CSC 320 Midterm Exam Questions &
Answers (Grade A+)
CIA triad -
correct answer ✅Confidentiality, Integrity, Availability
confidentiality -
correct answer ✅prevention of unauthorized disclosure of
information
integrity -
correct answer ✅prevention of unauthorized modification of
information
availability -
correct answer ✅prevention of unauthorized withholding of
information or resources
DDOS attack -
correct answer ✅Distributed Denial of Service Attack. Typically a
virus installed on many computers (thousands) activate at the same
time and flood a target with traffic to the point the server becomes
overwhelmed.
,CSC 320 Midterm Exam Questions &
Answers (Grade A+)
intrusion -
correct answer ✅a successful event from the attacker's point of
view and consists of
1. an attack in which a vulnerability is exploited, resulting in a
2. breach which is a violation of the explicit or implicit security
policy of the system
vulnerability -
correct answer ✅a condition in a system, or in the procedures
affecting the operation of the system, that makes it possible to
perform an operation that violates the explicit or implicit security
policy of the system
vulnerability in software, hardware, configurations, use input or
physical access
security policy -
correct answer ✅a statement about what kind of events are
allowed or not allowed in the system. an explicit policy consists or
rules that are documented, while an implicit policy encompasses
the undocumented and assumed rules that exist for many systems
,CSC 320 Midterm Exam Questions &
Answers (Grade A+)
risk -
correct answer ✅risk of vulnerabilities being exploited
threat -
correct answer ✅person or event that threatens confidentiality,
integrity or availability
a potential cause of harm (threats can be human or not, threats can
be malicious or not, but our concern is mostly human malicious
attackers)
what are the three security objectives? -
correct answer ✅the CIA triad
security -
correct answer ✅security concerns the preservation of
confidentiality, integrity and availability, regardless of whether the
threats are intentional attacks or accidental mistakes or mishaps
, CSC 320 Midterm Exam Questions &
Answers (Grade A+)
types of attackers: organizations -
correct answer ✅criminal groups, intelligence services ("nation
state"), terrorists
criminal groups -
correct answer ✅criminal groups seek to attack systems for
monetary gain. organized crime is usually organized
intelligence services ("Nation state") -
correct answer ✅intelligence services use cyber tools as part of
their information-gathering, espionage, and influence operations
terrorists -
correct answer ✅terrorists seek to destroy, incapacitate, or exploit
critical infrastructures in order to threaten national security, cause
mass casualties, weaken the U.S. economy, and damage public
morale and confidence
terrorists may use cyber-methods to generate funds, gather
sensitive info. or spread propaganda
Answers (Grade A+)
CIA triad -
correct answer ✅Confidentiality, Integrity, Availability
confidentiality -
correct answer ✅prevention of unauthorized disclosure of
information
integrity -
correct answer ✅prevention of unauthorized modification of
information
availability -
correct answer ✅prevention of unauthorized withholding of
information or resources
DDOS attack -
correct answer ✅Distributed Denial of Service Attack. Typically a
virus installed on many computers (thousands) activate at the same
time and flood a target with traffic to the point the server becomes
overwhelmed.
,CSC 320 Midterm Exam Questions &
Answers (Grade A+)
intrusion -
correct answer ✅a successful event from the attacker's point of
view and consists of
1. an attack in which a vulnerability is exploited, resulting in a
2. breach which is a violation of the explicit or implicit security
policy of the system
vulnerability -
correct answer ✅a condition in a system, or in the procedures
affecting the operation of the system, that makes it possible to
perform an operation that violates the explicit or implicit security
policy of the system
vulnerability in software, hardware, configurations, use input or
physical access
security policy -
correct answer ✅a statement about what kind of events are
allowed or not allowed in the system. an explicit policy consists or
rules that are documented, while an implicit policy encompasses
the undocumented and assumed rules that exist for many systems
,CSC 320 Midterm Exam Questions &
Answers (Grade A+)
risk -
correct answer ✅risk of vulnerabilities being exploited
threat -
correct answer ✅person or event that threatens confidentiality,
integrity or availability
a potential cause of harm (threats can be human or not, threats can
be malicious or not, but our concern is mostly human malicious
attackers)
what are the three security objectives? -
correct answer ✅the CIA triad
security -
correct answer ✅security concerns the preservation of
confidentiality, integrity and availability, regardless of whether the
threats are intentional attacks or accidental mistakes or mishaps
, CSC 320 Midterm Exam Questions &
Answers (Grade A+)
types of attackers: organizations -
correct answer ✅criminal groups, intelligence services ("nation
state"), terrorists
criminal groups -
correct answer ✅criminal groups seek to attack systems for
monetary gain. organized crime is usually organized
intelligence services ("Nation state") -
correct answer ✅intelligence services use cyber tools as part of
their information-gathering, espionage, and influence operations
terrorists -
correct answer ✅terrorists seek to destroy, incapacitate, or exploit
critical infrastructures in order to threaten national security, cause
mass casualties, weaken the U.S. economy, and damage public
morale and confidence
terrorists may use cyber-methods to generate funds, gather
sensitive info. or spread propaganda
