CNS Reviewer Flashcards
Status Of Security In Computing (In Early 2000s)
- Some computing professionals & managers do not even recognize the value of the resources they use or control.
Any piece of the __ can become the target of a computing crime.
computing system
Status Of Security In Computing (In Early 2000s)
- In the event of a computing crime, some companies do not investigate or prosecute.
a collection of hardware, software, data, and people that an organization uses to do computing tasks
computing system
- The _ is the most serious vulnerability.
weakest point
Characteristics of Computer Intrusion
A computing system,,,
- The principles of easiest penetration
Security Breaches
Exposure
Vulnerability
Threats
Control
Assets
a form of possible loss or harm
Exposure
a weakness in the system
Vulnerability
Human attacks, natural disasters, errors
Threats
a protective measure
Control
h/w, s/w, data
*Assets
Types of Security Breaches
- Disclosure
- Deception
- Disruption
- Usurpation
unauthorized access to info
- Disclosure
- ex: Snooping
acceptance of false data
- Deception:
- ex: Modification, spoofing, repudiation of origin, denial of receipt
prevention of correct operation
- Disruption
- ex: Modification, man-in-the-middle attack
Security Components
- Confidentiality
- Integrity
*Availability
unauthorized control of some part of the system (___: take by force or without right)
- Usurpation
- ex: Modification, spoofing, delay, denial of service
usurp
The assets are accessible only by authorized parties.
- Keeping data and resources hidden
- Confidentiality
The assets are modified only by authorized parties, and only in authorized ways.
* Data integrity (integrity)
* Origin integrity (authentication)
- Integrity
Assets are accessible to authorized parties.
- Enabling access to data and resources
*Availability
Computing System Vulnerabilities
- Hardware vulnerabilities
- Software vulnerabilities
- Data vulnerabilities
- Human vulnerabilities
Software Vulnerabilities
- Destroyed (deleted) software
- Stolen (pirated) software
- Altered (but still run) software
- Logic bomb
- Trojan horse
- Virus
- Trapdoor
- Information leaks
- The principle of adequate protection
Data Security
- Storage of encryption keys
Data Security
- Software versus hardware methods
Data Security
Other Exposed Assets
*Storage media
*Networks
*Access
*Key people
People Involved in Computer Crimes
*Amateurs
*Crackers
*Career Criminals
Methods of Defense
- Encryption
- Software controls
*Hardware controls - Policies
- Physical controls
At the heart of all security methods
Encryption
Confidentiality of data
Encryption
Some protocols rely on __ to ensure availability of resources.
Encryption
__ does not solve all computer security problems.
Encryption
Software controls
- Internal program controls
- OS controls
- Development controls
are usually the 1st aspects of computer security that come to mind.
Software controls
This defines “___” for the site/system/etc.
Policy says what is, and is not, allowed
security
enforce policies
Mechanisms
can be simple but effective
Example: frequent changes of passwords
Mechanisms
If policies conflict, discrepancies may create security vulnerabilities
- Composition of policies
Gradually evolving and maturing
- Legal and ethical controls
Goals of Security
- Prevention *Detection *Recovery
Prevent attackers from violating security policy
- Prevention
Stop attack, assess and repair damage
Continue to function correctly even if attack succeeds
*Recovery
Detect attackers’ violation of security policy
*Detection
Assurance
- Specification
- Design
- Implementation
How system will meet specification
Design
- Requirements analysis
- Statement of desired functionality
Specification
Programs/systems that carry out design
Implementation
Operational Issues
- Cost-Benefit Analysis
- Risk Analysis
- Laws and Customs
Is it cheaper to prevent or to recover?
- Cost-Benefit Analysis
- Should we protect something?
- How much should we protect this thing?
Risk Analysis
Are desired security measures illegal?
Will people do them?
- Laws and Customs
Human Issues
- Organizational Problems
- People problems
Human Issues
1. Organizational Problems
- Power and responsibility
- Financial benefits
Human Issues
2. People Problems
- Outsiders and insiders
- Social engineering
- “ the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s ___ may or may not involve royalty payments or permission, but should always include proper credit.”
