01. How many parties (minimum) have a role in an OpenID Connect authentication data flow?
a) 2
b) 3
c) 4
d) 5
02. What does Security Assertion Markup Language (SAML) provide?
a) Use social networks for authentication (‘Use your Facebook account to login’).
b) Authenticate both users and applications in enterprise environments.
c) Secure exchange authentication information in a federated environment.
d) Authenticate users in enterprise environments.
03. Currently, several technologies are connected to the Internet, for example smartphones, tablets and IoT. Therefore, the number of public IP addresses will not be enough in the future.
Based on this scenario, which statement is correct?
a) IPv4 has an address space of 32-bits, which is enough for the future.
b) IPv4 with NAT (Network Address Translation) functionality has enough public IP for the future
c) IPv6 addresses will be enough just working with IPv4 addresses.
d) IPv6 has an address space of 128 bits, which is enough for the future.
04. A hub represents the central component, with which a star topology-based network can be built. What is the main reason that hubs are hardly ever used anymore?
a) A hub is only able to recognize the hardware address of a node, not the logical address (IP address). For this reason a hub is not suitable to be used in local network environments.
b) A hub is not able to recognize any address information. Therefore, a hub will send network traffic, which is destined for a particular host, to all other hosts in the network. For this reason the network will be overloaded when many hosts want to communicate.
c) A hub is able to recognize the hardware address of a node, but ignores this and will send network traffic, which is destined to a particular host, to all other hosts in the network. For this reason network traffic can be easily intercepted.
d) A hub is only able to recognize the logical address (IP address) of a node. For this reason a hub is not suitable to be used in local network environments.
05. Databases are very challenging from a security perspective. One of the more risky vulnerabilities is inference. How can inference be explained?
a) As the corruption of data integrity by input data errors or erroneous processing
b) As running processes at the same time, thus introducing the risk of inconsistency
c) As bypassing security controls at the front end, in order to access information for which one is not authorized
d) As deducing sensitive information from available information
06. In the context of authorization the principle of ‘need-to-know’ is one of the most important ones to consider. What does the principle of ‘need-to-know’ mean?
a) Critical tasks can only be completed by at least two individuals, so that collusion is needed to be able to commit fraud.
b) Users should be assigned with a minimum level of access rights to perform their tasks.
c) Users should have access to only the information that is needed to perform their tasks.
d) Users should be assigned only temporary access rights to perform their tasks.
07. Which CPU family was developed by Apple?
a) A5
b) Core i7
c) Power8
d) Sparc T5
08. ARP (Address Resolution Protocol) represents one of the most important network protocols in TCP/IP-based network environments. What does ARP basically do?
a) ARP translates the hardware address of a node to its IP address.
b) ARP replies with the IP address of a particular node to any node that requests this.
c) ARP translates the IP address of a node to its hardware address.
d) ARP replies with the hardware address of a particular node to the default gateway.
09. Which IP version best anticipates on the exhaustion of public IP addresses in the near future?
a) SMTP
b) S/MIME
c) HTTP
d) FTP
10. The Relational Database Management System is the dominant database management model. What does a foreign key represent or provide?
a) It provides a method for referential integrity.
b) It represents a column that uniquely identifies a row in a table.
c) It provides a link or reference to a primary key in the same table.
d) It represents the relationship between columns.
The purpose of this Sample Question Set is to provide you with information about the EXIN Cyber and IT Security Foundation (CISEF) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISEF certification test. To get familiar with real exam environment, we suggest you try our Sample EXIN CISEF Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EXIN Cyber and IT Security Foundation certification exam.