Chapter1

Question 1

The protection afforded to an automated information system in order to attain the applicable objectives of perserving the integrity, availability and confidentiality of information system resources

Answer 1

Computer Security

Question 2

The CIA triad

Answer 2

• confidentiality
• integrity
• availability

Question 3

Confidentiality covers:

Answer 3

• Data confidentiality

- Privacy

Question 4

Integrity covers:

Answer 4

• Data Integrity

- System Integirty

Question 5

Preserving authorized restrictions on information access and disclosure

Answer 5

Confidentiality

Question 6

Guarding against improper information modification or destruction

Answer 6

integrity

Question 7

Ensuring timely and reliable access to and use of information

Answer 7

Availability

Question 8

Levels of impact:

Answer 8

Low, Moderate and High

Question 9

The loss could be expected to have a limited adverse effect on organizational operations, assets or individuals

Answer 9

low impact

Question 10

The loss could be expected to have a serious adverse effect on organizational operations, assets or individuals

Answer 10

moderate impact

Question 11

The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, assets or individuals

Answer 11

High impact

Question 12

An entity that attacks, or is a threat to, a system

Answer 12

Adversary

Question 13

An assault on system security that derives from an intelligent threat

Answer 13

Attack

Question 14

An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it.

Answer 14

Countermeasure

Question 15

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.

Answer 15

Risk

Question 16

A set of rules and practices that specify or regulate how a system or organization provides a security services to protect sensitive and critical system resources.

Answer 16

Security Policy

Question 17

Data contained in an information system

Answer 17

System Resource(Asset)

Question 18

A potential of violation of security.

Answer 18

Threat

Question 19

A flaw of weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security key

Answer 19

Vulnerability

Question 20

Categories of vulnerabilities

Answer 20

• Corrupted(loss of integrity)
• Leaky (Loss of confidentiality)
• Unavailable or very slow(loss of availability)

Question 21

• capable of exploiting vulnerabilities

- represent potential security harm to an asset

Answer 21

Threats

Question 22

Attacks

Answer 22

• Passive
• Active
• Insider
• Outsider

Question 23

• Attempts to learn or make use of information from the system but does not affect system resources
• Goal of attacker is to obtain information that is being transmitted.
• (e.g Eavesdropping)

Answer 23

Passive Attack

Question 24

Two types of passive attack

Answer 24

• Release of message contents

- Traffic analysis

Question 25

Active Attack

Answer 25

• Attempts to alter system resources or affect their operation
• Involve some modification of the data stream ir the creation of a false stream

Question 26

Four categories of Active Attack

Answer 26

• Replay
• Masquerade
• Modification of messages
• Denial of Service