Intellectual Property
Intellectual Property includes:
́ Trade secrets
́ Copyrights
́ Trademarks
́ Patents
́ ___ constitute a threat
Intellectual Property
_Breaches
́ Most common breach
́ Software piracy
́ 1/3 of all software in use is pirated
Deliberate Software Attacks
́ Malicious code
́ Malicious software
́ Malware
́ First business hacked out of existence:
-́ Denial-of-service attack
́- Cloudnine:
British Internet service provider
First business hacked out of existence:
-́ Denial-of-service attack
́- Cloudnine
Cloudnine
British Internet service provider
Segments of code
Virus
Attaches itself to existing program
Virus
Takes control of program access
Virus
Replication
Virus
Malicious program
Worms
Replicates constantly
Worms
Doesn’t require another program
Worms
Can be initiated with or without the user download
Worms
Categories of Threat
- Compromises to intellectual property
- Software attacks
- Deviations in quality of service
- Espionage or trespass
- Forces of nature
- Acts of human error or failure
- Information extortion
- Deliberate acts of theft
- Missing, inadequate, or incomplete
- Missing, inadequate, or incomplete controls
- Sabotage or vandalism
- Theft
- Technical hardware failures or errors
- Technical software failures or errors
- Technological obsolescence
Piracy, copyright infringement
Compromises to intellectual property
Viruses, worms, macros, DoS
Software attacks
ISP, power, WAN service issues
from service providers
Deviations in quality of service
Unauthorized access and/or data collection
Espionage or trespass
Fire, flood, earthquake, lightning
Forces of nature
Accidents, employee mistakes
Acts of human error or failure
Blackmail or information disclosure
Information extortion
Illegal confiscation of equipment or information
Deliberate acts of theft
Loss of access to information systems due to disk drive failure, without proper backup and recovery plan
Missing, inadequate, or incomplete
Network compromised because no firewall security controls
Missing, inadequate, or incomplete controls
Destruction of systems or information
Sabotage or vandalism
Equipment failure
Technical hardware failures or errors
Illegal confiscation of equipment or information
Theft
Bugs, code problems, unknown loopholes
Technical software failures or errors
Antiquated or outdated technologies
Technological obsolescence
Other Malware
- Trojan Horse
- Back door or trap door
- Polymorphism
- Hoaxes
Hide their true nature
Trojan Horse
Reveal the designed behavior ONLY WHEN ACTIVATED
Trojan Horse
Allows access to system at will with special privileges
Back door or trap door
Changes it apparent shape over time
Polymorphism
Makes it undetectable by techniques that look for preconfigured signatures
Polymorphism
Espionage or Trespass
_
_
Intelligence Gathering
Trespass
Protect with
Trespass
Authentication
Authorization
competitive intelligence
Legal
industrial espionage
Illegal
Thin line
shoulder surfing
one technique
Protect with
Trespass
Authentication
Authorization
Intelligence Gathering
Legal
Illegal
Thin line
One technique
Hackers
́ 2 levels:
Experts & Novice
Develop software scripts
Experts
Develop program exploits
Experts
́ Novice
- Script kiddie
- Packet monkeys
Use previously written software
Script kiddie
́Use automated exploits
Packet monkeys
System Rule Breakers
- Crackers
- Phreakers
Individuals who _ or remove software protection designed to prevent unauthorized duplication
Crackers
crack
Use public networks to make free phone calls
Phreakers
Pose some of most dangerous threats
Forces of Nature
Unexpected and occur with little or no warning
Forces of Nature
Forces of Nature
- Fire
- Tornado
- Tsunami
- Electrostatic discharge
- Dust contamination
- Flood
- Earthquake
- Lightning
- Landslide
- Mudslide
- Hurricane/typhoon
- ___ performed ___ intent or malicious purpose by and authorized user
Acts of Human Error or Failure
Acts
without
Greatest threat to org info security
- Organization’s own employees
- Closest to the data
- Mistakes
