Week 2

Questions and Answers

What are the three components of the C.I.A. triad in information security?

Confidentiality, Integrity, Availability (correct)

Confidentiality, Internet Security, Authorization

Confidentiality, Integrity, Accessibility

Confidentiality, Intrusion, Authentication

Which term refers to a protection profile or security posture in information security?

Exposure

Vulnerability

Asset

Control (correct)

What do we refer to as the subjects and objects of an attack in information security?

Threat event

Threat source

Risk

Threat (correct)

Which term represents the possibility of a threat exploiting a vulnerability?

Exploit (A)

In information security, what do we call a potential source of danger or harm?

Risk (A)

What is the main focus of protecting Confidentiality, Integrity, and Availability in information security?

Protecting data from unauthorized access (C)

What is the critical characteristic of information that ensures information is only accessible by those authorized to view it?

Confidentiality (A)

In the context of an attack on a computer system, what does it mean when the computer is the subject of the attack?

The computer is used as a tool to conduct an attack. (B)

Which characteristic of information refers to its correctness and reliability?

Accuracy (B)

What valuable quality does the authenticity of information aim to ensure?

Genuineness (D)

What key concept determines the entity being attacked in a cybersecurity scenario?

Confidentiality (B)

Which characteristic of information security ensures that data is protected against unauthorized changes or alterations?

Integrity (B)

What did Grampp and Morris identify as 'important handles to computer security'?

Physical control of primes and computer facilities (A)

In what year did Dennis Ritchie publish documents discussing secure user IDs and secure group IDs?

1979 (A)

Who developed the Simple Internet Protocol Plus (SIPP) Security protocols in 1992?

Internet Engineering Task Force researchers (D)

What was the premise stated by Reeds and Weinberger in their publication 'File Security and the UNIX System Crypt Command'?

No technique can be secure against wiretapping (C)

Which document is also known as the Rainbow Series?

'Trusted Computer Security (TCSEC)' documents (B)

According to Grampp and Morris, what is essential for increased security in computer systems?

Management commitment and education (C)

What is the purpose of the Feasibility analysis phase in the system development life cycle?

To assess the feasibility of the project (D)

Which phase involves creating supporting documentation for the system?

Implementation (A)

When does the maintenance and change phase of the system life cycle occur?

After the system has been accepted by sponsors (A)

What triggers the start of a new project according to the text?

When the system can no longer support the organization's mission (C)

In which phase are security objectives planned according to the text?

Software Assurance (D)

What makes the Maintenance and Change phase unique in the system life cycle?

It continues until a new project begins (D)

What key security activities are highlighted in the NIST Approach for Development/Acquisition?

Risk assessment and supplementing baseline security controls (A)

In which phase of the System Development Life Cycle are security considerations specifically addressed as shown in Figure 1-14?

Initiation phase (C)

What is one restriction placed on the duplication of the content mentioned in the text?

It is forbidden to copy without permission (B)

Which document is referenced as a source for security considerations in the System Development Life Cycle?

NIST SP 800-64 Rev. 2 (A)

What is a key aspect of the NIST Approach regarding security testing?

Performing both functional and security testing (C)

What is a permitted use of the content according to the text?

Usage as permitted in a license or on a password-protected website (A)