CNS Reviewer Flashcards by Niriel Eliang

Status Of Security In Computing (In Early 2000s)

Some computing professionals & managers do not even recognize the value of the resources they use or control.

How well did you know this?

Not at all

Perfectly

Any piece of the __ can become the target of a computing crime.

computing system

How well did you know this?

Not at all

Perfectly

Status Of Security In Computing (In Early 2000s)

In the event of a computing crime, some companies do not investigate or prosecute.

How well did you know this?

Not at all

Perfectly

a collection of hardware, software, data, and people that an organization uses to do computing tasks

computing system

How well did you know this?

Not at all

Perfectly

The _ is the most serious vulnerability.

weakest point

How well did you know this?

Not at all

Perfectly

Characteristics of Computer Intrusion

A computing system,,,

The principles of easiest penetration

How well did you know this?

Not at all

Perfectly

Security Breaches

Exposure
Vulnerability
Threats
Control
Assets

How well did you know this?

Not at all

Perfectly

a form of possible loss or harm

Exposure

How well did you know this?

Not at all

Perfectly

a weakness in the system

Vulnerability

How well did you know this?

Not at all

Perfectly

Human attacks, natural disasters, errors

Threats

How well did you know this?

Not at all

Perfectly

a protective measure

Control

How well did you know this?

Not at all

Perfectly

h/w, s/w, data

*Assets

How well did you know this?

Not at all

Perfectly

Types of Security Breaches

Disclosure
Deception
Disruption
Usurpation

How well did you know this?

Not at all

Perfectly

unauthorized access to info

Disclosure
ex: Snooping

How well did you know this?

Not at all

Perfectly

acceptance of false data

Deception:
ex: Modification, spoofing, repudiation of origin, denial of receipt

How well did you know this?

Not at all

Perfectly

prevention of correct operation

Disruption
ex: Modification, man-in-the-middle attack

How well did you know this?

Not at all

Perfectly

Security Components

Confidentiality
Integrity
*Availability

How well did you know this?

Not at all

Perfectly

unauthorized control of some part of the system (___: take by force or without right)

Usurpation
ex: Modification, spoofing, delay, denial of service

usurp

How well did you know this?

Not at all

Perfectly

The assets are accessible only by authorized parties.
- Keeping data and resources hidden

Confidentiality

How well did you know this?

Not at all

Perfectly

The assets are modified only by authorized parties, and only in authorized ways.
* Data integrity (integrity)
* Origin integrity (authentication)

Integrity

How well did you know this?

Not at all

Perfectly

Assets are accessible to authorized parties.
- Enabling access to data and resources

*Availability

How well did you know this?

Not at all

Perfectly

Computing System Vulnerabilities

Hardware vulnerabilities
Software vulnerabilities
Data vulnerabilities
Human vulnerabilities

How well did you know this?

Not at all

Perfectly

Software Vulnerabilities

Destroyed (deleted) software
Stolen (pirated) software
Altered (but still run) software
- Logic bomb
- Trojan horse
- Virus
- Trapdoor
- Information leaks

How well did you know this?

Not at all

Perfectly

The principle of adequate protection

Data Security

How well did you know this?

Not at all

Perfectly

* Storage of encryption keys

Data Security

* Software versus hardware methods

Data Security

Other Exposed Assets

*Storage media *Networks *Access *Key people

People Involved in Computer Crimes

*Amateurs *Crackers *Career Criminals

Methods of Defense

* Encryption * Software controls *Hardware controls * Policies * Physical controls

At the heart of all security methods

Encryption

Confidentiality of data

Encryption

Some protocols rely on __ to ensure availability of resources.

Encryption

__ does not solve all computer security problems.

Encryption

Software controls

* Internal program controls * OS controls * Development controls

are usually the 1st aspects of computer security that come to mind.

Software controls

This defines “___” for the site/system/etc.

