Wisdom jobs Information Security Interview Questions and answers have been framed specially to get you prepared for the most frequently asked questions in many job interviews. Here we have provided Tips and Tricks for cracking Information Security interview Questions. These Information Security Interview questions and answers are useful for Beginner, Advanced Experienced programmers and job seekers of different experience levels. It's a good idea to go through Information Security Interview Questions. All the best in your job search.
The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. The C.I.A. triangle has expanded into a list of critical characteristics of information.
Question 2. Write A Note On The History Of Information Security ?
Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern computers Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage.
Question 3. What Is Rand Report R-609?
Information Security began with Rand Corporation Report R-609, The Rand Report was the first widely recognized published document to identify the role of management and policy issues in computer security.
Question 4. What Is The Scope Of Computer Security?
The scope of computer security grew from physical security to include:
Question 5. Define Physical Security ?
Physical Security - to protect physical items, objects or areas of organization from unauthorized access and misuse.
Question 6. Define Personal Security ?
Personal Security involves protection of individuals or group of individuals who are authorized to access the organization and its operations.
Question 7. Define Operations Security ?
Operations security focuses on the protection of the details of particular operations or series of activities.
Question 8. Define Communications Security ?
Communications security - encompasses the protection of organization's communications media, technology and content.
Question 9. Define Network Security ?
Network security - is the protection of networking components,connections,and contents.
Question 10. Define Information Security ?
Information security - is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information.
Question 11. What Are The Critical Characteristics Of Information?
Question 12. What Is Nstissc Security Model?
This refers to "The National Security Telecommunications and Information Systems Security Committee" document. This document presents a comprehensive model for information security. The model consists of three dimensions.
Question 13. What Are The Components Of An Information System?
An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization.
Question 14. What Is Meant By Balancing Security And Access?
Question 15. What Are The Approaches Used For Implementing Information Security?
Question 17. Explain Different Phases Of Sdlc ?
Investigation, Analysis, Logical Design, Physical Design, Implementation,Maintenance and Change.
Question 18. What Is Security Sdlc?
Question 19. How Information Security Is Viewed As A Social Science?
Social science examines the behavior of individuals interacting with systems Security begins and ends with the people that interact with the system End users may be the weakest link in the security chain Security administrators can greatly reduce the levels of risk caused by end users, and create more acceptable and supportable security profiles.
Question 20. What Are The Information Security Roles To Be Played By Various Professionals In A Typical Organization?
Question 21. What Are The Three Types Of Data Ownwership And Their Responsibilities?
Data Owner - responsible for the security and use of a particular set of information Data Custodian - responsible for the storage, maintenance, and protection of the information Data Users - the end systems users who work with the information to perform their daily jobs supporting the mission of the organization.
Question 22. What Is The Difference Between A Threat Agent And A Threat?
A threat is a category of objects,persons,or other entities that pose a potential danger to an asset. Threats are always present. A threat agent is a specific instance or component of a threat. (For example All hackers in the world are a collective threat Kevin Mitnick,who was convicted for hacking into phone systems was a threat agent.)
Question 23. What Is The Difference Between Vulnerability And Exposure?
The exposure of an information system is a single instance when the system is open to damage. Weakness or faults in a system expose information or protection mechanism that expose information to attack or damage or known as vulnerabilities.
An attack is an intentional or unintentional attempt to cause damage or otherwise compromise the information. If some one casually reads sensitive information not intended for his or her use ,this considered as a passive attack. If a hacker attempts to break into an information system,the attack is considered active.
Hacking can be defined positively and negatively. To writes computer programs for enjoyment to gain access to a computer illegally.
Question 26. What Is Security Blue Print?
The security blue print is the plan for the implementation of new security measures in the organization. Some times called a framework,the blue print presents an organized approach to the security planning process.
MULTICS was an operating system ,now obsolete. MULTICS is noewothy because it was the first and only OS created with security as its primary goal. It was a mainframe ,time-sharing OS developed in mid - 1960s by a consortium from GE,Bell Labs,and MIT.
