Computer Security Basics

Questions and Answers

What is the main difference between a directed attack and other types of attacks?

• Directed attacks targets multiple organizations.
• Directed attacks targets random individuals or organizations.
• Directed attacks targets a specific individual.
• Directed attacks targets a specific organization. (correct)

What type of threat violates the confidentiality security concept?

• Modification
• Interception (correct)
• Fabrication
• Interruption

What is an example of an interruption threat?

• Malicious destruction of a hardware device. (correct)
• Creating a counterfeit object on a computing system.
• Illicit copying of program or data files.
• Changing the values in a database.

What type of threat involves unauthorized creation of counterfeit objects on a computing system?

Fabrication (C)

What type of threat involves unauthorized access and tampering with an asset?

Modification (A)

What is the term for unauthorized access to an asset?

Interception (B)

What is computer security primarily concerned with?

Protecting assets that have value to individuals or organizations (B)

What is confidentiality in the context of computer security?

Ensuring only authorized parties have access to assets (B)

What is the primary goal of integrity in computer security?

Ensuring assets can be modified only by authorized parties (D)

What is the opposite of availability in computer security?

Denial of service (C)

What determines the value of an asset in computer security?

Factors such as personal, time-dependent, replicable, or not, and cost of loss (C)

What is a necessary condition for an object or service to be considered available?

It is present in a usable form (A)

How many important aspects of computer security are there?

Three (D)

What is a vulnerability in the context of computer security?

A weakness in the security system that can be exploited (C)

What is the negative consequence of an actualized threat?

Harm (A)

What is an attack in the context of computer security?

An actualized threat (A)

What is the primary purpose of a control in computer security?

To remove or reduce a vulnerability (B)

What is the relationship between a threat and a vulnerability?

A threat is a circumstance that can exploit a vulnerability (B)

What type of program controls enforce security restrictions within a program?

Internal program controls (B)

What is the primary function of independent control programs?

To protect against specific types of vulnerabilities (D)

What type of hardware device verifies users' identities?

Device to verify users' identities (A)

What type of controls enforce procedures or policies among users?

User Policies and Procedures (D)

What is the primary goal of development controls?

To prevent software faults from becoming exploitable vulnerabilities (B)

What type of control limits access to a program's features?

Internal program controls (B)

What is a Trojan horse in the context of software modification?

A program that overtly does one thing while covertly doing another (C)

What is the primary concern of software security?

Ensuring programmers and analysts take responsibility for creating secure programs (B)

What is the result when a threat is realized against a vulnerability?

Harm (B)

What is an example of a data vulnerability?

All of the above (D)

What is the primary concern of data integrity?

Preventing data modification (B)

What is the goal of software authors and distributors regarding software use?

To ensure fair compensation for software use (A)

Flashcards are hidden until you start studying