CECS 378 MIDTERM 1 QUESTIONS AND ANSWERS
Computer security - CORRECT ANSWER✅✅The protection of an information system to preserve
confidentiality, integrity, and availability.
The CIA triad - CORRECT ANSWER✅✅Confidentiality, integrity, and availability.
Confidentiality - CORRECT ANSWER✅✅Prevent unauthorized disclosure of information.
Integrity - CORRECT ANSWER✅✅Prevent unauthorized modification or destruction of information.
Availability - CORRECT ANSWER✅✅Ensure timely, reliable access to information and systems for
authorized users.
CIA tradeoff - CORRECT ANSWER✅✅Improving one CIA goal can reduce another (for example, more
confidentiality can reduce availability).
Asset - CORRECT ANSWER✅✅Something valuable to protect (hardware, software, data, networks).
Vulnerability - CORRECT ANSWER✅✅A weakness that can be exploited to violate security.
Threat - CORRECT ANSWER✅✅Something capable of exploiting a vulnerability.
Attack - CORRECT ANSWER✅✅An executed threat (a real attempt).
Countermeasure - CORRECT ANSWER✅✅An action, device, or technique that reduces threats,
vulnerabilities, or attacks.
Countermeasure goals - CORRECT ANSWER✅✅Prevent, detect, and recover.
, Confidentiality loss (leak) - CORRECT ANSWER✅✅Unauthorized disclosure of information.
Integrity loss (corruption) - CORRECT ANSWER✅✅Unauthorized modification or destruction of
information.
Availability loss (disruption) - CORRECT ANSWER✅✅System access is prevented or severely slowed.
Passive attack - CORRECT ANSWER✅✅An attempt to learn information without affecting system
resources.
Active attack - CORRECT ANSWER✅✅An attempt to alter system resources or affect operations.
Passive attack example - CORRECT ANSWER✅✅Eavesdropping or monitoring.
Active attack example - CORRECT ANSWER✅✅Replay, masquerade, message modification, or denial of
service.
Replay attack - CORRECT ANSWER✅✅Capturing a valid transmission and retransmitting it later.
Masquerade attack - CORRECT ANSWER✅✅An attacker pretends to be an authorized user.
Message modification - CORRECT ANSWER✅✅An attacker alters a legitimate message in transit.
Denial of service (DoS) - CORRECT ANSWER✅✅An attacker prevents or inhibits normal system/service
use.
Insider attack - CORRECT ANSWER✅✅An attack initiated from inside the security perimeter or by an
authorized user.
Computer security - CORRECT ANSWER✅✅The protection of an information system to preserve
confidentiality, integrity, and availability.
The CIA triad - CORRECT ANSWER✅✅Confidentiality, integrity, and availability.
Confidentiality - CORRECT ANSWER✅✅Prevent unauthorized disclosure of information.
Integrity - CORRECT ANSWER✅✅Prevent unauthorized modification or destruction of information.
Availability - CORRECT ANSWER✅✅Ensure timely, reliable access to information and systems for
authorized users.
CIA tradeoff - CORRECT ANSWER✅✅Improving one CIA goal can reduce another (for example, more
confidentiality can reduce availability).
Asset - CORRECT ANSWER✅✅Something valuable to protect (hardware, software, data, networks).
Vulnerability - CORRECT ANSWER✅✅A weakness that can be exploited to violate security.
Threat - CORRECT ANSWER✅✅Something capable of exploiting a vulnerability.
Attack - CORRECT ANSWER✅✅An executed threat (a real attempt).
Countermeasure - CORRECT ANSWER✅✅An action, device, or technique that reduces threats,
vulnerabilities, or attacks.
Countermeasure goals - CORRECT ANSWER✅✅Prevent, detect, and recover.
, Confidentiality loss (leak) - CORRECT ANSWER✅✅Unauthorized disclosure of information.
Integrity loss (corruption) - CORRECT ANSWER✅✅Unauthorized modification or destruction of
information.
Availability loss (disruption) - CORRECT ANSWER✅✅System access is prevented or severely slowed.
Passive attack - CORRECT ANSWER✅✅An attempt to learn information without affecting system
resources.
Active attack - CORRECT ANSWER✅✅An attempt to alter system resources or affect operations.
Passive attack example - CORRECT ANSWER✅✅Eavesdropping or monitoring.
Active attack example - CORRECT ANSWER✅✅Replay, masquerade, message modification, or denial of
service.
Replay attack - CORRECT ANSWER✅✅Capturing a valid transmission and retransmitting it later.
Masquerade attack - CORRECT ANSWER✅✅An attacker pretends to be an authorized user.
Message modification - CORRECT ANSWER✅✅An attacker alters a legitimate message in transit.
Denial of service (DoS) - CORRECT ANSWER✅✅An attacker prevents or inhibits normal system/service
use.
Insider attack - CORRECT ANSWER✅✅An attack initiated from inside the security perimeter or by an
authorized user.
