Information Technology Security Principles

Questions and Answers

What is the purpose of a firewall in an information system facility?

• To verify a user's identity with a string of characters
• To secure the area surrounding the facility using locks and keys
• To isolate sensitive portions of the facility from the outside world (correct)
• To hinder physical access to the protected resource

Which type of firewall is considered complex and more advanced due to its combination of filter and proxy functions?

• Stateful inspection (correct)
• Packet filters(packet-level filters)
• Choke or prevent gate filters
• Proxy servers

What is the primary function of cryptography in information security?

• To isolate the sensitive portions of the information system
• To protect the communications channel from sniffers (correct)
• To secure the area surrounding the facility using locks and keys
• To verify a user's identity with a string of characters

What is the main purpose of physical security barriers in a facility?

To hinder access to a protected resource (C)

What is the purpose of authentication in information security controls?

To verify a user's identity with a string of characters (A)

Which principle of security aims to prevent unauthorized access of information to third parties?

Confidentiality (D)

What does physical security aim to prevent?

Unauthorized access to physical facilities (A)

Which mechanism assumes the intruder has succeeded or is in the process of gaining access to the system?

Detection (C)

What does information system security involve the prevention of?

Access to information by encryption (A)

Which principle of security aims to prevent unauthorized modification of files and maintain the status quo?

Integrity (D)