Question

In: Computer Science

QUESTION 1 The C-I-A Triad (confidentiality, availability, and integrity) make up the three: exposures to a...

QUESTION 1

  1. The C-I-A Triad (confidentiality, availability, and integrity) make up the three:

    exposures to a threat.

    most common types of security controls.

    assurances that requested information is available to authorized users upon request.

    tenets of information security.

1 points   

QUESTION 2

  1. What name is given to the assurance that requested information is available to authorized users upon request?

    Detective control

    Availability

    Confidentiality

    Integrity

1 points   

QUESTION 3

  1. Which of the following refers to the assurance that information can be accessed and viewed only by authorized users?

    Integrity

    Confidentiality

    Availability

    Control

1 points   

QUESTION 4

  1. What name is given to a security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource?

    Detective control

    Defense in depth

    Logical control

    Corrective control

1 points   

QUESTION 5

  1. Smoke detectors, log monitors, and system audits are examples of:

    corrective controls.

    detective controls.

    logical controls.

    physical controls.

1 points   

QUESTION 6

  1. The assurance that information can be modified only by authorized users is referred to as:

    availability.

    confidentiality.

    integrity.

    security.

1 points   

QUESTION 7

  1. Technical controls are also referred to as:

    logical controls.

    physical controls.

    preventive controls.

    corrective controls.

1 points   

QUESTION 8

  1. A device (such as a fence, door, lock, or fire extinguisher) that limits access or otherwise protects a resource is a:

    preventive control.

    detective control.

    physical control.

    corrective control.

1 points   

QUESTION 9

  1. Controls (such as locked doors, firewall rules, and user passwords) that stop an action before it occurs are referred to as:

    logical controls.

    preventive controls.

    physical controls.

    detective controls.

1 points   

QUESTION 10

  1. A device or process (such as user authentication, antivirus software, and firewalls) that limits access to a resource is referred to as a:

    preventive control.

    physical control.

    detective control.

    technical control.

1 points   

QUESTION 11

  1. Which of the following refers to the highest privilege at which programs can run, allowing access to the physical hardware and kernel resources?

    Kernel mode

    Hardware mode

    Supervisor mode

    User mode

1 points   

QUESTION 12

  1. Using three or more types of authentication is referred to as:

    triangle-factor authentication.

    three-factor authentication.

    triple-factor authentication.

    multi-factor authentication.

1 points   

QUESTION 13

  1. An access control method based on the subject’s clearance and the object’s classification is referred to as:

    mandatory access control (MAC).

    discretionary access control (DAC).

    role based access control (RBAC).

    owner based access control (OBAC).

1 points   

QUESTION 14

  1. An access control method based on an object’s owner and permissions granted by the owner is referred to as:

    discretionary access control (DAC).

    mandatory access control (MAC).

    role based access control (RBAC).

    owner based access control (OBAC).

1 points   

QUESTION 15

  1. Any mechanism or action that prevents, detects, or addresses an attack is referred to as a(n):

    object.

    subject.

    control.

    right.

1 points   

QUESTION 16

  1. Which of the following refers to a level of sensitivity (such as top secret, secret, confidential, restricted, or unclassified) assigned to an object by its owner?

    Authentication

    Identification

    Classification

    Permission

1 points   

QUESTION 17

  1. The process of proving that provided identity credentials are valid and correct is referred to as:

    exploiting.

    kerneling.

    identification.

    authentication.

1 points   

QUESTION 18

  1. The collection of all possible vulnerabilities that could provide unauthorized access to computer resources is called the:

    threat pool.

    attack surface.

    exposures.

    targets.

1 points   

QUESTION 19

  1. The process of providing and denying access to objects is called:

    access control.

    objects control.

    multifactor control.

    supervision control.

1 points   

QUESTION 20

  1. Windows stores access rules, or permissions, for resources (objects) in:

    access control lists.

    kernels.

    workgroups.

    rights directories.

Solutions

Expert Solution

1a)

tenets of information security.

The fundamental principles (tenets) of information security are confidentiality, integrity, and availability.

2a)

availability.

The assurance that requested information is available to authroized uses upon request

3a)

Confidentiality

The assurance that information can be accessed and viewed only by authorized users.

4a)

Defense in depth.

A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource.

5a)

detective controls.

A control that detects when an action has occurred, includes smoke detectors, log monitors, and system audits.

6a)

Integrity.

The assurance that information can be modified only by authorized users.

7a)

Logical Controls.

An alternate term for technical control is Logical Controls.

8a)

Physical controls.