Mistakes
- Revelation of classified data
- Entry of erroneous data
- Accidental deletion or modification of data
- Storage of data in unprotected areas
- Failure to protect information
Attacker or trusted insider steals information
Deliberate Acts
Information Extortion
Demands compensation
Information Extortion
Agree not to disclose information
Information Extortion
Deliberate sabotage of a computer system or business
Sabotage or Vandalism
Acts to destroy an asset
Sabotage or Vandalism
Damage to an image of an organization
Sabotage or Vandalism
Hackterist or cyber activist
Sabotage or Vandalism
- Interfere with or disrupt systems
- Protest the operations, policies, or actions
Hackterist or cyber activist
Cyber terrorism
Theft
Sabotage or Vandalism
- Illegal taking of another’s property
Theft
- Illegal taking of another’s property
́ Physical
́ Electronic
́ Intellectual
́ Constant
crime not always readily apparent
́ Problem
Large quantities of code written, published, and sold with bugs
Technical Software Failures or Errors
Bugs undetected and unresolved
Technical Software Failures or Errors
Combinations of software can cause issues
Technical Software Failures or Errors
Weekly patches
Technical Software Failures or Errors
Outdated hardware or software
Technology Obsolescence
Reliability problems
Technology Obsolescence
Management problem
- Should have plan in place
Technology Obsolescence
Non-support of legacy systems
Technology Obsolescence
Can be costly to resolve
Technology Obsolescence
Attacks
- IP scan and attack
- Web browsing
- Virus
- Mass mail
- Simple Network Management Protocol (SNMP)
Infected system scans IP addresses and targets vulnerabilities
IP scan and attack
Infects web content files infectious
Web browsing
Infect other machines
Virus
Infects any device that is unprotected
Unprotected shares
Use common password employed in early versions of the protocol the attacking program can gain control of device
Simple Network Management Protocol (SNMP)
e-mailing to all addresses in an address book
Mass mail
Methods of Attack
- Social Engineering
- IP-Spoofing
- SYN spoofing
- Scanning
- Denial of service
- Spam
- Mail bombing
- Sniffing
- Man-in-the-Middle
Methods of Attack
́ - Password Crack
- Brute force
- Dictionary
The design of the network infrastructure and communication protocols are a major contributor
Methods of Attack
IP address of the source element of the data packets are altered and replaced with bogus addresses
IP-Spoofing
́ The server is overwhelmed by spoofed packets
SYN spoofing
Way of determining which ports are open and can be used
Scanning
Smurf send large amount of spoofed ping packets
Denial of service
Overwhelms the system
Denial of service
Can stop response
Denial of service
Monitors data traveling over a network
Sniffing
legitimated and non legitimate
Sniffing
Packet sniffing
Sniffing
Monitors or sniffs packets from network
Man-in-the-Middle
Modifies the packets
Man-in-the-Middle
Inserts them back into the network
Man-in-the-Middle
Allows attacker to eavesdrop, change, delete, reroute, add, or divert data
Man-in-the-Middle
́ Variant
___ involves the interception of an encryption key exchange
Man-in-the-Middle
Spoofing
- There is an imbalance between our abilities as developers and the abilities and resources of the attacker.
Programming Errors
- Software can be correct without being secure.
Programming Errors
- ___ of software security bugs come from ___,well-understood’ programming mistakes
Programming Errors
95 percent
19 ‘common
- Explores the contents of a web browser’s cache
Timing Attack
- Allows a Web designer to create a malicious form of cookie that is stored on the client’s system
Timing Attack
- __ allow designer to collect information on how to access password protected sites
Timing Attack
Cookie
Cyberattacks only target large organizations and governments; individuals are safe from such threats
Fiction
Using strong, complex passwords for all accounts is enough to ensure complete cybersecurity.
