Chapter 1: Computer Systems Overview
B. deception
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. A. unauthorized disclosure B. deception C. disruption D. usurpation
C. denial of service
The _________ prevents or inhibits the normal use or management of communications facilities. A. passive attack B. traffic encryption C. denial of service D. masquerade
D. data integrity
The assurance that data received are exactly as sent by an authorized entity is __________. A. authentication B. data confidentiality C. access control D. data integrity
A. System Integrity
________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A. System Integrity B. Data Integrity C. Availability D. Confidentiality
C. Privacy
__________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability B. System Integrity C. Privacy D. Data Integrity
A. Traffic padding
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. A. Traffic padding B. Traffic routing C. Traffic control D. Traffic integrity
False
1. Threats are attacks carried out.
True
10. In the context of security our concern is with the vulnerabilities of system resources.
True
11. Hardware is the most vulnerable to attack and the least susceptible to automated controls.
False
12. Contingency planning is a functional area that primarily requires computer security technical measures.
True
13. X.800 architecture was developed as an international standard and
True
14. The first step in devising security services and mechanisms is to develop a security policy.
False
15. Assurance is the process of examining a computer product or system with respect to certain criteria.
True
2. Computer security is protection of the integrity, availability, and confidentiality of information system resources.
True
3. Data integrity assures that information and programs are changed only in a specified and authorized manner.
True
4. Availability assures that systems works promptly and service is not denied to authorized users.
False
5. The "A" in the CIA triad stands for "authenticity".
True
6. The more critical a component or service, the higher the level of availability required.
True
7. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.
False
8. Security mechanisms typically do not involve more than one particular algorithm or protocol.
True
9. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.
D. high
A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. low B. normal C. moderate D. high
B. security attack
A __________ is any action that compromises the security of information owned by an organization. A. security mechanism B. security attack C. security policy D. security service
B. vulnerability
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. A. countermeasure B. vulnerability C. adversary D. risk
A. confidentiality
A loss of _________ is the unauthorized disclosure of information. A. confidentiality B. integrity C. authenticity D. availability
D. exposure
A threat action in which sensitive data are directly released to an unauthorized entity is __________. A. corruption B. disruption C. intrusion D. exposure
A. passive attack
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A. passive attack B. inside attack C. outside attack D. active attack
B. countermeasure
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. A. attack B. countermeasure C. adversary D. protocol
C. attack
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. A. risk B. asset C. attack D. vulnerability
A. masquerade
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. A. masquerade B. interception C. repudiation D. inference
