CTSP EXAM QUESTIONS WITH
CORRECT ANSWERS
\.What is the CIA of computer security? - ANSWERS-confidentiality,
integrity, and availability; used when dealing with hardware, software,
or communications
\.Confidentiality - ANSWERS-Preventing the disclosure of information to
unauthorized persons; remove threats, absorb vulnerabilities, and
reduce risk
\.Integrity - ANSWERS-Data has not been tampered with
\.Availability - ANSWERS-Data is obtainable regardless of how
information is stored, accessed, or protected
\.What are the AAA of computer security? - ANSWERS-authentication,
authorization, and accounting
\.Authentication - ANSWERS-when a person's identity is established
with proof and confirmed by a system; requires a digital identity,
username/password, biometric data, or other scheme
, \.Authorization - ANSWERS-when a user is given access to certain data
or areas of a building; happens after authentication and determined by
permissions, access control lists, time-of-day restrictions, and other
online/physical restrictions
\.Accounting - ANSWERS-the tracking of data, computer usage, and
network resources; often it means logging, auditing, and monitoring of
the data and resources
\.Non-Repudiation - ANSWERS-when you have indisputable proof of
something users have done and they cannot deny it
\.Defense in Depth - ANSWERS-the building up and layering of security
measures that protect data throughout the entire life cycle starting
from inception, on through usage, storage, and network transfer, and
finally to disposal
\.White Hat - ANSWERS-non-malicious person attempting the hack that
has a contractual agreement with the owner of the resource to be
hacked; often involved in ethical hacking
CORRECT ANSWERS
\.What is the CIA of computer security? - ANSWERS-confidentiality,
integrity, and availability; used when dealing with hardware, software,
or communications
\.Confidentiality - ANSWERS-Preventing the disclosure of information to
unauthorized persons; remove threats, absorb vulnerabilities, and
reduce risk
\.Integrity - ANSWERS-Data has not been tampered with
\.Availability - ANSWERS-Data is obtainable regardless of how
information is stored, accessed, or protected
\.What are the AAA of computer security? - ANSWERS-authentication,
authorization, and accounting
\.Authentication - ANSWERS-when a person's identity is established
with proof and confirmed by a system; requires a digital identity,
username/password, biometric data, or other scheme
, \.Authorization - ANSWERS-when a user is given access to certain data
or areas of a building; happens after authentication and determined by
permissions, access control lists, time-of-day restrictions, and other
online/physical restrictions
\.Accounting - ANSWERS-the tracking of data, computer usage, and
network resources; often it means logging, auditing, and monitoring of
the data and resources
\.Non-Repudiation - ANSWERS-when you have indisputable proof of
something users have done and they cannot deny it
\.Defense in Depth - ANSWERS-the building up and layering of security
measures that protect data throughout the entire life cycle starting
from inception, on through usage, storage, and network transfer, and
finally to disposal
\.White Hat - ANSWERS-non-malicious person attempting the hack that
has a contractual agreement with the owner of the resource to be
hacked; often involved in ethical hacking
