SlideShare a Scribd company logo

dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx

•Download as DOCX, PDF•
•
A
ams1ams11

william stallings

Technology
1 of 7
Computer Security: Principles and Practice, 2nd Edition Chapter 1 Chapter 1 – Computer Systems Overview TRUE/FALSE QUESTIONS: T F 1. Threats are attacks carried out. T F 2. Computer security is protection of the integrity, availability, and confidentiality of information system resources. T F 3. Data integrity assures that information and programs are changed only in a specified and authorized manner. T F 4. Availability assures that systems works promptly and service is not denied to authorized users. T F 5. The “A” in the CIA triad stands for “authenticity”. T F 6. The more critical a component or service, the higher the level of availability required. T F 7. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. T F 8. Security mechanisms typically do not involve more than one particular algorithm or protocol. T F 9. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. T F 10. In the context of security our concern is with the vulnerabilities of system resources. T F 11. Hardware is the most vulnerable to attack and the least susceptible to automated controls. T F 12. Contingency planning is a functional area that primarily requires computer security technical measures. T F 13. X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications. T F 14. The first step in devising security services and mechanisms is to develop a security policy. T F 15. Assurance is the process of examining a computer product or system with respect to certain criteria.
Computer Security: Principles and Practice, 2nd Edition Chapter 1 MULTIPLE CHOICE QUESTIONS: 1. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability C. System Integrity B. Privacy D. Data Integrity 2. ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A. System Integrity C. Data Integrity B. Availability D. Confidentiality 3. A loss of _________ is the unauthorized disclosure of information. A. confidentiality C. integrity B. authenticity D. availability 4. A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. low C. normal B. moderate D. high 5. A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________. A. countermeasure C. vulnerability B. adversary D. risk 6. An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. A. risk C. asset B. attack D. vulnerability
Computer Security: Principles and Practice, 2nd Edition Chapter 1 7. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. A. attack C. countermeasure B. adversary D. protocol 8. A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A. passive attack C. inside attack B. outside attack D. active attack 9. Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. A. unauthorized disclosure C. deception B. disruption D. usurpation 10. A threat action in which sensitive data are directly released to an unauthorized entity is __________. A. corruption C. disruption B. intrusion D. exposure 11. An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. A. masquerade C. interception B. repudiation D. inference 12. The _________ prevents or inhibits the normal use or management of communications facilities. A. passive attack C. traffic encryption B. denial of service D. masquerade 13. A __________ is any action that compromises the security of information owned by an organization. A. security mechanism C. security attack B. security policy D. security service
Computer Security: Principles and Practice, 2nd Edition Chapter 1 14. The assurance that data received are exactly as sent by an authorized entity is __________. A. authentication C. data confidentiality B. access control D. data integrity 15. __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. A. Traffic padding C. Traffic routing B. Traffic control D. Traffic integrity SHORT ANSWER QUESTIONS: 1. __________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources. 2. Confidentiality, Integrity, and Availability form what is often referred to as the _____. 3. A loss of _________ is the disruption of access to or use of information or an information system. 4. In the United States, student grade information is an asset whose confidentiality is regulated by the __________. 5. A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence. 6. A(n) _________ is any means taken to deal with a security attack. 7. Misappropriation and misuse are attacks that result in ________ threat consequences. 8. The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________. 9. Release of message contents and traffic analysis are two types of _________ attacks. 10. Replay, masquerade, modification of messages, and denial of service are example of _________ attacks. 11. Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
Computer Security: Principles and Practice, 2nd Edition Chapter 1 12. A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information. 13. The OSI security architecture focuses on security attacks, __________, and services. 14. A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery. 15. Security implementation involves four complementary courses of action: prevention, detection, response, and _________.
Computer Security: Principles and Practice, 2nd Edition Chapter 1 Chapter 1 – Computer Systems Overview Answer Key TRUE/FALSE QUESTIONS: 1. F 2. T 3. T 4. T 5. F 6. T 7. T 8. F 9. T 10. T 11. T 12. F 13. T 14. T 15. F MULTIPLE CHOICE QUESTIONS: 1. B 2. A 3. A 4. D 5. C 6. B 7. C 8. A 9. C 10. D 11. A 12. B 13. C 14. D 15. A SHORT ANSWER QUESTIONS:
Computer Security: Principles and Practice, 2nd Edition Chapter 1 1. Computer Security 2. CIA triad 3. availability 4. FERPA (Family Educational Rights and Privacy Act) 5. attack 6. countermeasure 7. usurpation 8. data 9. passive 10. active 11. contingency 12. risk 13. mechanisms 14. digital signature 15. recovery

