1. P1L1-Chapter1- Security Mindset - Practice Test - Midterm1

usurpation

Misappropriation and misuse are attacks that result in ____________ threat consequences.

countermeasure

A(n) ________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.

inside attack

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.

True

Availability assures that systems works promptly and service is not denied to authorized users. True or False

D. Exposure

10. A threat action in which sensitive data are directly released to an unauthorized entity is __________. A. corruption C. disruption B. intrusion D. exposure

active

10. Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.

A. Masquerade

11. An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. A. masquerade C. interception B. repudiation D. inference

availability

3. A loss of _________ is the disruption of access to or use of information or an information system.

True

Hardware is the most vulnerable to attack and the least susceptible to automated controls.

True

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

It defines a systematic approach for managers, describing a way of organizing the task of providing security.

What is the OSI security architecture?

False. C-Confidentiality, I-Integerity, A-Availability

The "A" in the CIA triad stands for "authenticity". True or False

Data

The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _______________.

Data integrity

The assurance that data received are exactly as sent by an authorized entity is __________.

True

The first step in devising security services and mechanisms is to develop a security policy.

True

The more critical a component or service, the higher the level of availability required. True or False

Define computer security.

The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, information, data...).

False

Threats are attacks carried out. True or False

Computer Security

. ___________________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

B. Privacy

1. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability C. System Integrity B. Privacy D. Data Integrity

Computer Security

1. __________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

contingency

11. Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.

risk

12. A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

B. Denial of Service

12. The _________ prevents or inhibits the normal use or management of communications facilities. A. passive attack C. traffic encryption B. denial of service D. masquerade

C. Security Attack

13. A __________ is any action that compromises the security of information owned by an organization. A. security mechanism C. security attack B. security policy D. security service

mechanisms

13. The OSI security architecture focuses on security attacks, __________, and services.

digital signature

14. A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

D. Data Integrity

14. The assurance that data received are exactly as sent by an authorized entity is __________. A. authentication C. data confidentiality B. access control D. data integrity

recovery

15. Security implementation involves four complementary courses of action: prevention, detection, response, and _________.

A. Traffic Padding

15. __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. A. Traffic padding C. Traffic routing B. Traffic control D. Traffic integrity

CIA Triad

2. Confidentiality, Integrity, and Availability form what is often referred to as the _____.

A. System Integrity

2. ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A. System Integrity C. Data Integrity B. Availability D. Confidentiality

A. Confidentiality

3. A loss of _________ is the unauthorized disclosure of information. A. confidentiality C. integrity B. authenticity D. availability

D. High

4. A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. low C. normal B. moderate D. high

FERPA (Family Educational Rights and Privacy Act)

4. In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

C. Vulnerability

5. A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. A. countermeasure C. vulnerability B. adversary D. risk

attack

5. A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

countermeasure

6. A(n) _________ is any means taken to deal with a security attack.

B. Attack

6. An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. A. risk C. asset B. attack D. vulnerability

C. Countermeasure

7. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. A. attack C. countermeasure B. adversary D. protocol

usurpation

7. Misappropriation and misuse are attacks that result in ________ threat consequences.

A. Passive Attack

8. A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A. passive attack C. inside attack B. outside attack D. active attack

data

8. The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.

C. Deception

9. Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. A. unauthorized disclosure C. deception B. disruption D. usurpation

passive

9. Release of message contents and traffic analysis are two types of _________ attacks.

High

A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

vulnerability

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) ____

Confidentiality

A loss of ___ is the unauthorized disclosure of information.

availability

A loss of _________ is the disruption of access to or use of information or an information system.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n)____

masquerade

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

False

Assurance is the process of examining a computer product or system with respect to certain criteria.

True

Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. True or False

True

Computer security is protection of the integrity, availability, and confidentiality of information system resources. True or False

CIA triad

Confidentiality,Integrity, and Availability form what is often referred to as the _____.

False

Contingency planning is a functional area that primarily requires computer security technical measures.

True

Data integrity assures that information and programs are changed only in a specified and authorized manner.

FERPA (Family Educational Rights and Privacy Act)

In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

True

In the context of security our concern is with the vulnerabilities of system resources

+Passive: Unauthorized Disclosure +Active: ---> Deception ---> Disruption ---> Usurpation (An event that results in control of system services of functions by an unauthorized entity)

List and briefly define categories of passive and active network security attacks.

Encipherment +Digital Signature +Access Control +Data Integrity +Authentication Exchange +Trusted Functionality +Event Detection +Security Audit Trails.

List and briefly define categories of security mechanism

+Authentication +Access Control +Data Confidentiality +Data Integrity +Non-repudiation (Prevents either sender or receiver from denying a transmitted message) +Availability

List and briefly define categories of security services.

False

Security mechanisms typically do not involve more than one particular algorithm or protocol.

+Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file transfers, and client/server exchanges are examples of transmissions that can be monitored. +Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.

What is the difference between passive and active security threats?

True

X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

System Integrity

__ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

Privacy

__ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.