Fiction
Regularly cleaning browser history and cookies ensures complete online privacy and protection
Fiction
Online shopping is safer when using public Wi-Fi networks because they are encrypted
Fiction
Strong passwords are characterized by their complexity, including a mix of uppercase and lowercase letters, numbers, and special characters.
Fact
___ is a technique that manipulates individuals into revealing confidential information or performing actions that compromise security.
Social engineering
Regularly updating your software and operating systems is an effective way to protect against known vulnerabilities and security threats
Fact
Malware is always spread through email attachments; downloading files from websites is always safe.
Fiction
Cybersecurity measures only involve technology; human behavior doesn’t play a significant role.
Fiction
__ transforms data into a coded format that can only be deciphered with the appropriate decryption key.
Data encryption
Regularly backing up data to an external source or cloud storage is essential to ensure data recovery in the event of hardware failure or a cyberattack.
Fact
A ___ can provide a secure and private connection by encrypting internet traffic and masking the user’s IP address.
VPN(Virtual Private Network)
A ___ is a network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.
firewall
Two-factor authentication (2FA) involves using two different passwords to access an account
Fiction
Once a file is deleted from a computer, it is permanently gone and cannot be recovered.
Fiction
Antivirus software is enough to protect a computer from all types of malware and cyber threats
Fiction
Multi-factor authentication (MFA) requires users to provide two or more different authentication factors to access an account.
Fact
Once you delete a post or photo from a social media platform, it’s permanently removed from the internet.
Fiction
Phishing emails are always easy to spot due to poor grammar and spelling mistakes.
Fiction
Using “incognito” or “private browsing” mode in a web browser guarantees complete anonymity and privacy while browsing the internet.
Fiction
is the practice of protecting systems, networks, and programs from digital attacks
Cybersecurity
- A ___ has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe.
successful cybersecurity
These ___ are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
cyberattacks
In an __, the people, processes, and technology must all complement one another to create an effective defense from cyber-attacks.
organization
A __ can automate integrations across select Cisco Security products and accelerate key security operations
unified threat management system
key security operations functions:
detection, investigation, and remediation
is not only about securing information from
unauthorized access
Information security
Information Security programs are built around 3 objectives, commonly known as __
CIA – Confidentiality, Integrity, Availability.
is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information
Information security
A primary way to avoid this is to use __ to safeguard your data so that even if the attacker gains access to your data, he/she will not be able
to decrypt it.
encryption techniques
means that only the authorized individuals/systems can view sensitive or classified information
Confidentiality
Encryption standards include:
AES(Advanced Encryption Standard) DES (Data Encryption Standard)
Another way to protect your data is through a __.
VPN tunnel
_ and helps the data to move securely over the network
VPN stands for Virtual Private Network
making sure that data has not been modified
Integrity
__ is a failure to maintain data integrity.
Corruption of data
To check if our data has been modified or not, we make use of a __.
hash function
This means that the data should be readily available to its users.
Availability
__ may render a network unavailable as the resources of the network gets exhausted.
Attacks such as DoS or DDoS
To ensure __, the network/system administrator should maintain hardware, make regular upgrades, have a plan for fail-over and prevent bottleneck in a network.
availability
The Parkerian Hexad Added The
Following Three Additional Elements:
- Authenticity
- Possession
- Utility
refers to the veracity of the claim of origin or authorship of the information.
Authenticity
For example, one method for verifying the authorship of a hand written document is to compare the handwriting characteristics of the document to a sampling of others which have already been verified. For electronic information, a digital signature could be used to verify the authorship of a digital document using __ (could also be used to verify the integrity of the document)
public-key cryptography
means usefulness
Utility
__ invented the PC in the late ’70s but needed an__
IBM
operating system
- _ had never written an OS but accepted the challenge
Microsoft
_ had an OS but turned them down
Digital Research
IBM went to a small company (__) that had created __
Bill Gates at Microsoft
BASIC
Microsoft released it as __
MS-DOS V 1.1 (Microsoft Disk Operating System)
Gates found an OS called _ and purchased it from the person who wrote it
Quick-and-Dirty-Operating-System (QDOS)
___ ultimately released in 1994
MS-DOS 6.22
MS-DOS 6.22__
1994
_ used a command-line interface
DOS
How does a command-line interface work?
