Concepts Flashcards

1
Q

When should security requirements be addressed in systems development?

  • From the very beginning
  • When budget and business priorities permit
  • When the risk assessment effort is completed
  • At the time of implementation
A

From the very beginning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which term is often associated with the precision of data?

  • Integrity
  • Availability
  • Non-disclosure
  • Confidentiality
A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary method of enforcing security concepts?

  • Through strict firewall rules
  • Through risk management
  • Through the use of controls
  • By regular or continuous audit
A

Through the use of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security concept that protects against repudiation threats?

  • Confidentiality
  • Authentication
  • Availability
  • Accountability
A

Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security concept that addresses the logging of transactions so that at a later time a history of transactions can be built, if needed.

  • Authorization
  • Availability
  • Non-repudiation
  • Auditing
A

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security concept that verifies and validates identity information that is supplied.

  • Confidentiality
  • Non-repudiation
  • Authentication
  • Authorization
A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security concept that has to do with the checking of a subject’s rights and privileges before granting access to the objects that the subject requests.

  • Non-repudiation
  • Authentication
  • Authorization
  • Availability
A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A security concept that assures protection against destruction of the data or system or denial of service. It addresses the accessibility of the
software and/or the data it handles.
- Availability
- Confidentiality
- Accountability
- Authorization
A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security concept that assures the protection of data against unauthorized disclosure. It ensures the secrecy and privacy of data.

  • Non-repudiation
  • Confidentiality
  • Availability
  • Authentication
A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The act of permanently and completely removing personal identifiers from data, such as converting personally identifiable information (PII) into aggregated data.

  • Separation of Duties
  • Defense in Depth
  • Data anonymization
  • Complete Mediation
A

Data anonymization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security concept that addresses the deniability of actions taken by the software or the user. It ensures that the actions taken by the software on behalf of the user (intentionally or unintentionally) cannot be refuted or denied.

  • Confidentiality
  • Authentication
  • Authorization
  • Non-repudiation
A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The secure disposal of software and the data the software processes, transmits, and stores.

  • Disposition
  • Integrity
  • Authorization
  • Open Design
A

Disposition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security concept that assures protection against unauthorized alterations (or modifications).

  • Integrity
  • Authorization
  • Confidentiality
  • Accountability
A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of control will proactively stop a threat from successfully attacking a system?

  • Preventative
  • Compensating
  • Detective
  • Corrective
A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In addition to restricting a user to the minimum level of access they require to perform their job, least privilege may also restrict access based on which factor?

  • Hashing
  • Encryption
  • Authentication
  • Time
A

Time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which term is often used to define a security requirement?

  • Clearance
  • Protocols
  • Escrow
  • Availability
A

Availability

17
Q

What is the result of encrypting a hash of a message with the private key of the sender?

  • Digital algorithm
  • Digital signature
  • Digital envelope
  • Digitized signature
A

Digital signature

18
Q

What is the secruity control used when displaying an asterix as a user enters a password?

  • Encryption
  • Masking
  • Context-dependent access control
  • Content-dependent access control
A

Masking

19
Q

What is the core security concept addressed through “need to know”?

  • Non-repudiation
  • Confidentiality
  • Integrity
  • Availability
A

Confidentiality

20
Q

What security concept provides trust in a cryptographic algorithm?

  • Propietart software
  • Symmetric key escrow
  • Open design
  • Publishing public keys as certificates
A

Open design

21
Q

When is the best time to involve security into systems development?

  • As early as possible in the project lifecycle
  • Once the system requirements are known
  • During the deployment phase of the project
  • Upon completion of the risk management
A

As early as possible in the project lifecycle

22
Q

Which of the following statements about the availability concept of Information security management is true?

  • Ensures that modifications are not made to data by unauthorized personnel or processes
  • Determines actions and behaviours of a single individual within a system
  • Ensures reliable and timely access to resources
  • Ensure that unauthorized modifications are not made to data by authorized personnel or processes
A

Ensures reliable and timely access to resources

23
Q

The concept of preventing a subject from denying a previous action with an object in a system is a description of?

  • Simple security rule
  • Non-repudiation
  • Defense in depth
  • Constrained data item (CDI)
A

Non-repudiation

24
Q

The CIA of security includes:

  • Confidentiality, integrity, authentication
  • Certificates, integrity, availability
  • Confidentiality, inspection, authentication
  • Confidentiality, integrity, availability
A

Confidentiality, integrity, availability

25
Q

What is the most important place to address security requirements?

  • At the network layer to prevent attacks
  • Within the application code for greatest precision
  • At all levels including network, application, and host
  • On the host since a compromise of the host is most dangerous
A

At all levels including network, application, and host

26
Q

Which security concept is often associated with criticality?

  • Availability
  • Integrity
  • Non-repudiation
  • Authorization
A

Availability

27
Q

What security concept is in use if a system requires a user to authenticate with a password and a biometric value?

  • Strong authentication
  • Accountability and audit
  • Dynamic authentication
  • Node authentication
A

Strong authentication

28
Q

What is the goal of the CSSLP?

  • To integrate security into the entire SDLC
  • To develop security solutions for software projects
  • To ensure that security requirements are correct
  • To promote the deployment of quality software
A

To integrate security into the entire SDLC

29
Q

What concept is being used when a user account is locked out after three invalid password entries?

  • Logging
  • Filtering
  • Static
  • Clipping
A

Clipping

30
Q

What is the primary purpose of logging all activity on a system?

  • To prosecute illegal activity
  • To establish an audit trail
  • To deter any suspicious actions
  • To support the concept of identification
A

To establish an audit trail

31
Q

What technique is used to restrict the amount of data in a customer record that is visible to a user of an application that accesses a database?

  • Input validation
  • View-based controls
  • Strong passwords
  • Single sign-on
A

View-based controls

32
Q

What is the primary method of enforcing security concepts?

  • Through the use of controls
  • Through risk management
  • By regular or continuous audit
  • Through strict firewall rules
A

Through the use of controls