Department of Defense in US,started a research program on feasibility of a redundant,networked communication system to support the military's exchange of information.Larry Robers,known as the founder if internet ,developed the project from its inception.
Question 29. Define E-mail Spoofing ?
Information is authentic when the contents are original as it was created,palced or stored or transmitted.The information you receive as e-mail may not be authentic when its contents are modified what is known as E-mail spoofing.
Question 30. What Are The Four Important Functions, The Information Security Performs In An Organization?
Information security performs four important functions for an organization:
Question 31. What Are Threats?
A threat is an object, person, or other entity that represents a constant danger to an asset Management must be informed of the various kinds of threats facing the organization By examining each threat category in turn, management effectively protects its information through policy, education and training, and technology controls.
Question 32. What Are Different Acts Of Human Error Or Failure?
Includes acts done without malicious intent. It is Caused by:
Question 33. How Human Error Can Be Prevented?
Much human error or failure can be prevented with training and ongoing awareness activities,but also with controls,ranging from simple procedures like asking users to type a critical command twice,to more complex procedures ,such as the verification of the commands by a second party(Eg key recovery actions in PKI systems).
Question 34. What Is Intellectual Property?
Intellectual property is "the ownership of ideas and control over the tangible or virtual representation of those ideas" . Many organizations are in business to create intellectual property.
Question 35. How Intellectual Property Can Be Protected?
Enforcement of copyright has been attempted with technical security mechanisms,such as using digital watermarks and embedded code.The most common reminder of the individual's obligation to fair and responsible use is the license agreement window that usually pops up during the installation of a new software.
Question 36. What Is Deliberate Acts Of Espionage Or Trespass?
Question 37. Who Are Hackers? What Are The Two Hacker Levels?
The classic perpetrator of deliberate acts of espionage or trespass is the hacker. Hackers are "people who use and create computer software [to] gain access to information illegally". Generally two skill levels among hackers: Expert hacker unskilled hacker(Script kiddies).
Question 38. What Is Information Extortion?
Information extortion is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use.
Extortion found in credit card number theft(A Russian hacker named Maxus,who hacked the online vendor and stole several hundred thousand credit card numbers).
Question 39. What Is Deliberate Acts Of Sabotage And Vandalism?
Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization
These threats can range from petty vandalism to organized sabotage
Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales
Rising threat of hacktivist or cyber-activist operations - the most extreme version is cyber-terrorism.
Question 40. What Is Cyber Terrorism?
Cyberterrorism is amost sinister form of hacking involving cyberterrorists hacking systems to conduct terrorist activities through network or internet pathways.
An example was defacement of NATO web pages during the war in Kosovo.
Question 41. What Are The Deliberate Acts Of Theft?
Illegal taking of another's property - physical, electronic, or intellectual
The value of information suffers when it is copied and taken away without the owner's knowledge
Physical theft can be controlled - a wide variety of measures used from locked doors to guards or alarm systems
Electronic theft is a more complex problem to manage and control - organizations may not even know it has occurred.
Question 42. What Are Deliberate Software Attacks?
When an individual or group designs software to attack systems, they create malicious code/software called malware
Designed to damage, destroy, or deny service to the target systems
back door or trap door
Question 43. What Are The Forces Of Nature Affecting Information Security?
Forces of nature, force majeure, or acts of God are dangerous because they are unexpected and can occur with very little warning
Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information
Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation
Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations.
Question 44. What Are Technical Hardware Failures Or Errors?
Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws
These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability
Some errors are terminal, in that they result in the unrecoverable loss of the equipment
Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated.
Question 45. What Are Technical Software Failures Or Errors?
Question 46. What Is Technological Obsolescence?
When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems
Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks
Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action.
Question 47. What Is An Attack?
