Information Security Chapter 1: Overview

Questions and Answers

What is the primary goal of maintaining confidentiality in data transmission?

• To ensure the data is available anytime and anywhere
• To guarantee the integrity of the system
• To ensure the accuracy of the data
• To prevent unauthorized access to the data (correct)

What is system integrity responsible for?

• Verifying the validity of the transmitted data
• Guaranteeing that a system performs its operations in an unimpaired manner (correct)
• Ensuring data is transmitted without modification
• Assuring that systems work immediately and service is not denied

What is the main purpose of data availability?

• To prevent unauthorized access to the data
• To ensure that data is accessible anytime and anywhere (correct)
• To guarantee that systems work immediately and service is not denied
• To ensure that data is transmitted without modification

What does authenticity ensure in data transmission?

The validity of the transmitted data and its source (D)

What is the purpose of accountability in a system?

To track the actions performed on a system (C)

What aspect of data transmission ensures that data is received without modification?

Integrity (B)

What is the primary goal of ensuring confidentiality in computer security?

To ensure that only authorized entities can access computer-related information and services (A)

What is the definition of computer security according to NIST 1995?

The protection of computer systems and information from harm, theft, and unauthorized use (C)

What is the primary focus of the 'availability' objective in computer security?

Ensuring that computer systems and resources are accessible and usable when needed (A)

What is the term for the collection of techniques used to attain the objectives of preserving the integrity, availability, and confidentiality of information system resources?

Fundamental Security Design Principles (A)

What is the primary goal of the 'integrity' objective in computer security?

Ensuring that data is accurate and reliable (A)

What is the CIA triad comprised of?

Confidentiality, Integrity, and Availability (A)

What is the primary benefit of using unique user identification and authentication?

To support accountability (C)

What level of security breach impact would result in a significant harm to individuals but no loss of life?

Moderate (D)

What type of data would have a high integrity rating?

A hospital patient's allergy information (D)

What type of system would require high availability?

Authentication services for critical system (C)

What confidentiality rating would be assigned to student enrollment information?

Moderate (D)

What is the primary purpose of the US FERPA Act?

To limit access to student grade information to authorized individuals (C)

What is the primary goal of computer security mechanisms?

To prevent attacks and minimize risks (A)

What is the concept of 'economy of mechanism' in security design?

Designing security measures as simple as possible (D)

What is the primary objective of an attack tree?

To guide security design and strengthen countermeasures (C)

What is the term for the reachable and available vulnerabilities in a system?

Attack surface (B)

What is the principle of 'least privilege' in security design?

Granting users minimum access privileges (D)

What is the main benefit of using a layered security approach?

Increasing security through multiple overlapping protection approaches (B)

What is the primary focus of security policy?

Specifying security requirements and objectives (D)

What is the term for the process of assessing the scale and severity of threats?

Attack analysis (B)

What is the primary goal of security design principles?

To prevent security flaws and risks (C)

What is the concept of 'psychological acceptability' in security design?

Designing security mechanisms that do not interfere with users' work (A)