IT Chapter-6
135 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of confidentiality in information security?

  • To detect and prevent Denial of Service attacks
  • To ensure data is accurate, complete, and not modified without authorization
  • To protect sensitive information from unauthorized access or viewing (correct)
  • To ensure data is accessible and usable when needed
  • What type of threat involves authorized personnel misusing access privileges?

  • Physical Threats
  • Unauthorized Access
  • Malware
  • Insider Threats (correct)
  • Which security control involves policies, procedures, and guidelines governing information security?

  • Physical Controls
  • Security Measures
  • Technical Controls
  • Administrative Controls (correct)
  • What is the primary goal of availability in information security?

    <p>To ensure data is accessible and usable when needed</p> Signup and view all the answers

    Which security measure involves verifying the identity of users, devices, or systems?

    <p>Authentication</p> Signup and view all the answers

    What type of threat involves overwhelming a system with traffic to make it unavailable?

    <p>Denial of Service (DoS)</p> Signup and view all the answers

    What type of security control involves the use of locks, fences, and surveillance cameras?

    <p>Physical Controls</p> Signup and view all the answers

    What is the primary goal of integrity in information security?

    <p>To ensure data is accurate, complete, and not modified without authorization</p> Signup and view all the answers

    Which security measure involves controlling access to resources based on user identity and permissions?

    <p>Authorization</p> Signup and view all the answers

    What type of threat involves malicious software, such as viruses, worms, and Trojan horses?

    <p>Malware</p> Signup and view all the answers

    What is the primary objective of information security?

    <p>To protect information and information systems from unauthorized access</p> Signup and view all the answers

    Which of the following is NOT a type of threat to information security?

    <p>Natural Disasters</p> Signup and view all the answers

    What is the primary goal of risk assessment in risk management?

    <p>To identify and evaluate potential risks to information security</p> Signup and view all the answers

    Which type of control is used to prevent unauthorized physical access to information systems?

    <p>Physical Controls</p> Signup and view all the answers

    What is the primary goal of incident response in risk management?

    <p>To respond to and manage security incidents</p> Signup and view all the answers

    Which type of threat involves the unintentional exposure of sensitive information?

    <p>Accidental Data Breaches</p> Signup and view all the answers

    What is the primary goal of technical controls in information security?

    <p>To implement technical measures such as firewalls and encryption</p> Signup and view all the answers

    Which of the following is a type of security control?

    <p>Administrative Controls</p> Signup and view all the answers

    What is the primary goal of risk mitigation in risk management?

    <p>To implement controls to reduce or eliminate identified risks</p> Signup and view all the answers

    Which of the following is NOT a key concept of information security?

    <p>Authenticity</p> Signup and view all the answers

    What is an example of a physical threat to computer and network systems?

    <p>Natural disasters</p> Signup and view all the answers

    Which type of threat involves unauthorized access to data or systems?

    <p>Logical Threats</p> Signup and view all the answers

    What is an example of a human threat to computer and network systems?

    <p>Social engineering</p> Signup and view all the answers

    Which category of threats includes malicious acts by individuals or groups?

    <p>Intentional Threats</p> Signup and view all the answers

    What is an example of a partner threat to computer and network systems?

    <p>Vendors with access to systems or data</p> Signup and view all the answers

    What is a type of malware that encrypts data and demands payment for decryption?

    <p>Ransomware</p> Signup and view all the answers

    What is an example of a physical threat to computer and network systems?

    <p>Theft or vandalism of equipment</p> Signup and view all the answers

    Which type of threat involves accidental data breaches or leaks?

    <p>Unintentional Threats</p> Signup and view all the answers

    What is a type of attack that exploits vulnerabilities in database systems?

    <p>SQL Injection</p> Signup and view all the answers

    What is the primary purpose of cryptography?

    <p>To secure communication in the presence of third-party adversaries</p> Signup and view all the answers

    Which type of cryptography uses a pair of keys?

    <p>Asymmetric Cryptography</p> Signup and view all the answers

    What is the purpose of digital signatures?

    <p>To verify the authenticity and integrity of a message</p> Signup and view all the answers

    What is the goal of confidentiality in cryptography?