An attack is the deliberate act that exploits vulnerability
It is accomplished by a threat-agent to damage or steal an organization's information or physical asset
An exploit is a technique to compromise a system
A vulnerability is an identified weakness of a controlled system whose controls are not present or are no longer effective
An attack is then the use of an exploit to achieve the compromise of a controlled system.
Question 48. What Is A Malicious Code?
This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information. The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices.
Virus - Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection.
Hoaxes - A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached.
Question 51. What Is Distributed Denial-of-service (ddos)?
DDoS is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
Question 52. What Is Back Door?
Back Doors - Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource.
Question 53. Define Dictionary Attack ?
The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses.
Question 54. What Are The Various Forms Of Attacks ?
Question 55. What Is Denial-of-service (dos) ?
attacker sends a large number of connection or information requests to a target
so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service
may result in a system crash, or merely an inability to perform ordinary functions.
Question 56. Define Spoofing ?
It is a technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
Question 57. Define Man-in-the-middle ?
Man-in-the-middle is an attacker sniffs packets from the network, modifies them, and inserts them back into the network.
Question 58. What The Roles To Be Played By The Communities Of Interest To Manage The Risks An Organization Encounters?
It is the responsibility of each community of interest to manage risks; each community has a role to play:
Question 59. What Is The Process Of Risk Identification?
A risk management strategy calls on us to "know ourselves" by identifying, classifying, and prioritizing the organization's information assets These assets are the targets of various threats and threat agents and our goal is to protect them from these threats.
Question 60. What Are Asset Identification And Valuation ?
This iterative process begins with the identification of assets, including all of the elements of an organization's system: people, procedures, data and information, software, hardware, and networking elements.
Question 61. What Is Asset Information For People?
Security clearance level
Question 62. What Are Hardware, Software, And Network Asset Identification?
When deciding which information assets to track, consider including these asset attributes:
Question 63. What Are Asset Information For Procedures?
What elements is it tied to
Where is it stored for reference
Where is it stored for update purposes.
Question 64. What Are The Asset Information For Data?
Size of data structure
Data structure used - sequential, relational
Online or offline
Backup procedures employed.
Question 65. How Information Assets Are Classified?
Examples of these kinds of classifications are:
Informal organizations may have to organize themselves to create a useable data classification model
The other side of the data classification scheme is the personnel security clearance structure.
Question 66. Define Data Classification And Management?
A variety of classification schemes are used by corporate and military organizations
Information owners are responsible for classifying the information assets for which they are responsible
Information owners must review information classifications periodically
The military uses a five-level classification scheme but most organizations do not need the detailed level of classification used by the military or federal agencies.
Question 67. What Are Security Clearances?
The other side of the data classification scheme is the personnel security clearance structure
Each user of data in the organization is assigned a single level of authorization indicating the level of classification
Before an individual is allowed access to a specific set of data, he or she must meet the need-to-know requirement
This extra level of protection ensures that the confidentiality of information is properly maintained.
Question 68. Explain The Process Of Threat Identification?
Each of the threats identified so far has the potential to attack any of the assets protected
This will quickly become more complex and overwhelm the ability to plan
To make this part of the process manageable, each step in the threat identification and vulnerability identification process is managed separately, and then coordinated at the end of the process.
Question 69. What Is Vulnerability Identification?
We now face the challenge of reviewing each information asset for each threat it faces and creating a list of the vulnerabilities that remain viable risks to the organization.
Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset.
Examine how each of the threats that are possible or likely could be perpetrated and list the organization's assets and their vulnerabilities.
The process works best when groups of people with diverse backgrounds within the organization work iteratively in a series of brainstorming sessions.
Question 70. What Is Risk Assessment?
We can determine the relative risk for each of the vulnerabilities through a process called risk assessment
Risk assessment assigns a risk rating or score to each specific information asset, useful in gauging the relative risk introduced by each vulnerable information asset and making comparative ratings later in the risk control process.
Question 71. Mention The Risk Identification Estimate Factors ?
