Introduction to Computer Security

Questions and Answers

What is a vulnerability in a security context?

• A deliberate attempt to breach security
• An accidental event causing security failure
• A potential danger that might exploit a system
• A weakness in a system that might be exploited (correct)

Which of the following describes a threat?

• An action taken to exploit a vulnerability
• A potential danger that might exploit a vulnerability (correct)
• A systematic attack on information systems
• An intentional act to breach security

What type of attack results in loss of availability of assets?

• Modification
• Interception
• Interruption (correct)
• Fabrication

Which attack aims to compromise the confidentiality of information?

Interception (A)

What is an example of modification in the context of a security threat?

Changing values of a database (B)

What type of threat involves the insertion of counterfeit objects in a system?

Fabrication (B)

Which example best illustrates a threat resulting from human error?

Accidental deletion of files (A)

What does the term 'attack on integrity' refer to?

data tampering by unauthorized parties (C)

What distinguishes a passive attack from an active attack?

Passive attacks do not affect system resources. (A)

Which of the following is an example of a passive attack?

Traffic analysis (D)

What is the primary goal of an active attack?

To detect and recover from system disruptions. (A)

In which form of attack does one party impersonate another entity?

Masquerade attack (D)

Which attack involves unauthorized retransmission of captured data?

Replay (C)

What characterizes a denial of service attack?

It prevents normal communications use. (B)

What was the main consequence of the Colonial Pipeline ransomware attack in 2021?

Increased fuel prices due to supply shortages (D)

What is a fundamental challenge in preventing active attacks?

They can exploit a variety of vulnerabilities. (D)

Which security flaws primarily contributed to the T-Mobile data breach in 2021?

Weak customer authentication and unencrypted data storage (D)

How could the risks associated with the Log4j vulnerability have been mitigated by organizations?

By applying timely patches and updates to affected systems (A)

Which historical incident exemplifies a widespread cyber attack through software compromise?

SolarWinds Hack. (D)

What is a key prevention strategy for ransomware attacks in critical infrastructure?

Implementing regular data backups and user training programs (C)

What best describes the implications of supply chain vulnerabilities?

They can lead to widespread disruptions across multiple sectors (C)

What does the 'C' in the CIA triad stand for?

Confidentiality (B)

Which of the following best describes 'integrity' in the context of information security?

Protecting against unauthorized information modification or destruction (C)

What is a loss of availability in information security?

Disruption of access to or use of information or information systems (D)

What does non-repudiation ensure in information security?

An authenticated user cannot deny their actions (B)

Which of the following is an example of a security attack?

An attempt to evade security measures through deception (D)

What role does access control play in information security?

To define what an authenticated user is permitted to do (B)

Which of the following mechanisms contributes to maintaining confidentiality?

Encryption methods in online banking (B)

What is the primary function of security mechanisms in information security?

To prevent, detect, or recover from security attacks (D)

Study Notes

Introduction to Computer Security

• Gene Spafford, a computer science professor at Purdue University, made a point about the difficulty of securing systems.

Computer Security

• Computer security encompasses measures and controls to safeguard information system assets.

The CIA Triad

• Confidentiality: Protecting information from unauthorized access or disclosure.
• Integrity: Ensuring information remains accurate and unaltered.
• Availability: Guaranteeing timely and reliable access to information.
• Authentication: Verifying a user's identity.
• Non-repudiation: Preventing a party from denying their involvement in an action.
• Authorization: Defining what a user is allowed to do within a system.

Security Vulnerabilities, Threats, and Attacks

• A vulnerability is a weakness in a system that could be exploited.
• A threat is a potential danger that might exploit a vulnerability.
• An attack is a deliberate attempt to bypass security measures and violate system policy.
• Attack examples include interruption of service, interception of information, modification of information, and fabrication of information.

Security Attacks: Classification

• Passive attacks aim to gather information without affecting system resources.
• Active attacks aim to modify system resources or disrupt their operation.
• Types of passive attacks include:
  • Release of message content
  • Traffic analysis
• Types of active attacks include:
  • Masquerade: Impersonating a different entity.
  • Replay: Captures and retransmits data units for unauthorized purposes.
  • Modification of messages: Altering messages to cause unauthorized effects.
  • Denial of service: Preventing or hindering access to communication facilities.

Security in Daily Life

• SolarWinds Hack (2020): Attackers infiltrated multiple government agencies and private corporations by exploiting vulnerabilities in the SolarWinds Orion platform.
• Colonial Pipeline Ransomware Attack (2021): A ransomware attack disrupted a major fuel pipeline, highlighting the impact on critical infrastructure.
• T-Mobile Data Breach (2021): Weak security allowed hackers to access personal data of over 40 million customers.
• Log4j Vulnerability (2021): A widespread vulnerability in the Log4j library allowed attackers to execute arbitrary code.

Description

This quiz covers the fundamentals of computer security, including the principles of the CIA Triad: Confidentiality, Integrity, and Availability. It also explores common vulnerabilities, threats, and types of attacks that systems may face. Perfect for anyone looking to understand the essentials of protecting information systems.