    <p>To protect data from unauthorized access</p> Signup and view all the answers

    What is a brute force attack?

    <p>Trying all possible keys to decrypt the data</p> Signup and view all the answers

    What is the purpose of digital certificates?

    <p>To verify the identity of a user or device</p> Signup and view all the answers

    What is the goal of integrity in cryptography?

    <p>To ensure data is not modified or tampered with</p> Signup and view all the answers

    What is the type of cryptography that uses the same key for encryption and decryption?

    <p>Symmetric Cryptography</p> Signup and view all the answers

    What is the purpose of encryption in cryptography?

    <p>To convert plaintext to unreadable ciphertext</p> Signup and view all the answers

    What is the goal of non-repudiation in cryptography?

    <p>To ensure that a sender cannot deny sending a message</p> Signup and view all the answers

    What is the primary purpose of SSL?

    <p>To provide secure communication between a web browser and a web server</p> Signup and view all the answers

    What is the purpose of a digital signature?

    <p>To authenticate the sender of a message</p> Signup and view all the answers

    What type of encryption does SSL use?

    <p>Asymmetric encryption</p> Signup and view all the answers

    What is the role of a Certificate Authority (CA)?

    <p>To verify the identity of entities requesting digital certificates</p> Signup and view all the answers

    What is the purpose of a digital certificate?

    <p>To contain the public key and identity information of an entity</p> Signup and view all the answers

    What is the purpose of a Root CA?

    <p>To be trusted by default by most browsers and operating systems</p> Signup and view all the answers

    What is the purpose of TCP port 443?

    <p>To provide secure communication between a web browser and a web server</p> Signup and view all the answers

    What is the benefit of using digital signatures?

    <p>To ensure integrity and authenticity of data</p> Signup and view all the answers

    What type of CA issues certificates on behalf of a root CA?

    <p>Intermediate CA</p> Signup and view all the answers

    What is the primary function of SSL in securing communication between a web browser and a web server?

    <p>Encrypting the data transmitted between the browser and server</p> Signup and view all the answers

    What is the purpose of a digital signature in a digital certificate?

    <p>To authenticate the identity of the sender of a message</p> Signup and view all the answers

    What is the role of a Certificate Authority (CA) in issuing digital certificates?

    <p>To act as a trusted third-party that verifies the identity of the entity requesting a certificate</p> Signup and view all the answers

    What is the purpose of port 443 in SSL communication?

    <p>To facilitate secure communication between the browser and server</p> Signup and view all the answers

    What is the benefit of using digital signatures in digital certificates?

    <p>To prevent tampering and ensure non-repudiation</p> Signup and view all the answers

    What is the relationship between SSL and TLS?

    <p>TLS replaced SSL in 2015</p> Signup and view all the answers

    What is the primary function of a digital certificate issued by a CA?

    <p>To verify the identity of the website or organization</p> Signup and view all the answers

    What is the purpose of a pair of keys in digital signatures?

    <p>To sign and verify the authenticity of the message or document</p> Signup and view all the answers

    Which layer of the OSI model does SSL operate at?

    <p>Presentation layer</p> Signup and view all the answers

    What is the purpose of a digital signature?

    <p>To authenticate the sender and ensure data integrity</p> Signup and view all the answers

    What type of cryptography is used in digital signatures?

    <p>Asymmetric cryptography</p> Signup and view all the answers

    What is the role of a Certificate Authority (CA)?

    <p>To issue digital certificates</p> Signup and view all the answers

    What is the primary purpose of SSL?

    <p>To provide end-to-end communication security over a network</p> Signup and view all the answers

    What is the primary role of a Certificate Authority (CA)?

    <p>To issue digital certificates containing the public key and identity information</p> Signup and view all the answers

    What is the main purpose of a digital signature?

    <p>To ensure the sender's identity and message integrity</p> Signup and view all the answers

    What type of CA is at the top of the trust hierarchy?

    <p>Root CA</p> Signup and view all the answers

    What is the primary purpose of SSL?

    <p>To secure communication between a web browser and a web server</p> Signup and view all the answers

    What is the benefit of using digital signatures?

    <p>Ensures integrity and non-repudiation</p> Signup and view all the answers

    Which type of CA issues certificates on behalf of a root CA?

