Computer Security Engineering Quiz

Questions and Answers

What does security engineering encompass?

• Tools and techniques for computer programming
• Tools, techniques, and methods to support the development and maintenance of systems resistant to malicious attacks (correct)
• Methods to enhance system performance
• Techniques for data visualization

What is the dimension of security concerned with making sure information is not disclosed to unauthorized entities?

• Availability
• Integrity
• Authentication
• Confidentiality (correct)

Which level of security is concerned with maintaining the security of systems and networks providing shared services to the organization?

• Application security
• Infrastructure security (correct)
• Network security
• Data security

What does integrity in the context of security engineering refer to?

Preventing information from being damaged or corrupted (C)

What does availability in the context of security engineering refer to?

Ensuring access to a system or its data that is normally available (D)

Match the security dimension with its definition:

Confidentiality = Information in a system may be disclosed or made accessible to unauthorized entities. Integrity = Information in a system may be damaged or corrupted, making it unreliable. Availability = Access to a system or its data that is normally available may not be possible. Authorization = Specifying access rights to resources, ensuring that only authorized entities can access them.

Match the level of security with its description:

Infrastructure security = Maintaining the security of all systems and networks providing shared services to the organization. Application security = Focuses on securing individual software applications to prevent unauthorized access and data breaches. Endpoint security = Securing endpoints such as laptops, smartphones, and other devices from being exploited by malicious actors. Network security = Protecting the usability and integrity of the network and data in transit.

Match the security concept with its definition:

Threat modeling = Identifying potential threats to a system and assessing the likelihood and impact of those threats. Risk assessment = Evaluating the potential risks to an organization's information and systems, and identifying measures to mitigate these risks. Vulnerability assessment = Identifying and quantifying vulnerabilities in a system, network, or application. Penetration testing = Simulating cyber-attacks to evaluate the security of a system or network.

Match the security term with its meaning:

Firewall = A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Encryption = The process of converting plaintext into ciphertext to secure sensitive information during transmission or storage. Intrusion detection system (IDS) = A security tool designed to monitor network or system activities for malicious activities or policy violations. Two-factor authentication = A security process in which the user provides two different authentication factors to verify themselves.

Match the security method with its purpose:

Access control = Restricting access to resources based on policies and rules to ensure that only authorized entities can access them. Security auditing = Examining and analyzing the security measures and controls in place to identify vulnerabilities and ensure compliance with security policies. Security monitoring = Ongoing surveillance of a system or network to detect and respond to security incidents and policy violations. Incident response = A structured approach to addressing and managing the aftermath of a security breach or cyber-attack.

Flashcards are hidden until you start studying