Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
A user copies files from her desktop computer to a USB flash device and puts the device in her pocket. Which of the following security goals is most at risk? A. Confidentiality B. Availability C. Non-Repudiation D.Integrity |
A. CONFIDENTIALITY |
|
|
By definition, which security concept ensures that only authorized parties can access data? A. Integrity B. Non-Repudiation C. Confidentiality D. Authentication |
C. CONFIDENTIALITY |
|
|
Smart phones w cameras and internet capabilities pose a risk to which security goal? A. Confidentiality B. Availability C. Integrity D. Non - repudiation |
A. CONFIDENTIALITY |
|
|
Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide? A. Integrity B.NON-Repudiation C. Confidentiality D. Availability |
A. INTEGRITY |
|
|
Which of the following is an example of an internal threat? A. A user accidentally deletes new product design B. A water pipe in the server room breaks C. A delivery man is able to walk into a controlled area and steal a laptop D. A server backdoor allows an attacker on the internet to gain access to the intranet site |
A. A user accidentally deletes a new product design |
|
|
What is the greatest threat to the confidentially of data in most secure organizations? A. USB devices B. Hacker Intrusion C. Operator Error D. Malware |
A. USB DEVICES |
|
|
Which of the following is the correct definition of a threat? A. Absence or weakness of a safeguard that could be exploited B. The likelihood of an attack taking advantage of a vulnerability C. Any potential danger to the confidentially, integrity, or availability of information or systems D. Instance of being exposed to losses from an attacker |
C. Any potential danger to the confidentiality, integrity, or availability of information or systems |
|
|
Which of the following is an example of a vulnerability? A. Misconfigured Server B. Virus Infection C. Denial of service attack (DOS) D. Unauthorized access to confidential resources |
A. Misconfigured Server |
|
|
Which of the following is NOT a valid concept to associate with integrity? A. Ensure your systems record the real information when collecting data B. Protect your environment so it maintains the highest source of truth C. Prevent the unauthorized change of data D. Control access to resources to prevent unwanted access |
D. Control access to resources to prevent unwanted access |
|
|
When a cryptographic system is used to protect the confidentiality of data, what is actually protected? A. The data is protected from corruption or change B. The data is available for access whenever authorized users need it C. Unauthorized user are prevented from viewing or accessing the resource D. The encrypted data is restricted from being transmitted |
C. Unauthorized users are prevented from viewing or accessing the resource |
|
|
By definition, which security concept uses the ability to prove that a sender sent an encrypted message? A. Authentication B. Integrity C. Non- Repudiation D.Privacy |
C. NON- Repudiation |
|
|
The company network is protected by a firewall, an IDS, and tight access controls. All of the files on this protected network are copied to tape every 24 hours. The backup solution imposed on this network is designed to provide protection for what security service? A. Confidentiality B. Non-Repudiation C. Availability D. Integrity |
C. Availability |
|
|
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources? A. RBAC B. DAC C. TBAC D.MAC |
B. DAC |
|
|
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity? A. RBAC B. MAC C. TBAC D.DAC |
B. MAC |
|
|
In which form of access control environment is access controlled by rules rather than by identity? A. DAC B. ACL C. Most-Client-Server Environments D. MAC |
D. MAC |
|
|
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used? A. RBAC B. DAC C. DACL D. MAC |
A. RBAC
|
|
|
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? A. MAC B. DAC C. RBAC D. RBAC |
B. DAC |
|
|
Which of the following is the term for the process of validating a subject's identity? A. Authorization B. Identification C. Authentication D. Auditing |
C. Authentication |
|
|
Which of the following is used for identification? A. username B. Cognitive question C. Password D. Pin |
A. username
|
|
|
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources? A. Authentication and accounting B. Authentication and Authorization C. Identity proofing and authorization D. Authorization and accounting E. Identity proofing and authentication |
B. Authentication and authorization |
|
|
Which of the following defines an object as used in access control? A. Data, applications, systems, networks, and physical space B. users, applications, or processes that need to be given access C. Policies, procedures and technologies that are implemented within a system D. Resources, policies, and systems |
A. Data, Applications, systems, networks, and physical space. |
