|
A user copies files from her desktop computer to a USB flash and puts device into her purse. Which of the following security goals is most @ risk? A. Availability |
B. Confidentiality Ensures data is not disclosed to unintended persons. Ex. Stolen purse, info is now out in wrong hands. |
|
Smart Phones with cameras & internet access pose a risk to which security goal? A. Availability |
B. Confidentiality Ex. Taking a picture of the administrator password so you can remember it later, save data on phone like USB. Stolen info can be given to other users. |
|
Which security concept ensures that only authorized parties can access data? A. Availability |
A. Confidentiality Confidentiality ensures that only authorized parties can access data. |
|
Your computer system is a participant in an asymmetric cryptography system. You crafted a message to send to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signatre before sending it to the user. What protection does hashing provide? A. Availability |
C. Integrity Hashing of any sort at any time including within a digital signature provides data integrity. |
|
Which of the following is an internal threat? A. Server backdoor allows attacker on internet to gain access to intranet site. |
D. User accidentally deletes new product designs. Internal threats are intentional or accidental acts. May include: -Theft/fraud/sabotage -Intentional/unintentional destruction/altering data -Disclosing info, snooping/espionage |
|
What is the greatest threat to the confidentiality of data in most secure organizations? A. USB devices |
A. USB devices Threatens confidentiality of data (getting in wrong hands) because data can be copied and become portable. |
|
What is the correct definition of threat? A. Absence/weakness of a safeguard that could be exploited. |
C. Any potential danger to the confidentiality, integrity, or availability of information or systems. -Threat is Any potential danger to the confidentiality, integrity, or availability of information or systems. |
|
Which of the following is an example of a vulnerability? A. Virus |
D. Misconfigured server A vulnerability is the absence/weakness of a safeguard that could be exploited. |
|
Which of the following is not a valid concept of integrity? A. Prevent unauthorized change of data |
D. Control access to resources to prevent unwanted access. Integrity concepts include prevention of unauthorized change, ensuring data is true reflection of reality and maintaining the highest source of truth. |
|
When a cryptography system is used to protect the confidentiality of data, what is actually protected? A. Unauthorized users are prevented from viewing/accessing the resource. |
A. Unauthorized users are prevented from viewing/accessing the resource. Confidentiality is the protection of disclosure to unauthorized users. |
|
By definition, which security concept uses the ability to prove that a sender sent an encrypted message? A. Privacy |
C. Non-repudiation In cryptography solutions, It can be proven that only the sender is able to initiate communication, thus they cannot repute that they originated a message. |
|
The company network is protected by a firewall, IDS, and tight access controls. All of the files on this protected network are copied to tape every 24 hours. The backup solution imposed on this network is designed to provide protection for what security service? A. Confidentiality |
D.Availability Backups provide protection for availability. You gain insurance against data corruption/loss. |
Share This
Flashcard
