Chapter 1 - Introduction to Security Flashcards
In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Nonrepudiation D. Confidentiality E. Risk Assessment F. Availability
B, D, and F. Confidentiality, integrity, and availability (known as CIA or the CIA triad) are the three main goals when it comes to information security. Another goal within information security is accountability.
To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor
A. To protect against malicious attacks, think like a hacker. Then, protect and secure like a network security administrator.
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Nonrepudiation C. Confidentiality D. Integrity
B. You should use nonrepudiation to prevent Tom from denying that he sent the e-mails.
Which of the following does the A in CIA stand for when it comes to IT security? Select the best answer. A. Accountability B. Assessment C. Availability D. Auditing
C. Availability is what the “A” in “CIA” stands for, as in “the availability of data.”
Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data
C. For removable storage, the confidentiality of data is the greatest risk because removable storage can easily be removed from the building and shared with others. Although the other factors of the CIA triad are important, any theft of removable storage can destroy the confidentiality of data, and that
makes it the greatest risk.
When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity
D. The I in CIA stands for integrity. Together CIA stands for confidentiality, integrity, and availability. Accountability is also a core principle of information security.
You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption
C. An ID card is an example of a physical security control. Passwords and encryption are examples of technical controls. A disaster recovery plan (DRP) is an example of an administrative control.
When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never
D. A system can never truly be completely secure. The scales are always tipping back and forth; a hacker develops a way to break into a system, then an administrator finds a way to block that attack, and then the hacker looks for an alternative method. It goes on and on; be ready to wage the eternal battle!