CS205 CURRENT FINAL TERM SOLVE PAPER CS205 current final term paper CS205 final term currently paper 2024|CS205 final term 2024|CS205final term preparation spring 2024
cs205
timing 12bjy
security maturity
csmm ki first lyar ka name
security transformation model ki 4 layar ko ghoma ghoma kr pora paper bana dia example angering kin c layer hy konsa step hy kis ki layr kitni costy hy aisy hi 4 layer ko ghoma ghoma ky paper bana dia
short mie aisy names pochy layer ky example security transformation ki stage 2 ki layer ka name btay
testing wala question tha
2 testing ki layer name
initial r intermediate ki example ko compare krna tha example ess mie initial kon c hy intermediate kon c jaisa keh police hy
long mie bhi enhu layar ky kam r name match krny thy
MCQ No 1----------- Technique / Solution can be used to
analyze and block inbound email
attachments
with malicious behavior.
A.
Enterprise antivirus
B.
Sandboxing
C. Siem solution
D. Fim solution
MCQ No2: OWASP software
assurance maturity model (SAMM) undertakes software security testing
and validation during
…………
A.
Governance and deployment
B. Governance and verification
C.
Verification deployment
D. Construction and Governance
MCQ No 3: Creating
awareness relating to policy and ISMS fall under----------- Clause.
A.
Support
B. Operation
C. Performance evaluation
D. Leadership
MCQ No 4: Assigning
resources, assignment rules and communicating roles fall under-------- clause.
A. Support
B.
Leadership
C. Performance evaluation
MCQ No 5: The objective of COBIT is to
help organization---------------- --.
A.
Create optical
values from it by balancing benefits with risk
B. Implement a strong governance of it
C. Manage it effectively while
ensuring business continuity
D. Create a single page it dashboard
MCQ No 6: In security transformation model ownership of validation of controls lies with
A.
IT operation team
B. Business team
C.
Info security
or consultant
D. IT help desk team
MCQ No 7: where should source code be kept as best practice?
A.
Access control system
B. Change control
system
C. Version control
system
D.
Source control
system
MCQ No 8: As per ISO27001 Operating procedure should be
A.
Confidential
B. Verbally
communicated
C. Decided on adhoc basis
D.
Documented and available to who need them
MCQ No 9: It seems to conducting a successful security
transformation project is more challenging in a?
A.
Large size organization
B. Medium size organization
C.
Small sized organization
D. Environment where multiple sites are present
MCQ No 10: Stage 2
of security transformation refers to
A.
Security Governance
B. Security engineering
C. Security hardening
D.
Vulnerability management
MCQ No 11--------- should be used to ensure that critical system
files have not been altered.
A.
CIS cat pro
B. Qualys vulnerability scanner
C. Security information and event monitoring tools
D.
File integrity monitoring tool
MCQ No 12: An authentic information head always -----------
A.
Take credit of every thing
B. Never admits mistakes and failure
C.
Give credit
where it is due
D. Very strict and disciplined
MCQ No 13: Network
performance degradation can be faced in----------- step of VM cycle.
A.
Preparing the scanner
B. Analyzing the asset
C.
Running the scanner
D. Applying the patches
MCQ No 14------------ category vulnerabilities have the highest
severity in Qualys
scan.
A.
Level 2 ( Not sure )
B. Level 3
C. Level 4
D. Level 5
MCQ No15: ISO31000 guidelines are centered on--------- ?
A. Organization context
B.
Leadership and commitment
C. Planning
D. operation
MCQ No 16------------- plays an instrumental role in success
of security transformation program.
A.
IT team lead by CIO
B. Business team
C. Internal team
D. Highest management
MCQ No17-------- should be deployed to limit
and control that which devices
can be connected to the
network?
A. 802.1x
B. 802.11g
C. 802.11b
D. 802.11n
MCQ No 18: all network traffic to or from internet
must pass through---------- to filter
unauthenticated
connections.
A.
Application layering
proxy
B. Session layer filtering proxy
C. Network layer filtering proxy
D. System layer filtering proxy
MCQ No 19: in which phase
of Security assessment, assessment method based on report format are decided
A.
Report finding
B.
Build plan, scope and objectives
C. Assign role
D. Conduct assessment
MCQ No 20: Automated tool should be used to verify and compare the network device
configuration with
A.
Approved security
configuration
B. Recommended security
configuration by vendor
C. Latest security
configuration released by vendor
D. Default security
configuration released by vendor
MCQ No 21: Under
security transformation model which team is responsible for validation of control ?
A.
Business team
B.
Info security
team or consultant
C. IT operation team
D. IT help desk
team
MCQ No 22: The computer security
resources center (CSRC) website guides
user to------- resources?
A.
CIS resources on computer , cyber, information security and privacy
B. SANS resources on computer, cyber,
information security and privacy
C.
