Computer Security Principles Quiz

Questions and Answers

What is the main goal of confidentiality in computer security?

• To ensure data is accessible to everyone
• To allow unrestricted access to data
• To guarantee that data is deleted after use
• To protect private information from unauthorized access (correct)

Which component is primarily associated with data integrity?

• Only authorized changes are allowed to information (correct)
• Making information available to all users
• General accessibility of information
• Ensuring data is stored in multiple locations

What does availability in computer security ensure?

• Resources are hidden from unauthorized users
• Systems are accessible to anyone at any time
• Data is permanently stored without interruption
• Authorized users can access resources when needed (correct)

What is the primary focus of data confidentiality?

Protection from unauthorized disclosure of data (C)

Which of the following best describes privacy in the context of confidentiality?

Individuals control who stores and accesses their personal information (C)

Which security service ensures that a system operates without unauthorized manipulation?

Data integrity (A)

Which of the following is NOT a goal of computer security?

Unrestricted access (B)

What is the role of accountability in security services?

To trace actions back to their originating entity (D)

What does non-repudiation prevent?

Denial of a transaction or message by a party (D)

Which of the following is a key component of access control?

Preventing unauthorized access (B)

What does data integrity assure?

Data received is exactly as sent. (D)

What does peer entity authentication confirm?

The communicating entities are who they claim to be. (B)

What is the primary purpose of non-repudiation?

To protect against denial of a communication. (D)

Which mechanism is designed to prevent unauthorized use of resources?

Access Control (A)

What aspect of data communication does data origin authentication ensure?

The source of the data is genuine. (A)

What is the primary purpose of endcipherment in security mechanisms?

To ensure data confidentiality and integrity. (D)

How does the data integrity mechanism ensure the integrity of received data?

By appending a check value and comparing it upon receipt. (A)

Which of the following best describes the authentication exchange mechanism?

It enables two entities to verify each other's identities. (D)

What is the main function of traffic filtering in security mechanisms?

To prevent unwanted access and misuse of data. (B)

Notarization in security mechanisms is primarily used for what purpose?

To verify the authenticity of a document or information. (D)

What does data confidentiality ensure?

Only authorized parties can access data. (C)

Which mechanism is used to verify the identity of a party?

Authentication (B)

What is the main purpose of digital signatures?

To authenticate the origin and integrity of data. (C)

Which security mechanism involves inserting unrelated data into traffic?

Traffic Padding (C)

What does non-repudiation ensure in a communication context?

A party cannot deny having performed an action. (D)

What characterizes passive attacks in computer systems?

They involve unauthorized access or interception of data. (B)

Which category of passive attack involves unauthorized access to the actual content of messages?

Snooping (A)

What is the primary aim of traffic analysis in passive attacks?

To gather information about communicating parties. (A)

Which of the following describes active attacks?

They threaten the integrity of the data. (C)

How many categories of active attacks are mentioned?

Five (D)

What is a masquerade attack?

An unauthorized entity pretends to be another entity. (C)

Which of the following best describes an alteration of messages attack?

Modifying a message after it has been sent for personal gain. (D)

What occurs in a replaying attack?

An attacker retransmits a previously captured message. (C)

What does repudiation in network security refer to?

An entity claiming they did not send or receive a message. (A)

Which type of attack is characterized by overwhelming a server's resources?

Denial of Service (A)

What type of attack is aimed at maximizing financial gain?

Criminal attack (C)

Which of the following describes a passive attack?

Observing network traffic patterns (A)

What is the primary motivation behind a publicity attack?

Achieving notoriety in the media (D)

What is a characteristic of an active attack?

It involves altering or disrupting data. (A)

Which of the following is NOT a type of computer attack classified from a technical point of view?

Publicity attack (B)

What is an example of a repudiation attack?

User A denies sending money to User B. (A)

What is the primary aim of a Denial of Service (DoS) attack?

To make a service unavailable. (D)

What type of threat involves unauthorized access to sensitive information?

Threat to confidentiality (D)

Which category of threats ensures the accuracy and trustworthiness of data?

Threat to integrity (C)

What type of threat involves disclosing protected data?

Confidentiality (A)

What action do attackers execute in a Denial of Service attack to impact server availability?

