OSI Security Architecture Quiz

Questions and Answers

What is the main focus of the OSI security architecture?

• Providing entertainment services
• Dealing with security attacks, mechanisms, and services (correct)
• Enhancing system performance
• Preventing all types of threats

How are threats and attacks differentiated in the context of security?

• Threats violate security policies, while attacks exploit vulnerabilities
• Threats exploit vulnerabilities, while attacks violate security policies (correct)
• Threats only target physical systems, while attacks target digital systems
• Threats are harmless, while attacks are malicious

Which of the following is NOT considered a security service provided by the OSI security architecture?

• Data integrity
• Data confidentiality
• System overclocking (correct)
• Non-repudiation

What is the purpose of security mechanisms in the OSI security architecture?

To detect, prevent, or recover from security attacks (C)

How do passive attacks differ from active attacks in terms of system interaction?

Passive attacks do not require direct system interaction, while active attacks do (D)

Which of the following is included in the security mechanisms of the OSI security architecture?

Data encryption (A)

Flashcards are hidden until you start studying

Study Notes

• The lecture is about the OSI security architecture.
• The learner will be able to understand the difference between threats and attacks, the OSI security architecture, and security attacks, mechanisms, and services.
• Threats are potential dangers that might exploit vulnerabilities, and attacks are deliberate attempts to evade security services and violate security policies.
• The OSI security architecture deals with three components: security attacks, security mechanisms, and security services.
• Security attacks compromise the security of a system.
• Security mechanisms are used to detect, prevent, or recover from security attacks.
• Security services enhance the security of a system and counter security attacks, providing various services such as authentication, access control, data confidentiality, data integrity, and non-repudiation.
• Security attacks can be passive or active.
• Passive attacks do not require direct interaction with the system, while active attacks do.
• Security mechanisms include encryption, digital signatures, access control, data integrity, authentication, exchange traffic padding, routing control, and notarization.