Computer Security Introduction
48 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does computer security primarily protect?

  • User privacy only
  • Network speed and performance
  • Software applications alone
  • The assets of a computer system (correct)
  • Which of the following best defines a vulnerability in computer security?

  • An attack method employed by hackers
  • A collection of user credentials
  • A specific type of software
  • A weakness in the security system (correct)
  • In the context of computer security, which term describes a potential violation of security?

  • Attack
  • Control
  • Countermeasure
  • Threat (correct)
  • What is a countermeasure in computer security?

    <p>A protective measure against threats</p> Signup and view all the answers

    Which of the following is NOT an asset in computer security?

    <p>Malware</p> Signup and view all the answers

    What does the C-I-A Triad represent in computer security?

    <p>Confidentiality, Integrity, Availability</p> Signup and view all the answers

    Which statement best describes an attack in the context of computer security?

    <p>The act of exploiting a vulnerability</p> Signup and view all the answers

    Which of the following could be considered a unique and irreplaceable asset?

    <p>Class projects</p> Signup and view all the answers

    What do the three components Method, Opportunity, and Motive collectively refer to in the context of a malicious attack?

    <p>Factors that enable a malicious attack.</p> Signup and view all the answers

    Which type of threat involves an unauthorized party not only accessing but also tampering with an asset?

    <p>Modification</p> Signup and view all the answers

    What does confidentiality in computer security primarily ensure?

    <p>Assets are accessed only by authorized parties.</p> Signup and view all the answers

    In the context of asset security, what does an interruption signify?

    <p>An asset is lost, unavailable, or unusable.</p> Signup and view all the answers

    What is the role of 'motive' in the MOM framework for malicious attacks?

    <p>The reasoning behind performing the attack.</p> Signup and view all the answers

    Which of the following is NOT one of the three security goals addressed in computer security?

    <p>Authenticity</p> Signup and view all the answers

    Which of the following is a necessary condition for a successful malicious attack according to the MOM framework?

    <p>Availability of method, opportunity, and motive.</p> Signup and view all the answers

    What type of security control aims to address the integrity of systems?

    <p>Technical controls</p> Signup and view all the answers

    What are the three basic security primitives mentioned?

    <p>Confidentiality, integrity, and availability</p> Signup and view all the answers

    Which of the following is NOT considered a physical control?

    <p>Intrusion detection systems</p> Signup and view all the answers

    What role do policies and procedures play in security controls?

    <p>They enhance security by fostering user cooperation.</p> Signup and view all the answers

    How do vulnerabilities and threats interact in a security context?

    <p>Vulnerabilities create opportunities for threats to exploit.</p> Signup and view all the answers

    What must be understood for effective cooperation with security requirements?

    <p>The necessity of security in specific situations</p> Signup and view all the answers

    Which of the following describes VirusTotal's main function?

    <p>It inspects items using over 70 antivirus scanners.</p> Signup and view all the answers

    Which of the following best captures the relationship between different attackers and their capabilities?

    <p>Attackers vary in capabilities and motivations, leading to different threats.</p> Signup and view all the answers

    Which security control is most beneficial for mitigating the risk of physical theft?

    <p>Locks and cables</p> Signup and view all the answers

    What is the primary purpose of a control in the context of threats and vulnerabilities?

    <p>To remove or reduce a vulnerability</p> Signup and view all the answers

    Which of the following correctly describes the relationship among threats, controls, and vulnerabilities?

    <p>Without understanding threats, controls cannot be devised.</p> Signup and view all the answers

    What does the term nonrepudiation refer to?

    <p>Proving the authenticity of a document or communication.</p> Signup and view all the answers

    Which of the following factors defines the 'Access Control Policy'?

    <p>Who + What + How = Yes/No</p> Signup and view all the answers

    What type of threats are classified as having benign intent?

    <p>Unintentional actions like human error</p> Signup and view all the answers

    Which of the following best describes an Advanced Persistent Threat (APT)?

    <p>A well-organized and directed threat with patience and funding</p> Signup and view all the answers

    Which type of harm involves unauthorized access to an asset?

    <p>Interception</p> Signup and view all the answers

    In the context of types of attackers, which description fits a 'criminal-for-hire'?

    <p>A hacker performing attacks for monetary gain</p> Signup and view all the answers

    What does integrity in security refer to?

    <p>Modification of assets only by authorized parties</p> Signup and view all the answers

    Which of the following describes the goal of recovery in security?

    <p>Stopping the attack and repairing the damage</p> Signup and view all the answers

    Which of the following represents the relationship between confidentiality, integrity, and availability?

    <p>They can overlap and be mutually exclusive.</p> Signup and view all the answers

    What is an example of a deterrence control?

    <p>Legal consequences for unauthorized access</p> Signup and view all the answers

    What role do trust and assumptions play in security?

    <p>They underlie all aspects of security.</p> Signup and view all the answers

    What is a characteristic of deflection controls?

    <p>Redirecting threats to less critical parts of the system</p> Signup and view all the answers

    Which option best defines availability in a security context?