Sending excessive bogus data (A)

Which of the following represents a threat to data integrity?

Masquerading (B)

What is a common method to mitigate threats to confidentiality?

Encryption (B)

Which of the following threats typically involves denying services to authorized users?

Denial-of-Service (DoS) attacks (A)

What process transforms plain text into cypher text?

Encryption (C)

Flashcards

Computer Security

Protecting computer systems and data to preserve confidentiality, integrity, and availability.

Confidentiality

Ensuring private information is only accessible to authorized individuals.

Data Confidentiality

Protecting sensitive data from unauthorized access.

Integrity

Ensuring data is only changed by authorized individuals.

Availability

Ensuring authorized users can access the system when needed.

Data Integrity

Ensuring a system functions correctly without unauthorized modifications.

System Availability

Ensuring authorized users can access system services promptly.

Authenticity (Security)

Verifying user identity and message validity.

Non-repudiation (Security)

Preventing denial of a party's actions in a transaction.

Peer Entity Authentication

Verifying the identity of the parties involved in communication.

Data Origin Authentication

Guaranteeing the source of data is legitimate.

Non-repudiation

Prevents denial of communication by any participant.

Access Control

Restricting access to resources based on user permissions.

Endcipherment

Hiding or covering data to keep it secret and ensure its original state hasn't changed. Steganography is a method used for this.

Digital Signature

Electronically signing data to prove its origin and prevent tampering. It acts as a guarantee of authenticity and non-repudiation.

Authentication Exchange

Two parties verifying each other's identities through a series of messages. This ensures they are who they claim to be.

Traffic Filtering

Blocking unwanted access attempts and malicious activity by selectively allowing or denying network traffic.

Authentication

Verifying the identity of a party. It's like a passport that proves who you are in the digital world.

Criminal Attack (Computer Security)

An attack motivated by financial gain, aiming to exploit vulnerabilities for personal or financial benefits.

Publicity Attack

An attack designed to gain notoriety or attention by disrupting services or causing damage, often for personal fame or agenda.

Legal Attack

An attack focused on identifying and exploiting security weaknesses of a system, often for legal purposes like penetration testing or vulnerability analysis.

Passive Attack (Computer Security)

An attack that involves monitoring and observing system behavior without altering or interfering with it.

Active Attack (Computer Security)

An attack that directly modifies or manipulates system data, functionalities, or network traffic, causing harm or disruption.

Passive Attack

An attack where the attacker observes data transmission without altering the original message. This focuses on gaining information without directly modifying the system.

Release of Message Contents

An attacker intercepts and reads data without authorization. This is also known as snooping.

Traffic Analysis

Monitoring internet traffic to learn about communicating parties, such as who is communicating and their addresses. This is possible even if the data is unencrypted.

Active Attack

An attack that alters the original message or creates a fake message, threatening the integrity of the data.

What does an active attack threaten?

Active attacks threaten the integrity of the data, meaning the data may be altered or corrupted.

Masquerade Attack

An attack where an unauthorized entity pretends to be someone else to gain access or deceive others.

Message Alteration

Changing the contents of a message after it's been sent, often for malicious purposes.

Replay Attack

An attacker steals a message and resends it later to gain unauthorized access or perform actions.

Repudiation Attack

An attack where the sender or receiver of a message denies ever having sent or received it.

Denial of Service (DoS)

An attacker prevents legitimate users from accessing a service by overloading the server.

Threat to Confidentiality

An attempt to access or steal sensitive information without authorization.

Threat to Integrity

An attempt to modify or corrupt data, compromising its accuracy or trustworthiness.

Threat to Availability

An action that aims to prevent users from accessing a system or service, making it unavailable.

Data Confidentiality Threat

Unauthorized disclosure of protected information, like revealing your shopping history or tracking your online movements.

Data Integrity Threat

Modifying, deleting, or inserting data without authorization, like altering your bank account balance or replaying a message to trick someone.

Data Availability Threat

Denying authorized users access to data or services, for example, making a website unavailable for legitimate users.

Encryption

Transforming plain text into a scrambled code, like a secret language, to protect it from unauthorized access.

Decryption

Unlocking the scrambled code back into plain text, like decoding a secret message to understand its contents.