IAS

Question 1

is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation

Answer 1

Information Assurance (IA)

Question 2

study on how to recover should any of those happen.

Answer 2

Information Assurance

Question 3

5 aspects of information needed protection

Answer 3

Availability, Integrity, Confidentiality, Authentication, Non-repudiation

Question 4

timely, reliable access to data and information services for authorized users;

Answer 4

Availability

Question 5

protection against unauthorized modification or destruction of information;

Answer 5

integrity

Question 6

assurance that information is not disclosed to unauthorized persons;

Answer 6

Confidentiality

Question 7

security measures to establish the validity of a transmission, message, or originator.

Answer 7

Authentication

Question 8

assurance that the sender is provided with proof of a data delivery

Answer 8

Non- repudiation

Question 9

True or False: IT security cannot be accomplished in a vacuum

Answer 9

TRUE

Question 10

Four Major categories of Information Assurance

Answer 10

Physical Security, personnel security, IT security, Operational Security

Question 11

refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.

Answer 11

Physical Security

Question 11

6 Proper Practice of Information Assurance

Answer 11

-enforcing hard-to-guess passwords
- encrypting hard drives
- locking sensitive documents in a safe
- assigning security clearances to staffers
- using SSL for data transfer
- having off-site back up of documents

Question 12

is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction,

Answer 12

Personnel Security

Question 13

action or inaction by insiders and known outsiders, such as business partners.

Answer 13

Personnel Security

Question 14

is the inherent technical features and functions that collectively contribute to an IT infrastructure

Answer 14

IT security

Question 15

involves the implementation of standard operational security procedures

Answer 15

Operational Security

Question 16

Purpose of operational security

Answer 16

achieve and sustain a known secure system state at all times
-prevent accidental or intentional theft, release, destruction, alteration, misuse, or sabotage of system resources.

Question 17

According to _________, a computing environment is made up of five continuously interacting components

Answer 17

Raggad’s taxonomy of information security

Question 18

5 continuously interacting components

Answer 18

activities, people, data. technology and network

Question 19

According to ______, IA can be thought of as protecting information at three distinct levels

Answer 19

Blyth and Kovacich

Question 20

3 distinct levels

Answer 20

Physical
-information infrastructure
- perceptual

Question 21

data and data processing activities in physical space;

Answer 21

Physical

Question 22

information and data manipulation abilities in cyberspace;

Answer 22

information infrastructure

Question 23

knowledge and understanding in human decision space.

Answer 23

Perceptual

Question 24

What is the lowest level focus of IA?

Answer 24

Physical Level

Question 25

Computers, physical networks, telecommunications and supporting systems such as power, facilities and environmental controls

Answer 25

Physical Level

Question 26

At this level people are the one who manage the systems.

Answer 26

Physical Level

Question 27

to affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.

Answer 27

Desired effects(Physical level)

Question 28

physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.

Answer 28

Attackers Operations ( Physical level)

Question 29

physical security, OPSEC, TEMPEST

Answer 29

Defenders Operations ( Physical Level)

Question 30

COMPSEC meaning:

Answer 30

Computer security

Question 31

COMSEC:

Answer 31

Communications and network security

Question 32

ITSEC

Answer 32

both COMPSEC and COMSEC

Question 32

What is the second level focus of IA?

Answer 32

Infrastructure level

Question 33

OPSEC

Answer 33

operations security

Question 34

 This covers information and data manipulation ability maintained in cyberspace, including: data structures, processes and programs, protocols, data content and databases.

Answer 34

Infrastructure Level

Question 35

to influence the effectiveness and performance of information functions supporting perception, decision making, and control of physical processes.

Answer 35

Desired effects ( IL)

Question 36

impersonation, piggybacking, spoofing, network attacks, malware, authorization attacks, active misuse, and denial of service attacks.

Answer 36

Attackers Operation (IL)

Question 37

information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

Answer 37

Defenders Operation (IL)

Question 38

What is the third level of IA?

Answer 38

Perceptual Level

Question 39

 This is abstract and concerned with the management of perceptions of the target, particularly those persons making security decisions.