Policy says what is, and is not, allowed security

enforce policies

Mechanisms

can be simple but effective Example: frequent changes of passwords

Mechanisms

If policies conflict, discrepancies may create security vulnerabilities

* Composition of policies

Gradually evolving and maturing

* Legal and ethical controls

Goals of Security

* Prevention *Detection *Recovery

Prevent attackers from violating security policy

* Prevention

Stop attack, assess and repair damage Continue to function correctly even if attack succeeds

*Recovery

Detect attackers’ violation of security policy

*Detection

Assurance

* Specification * Design * Implementation

How system will meet specification

Design

- Requirements analysis - Statement of desired functionality

Specification

Programs/systems that carry out design

Implementation

Operational Issues

* Cost-Benefit Analysis * Risk Analysis * Laws and Customs

Is it cheaper to prevent or to recover?

* Cost-Benefit Analysis

- Should we protect something? - How much should we protect this thing?

Risk Analysis

Are desired security measures illegal? Will people do them?

* Laws and Customs

Human Issues

* Organizational Problems * People problems

Human Issues 1. Organizational Problems

- Power and responsibility - Financial benefits

Human Issues 2. People Problems

- Outsiders and insiders - Social engineering

- “ the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person’s ___ may or may not involve royalty payments or permission, but should always include proper credit.”

Intellectual Property

Intellectual Property includes:

́ Trade secrets ́ Copyrights ́ Trademarks ́ Patents

́ ___ constitute a threat

Intellectual Property _Breaches

́ Most common breach

́ Software piracy ́ 1/3 of all software in use is pirated

Deliberate Software Attacks

́ Malicious code ́ Malicious software ́ Malware ́ First business hacked out of existence: -́ Denial-of-service attack ́- Cloudnine: British Internet service provider

First business hacked out of existence:

-́ Denial-of-service attack ́- Cloudnine

Cloudnine

British Internet service provider

Segments of code

Virus

Attaches itself to existing program

Virus

Takes control of program access

Virus

Replication

Virus

Malicious program

Worms

Replicates constantly

Worms

Doesn’t require another program

Worms

Can be initiated with or without the user download

Worms

Categories of Threat

- Compromises to intellectual property - Software attacks - Deviations in quality of service - Espionage or trespass - Forces of nature - Acts of human error or failure - Information extortion - Deliberate acts of theft - Missing, inadequate, or incomplete - Missing, inadequate, or incomplete controls - Sabotage or vandalism - Theft - Technical hardware failures or errors - Technical software failures or errors - Technological obsolescence

Piracy, copyright infringement

Compromises to intellectual property

Viruses, worms, macros, DoS

Software attacks

ISP, power, WAN service issues from service providers

Deviations in quality of service

Unauthorized access and/or data collection

Espionage or trespass

Fire, flood, earthquake, lightning

Forces of nature

Accidents, employee mistakes

Acts of human error or failure

Blackmail or information disclosure

Information extortion

Illegal confiscation of equipment or information

Deliberate acts of theft

Loss of access to information systems due to disk drive failure, without proper backup and recovery plan

Missing, inadequate, or incomplete

Network compromised because no firewall security controls

Missing, inadequate, or incomplete controls

Destruction of systems or information

Sabotage or vandalism

Equipment failure

Technical hardware failures or errors

Illegal confiscation of equipment or information

Theft

Bugs, code problems, unknown loopholes

Technical software failures or errors

Antiquated or outdated technologies

Technological obsolescence

Other Malware

- Trojan Horse - Back door or trap door - Polymorphism - Hoaxes

Hide their true nature

Trojan Horse

Reveal the designed behavior ONLY WHEN ACTIVATED

Trojan Horse

Allows access to system at will with special privileges

Back door or trap door

Changes it apparent shape over time

Polymorphism

Makes it undetectable by techniques that look for preconfigured signatures

Polymorphism

Espionage or Trespass _ _

Intelligence Gathering Trespass

Protect with

Trespass Authentication Authorization

competitive intelligence

Legal

industrial espionage

Illegal

Thin line

shoulder surfing

one technique

Protect with

Trespass Authentication Authorization

Intelligence Gathering

Legal Illegal Thin line One technique

Hackers ́ 2 levels:

