Security Objectives and Attacks Quiz

Questions and Answers

What does availability ensure in the context of security objectives?

Access to information is not denied to authorized users. (correct)

The system is protected from unauthorized manipulation.

System users are verified and trusted.

Data integrity is maintained and preserved.

Which concept goes beyond the traditional CIA triad in defining security objectives?

Traceability (correct)

Authenticity

Integrity

Availability

What does authenticity ensure in a system?

That information is always available to users.

That users are who they claim to be. (correct)

That actions can be traced to responsible parties.

That systems can recover from faults.

Which of the following describes accountability in security objectives?

The ability to trace actions back to the responsible entity.

What is a potential consequence of a loss of availability?

Disruption of access to information for authorized users.

Which security goal ensures actions can be uniquely identified with responsible parties?

Accountability

Which term describes the confidence in the validity of a message's originator?

Authenticity

What aspect does not fall under the CIA triad?

Accountability

What is the purpose of systems keeping records of their activities?

To permit forensic analysis of security breaches

What property does confidentiality address in information security?

The unauthorized disclosure of information

Which of the following actions would typically constitute a security attack?

Unauthorized access to information resources

What does data integrity ensure regarding information?

Data is changed only in authorized manners

Which of the following is a consequence of a loss of confidentiality?

Unauthorized disclosure of information

What does the OSI Security Architecture primarily provide to managers?

A way to organize security provision tasks

Which of the following is NOT a component of data integrity?

Restricting access to outdated data

What can be described as a security objective under the OSI Security Architecture?

Confidentiality

What is the primary goal of a passive attack?

To capture and analyze data being transmitted

What type of passive attack involves altering the contents of a message?

Message modification

Which of the following is an example of a denial-of-service attack?

Sending excessive requests to a server to make it unavailable

Replay attacks are characterized by which of the following?

The interception and retransmission of data

Which of the following describes traffic analysis?

Monitoring patterns of communication

What does access control allow in a networked environment?

Restricting unauthorized user activities

What does the release of message contents entail?

Monitoring unprotected communications to gain information

Which statement accurately describes the role of an authentication service?

It verifies the identity of the message source

What is the primary purpose of security services in communication?

To counter security attacks and enhance data security

Which of the following accurately describes an active attack?

An attack that modifies stored or transmitted data

In a masquerade attack, what does one entity do?

Pretends to be a different entity

What can a masquerade attack potentially allow an entity to do?

Gain unauthorized privileges by impersonating a higher-privileged entity

Which type of attack involves replaying previously captured authentication sequences?

Replay attack

What is NOT a characteristic of active attacks?

They solely intercept data without interaction

Which of the following is considered a type of active attack?

Denial of service

How should the original message be handled to maintain security?

It needs to be well encrypted and then decoded at the receiver's end

What is the main goal of a denial-of-service attack?

To disrupt the availability of a service or network

What does data confidentiality primarily protect against?

Passive attacks that access information

Which of the following ensures that information is modified only by authorized individuals?

Data integrity

How does nonrepudiation serve in communication?

By ensuring message senders cannot deny sending the message

Which protection layer covers all user data transmitted over a certain period?

Data confidentiality

What is implied by the term 'data integrity'?

Messages are received unchanged and as sent

What might happen during a network overload as part of a denial-of-service attack?

Performance degradation occurs

Which condition does not pertain to the protection of data in transmission?

Data compression

Study Notes

Security Objectives

• Confidentiality: Protecting information from unauthorized access.
• Integrity: Ensuring data changes only in authorized ways.
• Availability: Ensuring systems are functional and accessible to authorized users.
• Authenticity: Verifying the legitimacy of users and data sources.
• Accountability: Tracking actions to responsible entities for security breach analysis.

Security Attacks

• Active Attacks: Modify or create false data:
  • Replay: Re-transmitting captured data units for unauthorized effects.
  • Masquerade: One entity pretending to be another, often involving other active attacks.
  • Data Modification: Altering, delaying, or reordering legitimate data for unauthorized effects.
  • Denial of Service: Preventing normal system use or management, possibly targeting specific systems or entire networks.
• Passive Attacks: Eavesdropping or monitoring transmissions:
  • Release of Message Contents: Monitoring unprotected communication channels.
  • Traffic Analysis: Analyzing data transmission patterns.

Security Services

• Authentication: Confirms the identity of entities to enable tailored access rights.
• Access Control: Limits and manages access to systems and applications.
• Data Confidentiality: Protects transmitted data from passive attacks.
• Data Integrity: Ensures messages are received without alterations, duplications, or replays.
• Nonrepudiation: Prevents senders or receivers from denying transmitted messages.

Description

Test your knowledge on key security objectives and common security attacks. Explore concepts like confidentiality, integrity, and authenticity while identifying active and passive attack types. This quiz will enhance your understanding of cybersecurity fundamentals.