Data Availability and Security Quiz

Questions and Answers

What is the purpose of intrusion detection system?

To prevent attacks by black holing the traffic

To take action to prevent attacks

To alert someone about the attack (correct)

To patch and update systems

What is the main concern with intrusion prevention systems?

They are ineffective against all types of attacks

They require constant manual intervention

They are very expensive to implement

They may lead to false positives (correct)

Why is patch management important for system security?

It reduces the cost of implementing security measures

It ensures that systems are always up to date (correct)

It prevents all types of cyber attacks

It eliminates the need for intrusion detection systems

How can redundancy contribute to system availability?

By providing backup systems in case of component failure

What was the consequence of Equifax's failure to patch their systems?

Compromised security leading to a massive data breach

What is the purpose of RAID in system setup?

To provide redundant storage to prevent data loss

Why do most servers have hot swappable hard drives?

To enable quick replacement in case of predicted disk failures

What is the main advantage of having redundant traffic paths in a network setup?

It reduces the risk of network downtime in case of component failure

How does senior management's demand for 'a hundred percent, never' on server downtime challenge IT professionals?

It demands translation into practical measures within budget constraints

Why is testing patches in a test bed important before implementation?

To ensure that patches do not interfere with system operations

In what scenario would redundancy be less critical for a server setup?

For servers used for infrequent reports and analysis

What are the core principles that the rest of the course will go back to?

Confidentiality, availability, and integrity

Why does the author mention that confidentiality is not a huge problem for their website?

Because they want people to access their website easily

What happens if there's excessive integrity checks on the data?

It slows down and may not be usable as it should

What is the opposite of confidentiality?

Disclosure

What is the opposite of integrity according to the text?

Alteration

If data or systems are either destroyed or rendered inaccessible, what does the text refer to it as?

Destruction

What is the right mix needed to protect whatever you're protecting?

Confidentiality, integrity, and availability

If there's too much availability, what can suffer according to the text?

Confidentiality and integrity

What do we get if we encrypt and digitally sign a message according to the text?

Confidentiality and non-repudiation

What are the opposite principles to the CIA triad according to the text?

Disclosure, alteration, and destruction

What makes IT security so fundamental according to the text?

The right mix of confidentiality, integrity, and availability

What is the basis of IT security according to the text?

Confidentiality, integrity, and availability

What is the main goal of availability?

Ensuring authorized users can access data when needed

What type of attack could affect availability by flooding the system with excessive connections?

DDOS attack

How might a disgruntled staff member impact availability?

By shutting down critical systems

What could lead to system crashes and affect availability?

Poorly written applications

In what scenario might a physical attack impact availability?

When the data center is breached