Value of Information Assets
Percent of Risk Mitigated
Question 72. Give An Example Of Risk Determination ?
For the purpose of relative risk assessment:
risk = likelihood of vulnerability occurrence times value (or impact) -
percentage risk already controlled + an element of uncertainty
Information Asset A has an value score of 50 and has one vulnerability:
Vulnerability 1 has a likelihood of 1.0 with no current controls and you estimate that assumptions and data are 90 % accurate
Asset A: vulnerability rated as 55 = (50 * 1.0) - 0% + 10%.
Question 73. What Is A Policy?
A policy is a plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters.
Question 74. What Are The Three Types Of Security Policies?
Management defines three types of security policy:
Question 75. What Is Security Program Policy?
A security program policy (SPP) is also known as:
Question 76. Define Issue-specific Security Policy (issp) ?
addresses specific areas of technology
requires frequent updates
contains an issue statement on the organization's position on an issue.
Question 77. What Are Acl Policies?
ACLs allow configuration to restrict access from anyone and anywhere
Question 78. What Is Information Security Blueprint?
The Security Blue Print is the basis for Design,Selection and Implementation of Security Policies,education and training programs,and technology controls.
Question 79. Define Iso 17799/bs 7799 Standards And Their Drawbacks ?
One of the most widely referenced and often discussed security models is the Information Technology - Code of Practice for Information Security Management, which was originally published as British Standard BS 7799
This Code of Practice was adopted as an international standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799 in 2000 as a framework for information security.
Question 80. Mention The Drawbacks Of Iso 17799/bs 7799 ?
Several countries have not adopted 17799 claiming there are fundamental problems:
The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799
17799 lacks "the necessary measurement precision of a technical standard"
There is no reason to believe that 17799 is more useful than any other approach currently available
17799 is not as complete as other frameworks available
17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls.
Question 81. What Are The Objectives Of Iso 17799?
Organizational Security Policy is needed to provide management direction and support
Operational Security Policy
Organizational Security Infrastructure
Asset Classification and Control
Physical and Environmental Security
Communications and Operations Management
System Access Control
System Development and Maintenance
Business Continuity Planning
Question 82. What Is The Alternate Security Models Available Other Than Iso 17799/bs 7799?
Another approach available is described in the many documents available from the Computer Security Resource Center of the National Institute for Standards and Technology (csrc.nist.gov) - Including:
NIST SP 800-12 - The Computer Security Handbook
NIST SP 800-14 - Generally Accepted Principles and Practices for Securing IT Systems
NIST SP 800-18 - The Guide for Developing Security Plans for IT Systems.
Question 83. Lis The Management Controls Of Nist Sp 800-26?
Review of Security Controls
Life Cycle Maintenance
Authorization of Processing Certification and Accreditation
System Security Plan.
Question 84. Mention The Operational Controls Of Nist Sp 800-26 ?
Question 85. What Are The Technical Controls Of Nist 800-26?
Identification and Authentication
Logical Access Controls
Question 86. What Is Sphere Of Protection?
The "sphere of protection" overlays each of the levels of the "sphere of use" with a layer of security, protecting that layer from direct or indirect use through the next layer.
The people must become a layer of security, a human firewall that protects the information from unauthorized access and use Information security is therefore designed and implemented in three layers policies people (education, training, and awareness programs) technology.
Question 87. What Is Defense In Depth?
One of the foundations of security architectures is the requirement to implement security in layers
Defense in depth requires that the organization establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls.
Question 88. What Is Security Perimeter?
The point at which an organization's security protection ends, and the outside world begins is referred to as the security perimeter.
Question 89. What Are The Key Technological Components Used For Security Implementation?
A firewall is a device that selectively discriminates against information flowing into or out of the organization
The DMZ (demilitarized zone) is a no-man's land, between the inside and outside networks, where some organizations place Web servers
In an effort to detect unauthorized activity within the inner network, or on individual machines, an organization may wish to implement Intrusion Detection Systems or IDS.
