Computer Security Basics

Questions and Answers

What is the main difference between a directed attack and other types of attacks?

Directed attacks targets multiple organizations.

Directed attacks targets random individuals or organizations.

Directed attacks targets a specific individual.

Directed attacks targets a specific organization. (correct)

What type of threat violates the confidentiality security concept?

Modification

Interception (correct)

Fabrication

Interruption

What is an example of an interruption threat?

Malicious destruction of a hardware device. (correct)

Creating a counterfeit object on a computing system.

Illicit copying of program or data files.

Changing the values in a database.

What type of threat involves unauthorized creation of counterfeit objects on a computing system?

Fabrication

What type of threat involves unauthorized access and tampering with an asset?

Modification

What is the term for unauthorized access to an asset?

Interception

What is computer security primarily concerned with?

Protecting assets that have value to individuals or organizations

What is confidentiality in the context of computer security?

Ensuring only authorized parties have access to assets

What is the primary goal of integrity in computer security?

Ensuring assets can be modified only by authorized parties

What is the opposite of availability in computer security?

Denial of service

What determines the value of an asset in computer security?

Factors such as personal, time-dependent, replicable, or not, and cost of loss

What is a necessary condition for an object or service to be considered available?

It is present in a usable form

How many important aspects of computer security are there?

Three

What is a vulnerability in the context of computer security?

A weakness in the security system that can be exploited

What is the negative consequence of an actualized threat?

Harm

What is an attack in the context of computer security?

An actualized threat

What is the primary purpose of a control in computer security?

To remove or reduce a vulnerability

What is the relationship between a threat and a vulnerability?

A threat is a circumstance that can exploit a vulnerability

What type of program controls enforce security restrictions within a program?

Internal program controls

What is the primary function of independent control programs?

To protect against specific types of vulnerabilities

What type of hardware device verifies users' identities?

Device to verify users' identities

What type of controls enforce procedures or policies among users?

User Policies and Procedures

What is the primary goal of development controls?

To prevent software faults from becoming exploitable vulnerabilities

What type of control limits access to a program's features?

Internal program controls

What is a Trojan horse in the context of software modification?

A program that overtly does one thing while covertly doing another

What is the primary concern of software security?

Ensuring programmers and analysts take responsibility for creating secure programs

What is the result when a threat is realized against a vulnerability?

Harm

What is an example of a data vulnerability?

All of the above

What is the primary concern of data integrity?

Preventing data modification

What is the goal of software authors and distributors regarding software use?

To ensure fair compensation for software use