* Begins with a __ indicating the computer is ready to do something
* Type in a command and press ENTER
* The command is executed
- A new prompt is displayed—ready for the next command
prompt
- CLI executes commands like the __
Windows GUI
In __, type the command and press ENTER
CLI
In __, point and click to execute commands
GUI
Accessing the Command Line
* In Windows 2000 use the __
* Start | Run
* Type _
* You may also access the command line through the Start | All
Run dialog box
cmd
- The _ is always focused on a specific folder
command prompt
- _ operate on the files and folders in the folder in which you are focused
Any commands
- You must first focus on the __ where you want to work
drive and folder
Filenames and File Formats
- Each _ is stored as a file on the drive
program or piece of data
- Filenames have two parts:
- Filename
- Extension
- In _, up to 8 characters long
Filename
- In _, up to 3 characters long
- Optional
Extension
- The filename and extension are separated by a ______
- Called the _____
dot
8.3 naming system
- These characters may not be used
/ \ [ ] | ÷ + = ; , * ? (special characters)
- Windows does not restrict the __ to __ (can be up ___ characters)
filename
8.3
255
- To be __ with DOS you need to follow the 8.3 standard
backward-compatible
- Windows creates two filenames for every file to ensure __
backward- compatibility
- The ___ tells the computer the type of file
extension
* .exe, .doc, .xls
File Formats
* All files written in __
binary format
File Formats
* __used for text
1.
2.
American Standard Code for Information Interchange (ASCII)
1. Universal file format
2. Defines 256 8-bit characters
Uses 16-bit code to cover every character for the most common languages
Unicode
Drives and Folders
* At __, Windows assigns partitions and a drive letter
*
*
*
boot
* Floppy drives
* Hard drive
* CD-ROM drives
are usually assigned A: or B:
Floppy drives
partitions may be assigned C: to Z:
Hard drive
are named after hard drives
CD-ROM drives
Windows uses a __
hierarchical directory tree
- Files are put into groups called ___
folders
- In DOS we call folders _
directories
The _ is at the beginning of the hierarchical structure with folders underneath
root directory
- Folders and files must be _
- Can’t be the same name in the same folder
unique
represents the root directory of C
C:\
- To describe a subfolder, add the ___
- C:\TEST
name of the folder
The location of a file is called the __
path
* The path of C:\test\file.txt is C:\test
- The __ requires the exact syntax for each command
command line
- Type the name of the command and desired or allowed __
switches
- _ modify the behavior of the command
Switches
- Multiple switches may be _
allowable
Displays the directory in wide mode and one page at a time
- DIR /W /P
- Help with any command is readily available in __
one of three ways
one of three ways
HELP
HELP command
Command/?
gives a one-line description of each command
HELP
gives specific help for the command
HELP command
gives specific help for the command
Command/?
The _ lists the contents of a particular directory
DIR command
- The __ command lists only the filenames
DIR/W
The __ command is used to change the focus to a different directory
CD (or CHDIR)
- The _ command is used to return to the root directory
CD\
Goes up one directory
CD..
- To switch between drives, type the drive letter followed by a colon
- C:
- D:
- The __ command is used for creating a directory
MD (or MKDIR)
The __ command is used for deleting files
DEL
__ command is used for deleting directories and subdirectories
RD (RMDIR)
- The __ command is used for deleting directories containing
files and subdirectories
DELTREE
To run a program:
* __ focus to the directory where the program is stored
* Type the filename with or without its _ and press ENTER
Change the DOS
CD C:\Program Files\My Program
extension
Setup.exe
Working with Files
_ (_ , _, _, _) are special values assigned to a file
Attributes (H, R, S, A)
hides the file
Hidden
protects a file from being deleted or modified
Read-only
identifies system files
System
identifies files that have not been backed up
Archive
The _ program is used to inspect and change file attributes
ATTRIB.EXE
can be used to change the attributes
Attrib
- Use _ to add attribute
+
- Use _ to remove attribute
–
_ AILOG.TXT Makes it read only
Attrib +R
__ AILOG.TXT Makes it no longer hidden
Attrib –H
are special characters that enable commands to act on more than one file at a time
Wildcards
The _ represents any number of characters
*
The _ represents a single character
?
