Ch. 1 - Security Principles Flashcards

1
Q

Ensure the data has not been altered in an unauthorized manner.

A. Confidentiality
B. Integrity
C. Availability
D. Non-Repudiation

A

B. Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protect the data that needs protection and prevent access to unauthorized individuals.

A. Integrity
B. Availability
C. Identification
D. Confidentiality

A

D. Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ensure data is accessible to authorized users when and where it is needed, and in the form and format that is required.

A. Availability
B. Confidentiality
C. Integrity
D. Assessment

A

A. Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk Treatment:

Taking no action to reduce the likelihood of a risk occurring.

A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer

A

A. Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Treatment:

The decision to attempt to eliminate the risk entirely.

A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer

A

B. Risk Avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Treatment:

The most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer

A

C. Risk Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Treatment:

The practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer

A

D. Risk Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Controls:

Physical hardware devices, such as a badge reader, architectural features of buildings and facilities that address process-based security needs.

A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls

A

C. Physical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Controls:

Also called logical controls, security controls that computer systems and networks directly implement.

A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls

A

B. Technical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Controls:

Also known as managerial controls, directives, guidelines or advisories aimed at the people within the organization.

A. Administrative Controls
B. Technical Controls
C. Physical Controls
D. Polity Controls

A

A. Administrative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Governance Elements:

Commonly issued in the form of laws, usually from government (not to be confused with governance) and typically carry financial penalties for non-compliance.

A. Procedures
B. Policies
C. Standards
D. Regulations

A

D. Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Governance Elements:

Used by governance teams to provide a framework to introduce policies and procedures in support of regulations.

A. Procedures
B. Policies
C. Standards
D. Regulations

A

C. Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Governance Elements:

Put in place by organizational governance, such as executive management, to provide guidance to all activities to ensure that the organization supports industry standards and regulations.

A. Procedures
B. Policies
C. Standards
D. Regulations

A

B. Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Governance Elements:

The detailed steps to complete a task that support departmental or organizational policies.

A. Procedures
B. Policies
C. Standards
D. Regulations

A

A. Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which formula is correct?

A. Level of Risk = Probability + Impact
B. Level of Risk = Severity + Cause
C. Level of Risk = Impact + Cause
D. Level of Risk = Probability + Severity

A

A. Level of Risk = Probability + Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Definitions:

Anything of value that is owned by an organization.

A

Asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Definitions:

Access control process validating that the identity being claimed by a user or entity is known to the system, by comparing one or more factors of identification.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

A. Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Definitions:

The right or a permission that is granted to a system entity to access a system resource.

A. Authentication
B. Availability
C. Confidentiality
D. Authorization

A

D. Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Definitions:

Ensuring timely and reliable access to and use of information by authorized users.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

B. Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Definitions:

A documented, lowest level of security configuration allowed by a standard or organization.

A

Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Definitions:

Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.

A

Biometric

22
Q

Definitions:

Malicious code that acts like a remotely controlled “robot” for an attacker, with other Trojan and worm capabilities.

A

Bot

23
Q

Definitions:

Information that has been determined to required protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.

A

Classified or Sensitive Information

24
Q

Definitions:

The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

C. Confidentiality

25
Q

Definitions:

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering.

A. Encryption
B. Decryption
C. Encapsulate
D. Decapsulate

A

A. Encryption

26
Q

Definitions:

European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right.

A. PCI DSS - Payment Card Industry Data Security Standards
B. HIPAA - Health Insurance Portability and Accountability Act
C. PII - Personal Identifiable Information
D. GDPR - General Data Protection Regulation

A

D. General Data Protection Regulation (GDPR)

27
Q

Definitions:

This U.S. federal law is the most important healthcare information regulation in the United States.

A. PCI DSS - Payment Card Industry Data Security Standards
B. HIPAA - Health Insurance Portability and Accountability Act
C. PII - Personal Identifiable Information
D. GDPR - General Data Protection Regulation

A

B. Health Insurance Portability and Accountability Act (HIPAA)

28
Q

Definitions:

Using two or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification.

A

Multi-Factor Authentication

29
Q

Definitions:

The inability to deny taking an action such as creating information, approving information and sending or receiving a message.

A

Non-repudiation

30
Q

Definitions:

Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks.

A. Physical Controls
B. Administrative Controls
C. Logical Controls
D. Technical Controls

A

A. Physical Controls

31
Q

Definitions:

The right of an individual to control the distribution of information about themselves.

A. Identifiable Information
B. Privacy
C. Integrity
D. Confidentiality

A

B. Privacy

32
Q

Definitions:

A measure of the extent to which an entity is threatened by a potential circumstance or event.

A

Risk

33
Q

Definitions:

Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

B. Risk Acceptance

34
Q

Definitions:

The process of identifying and analyzing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals and other organizations. The analysis performed as part of risk management which incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place.

A. Risk Management
B. Risk Assessment
C. Risk Configuration
D. Risk Reduction

A

B. Risk Assessment

35
Q

Definitions:

Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

A. Risk Avoidance

36
Q

Definitions:

The process of identifying, evaluating and controlling threats, including all the phases of risk context (or frame), risk assessment, risk treatment and risk monitoring.

A. Risk Management
B. Risk Assessment
C. Risk Configuration
D. Risk Reduction

A

A. Risk Management

37
Q

Definitions:

A structured approach used to oversee and manage risk for an enterprise.

A

Risk Management Framework (RMF)

38
Q

Definitions:

Putting security controls in place to reduce the possible impact and/or likelihood of a specific risk.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

C. Risk Mitigation

39
Q

Definitions:

The level of risk an entity is willing to assume in order to achieve a potential desired result.

A. Risk Tolerance
B. Risk Assessment
C. Risk Level
D. Risk Threat

A

A. Risk Tolerance

40
Q

Definitions:

Paying an external party to accept the financial impact of a given risk.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

D. Risk Transference

41
Q

Definitions:

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.

A. Threat
B. Vulnerability
C. Exploit
D. Threat Vector

A

A. Threat

42
Q

Definitions:

An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.

A. Threat Vector
B. Threat Object
C. Threat Exploit
D. Threat Actor

A

D. Threat Actor

43
Q

Definitions:

The means by which a threat actor carries out their objectives.

A. Threat
B. Vulnerability
C. Exploit
D. Threat Vector

A

D. Threat Vector

44
Q

Definitions:

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source.

A. Threat
B. Vulnerability
C. Exploit
D. Threat Vector

A

B. Vulnerability

45
Q

Security Concepts of Information Assurance

Protect the data that needs protection and prevent access to
unauthorized individuals.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

C. Confidentiality

46
Q

Security Concepts of Information Assurance

Ensure the data has not been altered in an unauthorized manner.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

D. Integrity

47
Q

Security Concepts of Information Assurance

Ensure data is accessible to authorized users when and where it is needed, and in the form and format that is required.

A. Authentication
B. Availability
C. Confidentiality
D. Integrity

A

B. Availability

48
Q

Risk Treatment:

is taking no action to reduce the likelihood of a risk occurring.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

B. Risk Acceptance

49
Q

Risk Treatment:

is the decision to attempt to eliminate the risk entirely.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

A. Risk Avoidance

50
Q

Risk Treatment:

is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

C. Risk Mitigation

51
Q

Risk Treatment:

is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

A

D. Risk Transference