Computer Security Introduction

Questions and Answers

What does computer security refer to?

Preventing unauthorized access to computers and their data (correct)

Enhancing the speed of computers

Developing new computer software

Protecting computers from viruses only

Why is computer security important?

To increase vulnerability to viruses

To slow down technological advancements

To protect systems from risks like hacking and information theft (correct)

To enhance cyber attacks

What type of attacks happen when a system is connected to the Internet?

Biological attacks

Cyber attacks (correct)

Physical attacks

Chemical attacks

Which type of security involves protecting a system's information from theft and piracy?

Information Security

What risk does the text NOT associate with the Internet?

Physical damage to computers

Who are trying to harm computer security for various purposes according to the text?

Invaders, hackers, and thieves

What is the main objective of information security?

Confidentiality

What does application security aim to protect?

Applications and data from hacking

Why is network security important?

To prevent data breaches and cyber attacks

Which security approach aims at creating software without bugs?

Security by Correctness

What is a common method used in network security to protect against malware and cyber attacks?

Distributed Denial of Service (DDoS)

Which aspect of security aims to deter criminal activities by providing a sense of safety?

Physical Security Measures

Why is it challenging to achieve 'Security by Correctness' in software development?

Inability to write bug-free code

Which type of attack involves intercepting and altering data packets traveling over a network?

Man-in-the-Middle Attack

What is the primary purpose of network security?

Protecting sensitive data from cyber attacks

In what way do physical security measures contribute to overall security?

Deterring criminal activities

What is one of the main challenges of implementing Security by Isolation according to the text?

Partitioning the system into meaningful pieces

Which characteristic describes monolithic kernels mentioned in the text?

Prone to allowing bypass of isolation mechanisms due to bugs

What technology is suggested in the text as a potential solution to the challenges of using monolithic kernels?

Micro-kernels

Which approach aims to make system exploitation very hard for attackers rather than removing all bugs?

Security by Obscurity

Why do some industry experts prefer monolithic kernels over micro-kernels according to the text?

Micro-kernels are harder to implement

Which mechanism aims to make exploitation of bugs difficult by randomizing memory addresses?

Address Space Layout Randomization (ASLR)

Why does Security by Obscurity not prevent all types of attacks effectively according to the text?

"Obfuscated" code is still prone to exploitation

"Thin bare-metal hypervisors, like Xen, can act as micro-kernels by ____________.

increasing driver domains

What is the main focus of Security by Isolation according to the text?

Segregating components and preventing their interference

What does confidentiality refer to in the context of information security?

Restricting information to specific individuals or locations

Which term refers to ensuring data remains accurate and consistent throughout its life cycle?

Data integrity

What is the main purpose of authentication in information security?

Verifying a user's identity

In cryptography, what does ciphertext refer to?

Encrypted text derived from plaintext

Why is plaintext protection important in cryptography?

To avoid disclosing sensitive information if stolen or disclosed

What type of attack involves an attacker having both the plaintext and its encrypted form?

Known-plaintext attack

Which action can help avoid revealing plaintext passwords in application configuration files?

Protecting passwords with a secure hash function

What is the main objective of non-repudiation in information security?

Verifying the authenticity of signatures and messages

Why is it important to protect plaintext stored in computer files?

To prevent unauthorized disclosure if stolen or disclosed

What happens during a known-plaintext attack in cryptanalysis?

The attacker knows both the plaintext and its encrypted form

What is the main goal of a passive attack?

To obtain unauthorized access to information

Which ethical issue in the security system deals with the individual's right to access personal information?

Privacy

What is the hierarchy of regulatory bodies that govern the legality of information security?

International, Federal, State, Organization

What does Cryptography mainly focus on?

Developing and analyzing protocols for secure communication

Which type of attack involves changing information by conducting processes on it?

Active Attack

What is the purpose of Cryptography in information security?

To ensure data integrity and authentication

What does the confidentiality principle of security state?

Both the intended sender and receiver should access the message

Which attack can occur if proper authentication mechanisms are absent?

Fabrication attack

What is compromised if a message's content changes during transmission without the knowledge of the sender or receiver?

Integrity

Which principle of security ensures that a sender cannot deny sending a message?

Non-repudiation

What does the access control principle of security focus on?

Specifying who can access what functions

In the context of security principles, what does availability refer to?

Ensuring resources are available to authorized persons at all times

Which security principle establishes proof of identity in electronic messages?

Authentication

If an unauthorized user accesses a confidential message, what security principle fails?

Authentication

What does a substitution cipher do?

Replaces characters with different characters or symbols

What is the main purpose of encryption in data transmission?

To prevent data theft and loss

In a transposition cipher, what happens to the position of characters?

They are shifted in a predictable way

In symmetric key cryptography, what role does the individual key play?

It is used for both encryption and decryption

What is the primary function of decryption?

To convert cipher text to plain text

What is the encryption method in a Rail Fence cipher?

Writing characters on imaginary rails

What differentiates stream ciphers from block ciphers?

Stream ciphers encrypt data in real-time

How does a substitution cipher differ from a transposition cipher?

Character identity remains the same in a substitution cipher

In which type of cipher is the character position changed but the character identity remains the same?

Key-less transposition cipher

Why does encryption not prevent interference in itself?

Because it does not hide the information being transmitted

Which major difference between encryption and decryption is highlighted in the text?

Decryption happens at the sender's end

What is the primary challenge associated with basic substitution ciphers?

Complexity in decrypting using personal computers

'Sensitive data is transmitted in an encrypted form' primarily aims to achieve what goal?

Protect the data during transmission

How do transposition ciphers differ from substitution ciphers in terms of detection?

'Changing character identity' makes substitution ciphers easier to detect

'An authorized recipient can easily decrypt the message with the key provided by the originator' indicates what crucial aspect of decryption?

The need for a secret key or password for decryption

What type of encryption may utilize an extensive text set and clever substitution, as mentioned?

'Current encryption'

What is an example of a simple substitution cipher?

Good Dog -> Pllx Xlp

What characteristic differentiates symmetric key cryptography from other encryption methods?

It uses different keys for encryption and decryption.

What is the primary reason why block ciphers divide data into larger chunks before encryption?

To provide efficient protection during data storage and transmission

What is the main purpose of a Rail Fence cipher?

To shift characters in a predictable way