    <p>Intermediate CA</p> Signup and view all the answers

    What is the primary purpose of the Transport Layer Security (TLS) protocol?

    <p>To provide a secure communication between a web browser and a web server</p> Signup and view all the answers

    What is the main benefit of using digital signatures in secure communication?

    <p>To provide a means of authentication and integrity</p> Signup and view all the answers

    What is the role of a Certificate Authority (CA) in public-key infrastructure?

    <p>To issue digital certificates to verify the identity of entities</p> Signup and view all the answers

    What is the primary function of the encryption component in SSL/TLS?

    <p>To protect data from eavesdropping and tampering</p> Signup and view all the answers

    What is the purpose of the hash function in the digital signature process?

    <p>To create a unique digest of the message</p> Signup and view all the answers

    What is the relationship between a Certificate Authority (CA) and a Root CA?

    <p>A Root CA is a trusted entity that issues certificates to a CA</p> Signup and view all the answers

    What is the benefit of using SSL/TLS in website communication?

    <p>To protect data from eavesdropping and tampering</p> Signup and view all the answers

    What is the purpose of the digital certificate in SSL/TLS?

    <p>To verify the identity of the entity and provide a public key</p> Signup and view all the answers

    What is the primary goal of the integrity component in SSL/TLS?

    <p>To ensure the data is not modified during transmission</p> Signup and view all the answers

    What is the primary purpose of the Digital Security Act, 2018 in Bangladesh?

    <p>To prevent and combat cybercrimes, including malware attacks</p> Signup and view all the answers

    What does Section 17 of the Digital Security Act, 2018 prohibit?

    <p>Unauthorized access to computer systems, networks, or data</p> Signup and view all the answers

    What is the penalty for intentionally spreading malware or viruses according to the Digital Security Act, 2018?

    <p>Imprisonment and fines</p> Signup and view all the answers

    What is required of banks and other organizations according to Section 21 of the Digital Security Act, 2018?

    <p>To implement robust security measures to prevent cyber-attacks</p> Signup and view all the answers

    What is one of the measures to prevent malware attacks in banks according to the Digital Security Act, 2018?

    <p>All of the above</p> Signup and view all the answers

    What is one of the best practices for banks to comply with the Digital Security Act, 2018?

    <p>Implement a defense-in-depth approach to security</p> Signup and view all the answers

    Why is encryption recommended in the Digital Security Act, 2018?

    <p>To prevent unauthorized access to sensitive data</p> Signup and view all the answers

    What is the purpose of conducting regular security testing and vulnerability assessments according to the Digital Security Act, 2018?

    <p>To identify vulnerabilities and implement measures to address them</p> Signup and view all the answers

    What is the purpose of limiting access to sensitive data and systems in the Digital Security Act, 2018?

    <p>To prevent unauthorized access to sensitive data and systems</p> Signup and view all the answers

    What is one of the measures to prevent malware attacks in banks according to the Digital Security Act, 2018?

    <p>All of the above</p> Signup and view all the answers

    What is the primary focus of the Digital Security Act, 2018?

    <p>Enhancing the digital security posture of banks and financial institutions</p> Signup and view all the answers

    What is one of the key provisions of the Digital Security Act, 2018?

    <p>Establishing a cybersecurity governance framework</p> Signup and view all the answers

    What is the purpose of the incident response plan in the Digital Security Act, 2018?

    <p>To respond promptly and effectively in the event of a malware attack or other cyber incident</p> Signup and view all the answers

    Why is it important for banks to assess and manage the cybersecurity risks associated with third-party service providers?

    <p>To mitigate the risk of cyber threats from third-party service providers</p> Signup and view all the answers

    What is the purpose of regular cybersecurity awareness programs for employees?

    <p>To educate employees on the risks and consequences of malware attacks</p> Signup and view all the answers

    What is the benefit of information sharing between banks and financial institutions?

    <p>To enhance the overall cybersecurity posture of the sector</p> Signup and view all the answers

    What is a key aspect of risk management in the Digital Security Act, 2018?

    <p>Identifying, assessing, and mitigating cyber threats</p> Signup and view all the answers

    What is the purpose of a robust risk management framework in the Digital Security Act, 2018?