_ command is used to rename files
REN
- _ commands are used to delete files
DEL and ERASE
- _ command is used for making a copy of the file in a new location
COPY
- _ command is used for moving the file to a new location
MOVE
- _ command is used for working with multiple directories
XCOPY
Five-Step COPY/MOVE Process
1. Point the command prompt to the directory containing the files to be copied or moved
_____
- Type COPY or MOVE and a space
_________ - Type the name(s) of the file(s) to be copied/moved and a space
____ - Type the path of the new location for the files
______ - Press ENTER
C:> CD \DOCS
C:\DOCS> COPY
C:\DOCS> COPY *.doc
C:\DOCS> COPY *.doc c:\Steam
- What is the most serious
vulnerability in a computing system?
A) The most complex point
B) The weakest point
C) The newest technology
D) The most secure feature
B
- Which term describes unauthorized
access to information in a security
breach?
A) Disruption
B) Usurpation
C) Deception
D) Disclosure
D
- Which security component ensures
that assets are accessible only by
authorized parties?
A) Integrity
B) Availability
C) Confidentiality
D) Authentication
C
- Which type of control is usually the first aspect of computer security that comes to mind?
A) Hardware controls
B) Software controls
C) Physical controls
D) Encryption
B
- Which method is at the heart of all
security methods and ensures
confidentiality of data?
A) Encryption
B) Software controls
C) Physical controls
D) Policies
A
- Which term refers to the
unauthorized control of some part of the system during a security breach?
A) Usurpation
B) Disruption
C) Disclosure
D) Deception
A
- Which of the following is NOT a
software vulnerability?
A) Logic bomb
B) Virus
C) Encryption
D) Trapdoor
C
- What is the purpose of risk analysis
in operational security issues?
A) To assess financial benefits
B) To prevent legal issues
C) To determine the level of protection
required
D) To enhance social engineering
techniques
C
- Which type of security breach
involves the modification of data?
A) Disruption
B) Deception
C) Usurpation
D) Disclosure
A
- What is malware?
A) Software designed for a good
purpose
B) Software designed for a nefarious purpose
C) Hardware that is vulnerable to
attacks
D) A virus that spreads through emails
B
- Which of the following is NOT a type
of malicious software?
A) Virus
B) Trojan horse
C) Worm
D) Patch
D
- What is a worm?
A) A piece of code that attaches itself to another program
B) A piece of code that attempts to
penetrate networks and systems
C) Software that spies on users
D) Software supported by advertising
B
- Which type of malware changes its code to avoid detection?
A) Virus
B) Worm
C) Polymorphic malware
D) Logic bomb
C
- What is a Trojan horse?
A) A program that replicates itself
B) A program that appears to do one
thing but hides malicious activities
C) A piece of code that sits dormant
until triggered
D) Software that spies on users
B
- What is a rootkit designed to do?
A) Modify the operation of the operating system
B) Replicate itself by attaching to
another file
C) Spy on users
D) Encrypt files for ransom
A
- What are backdoors originally used
for?
A) Encrypting files for ransom
B) Replicating viruses
C) Gaining access to an application if normal access is blocked
D) Modifying the operating system
C
- What triggers a logic bomb?
A) When a user logs into a specific
website
B) When specific conditions are met
C) When a document is attached to an email
D) When a system is patched
B
- What are botnets?
A) Networks of machines used to
conduct attacks and spread malware
B) Standalone programs that need to be installed by users
C) Software that spies on users
D) Programs that encrypt files for
ransom
A
- What is a denial-of-service (DoS)
attack?