Experts & Novice

Develop software scripts

Experts

Develop program exploits

Experts

́ Novice

- Script kiddie - Packet monkeys

Use previously written software

Script kiddie

́Use automated exploits

Packet monkeys

System Rule Breakers

- Crackers - Phreakers

Individuals who _ or remove software protection designed to prevent unauthorized duplication

Crackers crack

Use public networks to make free phone calls

Phreakers

Pose some of most dangerous threats

Forces of Nature

Unexpected and occur with little or no warning

Forces of Nature

* Fire * Tornado * Tsunami * Electrostatic discharge * Dust contamination * Flood * Earthquake * Lightning * Landslide * Mudslide * Hurricane/typhoon

- ___ performed ___ intent or malicious purpose by and authorized user

Acts of Human Error or Failure Acts without

Greatest threat to org info security

- Organization’s own employees - Closest to the data - Mistakes

Mistakes

- Revelation of classified data - Entry of erroneous data - Accidental deletion or modification of data - Storage of data in unprotected areas - Failure to protect information

Attacker or trusted insider steals information

Deliberate Acts Information Extortion

Demands compensation

Information Extortion

Agree not to disclose information

Information Extortion

Deliberate sabotage of a computer system or business

Sabotage or Vandalism

Acts to destroy an asset

Sabotage or Vandalism

Damage to an image of an organization

Sabotage or Vandalism

Hackterist or cyber activist

Sabotage or Vandalism

* Interfere with or disrupt systems * Protest the operations, policies, or actions

Hackterist or cyber activist

Cyber terrorism Theft

Sabotage or Vandalism

- Illegal taking of another’s property

Theft

- Illegal taking of another’s property

́ Physical ́ Electronic ́ Intellectual ́ Constant

crime not always readily apparent

́ Problem

Large quantities of code written, published, and sold with bugs

Technical Software Failures or Errors

Bugs undetected and unresolved

Technical Software Failures or Errors

Combinations of software can cause issues

Technical Software Failures or Errors

Weekly patches

Technical Software Failures or Errors

Outdated hardware or software

Technology Obsolescence

Reliability problems

Technology Obsolescence

Management problem - Should have plan in place

Technology Obsolescence

Non-support of legacy systems

Technology Obsolescence

Can be costly to resolve

Technology Obsolescence

Attacks

- IP scan and attack - Web browsing - Virus - Mass mail - Simple Network Management Protocol (SNMP)

Infected system scans IP addresses and targets vulnerabilities

IP scan and attack

Infects web content files infectious

Web browsing

Infect other machines

Virus

Infects any device that is unprotected

Unprotected shares

Use common password employed in early versions of the protocol the attacking program can gain control of device

Simple Network Management Protocol (SNMP)

e-mailing to all addresses in an address book

Mass mail

Methods of Attack

1. Social Engineering 2. IP-Spoofing 3. SYN spoofing 4. Scanning 5. Denial of service 6. Spam 7. Mail bombing 8. Sniffing 9. Man-in-the-Middle

Methods of Attack

́ - Password Crack - Brute force - Dictionary

The design of the network infrastructure and communication protocols are a major contributor

Methods of Attack

IP address of the source element of the data packets are altered and replaced with bogus addresses

IP-Spoofing

́ The server is overwhelmed by spoofed packets

SYN spoofing

Way of determining which ports are open and can be used

Scanning

Smurf send large amount of spoofed ping packets

Denial of service

Overwhelms the system

Denial of service

Can stop response

Denial of service

Monitors data traveling over a network

Sniffing

legitimated and non legitimate

Sniffing

Packet sniffing

Sniffing

Monitors or sniffs packets from network

Man-in-the-Middle

Modifies the packets

Man-in-the-Middle

Inserts them back into the network

Man-in-the-Middle

Allows attacker to eavesdrop, change, delete, reroute, add, or divert data

Man-in-the-Middle

́ Variant ___ involves the interception of an encryption key exchange

Man-in-the-Middle Spoofing

- There is an imbalance between our abilities as developers and the abilities and resources of the attacker.