Answer 39

Perceptual Level

Question 40

to influence decisions and behaviors

Answer 40

Desired effects ( PL)

Question 41

psychological operations such as: deception, blackmail, bribery and corruption, social engineering, trademark and copyright infringement, defamation, diplomacy, creating distrust.

Answer 41

Attackers Operation (PL)

Question 42

personnel security including psychological testing, education, and screening such as biometrics, watermarks, keys, passwords

Answer 42

Defenders Operation (PL)

Question 43

It is the flip side of information assurance

Answer 43

Information Warfare

Question 44

involves managing an opponent’s perception through deception and psychological operations. In military circles, this is called Truth Projection.

Answer 44

TYPE I

Question 45

gathers intelligence by exploiting the opponent’s use of information systems.

Answer 45

TYPE III

Question 45

involves denying, destroying, degrading, or distorting the opponent’s information flows to disrupt their ability to carry out or coordinate operations.

Answer 45

TYPE II

Question 46

6 offensive players of IW

Answer 46

Insiders, Hackers, Criminals, Corporations, Government and terrorists

Question 47

consists of employees, former employees and contractors.

Answer 47

Insiders

Question 48

one who gains unauthorized access to or breaks into information systems for thrills, challenge, power, or profit.

Answer 48

Hackers

Question 49

target information that may be of value to them: bank accounts, credit card information, intellectual property, etc.

Answer 49

Criminals

Question 50

actively seek intelligence about competitors or steal trade secrets.

Answer 50

Corporations

Question 51

seek the military, diplomatic, and economic secrets of foreign governments, foreign corporations, and adversaries. May also target domestic adversaries.

Answer 51

Government and agencies

Question 52

usually politically motivated and may seek to cause maximal damage to information infrastructure as well as endanger lives and property.

Answer 52

Terrorists

Question 53

Protection Pillars f IA

Answer 53

“ensure the availability, integrity, authenticity, confidentiality, and non-repudiation of information”

Question 54

IA is both proactive and reactive involving

Answer 54

protection, detection, capability restoration, and response.

Question 55

“timely attack detection and reporting is key to initiating the restoration and response processes.”

Answer 55

Attack Detection

Question 56

“relies on established procedures and mechanisms for prioritizing restoration of essential functions.

Answer 56

Capability Restoration

Question 57

may rely on backup or redundant links, information system components, or alternative means of information transfer.”

Answer 57

Capability Restoration

Question 58

the resource being protected, including: physical assets: devices, computers, people; logical assets: information, data (in transmission, storage, or processing),

Answer 58

Asset

Question 59

the items being protected by the system (documents, files, directories, databases, transactions, etc.)

Answer 59

Objects

Question 60

entities (users, processes, etc.) that execute activities and request access to objects.

Answer 60

Subjects

Question 61

operations, primitive or complex, that can operate on objects and must be controlled

Answer 61

Actions

Question 61

7 Critical Aspects: Information assets (objects) may have critical aspects:

Answer 61

Availability, accuracy, authenticity, confidentiality, integrity, utility, possession

Question 61

in the Unix operating system, processes (___) may have permission to perform read, write or execute (____) on files (__)

Answer 61

Subjects, actions, objects

Question 62

authorized users are able to access it;

Answer 62

Availability

Question 63

the information is free of error and has the value expected

Answer 63

Accuracy

Question 64

the information is genuine;

Answer 64

Authenticity

Question 65

the information has not been disclosed to unauthorized parties;

Answer 65

Confidentiality

Question 66

the information is whole, complete and uncorrupted;

Answer 66

Integrity

Question 67

the information has value for the intended purpose;

Answer 67

utility

Question 68

the data is under authorized ownership and control.

Answer 68

possession

Question 69

may be conducted by criminals, but also by states for industrial espionage, for economic damage to apply pressure, or to inflict real damage to infrastructure as an act of war

Answer 69

Cyber Attack

Question 70

requires some form of physical security, since physical access to computer systems enables a whole class of attacks.