Recommended

Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
PiBits
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
Security Ch-1.pptx
Security Ch-1.pptxSecurity Ch-1.pptx
Security Ch-1.pptx
KeenboonAsaffaa
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 

Recommended

Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
ITNet
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
PiBits
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
123aleena
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
Security Ch-1.pptx
Security Ch-1.pptxSecurity Ch-1.pptx
Security Ch-1.pptx
KeenboonAsaffaa
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
vkarthi314
 
IA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahIA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahah
flyinimohamed
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
Kamal Acharya
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
ams1ams11
 
I0516064
I0516064I0516064
I0516064
IOSR Journals
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mukesh Chinta
 
introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)
Scode Network Institute
 
introduction of ethical hacking. ppt
introduction of ethical hacking. pptintroduction of ethical hacking. ppt
introduction of ethical hacking. ppt
Scode Network Institute
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
IOSR Journals
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptx
AschalewAyele2
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
deepakbharathi16
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
Harsh Verdhan Raj
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
desalewminale
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
information security management
information security managementinformation security management
information security management
Gurpreetkaur838
 
1.pptx
1.pptx1.pptx
1.pptx
alaakaraja1
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
FahadZaman38
 
Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
karthikaparthasarath
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
Sitamarhi Institute of Technology
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
sulu98
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
 

More Related Content

Similar to dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx

Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptx
AschalewAyele2
 

Similar to dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx (20)

IA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahahIA 124 Lecture 01 2022 -23-1.pdf hahahah
IA 124 Lecture 01 2022 -23-1.pdf hahahah
 
Introduction to Computer Security
Introduction to Computer SecurityIntroduction to Computer Security
Introduction to Computer Security
 
CH01-CompSec4e.pptx
CH01-CompSec4e.pptxCH01-CompSec4e.pptx
CH01-CompSec4e.pptx
 
I0516064
I0516064I0516064
I0516064
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)
 
introduction of ethical hacking. ppt
introduction of ethical hacking. pptintroduction of ethical hacking. ppt
introduction of ethical hacking. ppt
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptx
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
security system by desu star chapter 1.pptx
security system by desu star chapter 1.pptxsecurity system by desu star chapter 1.pptx
security system by desu star chapter 1.pptx
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
information security management
information security managementinformation security management
information security management
 
1.pptx
1.pptx1.pptx
1.pptx
 
Concept Of Cyber Security.pdf
Concept Of Cyber Security.pdfConcept Of Cyber Security.pdf
Concept Of Cyber Security.pdf
 
Unit I Q&A.docx
Unit I Q&A.docxUnit I Q&A.docx
Unit I Q&A.docx
 
Module -5 Security.pdf
Module -5 Security.pdfModule -5 Security.pdf
Module -5 Security.pdf
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