Programming Errors

- Software can be correct without being secure.

Programming Errors

- ___ of software security bugs come from ___,well-understood’ programming mistakes

Programming Errors 95 percent 19 'common

- Explores the contents of a web browser’s cache

Timing Attack

- Allows a Web designer to create a malicious form of cookie that is stored on the client’s system

Timing Attack

- __ allow designer to collect information on how to access password protected sites

Timing Attack Cookie

Cyberattacks only target large organizations and governments; individuals are safe from such threats

Fiction

Using strong, complex passwords for all accounts is enough to ensure complete cybersecurity.

Fiction

Regularly cleaning browser history and cookies ensures complete online privacy and protection

Fiction

Online shopping is safer when using public Wi-Fi networks because they are encrypted

Fiction

Strong passwords are characterized by their complexity, including a mix of uppercase and lowercase letters, numbers, and special characters.

Fact

___ is a technique that manipulates individuals into revealing confidential information or performing actions that compromise security.

Social engineering

Regularly updating your software and operating systems is an effective way to protect against known vulnerabilities and security threats

Fact

Malware is always spread through email attachments; downloading files from websites is always safe.

Fiction

Cybersecurity measures only involve technology; human behavior doesn’t play a significant role.

Fiction

__ transforms data into a coded format that can only be deciphered with the appropriate decryption key.

Data encryption

Regularly backing up data to an external source or cloud storage is essential to ensure data recovery in the event of hardware failure or a cyberattack.

Fact

A ___ can provide a secure and private connection by encrypting internet traffic and masking the user’s IP address.

VPN(Virtual Private Network)

A ___ is a network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.

firewall

Two-factor authentication (2FA) involves using two different passwords to access an account

Fiction

Once a file is deleted from a computer, it is permanently gone and cannot be recovered.

Fiction

Antivirus software is enough to protect a computer from all types of malware and cyber threats

Fiction

Multi-factor authentication (MFA) requires users to provide two or more different authentication factors to access an account.

Fact

Once you delete a post or photo from a social media platform, it’s permanently removed from the internet.

Fiction

Phishing emails are always easy to spot due to poor grammar and spelling mistakes.

Fiction

Using “incognito” or “private browsing” mode in a web browser guarantees complete anonymity and privacy while browsing the internet.

Fiction

is the practice of protecting systems, networks, and programs from digital attacks

Cybersecurity

* A ___ has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe.

successful cybersecurity

These ___ are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

cyberattacks

In an __, the people, processes, and technology must all complement one another to create an effective defense from cyber-attacks.

organization

A __ can automate integrations across select Cisco Security products and accelerate key security operations

unified threat management system

key security operations functions:

detection, investigation, and remediation

is not only about securing information from unauthorized access

Information security

Information Security programs are built around 3 objectives, commonly known as __

CIA – Confidentiality, Integrity, Availability.

is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information

Information security

A primary way to avoid this is to use __ to safeguard your data so that even if the attacker gains access to your data, he/she will not be able to decrypt it.

encryption techniques

means that only the authorized individuals/systems can view sensitive or classified information

Confidentiality

Encryption standards include:

AES(Advanced Encryption Standard) DES (Data Encryption Standard)

Another way to protect your data is through a __.

VPN tunnel

_ and helps the data to move securely over the network

VPN stands for Virtual Private Network

making sure that data has not been modified

Integrity

__ is a failure to maintain data integrity.

Corruption of data

To check if our data has been modified or not, we make use of a __.

hash function

This means that the data should be readily available to its users.

Availability

__ may render a network unavailable as the resources of the network gets exhausted.

Attacks such as DoS or DDoS

To ensure __, the network/system administrator should maintain hardware, make regular upgrades, have a plan for fail-over and prevent bottleneck in a network.

availability

The Parkerian Hexad Added The Following Three Additional Elements:

- Authenticity - Possession - Utility

refers to the veracity of the claim of origin or authorship of the information.

