Computer Networks and Security Quiz

Questions and Answers

In the early 2000s, some computing professionals and managers did recognize the value of the resources they used or controlled.

False (B)

In the event of a computing crime, companies always investigate and prosecute.

False (B)

A computing system includes hardware, software, data, and people.

True (A)

Every part of the computing system could be the target of a computing crime.

True (A)

The strongest point in a computing system is the most serious vulnerability.

False (B)

A logic bomb is a type of software vulnerability.

True (A)

Storage media is a protected asset.

False (B)

Origin Integrity provides Authentication.

True (A)

Data Integrity means that assets are modified only by unauthorized parties.

False (B)

Availability refers to assets being accessible to unauthorized parties.

False (B)

Frequent changes of passwords is an example of a simple but effective mechanism to maintain security.

True (A)

If policies align, discrepancies may create security vulnerabilities.

False (B)

Specification is the requirements analysis and the statement of desired functionality.

True (A)

The design stage includes programs that carry out the design.

False (B)

Recovery involves stopping the attack and repairing damage.

True (A)

Intellectual Property refers to the ownership of ideas.

True (A)

Using intellectual property does not require giving proper credit.

False (B)

Amateurs are known for identifying the easiest points of entry into computer systems.

True (A)

A 'vulnerability' refers to a safeguard implemented to minimize potential harm.

False (B)

Human attacks, natural disasters, and the power grid are examples of threats to computer systems.

False (B)

Disclosure, deception, disruption, and usurpation represent different categories of security breaches.

True (A)

Accepting false data is an example of 'disclosure'.

False (B)

Preventing the correct operation of a system exemplifies 'disruption'.

True (A)

Encryption ensures complete availability of resources, regardless of protocol.

False (B)

Software controls are typically the last aspect considered in computer security implementation.

False (B)

Site security is determined based on what an organization's guiding policies permit and prohibit.

True (A)

A 'trap door' denies access to a system, even with special privileges.

False (B)

Shoulder surfing is a technique used in espionage or for gathering intelligence.

True (A)

'Polymorphism' maintains a consistent and easily identifiable signature over time.

False (B)

A 'script kiddie' is an expert who develops sophisticated software scripts for exploiting system vulnerabilities.

False (B)

Using outdated security technology can lead to vulnerabilities.

True (A)

Risk analysis involves determining the need to protect trade secrets.

True (A)

Copyrights determine the financial benefits of power and responsibility in organizations.

False (B)

Software piracy is the most common type of breach.

True (A)

Malicious code is not a threat to information security.

False (B)

A denial-of-service attack can cause a business to be hacked out of existence.

True (A)

Worms require user initiation to replicate.

False (B)

Espionage involves unauthorized access and data collection.

True (A)

Blackmail is a form of information extortion.

True (A)

Acts of human error have no impact on information security.

False (B)

Natural disasters like floods and earthquakes can pose threats to information security.

True (A)

Flashcards

Deliberate acts of theft

Illegal confiscation of equipment or information with intent.

Polymorphism

Changes its shape over time to avoid detection.

Sabotage

Deliberate destruction of systems or information.

Espionage

Gathering intelligence, can be legal or illegal.

Technical obsolescence

Outdated technology that causes system failures.

Vulnerability

A weakness in the system that can be exploited.

Crackers

Individuals who break into systems to exploit vulnerabilities.

Exposure

A form of possible loss or harm to systems or data.

Encryption

A method to ensure confidentiality of data by transforming it into a secure format.

Software Controls

Internal measures to regulate software security.

Disruption

Prevention of correct operation of a system or service.

Confidentiality

Assets are accessible only by authorized parties.

Usurpation

Unauthorized control over some part of a system.

Policies

Guidelines that define what is allowed within a system.

Software Vulnerabilities

Weaknesses in software that can be exploited by attackers.

Trojan Horse

Malicious software disguised as legitimate software.

Virus

A type of malware designed to replicate and spread.

Logic Bomb

A malicious code that triggers under specific conditions.

Trapdoor

A hidden entry point in software for unauthorized access.

Data Security

Protecting digital information from unauthorized access or corruption.

Weakest Point Vulnerability

The security gap in a system that poses the highest risk.

Risk Analysis

The process of deciding what to protect and how much protection is needed.

Trade Secrets

Confidential business information that provides a competitive edge.

Copyrights

Legal protection for original works of authorship (like writing or art).

Trademarks

Symbols, names, or slogans that distinguish goods/services of one entity from another.

Patents

Exclusive rights granted for an invention, preventing others from making it.

Software Piracy

Unauthorized copying and distribution of software.

Malware

Malicious software designed to harm or exploit any programmable device.

Denial-of-Service Attack

A malicious attempt to disrupt a service by overwhelming it with traffic.

Worms

Self-replicating malware that spreads across computers without needing a host file.

Data Integrity

Assets are modified only by authorized parties and ways.

Origin Integrity

Authentication ensures data comes from a trusted source.

Availability

Assets are accessible to authorized parties when needed.

Security Goals

Prevention, Detection, and Recovery from security violations.

Hardware Vulnerabilities

Weaknesses in physical components of a system.

Legal Controls

Regulations governing the use of systems and data.

Cost-Benefit Analysis

Evaluates whether prevention or recovery costs less.

Intellectual Property

Ownership of ideas and their representations.

Security Mechanisms

Methods that enforce security policies in a system.

Study Notes

Computer Networks and Security

• Computer security is a concern for all computing professionals and managers.
• Intrusion can happen at any point in the computing system (hardware, software, data, people).
• The weakest part of a system is the most vulnerable.
• Security breaches include exposure (potential loss), vulnerability (system weakness), attack (human or natural), threats (human, natural, error), control (protective measure), and assets (hardware/software/data).

Types of Security Breaches

• Disclosure: unauthorized access to information (snooping)
• Deception: acceptance of false data (modification, spoofing, repudiation of origin, denial of receipt)
• Disruption: prevention of correct operation (modification, man-in-the-middle attack)
• Usurpation: unauthorized control of a system part.

Security Components

• Confidentiality: restricted access to assets
• Integrity: assets modified only by authorized parties.
• Availability: authorized parties can access assets
• Enables access to data and resources.

Security Vulnerabilities

• Hardware vulnerabilities
• Software vulnerabilities
• Data vulnerabilities

People Involved in Computer Crimes

• Amateurs
• Crackers
• Career criminals

Security Methods

• Encryption: protecting data confidentiality. Using encryption doesn't solve all security issues.
• Software controls (internal programs and development).
• Hardware controls (OS).
• Policies and mechanisms (define permitted/forbidden actions, enforce via mechanisms/simple but effective e.g., password changes).

Security Goals

• Prevention: stop attacks.
• Detection: find attacks.
• Recovery: stop attack, assess, and fix damage. Continue normal operations successfully even in attacks.

Threats to Information Security

• Intellectual property: piracy, software attacks.
• Software attacks: viruses, worms, malicious code, denial-of-service attacks
• Deviations in quality of service: ISP, power, WAN service problems
• Espionage or trespass: unauthorized access or data collection, hackers
• Forces of nature: fire, floods, earthquakes, lightning
• Acts of human error or failure: accidents, employee mistakes

Deliberate Acts

• Information extortion: blackmail, demanding compensation.
• Sabotage or vandalism: deliberate damage to a system or organization.
• Theft (physical, electronic, intellectual property).
• Cyber terrorism.
• Social engineering: manipulating users.