Data Availability and Security Quiz

Questions and Answers

What is the purpose of intrusion detection system?

• To prevent attacks by black holing the traffic
• To take action to prevent attacks
• To alert someone about the attack (correct)
• To patch and update systems

What is the main concern with intrusion prevention systems?

• They are ineffective against all types of attacks
• They require constant manual intervention
• They are very expensive to implement
• They may lead to false positives (correct)

Why is patch management important for system security?

• It reduces the cost of implementing security measures
• It ensures that systems are always up to date (correct)
• It prevents all types of cyber attacks
• It eliminates the need for intrusion detection systems

How can redundancy contribute to system availability?

By providing backup systems in case of component failure (D)

What was the consequence of Equifax's failure to patch their systems?

Compromised security leading to a massive data breach (D)

What is the purpose of RAID in system setup?

To provide redundant storage to prevent data loss (A)

Why do most servers have hot swappable hard drives?

To enable quick replacement in case of predicted disk failures (B)

What is the main advantage of having redundant traffic paths in a network setup?

It reduces the risk of network downtime in case of component failure (A)

How does senior management's demand for 'a hundred percent, never' on server downtime challenge IT professionals?

It demands translation into practical measures within budget constraints (A)

Why is testing patches in a test bed important before implementation?

To ensure that patches do not interfere with system operations (C)

In what scenario would redundancy be less critical for a server setup?

For servers used for infrequent reports and analysis (B)

What are the core principles that the rest of the course will go back to?

Confidentiality, availability, and integrity (D)

Why does the author mention that confidentiality is not a huge problem for their website?

Because they want people to access their website easily (A)

What happens if there's excessive integrity checks on the data?

It slows down and may not be usable as it should (B)

What is the opposite of confidentiality?

Disclosure (D)

What is the opposite of integrity according to the text?

Alteration (B)

If data or systems are either destroyed or rendered inaccessible, what does the text refer to it as?

Destruction (D)

What is the right mix needed to protect whatever you're protecting?

Confidentiality, integrity, and availability (D)

If there's too much availability, what can suffer according to the text?

Confidentiality and integrity (C)

What do we get if we encrypt and digitally sign a message according to the text?

Confidentiality and non-repudiation (D)

What are the opposite principles to the CIA triad according to the text?

Disclosure, alteration, and destruction (C)

What makes IT security so fundamental according to the text?

The right mix of confidentiality, integrity, and availability (D)

What is the basis of IT security according to the text?

Confidentiality, integrity, and availability (A)

What is the main goal of availability?

Ensuring authorized users can access data when needed (A)

What type of attack could affect availability by flooding the system with excessive connections?

DDOS attack (C)

How might a disgruntled staff member impact availability?

By shutting down critical systems (D)

What could lead to system crashes and affect availability?

Poorly written applications (A)

In what scenario might a physical attack impact availability?

When the data center is breached (D)