Prelim Lesson 1

Question 1

is the study of how to
protect
your
information
assets
from
destruction,
degradation, manipulation and exploitation. But also, how
to recover should any of those happen

Answer 1

Information Assurance

Question 2

is the study of how to
protect
your
information
assets
from
destruction,
degradation, manipulation and exploitation. But also, how
to recover should any of those happen

Answer 2

Information Assurance

Question 3

timely, reliable access to data and information services for authorized users

Answer 3

Availability

Question 4

timely, reliable access to data and information services for authorized users

Answer 4

Availability

Question 5

protection against unauthorized modification or destruction of information

Answer 5

Integrity

Question 6

assurance that information is not disclosed to unauthorized persons

Answer 6

Confidentiality

Question 7

security measures to establish the validity of a transmission, message,
or originator

Answer 7

Authentication

Question 8

assurance that the sender is provided with proof of a data delivery
and recipient is provided with proof of the sender’s identity, so that neither can later deny
having processed the data

Answer 8

Non-repudiation

Question 9

True or False: IT security cannot be accomplished in a
vacuum, because there are a multitude of dependencies and interactions
among all four security engineering domains.

Answer 9

True

Question 10

protection of hardware, software, and data
against physical threats to reduce or prevent disruptions to operations and
services and loss of assets

Answer 10

Physical Security

Question 11

a variety of ongoing measures taken to reduce the
likelihood and severity of accidental and intentional alteration, destruction,
misappropriation, misuse, misconfiguration, unauthorized distribution, and
unavailability of an organization’s logical and physical assets, as the result
of action or inaction by insiders and known outsiders, such as business
partners.

Answer 11

Personnel Security

Question 12

a variety of ongoing measures taken to reduce the
likelihood and severity of accidental and intentional alteration, destruction,
misappropriation, misuse, misconfiguration, unauthorized distribution, and
unavailability of an organization’s logical and physical assets, as the result
of action or inaction by insiders and known outsiders, such as business
partners.

Answer 12

Personnel Security

Question 13

inherent technical features and functions that collectively
contribute to an IT infrastructure achieving and sustaining confidentiality,
integrity, availability, accountability, authenticity, and reliabilit

Answer 13

IT Security

Question 14

inherent technical features and functions that collectively
contribute to an IT infrastructure achieving and sustaining confidentiality,
integrity, availability, accountability, authenticity, and reliability

Answer 14

IT Security

Question 15

involves the implementation of standard operational
security procedures that define the nature and frequency of the interaction
between users, systems, and system resources,

Answer 15

Operational Security

Question 16

According to this, a
computing environment is made up of five continuously interacting
components

Answer 16

Raggad’s taxonomy of information technology

Question 17

Includes information security and computer

Answer 17

IA

Question 18

According to them, IA can be thought of as protecting
information at three distinct levels

Answer 18

Blyth and Kovacich

Question 19

data and data processing activities in physical space;

Answer 19

Physical

Question 20

information and data manipulation abilities
in cyberspace

Answer 20

Information Infractrature

Question 21

information and data manipulation abilities
in cyberspace;

Answer 21

Information infrastracture

Question 22

knowledge and understanding in human decision space

Answer 22

Perceptual

Question 23

The flip side of information assurance

Answer 23

Information warfare

Question 24

Offensive part of IW

Answer 24

Information operations

Question 25

Defensive part of IW

Answer 25

Information Assurance

Question 26

in military circles, Type 1 is also called

Answer 26

Truth Projection

Question 27

Involves managing an opponent’s perception through deception and psychological operations

Answer 27

Type 1

Question 28

involves denying, destroying,degrading, or distorting the opponent’s information flows to disrupt their ablitity to carry out or coordinate operations

Answer 28

Type II

Question 29

gathers intelligence by exploiting the opponent’s use of information systems

Answer 29

Type III

Question 30

consists of employees, former employees and contractors.

Answer 30

Insiders

Question 31

: one who gains unauthorized access to or breaks into
information systems for thrills, challenge, power, or profit

Answer 31

Hackers

Question 32

target information that may be of value to them: bank
accounts, credit card information, intellectual property, etc.

Answer 32

Criminals

Question 33

actively seek intelligence about competitors or steal trade
secrets.

Answer 33

Corporations

Question 34

seek the military, diplomatic, and economic
secrets of foreign governments, foreign corporations, and adversaries.
May also target domestic adversaries.

Answer 34

Governments and agencies

Question 35

usually politically motivated and may seek to cause maximal
damage to information infrastructure as well as endanger lives and
property.

Answer 35

Terrorists

Question 36

timely attack detection and reporting is key to initiating
the restoration and response processes

Answer 36

Attack Detection

Question 37

-relies on established procedures and mechanisms
for prioritizing restoration of essential functions.
-may
rely on backup or redundant links, information system components, or
alternative means of information transfe

Answer 37

Capability restoration

Question 38

: the items being protected by the system (documents, files, directories,
databases, transactions, etc.)

Answer 38

objects

Question 39

: entities (users, processes, etc.) that execute activities and request
access to objects.

Answer 39

subjects

Question 40

operations, primitive or complex, that can operate on objects and must be
controlled

Answer 40

actions

Question 41

authorized users are able to access it

Answer 41

availability

Question 42

the information is free of error and has the value expected;

Answer 42

accuracy

Question 43

the information is genuine

Answer 43

authenticity

Question 44

the information has not been disclosed to unauthorized
parties

Answer 44

confidentiality

Question 45

the information is whole, complete and uncorrupted;

Answer 45

integrity

Question 46

the information has value for the intended purpose;

Answer 46

utility