A) An attack designed to steal user
data
B) An attack designed to prevent a
system or service from functioning
normally
C) An attack that modifies the operating system
D) An attack that encrypts files for
ransom
b
- What is social engineering?
A) A type of malware that replicates
itself
B) A method of manipulating people
into divulging confidential
information
C) A technique used to encrypt files for
ransom
D) A way to spy on user activities
b
- What does a network sniffer do?
A) Encrypts files for ransom
B) Monitors and analyzes network
traffic
C) Replicates itself by attaching to other files
D) Modifies the operating system
b
- What is session hijacking?
A) Monitoring network traffic
B) Taking control of a user session by stealing session cookies
C) Encrypting files for ransom
D) Modifying the operating system
B
- What is a botnet?
A) A single machine used for attacking a network
B) A network of compromised
machines used to perform
coordinated attacks
C) A type of virus that attaches to
executable files
D) A type of software that spies on
users
A
- What is a common defense against man-in-the-middle attacks?
A) Encrypting all sensitive
communications
B) Never updating software
C) Disabling all network connections
D) Running an antivirus program
A
- What is the primary goal of
cybersecurity?
A) To increase system speed
B) To protect systems, networks, and programs from digital attacks
C) To improve software performance
D) To manage hardware resources
B
- What are the three objectives of the CIA Triad in information security?
A) Confidentiality, Integrity, Availability
B) Confidentiality, Identity,
Authentication
C) Integrity, Availability, Utility
D) Integrity, Confidentiality, Usability
A
- What does confidentiality in the CIA Triad refer to?
A) The ability to access data quickly
B) Ensuring that data is only accessible to authorized individuals
C) The accuracy of data
D) The usability of the data
B
- What is meant by data integrity?
A) Ensuring data is available when
needed
B) Ensuring data has not been modified
C) Ensuring data is confidential
D) Ensuring data can be easily
accessed
b
- Which tool is commonly used to
check if data has been modified?
A) Firewall
B) Hash function
C) Antivirus
D) VPN
B
- What does availability in the CIA
Triad ensure?
A) Data is kept confidential
B) Data is accurate
C) Data and systems are available to authorized users when needed
D) Data is encrypted
C
- What additional element in the
Parkerian Hexad refers to verifying
the origin of information?
A) Possession
B) Authenticity
C) Utility
D) Confidentiality
B
- In the context of the Parkerian
Hexad, what does possession or
control mean?
A) Data can be accessed by authorized users
B) Data can be modified by authorized users
C) Ownership or control of the data is at risk, even if the data is not accessed
D) Data is kept confidential and
unmodified
C
- What does utility refer to in the
Parkerian Hexad?
A) The usefulness of data
B) The ability to encrypt data
C) The availability of data
D) The security of data
A
- What is the purpose of the DIR
command in the CLI?
A) Change directory
B) Delete files
C) List the contents of a directory
D) Rename files
C
- Which command is used to change
the focus to a different directory?
A) CD
B) DIR
C) DEL
D) COPY
A
- Which symbol in the CLI represents
any number of characters?
A) ?
B) ***
C) #
D) &
B
- How do you return to the root
directory in DOS?
A) CD
B) CD ..
C) DIR
D) DEL
B
Question: (38-40)
You need to create a new folder named Reports on your computer’s D: drive, move into that folder, and then create a text file named summary.txt with some initial
content. After that, you want to move summary.txt to another folder called Archived.
- How would you create the Reports directory on the D: drive and navigate into it?
A) REM Reports followed by CD
D:\Reports
B) MD D:\Reports followed by CD
D:\Reports
C) MOVE Reports followed by CD
D:\Reports
D) COPY CON Reports followed by CD D:\Reports
B
- How would you create a file named summary.txt and start editing it using the command line?
A) MOVE summary.txt
B) COPY CON summary.txt
C) CD summary.txt
D) REM summary.txt
B