Authenticity

For example, one method for verifying the authorship of a hand written document is to compare the handwriting characteristics of the document to a sampling of others which have already been verified. For electronic information, a digital signature could be used to verify the authorship of a digital document using __ (could also be used to verify the integrity of the document)

public-key cryptography

means usefulness

Utility

__ invented the PC in the late ’70s but needed an__

IBM operating system

* _ had never written an OS but accepted the challenge

Microsoft

_ had an OS but turned them down

Digital Research

IBM went to a small company (__) that had created __

Bill Gates at Microsoft BASIC

Microsoft released it as __

MS-DOS V 1.1 (Microsoft Disk Operating System)

Gates found an OS called _ and purchased it from the person who wrote it

Quick-and-Dirty-Operating-System (QDOS)

___ ultimately released in 1994

MS-DOS 6.22

MS-DOS 6.22__

1994

_ used a command-line interface

DOS

How does a command-line interface work? * Begins with a __ indicating the computer is ready to do something * Type in a command and press ENTER * The command is executed * A new prompt is displayed—ready for the next command

prompt

* CLI executes commands like the __

Windows GUI

In __, type the command and press ENTER

CLI

In __, point and click to execute commands

GUI

Accessing the Command Line * In Windows 2000 use the __ * Start | Run * Type _ * You may also access the command line through the Start | All

Run dialog box cmd

* The _ is always focused on a specific folder

command prompt

* _ operate on the files and folders in the folder in which you are focused

Any commands

* You must first focus on the __ where you want to work

drive and folder

Filenames and File Formats * Each _ is stored as a file on the drive

program or piece of data

* Filenames have two parts:

1. Filename 2. Extension

* In _, up to 8 characters long

Filename

* In _, up to 3 characters long * Optional

Extension

* The filename and extension are separated by a ______ - Called the _____

dot 8.3 naming system

* These characters may not be used

/ \ [ ] | ÷ + = ; , * ? (special characters)

* Windows does not restrict the __ to __ (can be up ___ characters)

filename 8.3 255

* To be __ with DOS you need to follow the 8.3 standard

backward-compatible

* Windows creates two filenames for every file to ensure __

backward- compatibility

* The ___ tells the computer the type of file

extension * .exe, .doc, .xls

File Formats * All files written in __

binary format

File Formats * __used for text 1. 2.

American Standard Code for Information Interchange (ASCII) 1. Universal file format 2. Defines 256 8-bit characters

Uses 16-bit code to cover every character for the most common languages

Unicode

Drives and Folders * At __, Windows assigns partitions and a drive letter * * *

boot * Floppy drives * Hard drive * CD-ROM drives

are usually assigned A: or B:

Floppy drives

partitions may be assigned C: to Z:

Hard drive

are named after hard drives

CD-ROM drives

Windows uses a __

hierarchical directory tree

* Files are put into groups called ___

folders

* In DOS we call folders _

directories

The _ is at the beginning of the hierarchical structure with folders underneath

root directory

* Folders and files must be _ - Can’t be the same name in the same folder

unique

represents the root directory of C

C:\

* To describe a subfolder, add the ___

* C:\TEST name of the folder

The location of a file is called the __

path * The path of C:\test\file.txt is C:\test

* The __ requires the exact syntax for each command

command line

* Type the name of the command and desired or allowed __

switches

* _ modify the behavior of the command

Switches

* Multiple switches may be _

allowable

Displays the directory in wide mode and one page at a time

* DIR /W /P

* Help with any command is readily available in __

one of three ways

HELP HELP command Command/?

gives a one-line description of each command

HELP

gives specific help for the command

HELP command

gives specific help for the command

Command/?

The _ lists the contents of a particular directory

DIR command

* The __ command lists only the filenames

DIR/W

The __ command is used to change the focus to a different directory

CD (or CHDIR)

* The _ command is used to return to the root directory

CD\

Goes up one directory

CD..

