Les réponses du quizz Etes vous un bon RSSI débutant ?

Ici l'on parle de tout et de rien...
Scanner Windows pour détecter les erreurs de registre

Ce que nous vous conseillons :

1. Lisez les réponses ci-dessous où vous trouverez des conseils et de l'aide de la part des autres utilisateurs.

2. Avant de faire des modifications sur votre système ou d'installer des logiciels, nous vous recommandons
    fortement de cliquer ici pour scanner Windows afin de détecter les erreurs de registre.

Messagepar JoShuA » 05 Mai 2006, 13:12

Les réponses du quizz

1. Nonrepudiation is a requirement for many cryptographic applications. The sender or receiver, using an electronic signature, can't repudiate a message. Answer: B

2. The NSA is primarily responsible for military encryption systems. The NSA designs, evaluates, and implements encryption systems for the military and government agencies with high security needs. Answer: A

3. Tokens are issued to authenticated users, and they provide a list of the permissions attached to the user. For example, the token issued in a Microsoft NOS contains the user's Security Identifier (SID) and the SIDs of all the groups to which the user belongs. These SIDs are compared to an access control list (ACL) to determine authorization and access. Answer: B

4. The PKIX working group is responsible for the X.509 certificate standard. The PKIX committee reports to the Internet Engineering Task Force (IETF). Answer: B

5. SSH is the most commonly used protocol for secure connections for terminal sessions. SSH operates similarly to a Unix shell, and it allows for similar functionality. Answer: C

6. A back door is an opening left in a program or application by a developer. Answer: A

7. Back Orifice is a remote administration tool used by hackers to take control of Windows-based systems. Answer: D

8. The current, previous, and archived keys must be accessible for a key recovery process to work. If information is encrypted using a key that has expired or been revoked, the information won't be accessible. Answer: A & B & C

9. Key renewal is considered a bad practice. The longer a key is used, the more susceptible it is to decryption. However, key renewal processes may be necessary in a dire situation where a rollover isn't wanted. Answer: B

10. A rollover process is used to issue new keys when a key is about to expire. Answer: B

11. Public Key Cryptographic Systems use a public and private key. The public key can be sent to others to encrypt messages for you. The private key is used to decrypt messages. Answer: B

12. The TACACS authentication service, by default, uses port 49. Port 80 is used by HTTP. Port 25 is used by SMTP. Port 22 is used by SSH. Answer: B

13. The NetBIOS session service, by default, uses port 139. Port 389 is used by LDAP. Port 143 is used by IMAP, and port 110 is used by POP3. Answer: C

14. The .scr extension is used for screen savers. Screensavers, as executables, actually have the ability to do a number of nasty things, such as lock the screen, and wreak havoc. Answer: B

15. The two main wire-level protocols used by IPSec are AH (Authentication Header) and ESP (Encapsulating Security Payload). IPSec uses port 50 for ESP. Answer: A

16. Dictionary, guessing, and birthday attacks work only against passwords that are actual words or dates. A brute-force attack works best against a password that is a series of letters, numbers, and symbols. Answer: C

17. In a RAID 1 array, the drives are mirrored. Answer: B

18. Most RAID 5 implementations require a minimum of three disks. Answer: C

19. PGP (Pretty Good Privacy) uses both symmetrical and asymmetrical systems. Answer: C

20. In order for Kerberos to function properly, time synchronization must be working correctly. If clocks drift from the correct time, problems can occur with trying to compare timestamps and authenticate. Answer: C

21. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in number, because it allows only one or two people into the facility at a time. Answer: A

22. Major fluctuations in AC power can contribute to a condition known as chip creep. With creep, unsoldered chips slowly work their way loose and out of a socket over time. Answer: B

23. A phage virus modifies and alters other programs and databases. Answer: C

24. When you receive an email you suspect is a hoax, check the CERT site before forwarding the message to anyone else. The creator of the hoax wants to create widespread panic, and if you blindly forward the message to co-workers and acquaintances, you're helping the creator accomplish that task. Answer: D

25. Spam is defined as any unwanted, unsolicited email, and not only can the sheer volume of it be irritating, but it can often provide the door to larger problems. Answer: B

26. The major difference is that a revoked key can't be used again, whereas the status of a suspended key can be changed to allow the key to be used again. Once a key is revoked, a new key is required. Answer: C

27. Administrative policies lay out guidelines and expectations for upgrades, monitoring, backups, and audits. Answer: A

28. With 98% uptime, there is a 2% downtime of the 525,600 minutes in a year. That means the data would be down for 10,512 minutes, or 7 1/3 days. Answer: D

29. NAT uses private addresses. The private address ranges are:,, and Answer: C

30. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rules-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. Answer: A

31. The three primary connections used with coax are the T-connector, the inline connector, and the terminating connector. Answer: B & C & D

32. Infrared requires a direct line of sight and allows a point-to-point connection to be made between two IR transceiver-equipped devices. Answer: D

33. The Biba model is similar in concept to the Bell La-Padula model, but it's more concerned with information integrity. Answer: C

34. Biometric devices can authenticate users based on a physical characteristic. Answer: B

35. A birthday attack focuses on finding similar keys in MD5. Answer: A

36. A cold site is not immediately ready to use when a disaster strikes. Answer: D

37. Cookies store information in a plain text file. Answer: A

38. A dual-homed server has two NIC cards — one on the internal network and one on the outside network. Answer: B

39. Enticement is the process of luring someone into your plan or trap. Answer: C

40. Eavesdropping is the term used to describe any type of passive attack that intercepts data in an unauthorized manner. Answer: D

41. A false positive is any flagged event that isn't really an event and has been falsely triggered. Answer: B

42. An incident response team may be ad hoc, but truly should exist before an incidence occurs. Answer: D

43. Latency refers to the time between when the CRL is issued and when it reaches users. Answer: C

44. The term lattice is used in conjunction with integrity levels that allow information to flow downward but not upward. Answer: B

45. Annual Loss Expectancy (ALE) is equal to Single Loss Expectancy (SLE) multiplied by Annualized Rate of Occurrence (ARO). Answer: C

46. The AES encryption protocol is replacing DES as the current standard. Answer: A

47. Hijacking attacks capture encryption keys by passively monitoring LAN communications and then using those keys to impersonate an authorized user and take over their session. Answer: A

48. The International Organization for Standardization (ISO) published the ISO 17799 standard, which is referred to as the "Code of Practice for Information Security Management".Answer: B

49. Malware is the name given to software designed with a malicious intent, including spyware, viruses, and other miscreants. Answer: B

50. The two main wire-level protocols used by IPSec are AH (Authentication Header) and ESP (Encapsulation Security Payload). Both can operate in transport mode or tunnel mode. Answer: A&B.
Avatar de l’utilisateur
Messages: 7246
Inscrit le: 02 Jan 2002, 15:37
Localisation: IdF

Retour vers Bavardages

Qui est en ligne ?

Utilisateurs parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité

  •  Liens commerciaux