01. The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain secure computers and communication networks is:
a) Nortells Unified Security Framework
b) The IBM Security Framework
c) Bell Labs Network Security Framework
d) Microsoft Internet Security Framework
02. Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?
a) California SB 1386
b) Sarbanes-Oxley 2002
c) Gramm-Leach-Bliley Act (GLBA)
d) USA Patriot Act 2001
03. A security policy is a document or set of documents that describes, at a high level, the security controls that will be implemented by the company. Which one of the following policies forbids everything and restricts usage of company computers, whether it is system usage or network usage?
a) Paranoid Policy
b) Prudent Policy
c) Promiscuous Policy
d) Information-Protection Policy
04. You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?
a) Analyzing, categorizing and prioritizing resources
b) Evaluating the existing perimeter and internal security
c) Checking for a written security policy
d) Analyzing the use of existing management and control architecture
05. TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each layer. Which one of the following protocols is used to collect information from all the network devices?
a) Simple Network Management Protocol (SNMP)
b) Network File system (NFS)
c) Internet Control Message Protocol (ICMP)
d) Transmission Control Protocol (TCP)
06. A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:
a) Microsoft Internet Security Framework
b) Information System Security Assessment Framework (ISSAF)
c) Bell Labs Network Security Framework
d) The IBM Security Framework
07. Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.
a) Information-Protection Policy
b) Special-Access Policy
c) Remote-Access Policy
d) Acceptable-Use Policy
08. A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications. Which of the following frameworks helps an organization in the evaluation of the company’s information security with that of the industrial standards?
a) Microsoft Internet Security Framework
b) Information System Security Assessment Framework
c) The IBM Security Framework
d) Nortell’s Unified Security Framework
09. Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
a) California SB 1386
b) Sarbanes-Oxley 2002
c) Gramm-Leach-Bliley Act (GLBA)
d) USA Patriot Act 2001
10. Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:
a) Information System Security Assessment Framework (ISSAF)
b) Microsoft Internet Security Framework
c) Nortells Unified Security Framework
d) Federal Information Technology Security Assessment Framework
The purpose of this Sample Question Set is to provide you with information about the EC-Council Security Analyst (ECSA) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the ECSA certification test. To get familiar with real exam environment, we suggest you try our Sample EC-Council ECSA v10 Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EC-Council Certified Security Analyst (ECSA) certification exam.