Computer Security Chapter 1: Introduction

Questions and Answers

Which type of attacker is associated with organized crime activities?

Organized crime member (correct)

Terrorist

Criminal-for-hire

Hacker

What type of harm includes altering data without permission?

Fabrication

Modification (correct)

Interruption

Interception

Which element is essential for an attacker's strategy, according to the model of method, opportunity, and motive?

Profile

Method (correct)

Location

Support

Which harm type involves preventing access to systems or data?

Interruption

Which of the following describes loosely connected groups in the context of attackers?

Hacker

What is the primary goal of computer security?

To protect the assets of a computer system

Which of the following is NOT considered a type of asset in computer security?

User preferences

What does the C-I-A Triad refer to in computer security?

Confidentiality, Integrity, and Availability

Which of the following best defines access control in the context of computer security?

The protection against unauthorized access to data and resources

Which of the following describes a basic threat in computer security?

An intentional act to compromise data integrity

What are vulnerabilities in the context of computer security?

Weaknesses that can be exploited by threats

Which of the following is an example of software asset?

Operating system

Which component is NOT part of hardware assets in a computer security framework?

Antivirus utilities

Which of the following values are associated with hardware assets?

Disk drives

What term describes a weakness in a system that can be exploited by a threat?

Vulnerability

Which of the following best defines the C-I-A triad in security?

Confidentiality, Integrity, Availability

Which type of software asset is considered easily replaceable?

Commercial applications

Which statement is true about data assets?

They are unique and irreplaceable.

What term refers to actions taken to reduce the risk posed by threats?

Control

Among the following, which is NOT a part of the C-I-A triad?

Authentication

Which of the following represents a unique software asset?

Individual applications

What components make up an access control policy?

Who + What + How

Which type of threat is classified as benign?

Human error

Which characteristic does NOT describe an Advanced Persistent Threat (APT)?

Rapid

What is an example of a natural cause threat?

Power failure

Which of the following best describes directed threats?

They are aimed at a specific target

Which of these qualifies as a human cause threat?

Malicious intent

What type of threat is characterized by being silent and patient?

Advanced Persistent Threats (APTs)

Which of these examples represents a random threat?

Malicious code on a general website

Which type of threat does confidentiality primarily protect against?

Unauthorized data access

Which of the following is an example of a technical control?

Access control lists

What is the primary goal of integrity as a security control?

To ensure data is accurate and reliable

Which control is designed to ensure the availability of data?

Redundancy systems

What type of threat does procedural control primarily guard against?

Accidental data loss

In terms of controls, which of the following ensures physical security?

Security badges

Which of the following threats is NOT covered by technical controls?

Data theft from physical devices

What aspect does availability principally focus on?

Ensuring data is accessible when needed

Which of the following is a common misconception about integrity in data management?

Integrity only pertains to data accuracy

Which control is crucial for protecting data from unauthorized access?

Access control mechanisms

What are the three basic security primitives?

Confidentiality, integrity, and availability

What do vulnerabilities in a system represent?

Weaknesses in a system

Which statement best describes the role of controls?

Controls protect weaknesses from exploitation.

Which of the following is NOT a type of deterrence control?

Natural deterrence

Who poses different kinds of threats based on their capabilities?

Different attackers

What is the main purpose of prevention controls in a system?

To prevent vulnerabilities from being exploited

What type of control would likely involve a faux environment?

External deterrence

Which of the following describes a proper response to an intrusion attempt?

Documenting and analyzing the incident

Study Notes

Chapter 1: Introduction

• Computer security aims to protect computer system assets: hardware, software, and data.
• Chapter objectives include defining computer security and basic terms, introducing the C-I-A Triad, access control terminology, basic threats, vulnerabilities, and attacks, and control mapping to threats.
• Assets include hardware (computer, devices, drives, memory, printer, network gear), software (operating system, utilities, commercial applications, word processing, photo editing, individual applications), and data (documents, photos, music, videos, email, class projects).
• Asset values are categorized as easily replaceable (off the shelf) or unique and irreplaceable.
• Basic security terms include vulnerability, threat, attack, and countermeasure or control.
• Threat and vulnerability relationship is illustrated by an image of a person attempting to reach a target above water with a stick.
• The C-I-A Triad represents confidentiality, integrity, and availability as fundamental security principles. It may also include authentication and non-repudiation.
• Access control, illustrated by a person at a desk, is described as a policy based process. (Who+ What+ How= Yes/No)
• Threat types include natural (fire, power failure), human causes (benign intent, malicious intent), human error, random (malicious code), and directed (impersonation). Advanced Persistent Threats (APTs) are characterized by organization, direction, well-funded resources, patience, and silent operations.
• Attacker types include hackers, individuals, terrorists, organized crime members, criminals for hire and loosely connected groups.
• Attack types include interception, interruption, modification, and fabrication depicted in diagrams.
• The method-opportunity-motive model is presented.
• Controls or countermeasures to threats are categorized into human, malicious, and directed and classified as physical, procedural, and technical as well as categorized in respect to confidentiality, integrity, and availability.
• Control types include preemption, external prevention, internal prevention, detection, response, deflection, external deterrence, internal deterrence and faux environment.
• A summary highlights vulnerabilities as weaknesses exploited by threats, and controls as protection for weaknesses. Confidentiality, integrity, and availability are core security principles. Attacker types and their motivations influence threat kinds and potential controls. Controls exist at various locations within a system.

Description

This quiz covers the fundamental concepts of computer security, including the definition of key terms and the components of the C-I-A Triad: confidentiality, integrity, and availability. It also introduces threats, vulnerabilities, and the importance of asset protection in security. Test your understanding of these core ideas from Chapter 1!