CECS 378 EXAM 1 QUESTIONS WITH VERIFIED SOLUTIONS LATEST UPDATE 2026

CECS 378 EXAM 1 QUESTIONS WITH VERIFIED SOLUTIONS LATEST UPDATE 2026 Threats are attacks carried out. - Answers False Computer security is protection of the integrity, availability, and confidentiality of information system resources. - Answers True Data integrity assures that information and programs are changed only in a specified and authorized manner. - Answers True Availability assures that systems works promptly and service is not denied to authorized users. - Answers True The "A" in the CIA triad stands for "authenticity". - Answers False The more critical a component or service, the higher the level of availability required. - Answers True Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. - Answers True Security mechanisms typically do not involve more than one particular algorithm or protocol. - Answers False Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. - Answers True In the context of security our concern is with the vulnerabilities of system resources. - Answers True Hardware is the most vulnerable to attack and the least susceptible to automated controls. - Answers True Contingency planning is a functional area that primarily requires computer security technical measures. - Answers False X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications. - Answers True The first step in devising security services and mechanisms is to develop a security policy. - Answers True Assurance is the process of examining a computer product or system with respect to certain criteria. - Answers False __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. - Answers Privacy ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. - Answers System Integrity A loss of _________ is the unauthorized disclosure of information. - Answers Confidentiality A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. - Answers high A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. - Answers vulnerability An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. - Answers attack A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. - Answers countermeasure A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. - Answers passive attack Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. - Answers deception A threat action in which sensitive data are directly released to an unauthorized entity is __________. - Answers exposure An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. - Answers masquerade The _________ prevents or inhibits the normal use or management of communications facilities. - Answers denial of service A __________ is any action that compromises the security of information owned by an organization. - Answers security attack The assurance that data received are exactly as sent by an authorized entity is __________. - Answers data integrity __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. - Answers Traffic padding Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is - Answers symmetric encryption. There are two general approaches to attacking a symmetric encryption scheme: cryptanalytic attacks and _____ attacks. - Answers brute-force The ______ algorithm takes the ciphertext and the secret key and produces the original plaintext. - Answers decryption A _______ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. - Answers cryptanalytic A __________ processes the plaintext input in fixed-size blocks and produces a block of ciphertext of equal size for each plaintext block. - Answers block cipher A ________ processes the input elements continuously, producing output one element at a time. - Answers stream cipher Public-key encryption was first publicly proposed by _________ in 1976. - Answers Diffie and Hellman The two criteria used to validate that a sequence of numbers is random are independence and _________. - Answers uniform distribution A ________ is a hardware device that sits between servers and storage systems and encrypts all data going from the server to the storage system and decrypts data going in the opposite direction. - Answers back-end appliance In July 1998 the _________ announced that it had broken a DES encryption using a special purpose "DES cracker" machine. - Answers Electronic Frontier Foundation (EFF) The simplest approach to multiple block encryption is known as ______ mode, in which plaintext is handled b bits at a time and each block of plaintext is encrypted using the same key. - Answers electronic codebook (ECB) A _______ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character. - Answers pseudorandom The ________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. - Answers public and private key __________ is provided by means of a co-processor board embedded in the tape drive and tape library hardware. - Answers Library-based tape encryption The purpose of the __________ is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages. - Answers Diffie-Hellman Key Agreement algorithm _______ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources. - Answers Computer Security Confidentiality, Integrity, and Availability form what is often referred to as the _____ - Answers CIA Triad A loss of ______ is the disruption of access to or use of information or an information system. - Answers availability In the United States, student grade information is an asset whose confidentiality is regulated by the _____. - Answers FERPA (Family Educational Rights and Privacy Act A(n) _____ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence. - Answers attack A(n)_______ is any means taken to deal with a security attack - Answers countermeasure Misappropriation and misuse are attacks that result in _______ threat consequences. - Answers usurpation The assets of a computer system can be categorized as hardware, software, communication lines and networks, and ______. - Answers data Release of message contents and traffic analysis are two types of ______ attacks. - Answers passive Replay, masquerade, modification of messages, and denial of service are example of _____ attacks. - Answers active Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a ______. - Answers contingency plan