NITS resources
on computer , cyber, information security and privacy
D.
PCI resources on computer , cyber, information security and privacy
MCQ No 23: Complex password
should be enforced
to survive--------------------- ?
A.
Dictionary attack
B. Injection attack
C. DOS attack
D. Phishing attack
MCQ No 24-------------- activities are carried out in phase
1 (Pilot phase)
of information security
transformation program?
A.
Perform hardening of Key IT asset in Test environment
B. Understand origination and its security
issues
C. Develop ISMC
D. Identify assets
for various phases
MCQ No 25: Candidness quality of information security head means that he---- ?
A.
Promote performance and merit
B. Encourage-solo flight
of team member
C.
Honesty and straight talk
D. Adjust players
in right position
MCQ No 26-------------- protocol used for Assigning address dynamically?
A.
DCP
B. HTTP
C.
DHCP
D. IP
MCQ No 27------- Team has primary ownership of vulnerability management process?
A.
Information security
team.
B. IT operation team
C. Business team
D. Risk and compliance team
MCQ No 28-------- Rules are mentioned relate to C++ security
hardening?
A.
Seven
B. Eight
C. Nine
D.
Ten
MCQ No 29------- is goal f performing
audit
A.
Testing Security that is Assumed
to be secure
B. Technical assessment design to achieve
specific goals
C. To fix as many things are possible and efficiently as possible
D.
Focuses on how on existing configuration compare to standard
MCQ No 30. Under security transformation model which team is responsible for implementing controls?
A.
It operation team
B. Security consultant
C. Risk compliance team
D. Business team
MCQ No 31: In--------- assessment tester has full access to all internal
information about the target?
A.
White box assessment
B. Grey box assessment
C. Black box assessment
D. Risk assessment
MCQ No 32--------- assessment is designed to determine whether
an attacker can achieve specific
goals
when facing your current
security posture?
A. Threat assessment
B. Bug bounty
hunting
C.
Penetration testing
D. Red team exercise
MCQ No 33--------- are the key benefits
of security transformation project implementation to an
organization?
A.
IT team get experience and aware of security
B.
Prevention of attack
C. IT team gets incentives
D. Management becomes
aware of IT team capability
MCQ No 34---------- action is recommended for organization having
very good security
posture and has a
score higher than 85%?
A.
Go for risk assessment
B. Third party security review
C.
Go for ISO27001 certification
D. Information security
transformation program
MCQ No 35: Version
of security related
updates should be applied on network devices?
A. Latest
B. Default
C.
Latest and stable
D. Oldest
MCQ No 36: Most of the problem associated with week security
posture is due to------- ?
A.
Lack of awareness
B. Lack of funds
C. Lack of experience
D. Lack of commitment
MCQ No 37: The information security
policy need to be----------- ?
A.
Review once in three year
B. Update once in five year
C. Locked in drawer and kept confidential
D.
Regularly reviewed
and approved for the changes
MCQ No 38: In case of financial sector------------ regulations need to be reviewed and understood to
raise management support for security transformation?
A.
SBP
B. PTA
C. PEMRA
D. PEPRA
MCQ No 39: Inventory of authorized and unauthorized software
control require making a list of----- ?
A.
Authorized access and version
B. Authorized operating system and version
C.
Authorized software
and version
D. Unauthorized software
and version
MCQ No 40: Which
principle should be used when setting up a user in data base?
A.
Principle of normal
user
B. Principle of administrative user
C.
Principle of least privilege
D. Principle of highest privilege
Q. 41....... which team has primary owner ship in vulnerability management?
ANS: Information security
team
Q. 42. Steps involved in vulnerability management?
Ans: Identify,
classify, remediate, and mitigate the vulnerability
Q. 43: For creating scanning policies, qualys built in policies
library include. Ans: CIS and DISA policies
Q. 44. What is the first step in automated mechanism
of security hardening and validation??
Ans: Scan an IT asset using Qualys nessus
compliance scan
Q. 45. There are------ benefits of version control.
ANS: SEVEN
Q. 46: ISO 31000 guidelines are centered on? Ans: Leadership and commitment.
Q. 47: creating awareness related to policy and
ISMS fall under??? :
ANS: Support
48- chose the correct statement:
- Allow all IP
address
- Deny
all IP address
-
Deny communication with known malicious
IP address
- Allow communication with unused IP address
49: In small
sized security organization in Pakistan, It is likely the number of inf security stall will ?
Ans: 1-5 or 2-4
50: In Medium
sized security organization in Pakistan, It is
likely the number of ifo security stall will ?
Ans: 10-15
51: In Large
sized security organization in Pakistan, It is likely
the number of ifo security
stall will ?
Ans: 30
52: What was the old name ISO27002:2013?
Ans: ISO17799
0 Comments
Post a Comment