Questions - Intro to Security

In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk Assessment F. Availability

B, D, and F. Confidentiality, integrity, and availability (known as CIA, the CIA triad, and the security triangle) are the three main goals when it comes to information security. Another goal within information security is accountability.

Which of the following individuals uses code with little knowledge of how it works? A. Hacktivist B. Script kiddie C. APT D. Insider

B. A script kiddie uses code and probably doesn't understand how it works and what the repercussions will be. Other actors such as hackers, hacktivists, insiders, and so on will usually have a higher level of sophistication when it comes to technology. An advanced persistent threat (APT) is a group of technical processes or the entity that implements those processes. An APT is just that—advanced—and is on the other side of the spectrum from the script kiddie.

Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity

B. You should use non-repudiation to prevent Tom from denying that he sent the e-mails.

To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor

A. To protect against malicious attacks, think like a hacker. Then, protect and secure like a network security administrator.

A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? A. Confidentiality B. Integrity C. Remediation D. Availability

B. The recipient should be concerned about the integrity of the message. If the e-mail client application cannot verify the digital signature of the sender of the e-mail, then there is a chance that the e-mail either was intercepted or is coming from a separate dangerous source. Remember, integrity means the reliability of the data, and whether or not it has been modified or compromised by a third party before arriving at its final destination.

You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption

C. An ID card is an example of a physical security control. Passwords and encryption are examples of technical controls. A disaster recovery plan (DRP) is an example of an administrative control.

Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) A. Accountability B. Assessment C. Availability D. Auditing

C. Availability is what the A in CIA stands for, as in "the availability of data." Together the acronym stands for confidentiality, integrity, and availability. Although accountability is important and is often included as a fourth component of the CIA triad, it is not the best answer. Assessment and auditing are both important concepts when checking for vulnerabilities and reviewing and logging, but they are not considered to be part of the CIA triad.

Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data

C. For removable storage, the confidentiality of data is the greatest risk because removable storage can easily be removed from the building and shared with others. Although the other factors of the CIA triad are important, any theft of removable storage can destroy the confidentiality of data, and that makes it the greatest risk.

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? A. Availability of virtual machines B. Integrity of data C. Data confidentiality D. Hardware integrity

C. There is a concern about data confidentiality with cloud computing because multiple customers are sharing physical hard drive space. A good portion of customers run their cloud-based systems in virtual machines. Some virtual machines could run on the very same hard drive (or very same array of hard drives). If one of the customers had the notion, he could attempt to break through the barriers between virtual machines, which if not secured properly, would not be very difficult to do.

When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never

D. A system can never truly be completely secure. The scales are always tipping back and forth; a hacker develops a way to break into a system, then an administrator finds a way to block that attack, and then the hacker looks for an alternative method. It goes on and on; be ready to wage the eternal battle!

When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity

D. The I in CIA stands for integrity. The acronym CIA stands for confidentiality, integrity, and availability. Accountability is also a core principle of information security.