Chapter 1 Flashcards
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing?
Availability
Integrity
Confidentiality
Non-repudiation
Confidentiality
Which of the following BEST describes a cyber terrorist?
Desires some kind of financial reward or revenge
Exploits internal vulnerabilities to steal information
Disrupts network-dependent institutions
Downloads and runs attacks available on the internet
Disrupts network-dependent institutions
Your computer system is a participant in an asymmetric cryptography system. You’ve created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.
In this example, which protection does the hashing activity provide?
Availability
Integrity
Confidentiality
Non-repudiation
Integrity
Which of the following is an example of an internal threat?
A delivery man is able to walk into a controlled area and steal a laptop.
A server backdoor allows an attacker on the internet to gain access to the intranet site.
A user accidentally deletes the new product designs.
A water pipe in the server room breaks.
A user accidentally deletes the new product designs.
Which of the following could an employee also be known as?
Internal threat
Cybercriminal
Script kiddie
Exploit
Internal threat
By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message?
Authentication
Integrity
Non-repudiation
Privacy
Non-repudiation
Which of the following includes all hardware and software necessary to secure data, such as firewalls and antivirus software?
Users and administrators
Policies
Assets
Physical security
Physical security
Which of the following are often identified as the three main goals of security? (Select three.)
Integrity
Non-repudiation
Policies
Employees
Assets
Availability
Confidentiality
Confidentiality
Integrity
Availability
Which of the following is the correct definition of a threat?
Instance of exposure to losses from an attacker
Absence or weakness of a safeguard that could be exploited
The likelihood of an attack taking advantage of a vulnerability
Any potential danger to the confidentiality, integrity, or availability of information or systems
Any potential danger to the confidentiality, integrity, or availability of information or systems
Which of the following is an example of a vulnerability?
Misconfigured server
Virus infection
Unauthorized access to confidential resources
Denial-of-service attack
Misconfigured Server
The Application layer of the security model includes which of the following? (Select two.)
User education
Web application security
User management
Log management
Environmental controls
Web application security
User management
When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)
Clean desk policies
Password policies
Group policies
Usage policies
Encryption policies
Clean desk policies
Password policies
Which of the following reduces the risk of a threat agent being able to exploit a vulnerability?
Countermeasures
Manageable network plans
Secure data transmissions
Implementation of VLANs
Countermeasures
Which of the following items would be implemented at the Data layer of the security model?
Cryptography
Auditing
Authentication
Group policies
Cryptography
Which of the following items would you secure in the Perimeter layer of the security model?
Firewalls
VLANs
Switches
Routers
Firewalls
