CH1 Mastering Security Basics

Question 1

True or False:
Confidentiality, integrity, and availability form the CIA security triad, which is a model used to guide an organization’s security principles.

Answer 1

True

Page 2822

Question 2

What is the security triad described as?

Answer 2

A model used to guide an organization’s security principles.

Question 3

What is the name of the model used to guide an organization’s security principle’s ?

Answer 3

Security/CIA triad

Question 4

What factors make up the security triad?

Answer 4

Confidentiality
Integrity
Availability

Question 5

What does CIA stand for?

Answer 5

Confidentiality
Integrity
Availability

Question 6

Confidentiality, Integrity, and Availability are factors for what model?

Answer 6

Security/CIA triad

Question 7

What describes a goal that an organization wants to achieve?

Answer 7

Use case

Question 8

A use case describes what?

Answer 8

A goal that an organization wants to achieve

Question 9

What is a common naming convention for a use case?

Answer 9

Verb-noun

Question 10

Give an example(s) of a well named use case

Answer 10

Place order

Login to system

Question 11

What common elements make up a use case?

Answer 11

1. Actors
2. Precondition
3. Trigger
4. Post condition
5. Normal flow
6. Alternate flow

Question 12

Match the elements below with their definitions

1. Alternate flow
2. Post condition
3. Precondition
4. Trigger
5. Actors
6. Normal flow

A. Starts the use case
B. Occurs after the process is triggered
C. General steps a process follows
D. Exception steps a process could follow
E. An entity which performs an action
F. Required to be done before so the process can begin

Answer 12

1, D
2, B
3, F
4, A
5, E
6, C

Question 13

List a few elements of a use case

Answer 13

1. Actors
2. Precondition
3. Trigger
4. Post condition
5. Normal flow
6. Alternate flow

Question 14

What does confidentiality do?

Answer 14

Prevents the unauthorized disclosure of data

Question 15

What is the prevention of unauthorized disclosure of data known as?

Answer 15

Confidentiality

Question 16

What scrambles data to make it unreadable by unauthorized entities?

Answer 16

Encryption

Question 17

What does encryption do?

Answer 17

Scrambles data to make it unreadable by unauthorized entities

Question 18

What does AES stand for?

Answer 18

Advanced Encryption Standard

Question 19

What does DES stand for?

Answer 19

Data Encryption Standard

Question 20

List three access control elements

Answer 20

1. Identification
2. Authentication
3. Authorization

Question 21

What is identification?

Answer 21

Unique attributes that make up an entity

Question 22

What is Authentication?

Answer 22

The process of determining if an entity is who they claim to be

Question 23

What is Authorization?

Answer 23

The process of determining what permission an entity has for data and systems

Question 24

Match the term to the meaning

1. Identification
2. Authorization
3. Authentication

A. The process of determining what permission an entity has for data and systems
B. The unique attributes that make up an entity
C. The process of determining if an entity is who they claim to be

Answer 24

1, B
2, A
3, C

Question 25

Access controls are used to ______ and ______ access

A. Prevent, Protect
B. Grant, Restrict
C. Prime, Lock
D. Test, Break

Answer 25

B. Grant, Restrict

Question 26

What is the best way to protect data confidentiality?

Answer 26

Encryption

Question 27

Choose all answers that are true

Encryption is ____

A. The act of scrambling data to be unreadable to unauthorized users
B. Not used to secure data
C. The best way to protect data confidentiality
D. A protocol only used by hackers

Answer 27

A. The act of scrambling data to be unreadable to unauthorized users
and
C. The best way to protect data confidentiality

Question 28

What helps to protect confidentiality?

Answer 28

Access controls

Question 29

______ provides assurance that data has not changed

Answer 29

Integrity

Question 30

What does integrity provide assurance of?

Answer 30

That data has not changed

Question 31

Integrity provides assurance that _____ has not ____

Answer 31

Data has not changed

Question 32

What causes a loss of integrity?

A. Unauthorized change to data
B. Unintended changes
C. System errors
D. All of the above

Answer 32

D. All of the above

Question 33

List a technique which enforces integrity

Answer 33

Hashing

Question 34

Hashing is a technique which enforces _____

Answer 34

Integrity

Question 35

What does SHA stand for with respect to data integrity?

A. Secure Hashing Access
B. Secure Hashing Ability
C. Secure Hashing Availability
D. Secure Hashing Algorithm

Answer 35

D. Secure Hashing Algorithm

Question 36

What does a hashing algorithm do?

A. Generates a variable length of reversible output
B. Encrypts data using a key
C. Creates a fixed length of irreversible output
D. Obfuscates data

Answer 36

C. Creates a fixed length of irreversible output

Question 37

How does a hashing algorithm ensure integrity?

A. It doesn’t
B. Comparing hash outputs on the same data during different times. If they match the data has not changed.

Answer 37

B.

Question 38

True or False:

Hashes identify what has changed in data

Answer 38

False

It can only generate output used for comparison. It does not indicate what differences exist

Question 39

What are some ways hashing is used to ensure data integrity?

A. Sending/Receiving e-mail
B. Downloading files
C. Uploading files
D. Migrating data

Answer 39

A. Sending/Receiving e-mail
and
B. Downloading files

Question 40

True or False

Availability means data and services are available when needed.

Answer 40

True

Question 41

What is used to ensure high levels of availability in organizations?