* To switch between drives, type the drive letter followed by a colon

* C: * D:

* The __ command is used for creating a directory

MD (or MKDIR)

The __ command is used for deleting files

DEL

__ command is used for deleting directories and subdirectories

RD (RMDIR)

* The __ command is used for deleting directories containing files and subdirectories

DELTREE

To run a program: * __ focus to the directory where the program is stored * Type the filename with or without its _ and press ENTER

Change the DOS CD C:\Program Files\My Program extension Setup.exe

Working with Files _ (_ , _, _, _) are special values assigned to a file

Attributes (H, R, S, A)

hides the file

Hidden

protects a file from being deleted or modified

Read-only

identifies system files

System

identifies files that have not been backed up

Archive

The _ program is used to inspect and change file attributes

ATTRIB.EXE

can be used to change the attributes

Attrib

* Use _ to add attribute

* Use _ to remove attribute

–

_ AILOG.TXT Makes it read only

Attrib +R

__ AILOG.TXT Makes it no longer hidden

Attrib –H

are special characters that enable commands to act on more than one file at a time

Wildcards

The _ represents any number of characters

The _ represents a single character

_ command is used to rename files

REN

* _ commands are used to delete files

DEL and ERASE

* _ command is used for making a copy of the file in a new location

COPY

* _ command is used for moving the file to a new location

MOVE

* _ command is used for working with multiple directories

XCOPY

Five-Step COPY/MOVE Process 1. Point the command prompt to the directory containing the files to be copied or moved _____ 2. Type COPY or MOVE and a space _________ 3. Type the name(s) of the file(s) to be copied/moved and a space ____ 4. Type the path of the new location for the files ______ 5. Press ENTER

C:\> CD \DOCS C:\DOCS> COPY C:\DOCS> COPY *.doc C:\DOCS> COPY *.doc c:\Steam

1. What is the most serious vulnerability in a computing system? A) The most complex point B) The weakest point C) The newest technology D) The most secure feature

2. Which term describes unauthorized access to information in a security breach? A) Disruption B) Usurpation C) Deception D) Disclosure

3. Which security component ensures that assets are accessible only by authorized parties? A) Integrity B) Availability C) Confidentiality D) Authentication

4. Which type of control is usually the first aspect of computer security that comes to mind? A) Hardware controls B) Software controls C) Physical controls D) Encryption

5. Which method is at the heart of all security methods and ensures confidentiality of data? A) Encryption B) Software controls C) Physical controls D) Policies

6. Which term refers to the unauthorized control of some part of the system during a security breach? A) Usurpation B) Disruption C) Disclosure D) Deception

7. Which of the following is NOT a software vulnerability? A) Logic bomb B) Virus C) Encryption D) Trapdoor

8. What is the purpose of risk analysis in operational security issues? A) To assess financial benefits B) To prevent legal issues C) To determine the level of protection required D) To enhance social engineering techniques

9. Which type of security breach involves the modification of data? A) Disruption B) Deception C) Usurpation D) Disclosure

10. What is malware? A) Software designed for a good purpose B) Software designed for a nefarious purpose C) Hardware that is vulnerable to attacks D) A virus that spreads through emails

11. Which of the following is NOT a type of malicious software? A) Virus B) Trojan horse C) Worm D) Patch

12. What is a worm? A) A piece of code that attaches itself to another program B) A piece of code that attempts to penetrate networks and systems C) Software that spies on users D) Software supported by advertising

13. Which type of malware changes its code to avoid detection? A) Virus B) Worm C) Polymorphic malware D) Logic bomb

14. What is a Trojan horse? A) A program that replicates itself B) A program that appears to do one thing but hides malicious activities C) A piece of code that sits dormant until triggered D) Software that spies on users

15. What is a rootkit designed to do? A) Modify the operation of the operating system B) Replicate itself by attaching to another file C) Spy on users D) Encrypt files for ransom