Answer 70

Cybersecurity

Question 71

is the protection of computer systems from the damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Answer 71

Computer Security or IT security

Question 72

may depend on cybersecurity to the extent that it uses computer systems

Answer 72

Physical Security

Question 73

is concerned with the absence of misbehavior, both in normal and exceptional situations, but still in a neutral environment when no one is trying to intentionally attack the system

Answer 73

Software safety

Question 74

aims for the absence of misbehavior in an adversarial environment,

Answer 74

Safety

Question 74

aims for the absence of misbehavior in an adversarial environment, where an attacker intentionally tries to misuse a system, putting it in an erroneous state that is not part of its intended specification

Answer 74

Software security

Question 75

where an attacker intentionally tries to misuse a system

Answer 75

Security

Question 76

is an essential cornerstone in a digital world which increasingly pervades every aspect of our daily lives, public and private. Without it, the world collapses.

Answer 76

Security

Question 76

ability for individuals to control their personal data and decide what to reveal to whom and under what conditions.

Answer 76

Privacy

Question 76

CIA Triad stands for?

Answer 76

Confidentiality, Integrity, and Availability

Question 77

Cybersecurity consists in ensuring three basic and essential properties of information, services, and IT infrastructures well known as the?

Answer 77

CIA triad

Question 77

confidentiality of the identity of the user or entity

Answer 77

Anonymity

Question 78

a set of rules that specify how sensitive and critical resources are protected, i.e., how some or all of the previous properties are guaranteed.

Answer 78

Security Policy

Question 78

initially defined as the ability of a system to return to its original state after an attack

Answer 78

Resilience

Question 79

related to scientific methods of identifying the authors of a crime by examining objects or substances involved in the crime.

Answer 79

Forensic Analysis

Question 79

aims to explain the state of a computing system by extracting information and using it to reconstruct the series of actions undertaken by the attacker

Answer 79

Forensic Analysis

Question 80

has been given to practices where governments or governmental organizations perform surveillance and data collection at a national scale (or larger)

Answer 80

Mass Dataveillance

Question 81

targets an individual of (supposed) interest.

Answer 81

Personal Dataveillance

Question 82

are physical attacks based on the observation of the circuit behavior during a computation

Answer 82

Side Channel analysis

Question 83

a well-known class of physical attacks where a device undergoes a modification of physical parameters in order to obtain an incorrect behavior

Answer 83

Fault Attacks

Question 84

can also be generated in multicore SoC using the Dynamic Voltage and Frequency Scaling (DVFS), i.e

Answer 84

Perturbation

Question 85

attacking this basic and essential network service can, for instance, isolate a whole country or at the opposite redirect all the traffic of a country through a surveillance point. Another crucial network service, DNS, translates readable hostnames into IP addresses. An attack against this service can redirect a user to a fake banking web site in order to steal the user’s credentials

Answer 85

Routing

Question 86

s a hierarchical decentralized naming system for the Internet, with scalability and flexibility as key design goals.

Answer 86

Domain Name System(DNS)

Question 87

used for address resolution,i.e., hostname to IP mapping (e.g., “www.example.com” resolves to IPv4 address “1.2.3.4”), as well as the inverse mapping.

Answer 87

DNS

Question 88

Type of routing thtat controlled by a single organization

Answer 88

Autonomous System

Question 89

is the protocol currently in use on the Internet for the exchange of routing and reachability information among autonomous systems.

Answer 89

Border Gateway Protocol

Question 90

more advanced and leveraging higher social intelligence to make people confident in the legitimacy of the request they received

Answer 90

Spear Phishing

Question 91

aims at convincing the user to perform an action, such as revealing a password, by gaining their trust.

Answer 91

Social Engineering

Question 92

usually aims at obtaining information like passwords, credit card numbers etc. It is often based on massive email campaigns (spam) or messages over other communication media (chats, social media) requesting that people provide sensitive information either by replying to the email or by connecting to a website

Answer 92

Phishing

Question 92

convince a person to perform a forbidden or sensitive action by gaining their trust

Answer 92

Social Engineering

Question 93

aims at flipping memory bits while reading and writing another cell.

Answer 93

Rowhammer Attack