dokumen_tips_computer_security_by_william_stallings_ch_1_mcq.docx

  • 1. Computer Security: Principles and Practice, 2nd Edition Chapter 1 Chapter 1 – Computer Systems Overview TRUE/FALSE QUESTIONS: T F 1. Threats are attacks carried out. T F 2. Computer security is protection of the integrity, availability, and confidentiality of information system resources. T F 3. Data integrity assures that information and programs are changed only in a specified and authorized manner. T F 4. Availability assures that systems works promptly and service is not denied to authorized users. T F 5. The “A” in the CIA triad stands for “authenticity”. T F 6. The more critical a component or service, the higher the level of availability required. T F 7. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. T F 8. Security mechanisms typically do not involve more than one particular algorithm or protocol. T F 9. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. T F 10. In the context of security our concern is with the vulnerabilities of system resources. T F 11. Hardware is the most vulnerable to attack and the least susceptible to automated controls. T F 12. Contingency planning is a functional area that primarily requires computer security technical measures. T F 13. X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications. T F 14. The first step in devising security services and mechanisms is to develop a security policy. T F 15. Assurance is the process of examining a computer product or system with respect to certain criteria.
  • 2. Computer Security: Principles and Practice, 2nd Edition Chapter 1 MULTIPLE CHOICE QUESTIONS: 1. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability C. System Integrity B. Privacy D. Data Integrity 2. ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A. System Integrity C. Data Integrity B. Availability D. Confidentiality 3. A loss of _________ is the unauthorized disclosure of information. A. confidentiality C. integrity B. authenticity D. availability 4. A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. low C. normal B. moderate D. high 5. A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________. A. countermeasure C. vulnerability B. adversary D. risk 6. An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. A. risk C. asset B. attack D. vulnerability
  • 3. Computer Security: Principles and Practice, 2nd Edition Chapter 1 7. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. A. attack C. countermeasure B. adversary D. protocol 8. A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A. passive attack C. inside attack B. outside attack D. active attack 9. Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. A. unauthorized disclosure C. deception B. disruption D. usurpation 10. A threat action in which sensitive data are directly released to an unauthorized entity is __________. A. corruption C. disruption B. intrusion D. exposure 11. An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. A. masquerade C. interception B. repudiation D. inference 12. The _________ prevents or inhibits the normal use or management of communications facilities. A. passive attack C. traffic encryption B. denial of service D. masquerade 13. A __________ is any action that compromises the security of information owned by an organization. A. security mechanism C. security attack B. security policy D. security service
  • 4. Computer Security: Principles and Practice, 2nd Edition Chapter 1 14. The assurance that data received are exactly as sent by an authorized entity is __________. A. authentication C. data confidentiality B. access control D. data integrity 15. __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. A. Traffic padding C. Traffic routing B. Traffic control D. Traffic integrity SHORT ANSWER QUESTIONS: 1. __________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources. 2. Confidentiality, Integrity, and Availability form what is often referred to as the _____. 3. A loss of _________ is the disruption of access to or use of information or an information system. 4. In the United States, student grade information is an asset whose confidentiality is regulated by the __________. 5. A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence. 6. A(n) _________ is any means taken to deal with a security attack. 7. Misappropriation and misuse are attacks that result in ________ threat consequences. 8. The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________. 9. Release of message contents and traffic analysis are two types of _________ attacks. 10. Replay, masquerade, modification of messages, and denial of service are example of _________ attacks. 11. Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
  • 5. Computer Security: Principles and Practice, 2nd Edition Chapter 1 12. A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information. 13. The OSI security architecture focuses on security attacks, __________, and services. 14. A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery. 15. Security implementation involves four complementary courses of action: prevention, detection, response, and _________.
  • 6. Computer Security: Principles and Practice, 2nd Edition Chapter 1 Chapter 1 – Computer Systems Overview Answer Key TRUE/FALSE QUESTIONS: 1. F 2. T 3. T 4. T 5. F 6. T 7. T 8. F 9. T 10. T 11. T 12. F 13. T 14. T 15. F MULTIPLE CHOICE QUESTIONS: 1. B 2. A 3. A 4. D 5. C 6. B 7. C 8. A 9. C 10. D 11. A 12. B 13. C 14. D 15. A SHORT ANSWER QUESTIONS:
  • 7. Computer Security: Principles and Practice, 2nd Edition Chapter 1 1. Computer Security 2. CIA triad 3. availability 4. FERPA (Family Educational Rights and Privacy Act) 5. attack 6. countermeasure 7. usurpation 8. data 9. passive 10. active 11. contingency 12. risk 13. mechanisms 14. digital signature 15. recovery