Introduction

Question 1

Security

Answer 1

Protecting assets from harm or damage

Question 2

Computer security

Answer 2

Protecting information assets from damage or harm

Question 3

Information assets

Answer 3

Data files, software, IT equipment and infrastructure

Question 4

Information security

Answer 4

The protection of information and its critical elements including systems and hardware that use, store, transmit that information

Question 5

Information security properties

Answer 5

Confidentiality, Integrity, Availability
Authenticity, Accountability, Non-repudiation, Reliability

Question 6

Repudiating meaning

Answer 6

Refuse to accept

Question 7

Non-repudiation meaning

Answer 7

Cannot repudiate with undeniable evidence.

Data integrity and origin can be verified by a third party.

Question 8

Replaceable assets

Answer 8

Hardware, software

Question 9

Irreplaceable assets

Answer 9

Data, individual application

Question 10

Confidentiality concepts

Answer 10

Data confidentiality and Privacy.

Question 11

Integrity concepts

Answer 11

Data Integrity and System Integrity

Question 12

Availability goal

Answer 12

Ensure access and use of information is timely and reliable

Question 13

Integrity goal

Answer 13

Guarding against improper information modification and destruction.

Ensure information non-repudiation and authenticity

Question 14

Confidentiality goal

Answer 14

Preserving authorized restrictions on information access and disclosure

Protecting privacy and proprietary information

Question 15

Confidentiality definition

Answer 15

Hiding the existence and concealment of information and resources

Question 16

Integrity definition

Answer 16

Authentication and trustworthiness of information and resources.

Correctness of data.

Question 17

Availability definition

Answer 17

Ability to use info and resources.

Accessible and usable upon demand by an authorized entity.

Question 18

Confidentiality (SECRECY)

Answer 18

Protecting business data

Question 19

Confidentiality (PRIVACY)

Answer 19

Protecting personal data

Question 20

Confidentiality (ANONYMITY)

Answer 20

Hide who is engaging in what actions

Question 21

Confidentiality Tools

Answer 21

Encryption

Access control

Question 22

Integrity tools

Answer 22

Prevention

Detection

Question 23

Availability tools

Answer 23

System design

Statistical model of use

Question 24

Confidentiality threat

Answer 24

Information theft

Unintentional disclosure

Question 25

Integrity threats

Answer 25

Data and system corruption Loss of accountability

Question 26

Availability threats

Answer 26

DoS

Question 27

Authenticity types

Answer 27

User Organization System Data origin

Question 28

Authenticity meaning

Answer 28

Being actually and exactly what is claimed

Question 29

Accountability goal

Answer 29

Trace action to specific person and hold them responsible

Question 30

Non-repudiation goal

Answer 30

Establishing irrefutable proof of message sending and receiving to third parties Origin - proof sent Deliver - proof received

Question 31

Non-repudiation control

Answer 31

Digital signature

Question 32

Vulnerabilities definition

Answer 32

State of being exposed to the possibility of being attacked or harmed Any condition that leaves an information system open to harm or weakness that makes an exploit possible

Question 33

Vulnerabilities types

Answer 33

Hardware, Software, Data, Human, Computer security

Question 34

Risk definition

Answer 34

Indicates exposure to the chance of damage A situation involving exposure to danger

Question 35

Threat definition

Answer 35

Any event or action that can potentially cause damage to an asset Where intentional, unintentional or malicious

Question 36

Potential threats

Answer 36

Unauthorized or unintentional access or change to data. Interruption of services. Interruption of access to assets. Damage to hardware. Unauthorized access or damage to facilities

Question 37

MOM

Answer 37

Method Opportunity Motive

Question 38

Types of harm

Answer 38

Interception Interruption Modification Fabrication

Question 39

APT

Answer 39

Directed Well financed Organized Patient Silent Highly skilled

Question 40

Breaches

Answer 40

Disclosure Disruption Deception Usurpation

Question 41

Usurpation

Answer 41

Take authority by force

Question 42

Available controls

Answer 42

Encryption Software/Program Development Hardware Physical Policies and Procedure

Question 43

Breaches (DISCLOSURE)

Answer 43

Unauthorized access Snooping

Question 44

Breaches (DECEPTION)

Answer 44

Accepting false data Modification, Spoofing, Repudiation of origin, Denial of receipt

Question 45

Breaches (DISRUPTION)

Answer 45

Prevention of correct operation Modification, Man-in-the-middle

Question 46

Breaches (USURPATION)

Answer 46

Unauthorized control of some part of the system Modification, Spoofing, Delay, DoS

Question 47

Control Information states

Answer 47

Storage Processing Transmission

Question 48

Control Categories

Answer 48

Physical Technical Administrative

Question 49

Control Physical Category

Answer 49

Facility protection Security guards Locks Monitoring Intrusion Detection

Question 50

Control Technical Category

Answer 50

Logical Access Control Cryptographic Control User Authentication Forensics Intrusion Detection

Question 51

Control Administrative Category

Answer 51

Policies and Standard Procedures and Practice Awareness Training Incident Response

Question 52

Functional Types

Answer 52

Preventive Detective Corrective

Question 53

Control Goals

Answer 53

Prevention Detection Recovery

Question 54

Threat Actors

Answer 54

Script Kiddies Hacktivists Organized Crime Nation States Insiders Competitors

Question 55

Social Engineering

Answer 55

Impersonation Phishing Hoaxes

Question 56

Social Engineering Principle

Answer 56

Consensus Authority Intimidation Scarcity Urgency Familiarity

Question 57

Phishing

Answer 57

Spear Pharming Whaling Vishing Smishing