Chpt 1 Review Questions
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity
B. You should use non-repudiation to prevent Tom from denying that he sent the e-mails.
Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) A. Accountability B. Assessment C. Availability D. Auditing
C. Availability is what the A in CIA stands for, as in "the availability of data." Together the acronym stands for confidentiality, integrity, and availability.
When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity
D. The I in CIA stands for integrity. The acronym CIA stands for confidentiality, integrity, and availability. Accountability is also a core principle of information security.
To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor
A. To protect against malicious attacks, think like a hacker. Then, protect and secure like a network security administrator.
In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk Assessment F. Availability
B, D, and F. Confidentiality, integrity, and availability (known as CIA, the CIA triad, and the security triangle) are the three main goals when it comes to information security. Another goal within information security is accountability.
Which of the following individuals uses code with little knowledge of how it works? A. Hacktivist B. Script kiddie C. APT D. Insider
B. A script kiddie uses code and probably doesn't understand how it works and what the repercussions will be.
A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? A. Confidentiality B. Integrity C. Remediation D. Availability
B. The recipient should be concerned about the integrity of the message. If the e-mail client application cannot verify the digital signature of the sender of the e-mail, then there is a chance that the e-mail either was intercepted or is coming from a separate dangerous source. Remember, integrity means the reliability of the data, and whether or not it has been modified or compromised by a third party before arriving at its final destination.
You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption
C. An ID card is an example of a physical security control. Passwords and encryption are examples of technical controls. A disaster recovery plan (DRP) is an example of an administrative control.
Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data
C. For removable storage, the confidentiality of data is the greatest risk because removable storage can easily be removed from the building and shared with others.
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? A. Availability of virtual machines B. Integrity of data C. Data confi dentiality D. Hardware integrity
C. There is a concern about data confidentiality with cloud computing because multiple customers are sharing physical hard drive space. A good portion of customers run their cloud-based systems in virtual machines. Some virtual machines could run on the very same hard drive (or very same array of hard drives). If one of the customers had the notion, he could attempt to break through the barriers between virtual machines, which if not secured properly, would not be very difficult to do.
When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never
D. A system can never truly be completely secure. The scales are always tipping back and forth; a hacker develops a way to break into a system, then an administrator finds a way to block that attack, and then the hacker looks for an alternative method. It goes on and on; be ready to wage the eternal battle!