitive information in a database. Fire in a server room causing damage to the processors. redundant hard drive not being wiped before disposal. Receiving spam s and not deleting them. 15 What sort of IT system is called a thick client? One using significant processing power in the terminals. One using a server for the main processing activity. One designed for use by very inexperienced people. One using web-based software through the terminals. 16 When should security requirements for a new IT system be defined? When a system is in user acceptance testing. s soon as the basic business requirements are decided upon. When the system has been made live. Once the technical specification for the system has been identified. 17 Which of the following is currently NOT a realistic information security risk from bring your own devices (YO)? They could be used to spread malware to office systems by transferring viruses through their connections to office networks. They could provide accurate details of the user's location, thereby facilitating directed attacks on staff members. They could provide unauthorised access to office systems through their interconnectivity. They could have a serious effect on the volume of network traffic on an office system to which they are connected. opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 5 of 6

6 18 Which of the following is MOST LIKELY to be the result of implementing security objectives effectively? Separated data sets for different staff groupings based on business needs. Full access to all information assets for all staff groupings based on seniority. Free Internet access through the company wide area network for all visitors. single demilitarized zone (MZ) for a large, complex organisation. 19 Which of the following is an example of a security assurance check? a) aily activity of the logs of user access. b) ctivity of the sign-in sheets for visitors. c) Patching software. d) Reconfiguring a firewall. a and c only. b and d only. a and b only. c and d only. 20 What are the ommon riteria? way of checking if the most important security controls are in place. n international standard for the security of IT products. The easiest security controls to implement in an IT system. Standard clauses expected to be seen in an outsourcing contract. -End of Paper- opyright S 2016 S Level 4 ertificate in yber Security Introduction Specimen Paper Page 6 of 6