M1: Security concepts and principles - C.1 Flashcards

Question 1

Q

What are the fundamental goals of computer security?

M1: Security concepts and principles - C.1

Answer

A

Confidentiality,
Integrity,
availability,
authorization,
authentication,
accountability.

Question 2

Q

What does confidentiality mean in computer security?

M1: Security concepts and principles - C.1

Answer

A

It means keeping non-public information accessible only to authorized parties.

Question 3

Q

How is integrity defined in computer security?

M1: Security concepts and principles - C.1

Answer

A

Integrity ensures that data, software, or hardware remains unaltered except by authorized parties.

Question 4

Q

What is authorization in the context of computer security?

M1: Security concepts and principles - C.1

Answer

A

Authorization means that computing resources are accessible only by authorized entities.

Question 5

Q

What does availability refer to in computer security?

M1: Security concepts and principles - C.1

Answer

A

Availability ensures that information, services, and resources are accessible for authorized use.

Question 6

Q

What is authentication in computer security?

M1: Security concepts and principles - C.1

Answer

A

Authentication assures that a principal, data, or software is genuine and as asserted.

Question 7

Q

What does accountability mean in computer security?

M1: Security concepts and principles - C.1

Answer

A

Accountability is the ability to identify principals responsible for past actions.

Question 8

Q

What is the difference between trusted and trustworthy?

M1: Security concepts and principles - C.1

Answer

A

Trusted means having confidence in something, deserved or not;
Trustworthy means it reliably meets expectations.

Question 9

Q

How is confidentiality different from privacy?

M1: Security concepts and principles - C.1

Answer

A

Confidentiality protects information from unauthorized disclosure… while privacy involves protecting personally sensitive information.

Question 10

Q

What is a security policy?

M1: Security concepts and principles - C.1

Answer

A

A security policy specifies the rules and practices for protecting assets and what is allowed or not.

Question 11

Q

What is an attack in computer security?

M1: Security concepts and principles - C.1

Answer

A

An attack is a deliberate action intended to cause a security violation.

Question 12

Q

What is a vulnerability in computer security?

M1: Security concepts and principles - C.1

Answer

A

A vulnerability is a weakness that can be exploited to cause a security breach.

Question 13

Q

What is a threat in computer security?

M1: Security concepts and principles - C.1

Answer

A

A threat is any circumstance or entity that might harm assets or cause security violations.

Question 14

Q

What is risk in computer security?

M1: Security concepts and principles - C.1

Answer

A

Risk is the expected loss due to harmful future events, considering assets, threats, and vulnerabilities.

Question 15

Q

What is risk assessment?

M1: Security concepts and principles - C.1

Answer

A

Risk assessment involves analyzing factors to estimate risk and prioritize defensive measures.

Question 16

Q

What is the risk equation?

M1: Security concepts and principles - C.1

Answer

A

Risk (r) = Threat (t) x Vulnerability (v) x Cost (c).

Question 17

Q

What is adversary modeling?

M1: Security concepts and principles - C.1

Answer

A

Adversary modeling identifies and analyzes potential attackers and their capabilities.

Question 18

Q

What are some attributes of an adversary?

M1: Security concepts and principles - C.1

Answer

A

Objectives,
Methods,
Capabilities,
Funding level
Insiders or outsiders.

Question 19

Q

What is penetration testing?

M1: Security concepts and principles - C.1

Answer

A

Penetration testing involves finding vulnerabilities by simulating attacks on a system.

Question 20

Q

What is security analysis?

M1: Security concepts and principles - C.1

Answer

A

Security analysis identifies vulnerabilities and overlooked threats to improve defenses.

Question 21

Q

What is a threat model?

M1: Security concepts and principles - C.1

Answer

A

A threat model identifies threats, threat agents, and attack vectors that a system defends against.

Question 22

Q

What is diagram-driven threat modeling?

M1: Security concepts and principles - C.1

Answer

A

It uses architectural diagrams to identify and analyze potential threats and attack vectors.

Question 23

Q

What is an attack tree?

M1: Security concepts and principles - C.1

Answer

A

An attack tree is a diagram that breaks down an attack goal into smaller, actionable steps.

Question 24

Q

What is the purpose of attack trees?

M1: Security concepts and principles - C.1

Answer

A

To identify and prioritize potential attack vectors and help in forming security policies.

Question 25

Q

What are attack/threat checklists?

M1: Security concepts and principles - C.1

Answer

A

Pre-constructed lists of known attacks used to ensure no threats are overlooked.

Question 26

Q

What is the difference between insider and outsider attacks?

M1: Security concepts and principles - C.1

Answer

A

Insider attacks come from within the organization, while outsider attacks come from external entities.

Question 27

Q

What is the role of security controls?

M1: Security concepts and principles - C.1

Answer

A

Security controls prevent, detect, and react to security violations to limit damage and recover.

Question 28

Q

What is the significance of security policies in risk management?

M1: Security concepts and principles - C.1

Answer

A

Security policies help determine when a violation occurs and guide the implementation of controls.

Question 29

Q

What is the goal of security analysis in the software development lifecycle?

M1: Security concepts and principles - C.1

Answer

A

To provide confidence in a system’s ability to resist attacks by identifying and addressing threats.