Question 90. What Is Systems-specific Policy (syssp)?
SysSPs are frequently codified as standards and procedures used when configuring or maintaining systems..
Systems-specific policies fall into two groups:
Access control lists (ACLs) consist of the access control lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.
Question 91. What Is The Importance Of Blueprint?
The blueprint should specify the tasks to be accomplished and the order in which they are to be realized. It should serve as a scaleable,upgradable,and comprehensive paln for the information security needs for coming years.
Question 92. What Are The Approaches Of Issp?
Question 93. What Are Firewalls?
A firewall is any device that prevents a specific type of information from moving between the untrusted network outside and the trusted network inside The firewall may be:
Question 94. Explain Different Generations Of Firewalls ?
Question 95. Mention The Functions Of First Generation Firewall ?
Examines every incoming packet header and selectively filters packets based on address, packet type, port request, and others factors.
Question 96. What Are The Restrictions Of First Generation Firewall?
The restrictions most commonly implemented are based on:
Question 97. What Is The Advantage Of Second Generation Firewalls?
The primary disadvantage of application-level firewalls is that they are designed for a specific protocol and cannot easily be reconfigured to protect against attacks on protocols for which they are not designed.
Question 98. Define Stateful Inspection Firewall ?
It keeps track of each network connection established between internal and external systems using a state table which tracks the state and context of each packet in the conversation by recording which station sent what packet and when.
Question 99. What Is The Disadvantage Of Third Generation Firewalls?
The primary disadvantage is the additional processing requirements of managing and verifying packets against the state table, which can possibly expose the system to a DoS attack. These firewalls can track connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic.
Question 100. What Is The Function Of Fifth Generation Firewall?
The final form of firewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack.
Question 101. How Firewalls Are Categorized By Processing Mode?
The five processing modes are:
Question 102. What Is The Drawback Of Packet-filtering Router?
The drawback of packet-filtering router includes a lack of auditing and strong authentication.
Question 103. What Are Screened-host Firewall Systems ?
Screened-Host firewall system allows the router to pre-screen packets to minimize the network traffic and load on the internal proxy.
Question 104. What Is The Use Of An Application Proxy?
An Application proxy examines an application layer protocol, such as HTTP, and performs the proxy services.
Question 105. What Are Dual Homed Host Firewalls?
The bastion-host contains two NICs (network interface cards)
One NIC is connected to the external network, and one is connected to the internal network
With two NICs all traffic must physically go through the firewall to move between the internal and external networks.
Question 106. What Is The Use Of Nat?
A technology known as network-address translation (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable.
Question 107. What Are Screened-subnet Firewalls?
Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host protecting the trusted network
The first general model consists of two filtering routers, with one or more dual-homed bastion-host between them
The second general model involves the connection from the outside or untrusted network.
Question 108. What Are Sock Servers?
The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation.
Question 109. What Are The Recommended Practices In Designing Firewalls?
Question 110. What Are Intrusion Detection Systems(ids)?
IDSs work like burglar alarms
IDSs require complex configurations to provide the level of detection and response desired
An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets
IDSs use one of two detection methods, signature-based or statistical anomaly-based.
Question 111. What Are Different Types Of Idss?
A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organization's network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.
A Host-based IDS(HIDS) works differently from a network-based version of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that system. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe status of key system files and detect when an intruder creates ,modifies or deletes monitored files.
Question 114. What Is The Use Of Hids?
A HIDs is also capable of monitoring system configuration databases,such as windows registries,in addition to stored configuration files like .ini,.cfg,and .dat files.
Question 115. What Is Application-based Ids?
A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users exceeding their authorization,invalid file executions etc.
Question 116. What Is Signature-based Ids?
A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of patterns that match known signatures - that is,preconfigured ,predetermined attack patterns.
Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm the system reviews the log files generated by servers,network devices,and wven other IDSs. These systems look for patterns and signatures in the log files that may indicate an attack or intrusion is in process or has already succeeded.