    <p>Making sure assets can be accessed at appropriate times</p> Signup and view all the answers

    What is the primary focus of preventive measures in security?

    <p>Stopping attacks before they occur</p> Signup and view all the answers

    What term refers to data in their normal, unscrambled state?

    <p>Cleartext</p> Signup and view all the answers

    What is one potential disadvantage of weak encryption?

    <p>It can degrade the performance of the entire system.</p> Signup and view all the answers

    Which type of control includes parts of the program that enforce security restrictions?

    <p>Internal program controls</p> Signup and view all the answers

    Which method ensures that user access is restricted from one another in a network?

    <p>Operating system controls</p> Signup and view all the answers

    What is an example of an independent control program?

    <p>Antivirus software</p> Signup and view all the answers

    What aspect does encryption primarily address?

    <p>Confidentiality of data</p> Signup and view all the answers

    Which statement is true regarding the use of encryption?

    <p>It should be complemented by other security tools.</p> Signup and view all the answers

    What is a potential result of not using encryption properly?

    <p>It may create vulnerabilities in the system.</p> Signup and view all the answers

    Study Notes

    Computer Security Introduction

    • Computer security protects a computer system's assets: hardware, software, and data.
    • Chapter 1 objectives include defining computer security and basic terms, introducing the C-I-A Triad, access control terminology, basic threats, vulnerabilities, and attacks, and control mapping to threats.
    • Assets include hardware (computers, devices, disk drives, memory, printers, network gear), software (operating system, utilities like antivirus, commercial applications, word processing, photo editing, individual applications), and data (documents, photos, music, videos, email, class projects).
    • Hardware assets are easily replaceable; data assets are unique and irreplaceable.
    • Basic terms include vulnerability (a weakness in the security system), threat (circumstances potentially causing loss or harm), attack (a human exploiting a vulnerability), and controls/countermeasures (actions, devices, procedures, techniques to reduce a vulnerability).
    • Threats are blocked by controls on vulnerabilities. Knowledge of threats is key to control design.
    • The C-I-A Triad includes confidentiality (ensuring access only by authorized parties), integrity (assets only changed by authorized parties), and availability (assets accessible to authorized parties).
    • Access control defines who (subject) has what (object) access and how (mode).
    • Types of threats include natural causes (fire, power failure), human causes (benign/malicious intent, human error, random/directed attacks, impersonation).
    • Advanced Persistent Threats (APTs) are organized, directed, well-financed, patient, and silent.
    • Types of attackers include hackers, individuals, terrorists, criminal-for-hire, loosely connected groups, and organized crime members.
    • Types of harm include interception, interruption, modification, and fabrication.
    • Interception is unauthorized access to an asset.
    • Interruption is an asset becoming unavailable or lost.
    • Modification is unauthorized tampering with an asset.
    • Fabrication is creating counterfeit objects in a system.
    • Method-Opportunity-Motive (MOM) describes attacker characteristics needed to conduct an attack.

    Security Goals

    • Prevention aims to stop attackers from violating security policies.
    • Detection aims to identify attackers violating security policies.
    • Recovery aims to stop attacks, evaluate damage, repair it, and ensure continued correct functioning.

    Trust and Assumptions

    • Trust underlies security policies, mechanisms, and procedures.
    • Policies must unambiguously define system states and capture security requirements.
    • Mechanisms must be assumed to enforce policies and work correctly.

    Different Types of Controls

    • Deterrence discourages attacks by increasing costs.
    • Deflection redirects threats to less critical components.
    • Response involves reacting after a detected attack to minimize damage, restore services, and analyze the attack.
    • Prevention aims to stop attacks before they occur (e.g., firewalls, antivirus).

    Controls Available

    • Encryption renders data unreadable to unauthorized parties while maintaining integrity.
    • Weak encryption can be detrimental.
    • Software/program controls include security restrictions within programs, access limitations, operating system controls, and independent control programs.
    • Hardware controls include encryption devices, locks, security verification devices, firewalls, and intrusion detection systems.
    • Physical controls include locks, entry point guards, backups, and disaster preparedness planning.

    Effectiveness of Controls

    • Awareness of problems is necessary; people must understand why security is required.

    Summary

    • Vulnerabilities are weaknesses; threats exploit vulnerabilities, and controls help prevent such exploitation.
    • Confidentiality, integrity, availability are core security principles.
    • Attacker types depend on their capabilities and motivations.
    • Controls vary, have different functions, and can exist at different levels/points within the system.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    This quiz covers the foundational concepts of computer security as introduced in Chapter 1. It defines key terms, discusses the C-I-A Triad, and highlights various threats, vulnerabilities, and control measures. Understanding these basics is essential for protecting valuable system assets.

    More Like This

    Info Sec: CIA Triad and Threats
    8 questions

    Info Sec: CIA Triad and Threats

    SustainableSmokyQuartz avatar
    SustainableSmokyQuartz
    Introduction to Computer Security
    29 questions
    Use Quizgecko on...
    Browser
    Browser