A. Fault tolerance
B. Encryption
C. Redundancy
D. Hashing

Answer 41

A. Fault tolerance

C. Redundancy

Question 42

Fault tolerance and ______ are used to ensure high levels of availability

Answer 42

Redundancy

Question 43

Redundancy and _____ _____ are used to ensure high levels of availability

Answer 43

Fault tolerance

Question 44

Redundancy adds ____ to critical systems

A. Decoupling
B. Complexity
C. Duplication
D. Encryption

Answer 44

C. Duplication

Question 45

Duplication is added to critical systems for

A. Reversal
B. Removal
C. Regression
D. Redundancy

Answer 45

D. Redundancy

Question 46

Fault tolerance is the ability to

A. Prevent disruption in service
B. Manage large loads of data
C. Segregate roles and responsibilities
D. Remove malicious software

Answer 46

A. Prevent disruption in service

Question 47

A goal of redundancy and fault tolerance is to remove:

A. Worms
B. Viruses
C. Single Points of Failure
D. Spyware

Answer 47

C. Single points of failure

Question 48

What does SPOF stand for?

Answer 48

Single points of failure

Question 49

True or False

An SPOF is a failure that causes an entire system failure

Answer 49

True

Question 50

An SPOF is a failure that causes

A. Minimal outages
B. Intermittent system failure
C. Entire system failure
D. Partial system failure

Answer 50

C. Entire system failure

Question 51

Match the fault tolerance and redundancy methods with their definitions

1. Disk redundancies
2. Server redundancies
3. Network redundancies
4. Power redundancies

A. Multiple communication paths
B. Multiple servers
C. Multiple disks
D. Multiple power sources

Answer 51

1, C
2, B
3, A
4, D

Question 52

RAID-1, RAID-5, RAID-10, and backups are configurations of which fault tolerance and redundancy method?

A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies

Answer 52

A. Disk redundancies

Question 53

Failover clusters are configurations of which fault tolerance and redundancy method?

A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies

Answer 53

B. Server redundancies

Question 54

Load balancing and network interface card teaming are configurations of which fault tolerance and redundancy method?

A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies

Answer 54

C. Network redundancies

Question 55

Uninterruptible power supplies and power generators are examples of which fault tolerance and redundancy method?

A. Disk redundancies
B. Server redundancies
C. Network redundancies
D. Power redundancies

Answer 55

D. Power redundancies

Question 56

Scalability and elasticity contribute to ____ ____

A. Low availability
B. Intermittent availability
C. High availability
D. Remote availability

Answer 56

C. High availability

Question 57

The difference between scalability and elasticity is

A. Scalability is for static configurations and elasticity is for dynamic configurations
B. The amount of hardware required
C. The amount of software required
D. The amount of cost

Answer 57

A. Scalability is for static configurations and elasticity is for dynamic configurations

Question 58

Scaling up/out ____ resources. Scaling down/in_____ resources

Answer 58

Increases, decreases

Question 59

Cloud resources typically have _____ capability

A. Static
B. Dormant
C. Elastic
D. Diverse

Answer 59

C. Elastic

Question 60

Another method of ensuring availability is

A. Encrypting
B. Hashing
C. Authenticating
D. Patching

Answer 60

D. Patching

Question 61

______ helps systems heal themselves and recover from faults with minimal downtime

Answer 61

Resiliency

Question 62

True or False

Resiliency methods are similar to high availability methods of redundancy and fault tolerance

Answer 62

True

Question 63

Resiliency incorporates _______ failed sequences

Answer 63

Retrying

Question 64

Organizations frequently need to balance resources with _______

A. Data integrity
B. Scalability
C. Security constraints
D. Redundancy

Answer 64

C. Security constraints

Question 65

Why is there a need to balance resources and security constraints?

A. Costs
B. Time
C. Availability
D. Confidentiality

Answer 65

A. Costs

To implement highest security constraints can be costly and are result in a company not being profitable

Question 66

_____ is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.

A. Resources
B. Redundancy
C. Reputation
D. Risk

Answer 66

D. Risk

Question 67

Risk is

A. When there are no threats to an exploited vulnerability
B. When all systems are operational with no issues
C. The basics of security
D. When there is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss

Answer 67

D. When there is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss

Question 68

A ______ is a weakness.

Answer 68

Vulnerability

Question 69

A vulnerability is known as a ______ in security

Answer 69

Weakness

Question 70

A ________ is an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.

Answer 70

Security incident

Question 71

True or False

A security incident is an adverse event or series of events that can negativity affect the confidentiality, integrity or availability of an organization’s information technology (IT) systems and data

Answer 71

True

Question 72

A security event can include which of the following:

A. Intentional attacks
B. Malicious software (malware) infections
C. Accidental data loss
D. All of the above

Answer 72

D. All of the above

Question 73

_________ reduces the chances that a threat will exploit a vulnerability.

Answer 73

Risk mitigation

Question 74

Risk mitigation

A. increases the chances that a threat will exploit a vulnerability.
B. has no impact on the chances that a threat will exploit a vulnerability.
C. reduces the chances that a threat will exploit a vulnerability.
D. All of the above

Answer 74

C. reduces the chances that a threat will exploit a vulnerability.

Question 75

What is used to reduce risk?

A. Containers
B. Constants
C. Controls
D. Contents

Answer 75

C. Controls

Question 76

True or False

You can’t prevent most threats

Answer 76

True

Question 77

True or False

You can only reduce the risk of threats

Answer 77

True