M1: Security concepts and principles - C.1

Question 1

What are the fundamental goals of computer security?

M1: Security concepts and principles - C.1

Answer 1

• Confidentiality,
• Integrity,
• availability,
• authorization,
• authentication,
• accountability.

Question 2

What does confidentiality mean in computer security?

M1: Security concepts and principles - C.1

Answer 2

It means keeping non-public information accessible only to authorized parties.

Question 3

How is integrity defined in computer security?

M1: Security concepts and principles - C.1

Answer 3

Integrity ensures that data, software, or hardware remains unaltered except by authorized parties.

Question 4

What is authorization in the context of computer security?

M1: Security concepts and principles - C.1

Answer 4

Authorization means that computing resources are accessible only by authorized entities.

Question 5

What does availability refer to in computer security?

M1: Security concepts and principles - C.1

Answer 5

Availability ensures that information, services, and resources are accessible for authorized use.

Question 6

What is authentication in computer security?

M1: Security concepts and principles - C.1

Answer 6

Authentication assures that a principal, data, or software is genuine and as asserted.

Question 7

What does accountability mean in computer security?

M1: Security concepts and principles - C.1

Answer 7

Accountability is the ability to identify principals responsible for past actions.

Question 8

What is the difference between trusted and trustworthy?

M1: Security concepts and principles - C.1

Answer 8

Trusted means having confidence in something, deserved or not;
Trustworthy means it reliably meets expectations.

Question 9

How is confidentiality different from privacy?

M1: Security concepts and principles - C.1

Answer 9

Confidentiality protects information from unauthorized disclosure… while privacy involves protecting personally sensitive information.

Question 10

What is a security policy?

M1: Security concepts and principles - C.1

Answer 10

A security policy specifies the rules and practices for protecting assets and what is allowed or not.

Question 11

What is an attack in computer security?

M1: Security concepts and principles - C.1

Answer 11

An attack is a deliberate action intended to cause a security violation.

Question 12

What is a vulnerability in computer security?

M1: Security concepts and principles - C.1

Answer 12

A vulnerability is a weakness that can be exploited to cause a security breach.

Question 13

What is a threat in computer security?

M1: Security concepts and principles - C.1

Answer 13

A threat is any circumstance or entity that might harm assets or cause security violations.

Question 14

What is risk in computer security?

M1: Security concepts and principles - C.1

Answer 14

Risk is the expected loss due to harmful future events, considering assets, threats, and vulnerabilities.

Question 15

What is risk assessment?

M1: Security concepts and principles - C.1

Answer 15

Risk assessment involves analyzing factors to estimate risk and prioritize defensive measures.

Question 16

What is the risk equation?

M1: Security concepts and principles - C.1

Answer 16

Risk (r) = Threat (t) x Vulnerability (v) x Cost (c).

Question 17

What is adversary modeling?

M1: Security concepts and principles - C.1

Answer 17

Adversary modeling identifies and analyzes potential attackers and their capabilities.

Question 18

What are some attributes of an adversary?

M1: Security concepts and principles - C.1

Answer 18

• Objectives,
• Methods,
• Capabilities,
• Funding level
• Insiders or outsiders.

Question 19

What is penetration testing?

M1: Security concepts and principles - C.1

Answer 19

Penetration testing involves finding vulnerabilities by simulating attacks on a system.

Question 20

What is security analysis?

M1: Security concepts and principles - C.1

Answer 20

Security analysis identifies vulnerabilities and overlooked threats to improve defenses.

Question 21

What is a threat model?

M1: Security concepts and principles - C.1

Answer 21

A threat model identifies threats, threat agents, and attack vectors that a system defends against.

Question 22

What is diagram-driven threat modeling?

M1: Security concepts and principles - C.1

Answer 22

It uses architectural diagrams to identify and analyze potential threats and attack vectors.

Question 23

What is an attack tree?

M1: Security concepts and principles - C.1

Answer 23

An attack tree is a diagram that breaks down an attack goal into smaller, actionable steps.

Question 24

What is the purpose of attack trees?

M1: Security concepts and principles - C.1

Answer 24

To identify and prioritize potential attack vectors and help in forming security policies.

Question 25

What are attack/threat checklists?

M1: Security concepts and principles - C.1

Answer 25

Pre-constructed lists of known attacks used to ensure no threats are overlooked.

Question 26

What is the difference between insider and outsider attacks?

M1: Security concepts and principles - C.1

Answer 26

Insider attacks come from within the organization, while outsider attacks come from external entities.

Question 27

What is the role of security controls?

M1: Security concepts and principles - C.1

Answer 27

Security controls prevent, detect, and react to security violations to limit damage and recover.

Question 28

What is the significance of security policies in risk management?

M1: Security concepts and principles - C.1

Answer 28

Security policies help determine when a violation occurs and guide the implementation of controls.

Question 29

What is the goal of security analysis in the software development lifecycle?

M1: Security concepts and principles - C.1

Answer 29

To provide confidence in a system’s ability to resist attacks by identifying and addressing threats.