ISMT311 PRELIM

Quiz
●​ What is the primary objective of computer security?
o​ Prevent unauthorized access and ensure data confidentiality,
integrity, and availability
●​ According to NIST, computer security includes measures to ensure:
o​ Confidentiality, Integrity, and Availability
●​ What does confidentiality mean in computer security?​
o​ Preventing unauthorized access to information
●​ Which concept ensures that data is accurate and unaltered?
o​ Integrity
●​ What does availability ensure in computer security?
o​ Data is always accessible and operational
●​ What is threat to cybersecurity?
o​ A potential circumstance that could exploit a vulnerability
●​ What is vulnerability?
o​ A weakness in a system that can be exploited
●​ What is an example of a passive attack?
o​ Eavesdropping on network traffic
●​ What is an example of an active attack?
o​ Altering financial transaction records
●​ An insider attack is initiated by:
o​ Someone with the organization
●​ What is a security policy?
o​ A formal set of rules defining security requirements
●​ What is the main purpose of access control?
o​ To restrict access to authorized users
●​ Which countermeasure prevents security threats?
o​ Installing a firewall
●​ Which of the following is an example of authentication?
o​ Using a username and password
●​ What is the principle of least privilege?
o​ Users should only have the access necessary for their tasks
●​ A denial-of-service (DoS) attack aims to:
o​ Make a system unavailable
●​ What is a masquerade attack?
o​ When an attacker pretends to be an authorized user
●​ A replay attack involves:
o​ Resending previously captured data to gain unauthorized access
●​ What is phishing?
o​ A technique used to trick users into revealing sensitive information

●​ What is an example of physical security control?

o​ encryption algorithm
o​ biometric authentication
o​ CCTV surveillance
o​ intrusion detection system
●​ Which technique protects data in transit?
o​ Intrusion detection, Permission, Antivirus software, SSL encryption
●​ What is a 2-factor of authentication?
 o​ A security process requiring two forms of identification to access an
account.
●​ Firewall is used to
o​ Block unauthorized access to a network.
●​ Which security principle ensures users are aware of security risks?
o​ Security awareness in training
●​ What is the purpose of risk assessment?
o​ To identify, evaluate, and prioritize potential security risks to
minimize their impact.
●​ What does incident response involve?
o​ Detecting, analyzing, containing, and recovering from cybersecurity
incidents.
●​ CIA stands for
o​ Confidentiality, Integrity, and Availability
●​ What does encryption do?
o​ Converts data into an unreadable format to prevent unauthorized
access.
●​ Which organization defines cyber security standards?
o​ NIST
●​ What is the economic mechanism principle in security?
o​ The idea that security investments should be cost-effective and
based on risk assessment.
●​ What is a fail safe default?
o​ A security principle that denies access by default and grants
permissions only when explicitly allowed.
●​ Separation of privilege and security means
o​ Granting users only the minimum level of access needed to perform
their tasks.
●​ What does open design mean in security?
o​ Security mechanisms should be open and transparent, relying on
strong design rather than obscurity.
●​ Zero-day attack
o​ An attack that exploits a previously unknown software vulnerability
before a fix is available.
●​ Malware refers to
o​ A type of software designed to harm, exploit, or disrupt computers
and networks.
●​ Trojan horse
o​ A type of malware that disguises itself as legitimate software to
trick users into installing it.
●​ What is ransomware?
o​ A type of malware that encrypts files and demands payment for
their release.
●​ What is spyware?
o​ A type of malware that secretly gathers user information and
transmits it without consent.
●​ What is VPN used for?
o​ Encrypting internet traffic to protect data and privacy online.
●​ What does HTTPS provide in web communication?
o​ Encryption, authentication, and data integrity for secure
communication.
●​ Symmetric encryption uses
o​ The same key for both encryption and decryption.
●​ What does hashing do to a data?
o​ Converts data into a fixed-length unique string that cannot be
reversed.
●​ What is a security audit?
o​ A systematic evaluation of an organization's security policies,
controls, and practices to identify vulnerabilities.
●​ What is the purpose of security monitoring?
o​ To continuously track and analyze system activity for potential
threats and security incidents.
●​ What is penetration testing is used to
o​ Identify and exploit security vulnerabilities in a system to assess its
defenses.
●​ What does intrusion detection do
o​ Monitors networks and systems for suspicious activity and alerts
security teams.
●​ What does GDPR regulate?
o​ data privacy and security to protect individuals’ personal
information.
●​ What is HIPAA (Health Insurance Portability and Accountability Act)
o​ Medical and health related data
●​ Where is PCIDSS (Payment Card Industry Data Security Standard)
applied to?
o​ Credit card transactions
●​ What is FISMA?
o​ Federal information system management act
●​ What is patch management?
o​ process of regularly updating software, operating systems, and
applications to fix security vulnerabilities, improve performance,
and ensure compatibility.
●​ What is the best practice for creating strong passwords?
o​ Mix of uppercase, lowercase, numbers, and symbols.
●​ Why should users avoid clicking unknown email links?
o​ They can lead to various cybersecurity threats, including malware
infections, phishing attacks, and identity theft.
●​ What is the best way to backup sensitive data?
o​ Combining encryption, redundancy, automation, and access control
to ensure sensitive data remains protected and recoverable.
●​ What is the main goal of cybersecurity laws?
o​ to protect individuals, organizations, and governments from cyber
threats by establishing legal standards for data security, privacy,
and online safety.
●​ Why is employee training security important?
o​ It helps protect both the organization and its employees from
cybersecurity threats, data breaches, and other security risks.