IT 223 - Exam 1 Questions With
Complete Answers
information - ANSWER data with context, communication or reception of
knowledge or intelligence
security - ANSWER protection of information, safety, surety
information security - ANSWER focuses on protection of information assets
information assurance - ANSWER focuses on correctness of information,
providing right information to right users at right time
service - ANSWER a benefit provided to members of a community
information security services - ANSWER confidentiality, integrity, availability,
authentication, non-repudiation, access control
confidentiality - ANSWER limiting disclosure of the meaning of data only to
authorized entities
integrity - ANSWER data or system that is exactly as it should be with no
unauthorized changes of any kind
authentication of integrity - ANSWER provides assurance that integrity has been
maintained
availability - ANSWER providing access to authorized users when they need it
authentication of origin - ANSWER confirming where a message came from,
deters the sender of a message from claiming he didn't send it.
authentication of identity - ANSWER confirming who a person is
access control - ANSWER limiting and monitoring access to system resources
only to authorized entities
threat - ANSWER an indication/possibility of something impending, potential for
security to be comprised
threat environment - ANSWER the types of threats that information faces
, examples of threats - ANSWER ransomware, insiders leaking information,
natural disasters
threat action - ANSWER specific instance of that potential being realized, this is
when the threat has happened and been recognized, actual threat occurred
threat agent - ANSWER entity that has created/caused the threat action,
requires malicious intent, attacker will always be a person because a computer
cannot have malicious intent
3 types of threats - ANSWER natural events, human errors, attacks
natural event threat - ANSWER caused by nature, includes animals
human error threat - ANSWER caused by people but unintentionally, human
mistakes, must determine intent
attack threat - ANSWER requires intent to cause harm and violate security and a
person behind it
response to successful attack - ANSWER enhance security posture, find out
where they got in and method used, see if data has been compromised
Advanced Persistent Threat - ANSWER person with high skill level, nation state
actors, attack on high gain organizations
response to unsuccessful attack - ANSWER see what assets we have that are
vulnerable to a threat agent
ethical hacking - ANSWER white hat hacker, refers to attempting to hack a
system with authorization from system owners in order to test the security of the
system
zero-day attack - ANSWER exploits some vulnerability in a system that was not
known to the defenders at the time of the attack, zero days of notice
transport mechanism - ANSWER gets the software to where it does its damage,
how did it get to you
payload - ANSWER malicious code that does something undesirable, what is the
bad thing that happens, how do you get infected
trapdoor/backdoor - ANSWER malware component intended to bypass a
security mechanism in a system, bypass authentication
Complete Answers
information - ANSWER data with context, communication or reception of
knowledge or intelligence
security - ANSWER protection of information, safety, surety
information security - ANSWER focuses on protection of information assets
information assurance - ANSWER focuses on correctness of information,
providing right information to right users at right time
service - ANSWER a benefit provided to members of a community
information security services - ANSWER confidentiality, integrity, availability,
authentication, non-repudiation, access control
confidentiality - ANSWER limiting disclosure of the meaning of data only to
authorized entities
integrity - ANSWER data or system that is exactly as it should be with no
unauthorized changes of any kind
authentication of integrity - ANSWER provides assurance that integrity has been
maintained
availability - ANSWER providing access to authorized users when they need it
authentication of origin - ANSWER confirming where a message came from,
deters the sender of a message from claiming he didn't send it.
authentication of identity - ANSWER confirming who a person is
access control - ANSWER limiting and monitoring access to system resources
only to authorized entities
threat - ANSWER an indication/possibility of something impending, potential for
security to be comprised
threat environment - ANSWER the types of threats that information faces
, examples of threats - ANSWER ransomware, insiders leaking information,
natural disasters
threat action - ANSWER specific instance of that potential being realized, this is
when the threat has happened and been recognized, actual threat occurred
threat agent - ANSWER entity that has created/caused the threat action,
requires malicious intent, attacker will always be a person because a computer
cannot have malicious intent
3 types of threats - ANSWER natural events, human errors, attacks
natural event threat - ANSWER caused by nature, includes animals
human error threat - ANSWER caused by people but unintentionally, human
mistakes, must determine intent
attack threat - ANSWER requires intent to cause harm and violate security and a
person behind it
response to successful attack - ANSWER enhance security posture, find out
where they got in and method used, see if data has been compromised
Advanced Persistent Threat - ANSWER person with high skill level, nation state
actors, attack on high gain organizations
response to unsuccessful attack - ANSWER see what assets we have that are
vulnerable to a threat agent
ethical hacking - ANSWER white hat hacker, refers to attempting to hack a
system with authorization from system owners in order to test the security of the
system
zero-day attack - ANSWER exploits some vulnerability in a system that was not
known to the defenders at the time of the attack, zero days of notice
transport mechanism - ANSWER gets the software to where it does its damage,
how did it get to you
payload - ANSWER malicious code that does something undesirable, what is the
bad thing that happens, how do you get infected
trapdoor/backdoor - ANSWER malware component intended to bypass a
security mechanism in a system, bypass authentication
