CIA

Question 1

CIA represents

Answer 1

confidentiality, integrity, and availability

Question 2

A federal technology agency that works with industry to develop and apply technology, measurements, and standards

Answer 2

National Institute of Standards and Technology (NIST)

Question 3

A publicly announced standardizations developed by the United States Federal Government for use in computer systems by all nonmilitary government agencies and government contractors

Answer 3

Federal Information Processing Standard (FIPS)

Question 4

The three categories of security controls that are endorsed by both FIPS and NIST are

Answer 4

Technical, Operational, Management

Question 5

Access controls, audit and accountability, identification and authentication, along with system and communications protection are good examples of

Answer 5

Technical security control

Question 6

Awareness and training, configuration management, contingency planning, incident response, maintenance, media protection, physical and environmental protection, personnel security, and system and information integrity are good examples of

Answer 6

Operational security control

Question 7

Certification and accreditation, planning, risk assessment, system and services acquisition, and program management fall under

Answer 7

Management security control

Question 8

Preventing the unauthorized access of information to individuals or systems

Answer 8

Confidentiality

Question 9

Under confidentiality, the process of taking cleartext (plain text) and scrambling it into ciphertext, is known as

Answer 9

Encryption

Question 10

A barrier that will either permit or deny access to a physical location or part of the network infrastructure is called what ?

Answer 10

Access control system

Question 11

Under confidentiality, the process of converting cyphertext back to cleartext (plain text) is known as

Answer 11

Decrypption

Question 12

Hiding data within a picture file is know as

Answer 12

Steganography

Question 13

These three mechanisms of encryption, access controls, and steganography can be used as part of

Answer 13

Confidentiality

Question 14

The protection of data to ensure that from a source to a destination, the data has not been altered

Answer 14

Integrity

Question 15

hashing, digital signatures, certificates, through to nonrepudiation are goals of

Answer 15

Integrity

Question 16

_________ are used to validate to a recipient that the person that sent a message was indeed the person that sent i

Answer 16

Digital signatures

Question 17

_______ the ascertain, the identities of either individual users, computers, or other entities on a network

Answer 17

Certificate

Question 18

Ensure that resources are available for any service that you offer an end user or a consumer is:

Answer 18

Availability

Question 19

Three mechanisms that make a network resilient (available) are

Answer 19

redundancy, fault tolerance, and patching

Question 20

What additional two properties were added to the C-I-A Triad by ISO 7498-2?

Answer 20

• authentication: the ability of a system to confirm the identity of a sender
• nonrepudiation or accountability: the ability of a system to confirm that a
sender cannot convincingly deny having sent something

Question 21

What additional property did U.S. Department of Defense [DOD85] add to the C-I-A Triad in addition to what was amended by ISO 7498-2?

Answer 21

auditability: the ability of a system to trace all actions related to a given asset.

Question 22

The integrity of an item has been preserved when the item is:

Answer 22

Precise
Accurate
Unmodified
Modified only in acceptable ways
Modified only by authorized people
Modified only by authorized processes
Consistent
Meaningful and usable