FIT2093 Quiz week 1-8 Examination Review
2024
________ assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorised manipulation of the system.
a. Confidentiality
b. Availability
c. System Integrity
d. Data Integrity - answ c
An indirect leakage of information about an individual (e.g. as a result of analysing data
traffic patterns by the individual) is called __________.
a. Repudiation
b. Inference
c. Fabrication
d. Modification - answ b
A _________ prevents or inhibits the normal use or management of system facilities.
a. masquerade attack
b. denial of service attack
c. passive attack
d. traffic encryption attack - answ b
A system whose security depends on several components all remaining free from
compromise by an attacker will be broken as soon as the least-secure component is
compromised. This observation is known as the _________________.
a. Strongest link principle
b. Weakest link principle
c. Timeliness principle
d. Effectiveness principle - answ b
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that correct action can be taken.
a. attack
,b. protocol
c. countermeasure
d. adversary - answ c
An assault on system security that derives from an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a system is a(n)
__________.
a. vulnerability
b. risk
c. attack
d. asset - answ c
A threat action in which sensitive data are directly released to an unauthorized entity is
__________.
a. disruption
b. corruption
c. intrusion
d. exposure - answ d
An one-time-use authentication token need only be protected from access by
unauthorised users until it has been used by the authorised party. This is an example of
the ___________.
a. Energy Principle
b. Weakest Link Principle
c. Effectiveness Principle
d. Timeliness Principle - answ d
Masquerade, falsification, and repudiation are threat actions that cause __________
threat consequences.
a. deception
b. disruption
c. unauthorized disclosure
d. usurpation - answ a
An example of __________ is an attempt by an unauthorised user to gain access to a
system by posing as an authorised user.
a. inference
b. repudiation
c. masquerade
d. interception - answ c
, A __________ is any action that compromises the security of information owned by an
organization.
a. security policy
b. security service
c. security attack
d. security mechanism - answ c
The assurance that data received are exactly as sent by an authorised entity is
__________.
a. authentication
b. data confidentiality
c. data integrity
d. access control - answ c
A loss of _________ is the unauthorised disclosure of information.
a. confidentiality
b. authenticity
c. integrity
d. availability - answ a
A flaw or weakness in a system's design, implementation, or operation and
management that could be exploited to violate the system's security policy is a(n)
__________.
a. adversary
b. vulnerability
c. countermeasure
d. risk - answ b
A(n) _________ is an attempt to learn or make use of information from the system that
does not affect system resources.
a. outside attack
b. inside attack
c. passive attack
d. active attack - answ c
The use of a white list to validate user input means to ________.
Select one:
a. None of the above
b. Accept only user inputs in the white list and reject all others
c. Accept only one possible input
d. Reject only user inputs in the white list and accept all others - ANSW b
2024
________ assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorised manipulation of the system.
a. Confidentiality
b. Availability
c. System Integrity
d. Data Integrity - answ c
An indirect leakage of information about an individual (e.g. as a result of analysing data
traffic patterns by the individual) is called __________.
a. Repudiation
b. Inference
c. Fabrication
d. Modification - answ b
A _________ prevents or inhibits the normal use or management of system facilities.
a. masquerade attack
b. denial of service attack
c. passive attack
d. traffic encryption attack - answ b
A system whose security depends on several components all remaining free from
compromise by an attacker will be broken as soon as the least-secure component is
compromised. This observation is known as the _________________.
a. Strongest link principle
b. Weakest link principle
c. Timeliness principle
d. Effectiveness principle - answ b
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that correct action can be taken.
a. attack
,b. protocol
c. countermeasure
d. adversary - answ c
An assault on system security that derives from an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a system is a(n)
__________.
a. vulnerability
b. risk
c. attack
d. asset - answ c
A threat action in which sensitive data are directly released to an unauthorized entity is
__________.
a. disruption
b. corruption
c. intrusion
d. exposure - answ d
An one-time-use authentication token need only be protected from access by
unauthorised users until it has been used by the authorised party. This is an example of
the ___________.
a. Energy Principle
b. Weakest Link Principle
c. Effectiveness Principle
d. Timeliness Principle - answ d
Masquerade, falsification, and repudiation are threat actions that cause __________
threat consequences.
a. deception
b. disruption
c. unauthorized disclosure
d. usurpation - answ a
An example of __________ is an attempt by an unauthorised user to gain access to a
system by posing as an authorised user.
a. inference
b. repudiation
c. masquerade
d. interception - answ c
, A __________ is any action that compromises the security of information owned by an
organization.
a. security policy
b. security service
c. security attack
d. security mechanism - answ c
The assurance that data received are exactly as sent by an authorised entity is
__________.
a. authentication
b. data confidentiality
c. data integrity
d. access control - answ c
A loss of _________ is the unauthorised disclosure of information.
a. confidentiality
b. authenticity
c. integrity
d. availability - answ a
A flaw or weakness in a system's design, implementation, or operation and
management that could be exploited to violate the system's security policy is a(n)
__________.
a. adversary
b. vulnerability
c. countermeasure
d. risk - answ b
A(n) _________ is an attempt to learn or make use of information from the system that
does not affect system resources.
a. outside attack
b. inside attack
c. passive attack
d. active attack - answ c
The use of a white list to validate user input means to ________.
Select one:
a. None of the above
b. Accept only user inputs in the white list and reject all others
c. Accept only one possible input
d. Reject only user inputs in the white list and accept all others - ANSW b