    <p>To identify, assess, and mitigate cyber threats</p> Signup and view all the answers

    What is an important aspect of cybersecurity governance in the Digital Security Act, 2018?

    <p>Establishing a cybersecurity governance framework</p> Signup and view all the answers

    Why is cybersecurity awareness important in the Digital Security Act, 2018?

    <p>To educate employees on the risks and consequences of malware attacks</p> Signup and view all the answers

    What does multi-factor authentication (MFA) aim to ensure in e-banking systems?

    <p>Only authorized users access e-banking systems</p> Signup and view all the answers

    What is the primary purpose of encryption in e-banking?

    <p>To encrypt data in transit</p> Signup and view all the answers

    What type of attack involves fraudulent emails, texts, or messages to trick users into revealing sensitive information?

    <p>Phishing</p> Signup and view all the answers

    What is the purpose of data loss prevention (DLP) techniques in e-banking?

    <p>To prevent unauthorized data exfiltration</p> Signup and view all the answers

    What is the primary goal of incident response plans in e-banking?

    <p>To quickly respond to security breaches</p> Signup and view all the answers

    What is the purpose of user education and awareness programs in preventing social engineering attacks?

    <p>To educate users about social engineering attacks and prevent them</p> Signup and view all the answers

    What is the primary goal of disaster recovery plans in e-banking?

    <p>To ensure business continuity in the event of a disaster</p> Signup and view all the answers

    What is the purpose of secure communication protocols in e-banking?

    <p>To protect data in transit</p> Signup and view all the answers

    What is the purpose of intrusion detection and prevention systems (IDPS) in e-banking?

    <p>To detect and block malicious activity</p> Signup and view all the answers

    What is the primary purpose of encryption in e-banking?

    <p>To protect data in transit and at rest</p> Signup and view all the answers

    What is the primary goal of using two-factor authentication in e-banking?

    <p>To add an extra layer of security</p> Signup and view all the answers

    What is the primary goal of keeping software and systems up-to-date in e-banking?

    <p>To prevent exploitation of known vulnerabilities</p> Signup and view all the answers

    What is the primary goal of being cautious of suspicious emails, messages, or calls in e-banking?

    <p>To reduce the risk of phishing attacks</p> Signup and view all the answers

    What is the primary goal of using strong passwords and keeping them confidential in e-banking?

    <p>To reduce the risk of unauthorized access</p> Signup and view all the answers

    What is the primary purpose of Two-Factor Authentication (2FA) in e-banking?

    <p>To provide an additional layer of security beyond passwords</p> Signup and view all the answers

    What is the most common form of social engineering attack used in e-banking?

    <p>Phishing</p> Signup and view all the answers

    What is the main difference between phishing and vishing?

    <p>The method of delivery</p> Signup and view all the answers

    What is the primary goal of IT security measures in e-banking?

    <p>To reduce the risk of cyber attacks</p> Signup and view all the answers

    What is the purpose of smishing in social engineering?

    <p>To trick customers into revealing sensitive information through SMS or text messages</p> Signup and view all the answers

    What is the purpose of two-factor authentication (2FA) in e-banking?

    <p>To provide an additional layer of security beyond username and password</p> Signup and view all the answers

    Which of the following is a type of social engineering attack?

    <p>Phishing</p> Signup and view all the answers

    What is the primary goal of a Security Operations Centre (SOC) in social engineering defense?

    <p>To monitor for social engineering attempts and respond to incidents</p> Signup and view all the answers

    Which of the following IT security measures is used to protect sensitive data?

    <p>Encryption</p> Signup and view all the answers

    What is the purpose of regular security audits and testing in e-banking?

    <p>To detect vulnerabilities and identify risks</p> Signup and view all the answers

    Which of the following is a defense against social engineering attacks?

    <p>User awareness and education</p> Signup and view all the answers

    What is the purpose of role-based access control (RBAC) in e-banking?

    <p>To restrict access to authorized personnel</p> Signup and view all the answers

    Which of the following is an example of a social engineering attack?

    <p>Phishing attack</p> Signup and view all the answers

    What is the primary goal of incident response in e-banking?