18. What are backdoors originally used for? A) Encrypting files for ransom B) Replicating viruses C) Gaining access to an application if normal access is blocked D) Modifying the operating system

16. What triggers a logic bomb? A) When a user logs into a specific website B) When specific conditions are met C) When a document is attached to an email D) When a system is patched

17. What are botnets? A) Networks of machines used to conduct attacks and spread malware B) Standalone programs that need to be installed by users C) Software that spies on users D) Programs that encrypt files for ransom

19. What is a denial-of-service (DoS) attack? A) An attack designed to steal user data B) An attack designed to prevent a system or service from functioning normally C) An attack that modifies the operating system D) An attack that encrypts files for ransom

20. What is social engineering? A) A type of malware that replicates itself B) A method of manipulating people into divulging confidential information C) A technique used to encrypt files for ransom D) A way to spy on user activities

21. What does a network sniffer do? A) Encrypts files for ransom B) Monitors and analyzes network traffic C) Replicates itself by attaching to other files D) Modifies the operating system

22. What is session hijacking? A) Monitoring network traffic B) Taking control of a user session by stealing session cookies C) Encrypting files for ransom D) Modifying the operating system

24. What is a botnet? A) A single machine used for attacking a network B) A network of compromised machines used to perform coordinated attacks C) A type of virus that attaches to executable files D) A type of software that spies on users

23. What is a common defense against man-in-the-middle attacks? A) Encrypting all sensitive communications B) Never updating software C) Disabling all network connections D) Running an antivirus program

25. What is the primary goal of cybersecurity? A) To increase system speed B) To protect systems, networks, and programs from digital attacks C) To improve software performance D) To manage hardware resources

26. What are the three objectives of the CIA Triad in information security? A) Confidentiality, Integrity, Availability B) Confidentiality, Identity, Authentication C) Integrity, Availability, Utility D) Integrity, Confidentiality, Usability

27. What does confidentiality in the CIA Triad refer to? A) The ability to access data quickly B) Ensuring that data is only accessible to authorized individuals C) The accuracy of data D) The usability of the data

28. What is meant by data integrity? A) Ensuring data is available when needed B) Ensuring data has not been modified C) Ensuring data is confidential D) Ensuring data can be easily accessed

29. Which tool is commonly used to check if data has been modified? A) Firewall B) Hash function C) Antivirus D) VPN

30. What does availability in the CIA Triad ensure? A) Data is kept confidential B) Data is accurate C) Data and systems are available to authorized users when needed D) Data is encrypted

31. What additional element in the Parkerian Hexad refers to verifying the origin of information? A) Possession B) Authenticity C) Utility D) Confidentiality

32. In the context of the Parkerian Hexad, what does possession or control mean? A) Data can be accessed by authorized users B) Data can be modified by authorized users C) Ownership or control of the data is at risk, even if the data is not accessed D) Data is kept confidential and unmodified

33. What does utility refer to in the Parkerian Hexad? A) The usefulness of data B) The ability to encrypt data C) The availability of data D) The security of data

34. What is the purpose of the DIR command in the CLI? A) Change directory B) Delete files C) List the contents of a directory D) Rename files

35. Which command is used to change the focus to a different directory? A) CD B) DIR C) DEL D) COPY

36. Which symbol in the CLI represents any number of characters? A) ? B) *** C) # D) &

37. How do you return to the root directory in DOS? A) CD B) CD .. C) DIR D) DEL

Question: (38-40) You need to create a new folder named Reports on your computer's D: drive, move into that folder, and then create a text file named summary.txt with some initial content. After that, you want to move summary.txt to another folder called Archived. 38. How would you create the Reports directory on the D: drive and navigate into it? A) REM Reports followed by CD D:\Reports B) MD D:\Reports followed by CD D:\Reports C) MOVE Reports followed by CD D:\Reports D) COPY CON Reports followed by CD D:\Reports

39. How would you create a file named summary.txt and start editing it using the command line? A) MOVE summary.txt B) COPY CON summary.txt C) CD summary.txt D) REM summary.txt