Question 118. What Are Honey Pots?
Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves. These systems are created for the sole purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.
Question 119. What Are Honey Nets?
When a collection of honey pots connects several honey pot systems on a subnet,it may be called a honey net.
Question 120. What Are Padded Cell Systems?
A Padded Cell is a honey pot that has been protected so that it cannot be easily compromised. In otherwords,a padded cell is a hardened honey spot..
Question 121. What Are The Advantages And Disadvantages Of Using Honey Pot Or Padded Cell Approach?
Question 122. What Are Foot Printing And Finger Printing?
One of the preparatory part of the attack protocol is the collection of publicly available information about a potential target,a process known as footprinting. Footprinting is the organized research of the Internet addresses owned or controlled by the target organization.
The next phase of the attack protocol is a second intelligence or data-gathering process called fingerprinting. This is systematic survey of all of the target organization's Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.
Question 123. What Are Vulnerability Scanners?
Vulnerability scanners are capable of scanning networks for very detailed information.
As a class, they identify exposed usernames and groups, show open network shares, expose configuration problems, and other vulnerabilities in servers.
Question 124. Define Packet Sniffers ?
A network tool that collects copies of packets from the network and analyzes them Can be used to eavesdrop on the network traffic
To use a packet sniffer legally, you must be:
on a network that the organization owns under direct authorization of the owners of the network have knowledge and consent of the content creators (users).
Question 125. What Is Cryptography?.
Cryptography, which comes from the Greek work kryptos,meaning "hidden",and graphein,meaning "to write",is aprocess of making and using codes to secure the transmission of information.
Question 126. What Is Cryptoanalysis?
Cryptoanalysis is the process of obtaining the original message(called plaintext) from an encrypted message(called the ciphertext) without knowing the algorithms and keys used to perform the encryption.
Question 127. Define Encryption ?
Encryption is the process of converting an original message into a form that is unreadable to unauthorized individuals-that is,to anyone without the tools to convert the encrypted message back to its original format.
Question 128. Define Decryption ?
Decryption is the process of converting the cipher text into a message that conveys readily understood meaning.
Question 129. What Is Public Key Infrastructure (pki)?
PKI or Public Key Infrastructure
Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can:
Question 130. What Are The Pki Benefits ?
PKI protects information assets in several ways:
Question 131. How E-mail Systems Are Secured?
Encryption cryptosystems have been adapted to inject some degree of security into e-mail:
S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication
Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems
PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures
Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange.
Question 132. What Are The Seven Major Sources Of Physical Loss?
Question 133. What Is A Secure Facility?
A secure facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats.
A secure facility can use the natural terrain; traffic flow, urban development, and can complement these features with protection mechanisms such as fences, gates, walls, guards, and alarms.
Question 134. What Are The Controls Used In A Secure Facility?
Walls, Fencing, and Gates
Dogs, ID Cards, and Badges
Locks and Keys
Alarms and Alarm Systems
Walls and Doors.
Question 135. What Are The Functions Of Chief Information Security Officer?
The CISO performs the following functions:
Information Security Related Tutorials
|Management Information systems Tutorial||Network Security Tutorial|
|Computer Security Tutorial||Information Security Cyber Law Tutorial|
Information Security Related Interview Questions
|Management Information systems Interview Questions||Network Security Interview Questions|
|Computer Network Security Interview Questions||CISSP(Certified Information Systems Security Professional) Interview Questions|
|Information Security Audits Interview Questions||Computer Security Interview Questions|
|Cyber Security Interview Questions||Information Security Analyst Interview Questions|
|Security Assertion Markup Language (Saml) Interview Questions|
Information Security Related Practice Tests
|Management Information systems Practice Tests||Network Security Practice Tests|
|Computer Network Security Practice Tests||CISSP(Certified Information Systems Security Professional) Practice Tests|
|Information Security Audits Practice Tests||Computer Security Practice Tests|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.