    <p>To respond swiftly to security breaches</p> Signup and view all the answers

    Which of the following is a type of IT security measure used in e-banking?

    <p>Secure Sockets Layer (SSL)</p> Signup and view all the answers

    What is the primary function of a Security Operations Centre (SOC)?

    <p>To monitor, detect, and respond to cybersecurity threats in real-time</p> Signup and view all the answers

    Which of the following is a key function of a Security Operations Centre (SOC)?

    <p>Managing incident response</p> Signup and view all the answers

    What is the role of a Security Analyst in a Security Operations Centre (SOC)?

    <p>To monitor systems, analyze logs, and respond to security incidents</p> Signup and view all the answers

    What is the purpose of a Security Information and Event Management (SIEM) System in a Security Operations Centre (SOC)?

    <p>To collect, monitor, and analyze log data from various sources</p> Signup and view all the answers

    Who is responsible for overseeing SOC operations and managing resources in a Security Operations Centre (SOC)?

    <p>SOC Managers</p> Signup and view all the answers

    What is the role of a Threat Hunter in a Security Operations Centre (SOC)?

    <p>To proactively search for unknown threats and vulnerabilities</p> Signup and view all the answers

    What is the primary goal of incident response in a Security Operations Centre (SOC)?

    <p>To contain and mitigate security incidents</p> Signup and view all the answers

    What is the purpose of Security Orchestration, Automation, and Response (SOAR) Tools in a Security Operations Centre (SOC)?

    <p>To automate and streamline incident response processes</p> Signup and view all the answers

    What is the primary responsibility of an Incident Responder in a Security Operations Centre (SOC)?

    <p>To handle incident response, containment, and eradication activities</p> Signup and view all the answers

    What is the purpose of Intrusion Detection Systems (IDS) in a Security Operations Centre (SOC)?

    <p>To identify potential security threats in real-time</p> Signup and view all the answers

    Study Notes

    Information Security

    Definition

    • Information security refers to the practices and technologies designed to protect digital information from unauthorized access, use, disclosure, disruption, modification, or destruction.

    Goals

    • Confidentiality: Protecting sensitive information from unauthorized access or viewing.
    • Integrity: Ensuring that data is accurate, complete, and not modified without authorization.
    • Availability: Ensuring that data is accessible and usable when needed.

    Threats

    • Unauthorized Access: Unauthorized access to sensitive information or systems.
    • Malware: Malicious software, such as viruses, worms, and Trojan horses, designed to harm or exploit systems.
    • Denial of Service (DoS): Overwhelming a system with traffic to make it unavailable.
    • Insider Threats: Authorized personnel misusing access privileges.
    • Physical Threats: Unauthorized physical access to systems or facilities.

    Security Controls

    • Administrative Controls: Policies, procedures, and guidelines governing information security.
    • Technical Controls: Firewalls, intrusion detection systems, encryption, and access controls.
    • Physical Controls: Locks, fences, surveillance cameras, and alarms.

    Security Measures

    • Authentication: Verifying the identity of users, devices, or systems.
    • Authorization: Controlling access to resources based on user identity and permissions.
    • Encryption: Protecting data in transit or at rest using encryption algorithms.
    • Firewalls: Network devices controlling incoming and outgoing network traffic.
    • Intrusion Detection and Prevention Systems (IDPS): Monitoring and blocking malicious traffic.

    Risk Management

    • Risk Assessment: Identifying and evaluating potential security risks.
    • Risk Mitigation: Implementing controls to reduce or eliminate risks.
    • Incident Response: Responding to security incidents, such as breaches or attacks.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Learn about the definition, goals, threats, security controls, security measures, and risk management in information security. Understand the concepts of confidentiality, integrity, and availability, and how to protect digital information from unauthorized access.

    More Like This

    Computer Security Quiz
    5 questions

    Computer Security Quiz

    CompatibleFriendship1040 avatar
    CompatibleFriendship1040
    Cyber Security Basics
    10 questions

    Cyber Security Basics

    SplendidAmethyst avatar
    SplendidAmethyst
    History of Information Security Quiz
    27 questions
    Cyber Security Fundamentals
    6 questions
    Use Quizgecko on...
    Browser
    Browser