A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher.

9a)

Preventive control.

A control that stops an action before it occurs, include locked doors, firwall rules, and user passwords.

10a)

Technical control.

A device or process that limits access to a resource. Examples include user authentication, antivirus software, and firewalls.

11a)

supervisor mode.

The highest privilege at which programs can run, allowing access to the physical hardware and kernel resources. Also called kernel mode.

12a)

multi-factor authentication.

Authentication process tha requires multiple types of authentication credentials.

13a)

mandatory access control (MAC).

An access control method based on the subject's clearance and the object's classification. implementations often also require demonstration of a subject's "need to know" to receive access.

14a)

discretionary access control (DAC)

An access control method based on an object's owner and permissions granted by the owner.

15a)

control.

Any mechanism or action that prevents, detects, or addresses an attack.

16a)

classification.

A level of sensitivity assigned to an object by its owner. An example object could be assigned as top secret, secret, confidential, restricted, or unclassified.

17a)

Authentication.

the Authentication process of proving that provided identity credentials are valid and correct.

18a)

attack surface.

The collection of all possible vulnerabilities that could provide unauthorized access to computer resources; all of the software a computer runs that is vulnerable to attack.

19a)

Access control.

The process of providing and denying access to objects.

20a)

Access control list.

Windows stores access rules or permissions for resources in this.


Related Solutions

What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the...
What are the three main goals of the CIA (Confidentiality-Integrity-Availability) Security Triad and what are the most common gaps you see exploited today? What is the relevance of CIA Triad in the globalized networked environments today?
If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective,...
If we have centralized control of access in an organization, from C-I-A (Confidentiality, integrity, availability) perspective, which item will be difficult to enforce? (b) One of the realities of the modern Internet is that new network vulnerabilities will be discovered almost daily. You can also count on those vulnerabilities being exploited soon after they are found. An entire industry is growing and profiting from these discoveries, whether they are used maliciously or used to lead to the prevention of future...
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and...
Review the three attributes you learned in Cybersecurity: Confidentiality, Integrity and Availability. Learn Information Assurance and understand why two more attributes, Authentication and Nonrepudiation, should be involved in the Security Services dimension, and what the Time dimension for information security and assurance discusses. Write a short paper to discuss and describe your understanding.
Define the following terms and security objectives and give examples: Confidentiality Integrity Availability Authentication Authorization
Define the following terms and security objectives and give examples: Confidentiality Integrity Availability Authentication Authorization
1. What is the Dark Triad? What are the three traits in the Dark Triad personality...
1. What is the Dark Triad? What are the three traits in the Dark Triad personality structure? Explain each trait – do not simply list them. Give an example of each trait (how would we observe each trait behaviorally?).
Application of Auditing Principles 1 - Integrity, Independence and Objectivity 2 - Confidentiality 3 - Skill...
Application of Auditing Principles 1 - Integrity, Independence and Objectivity 2 - Confidentiality 3 - Skill & Competence 4 - Work Performed by Others 5 - Documentation 6 - Planning 7 - Audit Evidence 8 - Accounting Systems and Internal Controls 9 - Audit Conclusions and Reporting Explain one (1) way you anticipate using what you have learned from this course in your current or future career. Provide one (1) specific example to support your response. Also, what content do...
1-Explain professional ethics in the accounting field. Be sure to include and explain competence, confidentiality, integrity...
1-Explain professional ethics in the accounting field. Be sure to include and explain competence, confidentiality, integrity and credibility. 2-Explain cost vs. benefits as it relates to accumulating, analyzing and providing accounting information 3- Describe the main differences between traditional accounting systems and Activity Based Cost Accounting systems. Which system is generally considered better and why?
There is no question. I have to make up my own research question Research Proposal' Come...
There is no question. I have to make up my own research question Research Proposal' Come up with your own health related question Work out the critical values Make up the obtained value Use the made up data for the test in the bottom portion of docuement This proposal will include: Introduction Should briefly discuss your topic of interest/burning question. Include a brief description of what is known so far on the topic. Research Questions, Hypotheses, and Conclusions (essentially, Parts...
1. Describe three of the biases or types of framing and make up an example of...
1. Describe three of the biases or types of framing and make up an example of how each might impact an investment decision. 2. If markets are efficient, how is it possible that market bubbles and crashes occur?
1. Describe three of the biases or types of framing and make up an example of...
1. Describe three of the biases or types of framing and make up an example of how each might impact an investment decision. 2. If markets are efficient, how is it possible that market bubbles and crashes occur?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT