Archive for Exam 2007 SW (AM)

Question 80

Which of the following compression methods may not be able to completely restore the original information when the compressed information is decompressed?

a) GIF
b) JPEG
c) Run length method
d) ZIP

answer

Comments (5)

Question 79

Which of the following statements appropriately de-scribes the Security Assertion Markup Language (SAML)?

a) SAML defines a mechanism for widely publicizing information concerning Web services and allows searching functions which those services provide, etc.
b) SAML defines a protocol for sending e-mail that is protected from eavesdropping, reading, and modification by unauthorized users.
c) SAML defines a Web service protocol for efficiently’ managing key information that is used in digital signatures.
d) SAML defines a Web service protocol for transmitting authentication, attribute and access control information to different domains.

answer

Comments (1)

Question 78

Which of the following is an appropriate statement concerning the implementation contents of risk management?

a) Because speculative risks can occur outside the scope of management by the business entity, such potential risks are not included in the objects of management.
b) Because the risk of future occurrences of losses is un-certain, risk is estimated in terms not of the budget for implementing the countermeasures but of the amount of possible loss.
c) Risk analysis covers not only pure risks but also speculative risk
d) Risk finance covers all the costs of risk management such as risk analysis and risk control.

answer

Leave a Comment

Question 77

Which of the following appropriately describes the content of the Common Criteria (CC) that has been reached by integrating and standardizing the TCSEC used by the U.S. and ITSEC for European governmental procurement?

a) Basic information security technology standards.
b) Security evaluation criteria concerning information technology.
c) Security function standards concerning communication services.
d) Security management protocol standards.

answer

Leave a Comment

Question 76

Which of the following is an appropriate statement concerning the security of a system that accesses a Web server from a browser?

a) Because the HTML documents that are created by CGI programs or servlets change their contents dynamically, the contents of the cache on the proxy server are never disclosed to any unauthorized user.
b) If provisions are made so that every user must initially log into a PC by using HTTP basic authentication when the same PC is to be used by multiple users, then no information can be disclosed to any unauthorized user even when the user is changed with the browser running.
c) The time required to respond to clients’ requests can not be improved by the use of a reverse proxy because a reverse proxy provides no capability for caching static contents.
d) The use of SSL ensures that the information exchanged between users and the Web server is never disclosed to any unauthorized user, even if a proxy server exists in the communication path.

answer

Leave a Comment

Question 75

Which of the following refers to faking an emergency situation in order to illegally elicit and obtain passwords and the whereabouts of confidential information from personnel in an organization without using electronic methods?

a) Password cracking
b) Social engineering
c) Springboard attack
d) Trojan horse

answer

Comments (2)

Question 74

Which of the following is an appropriate statement in regard to firewall systems?

a) In the application gateway system, the gateway function must be set for each application protocol.
b) The circuit gateway system controls whether to permit the passage of commands.
c) The packet filtering system can provide filtering by words contained in an e-mail.
d) The transport gateway system provides a gateway function that depends on the application protocol.

answer

Leave a Comment

Older Posts »