IAS EXAM 1 QUESTIONS & ANSWERS
2024/2025
An__________ is characterized by a greater amount of planning, a longer period of time to conduct the
activity, more financial backing to accomplish it, and the and the possible corruption of or collusion with
insiders. - ANSWERSStructured Threat
A hacker whose activities are motivated by a personal cause or position is known as? -
ANSWERSHacktivist
An ___________________ is one whose loss would have a severe detrimental impact on the nation. -
ANSWERSCritical Infrastructure
_____________ is conducted against information and the information processing equipment used by an
adversary. - ANSWERSInformation Hardware
People who deliberately access computer systems and networks without authorization are called
__________ - ANSWERShackers
Generally short term in nature, does not involve a large group o individuals, does not have a large
financial backing, and does not include collusion with insiders. - ANSWERSUnstructured Threat
A highly technically competent individual who conducts intrusive activity on the internet and is capable
of not only exploiting known vulnerabilities but also finding new ones. - ANSWERSElite hacker
The act of deliberately accessing computer systems and networks without authorization is know as -
ANSWERSHacking.
Someone who does not have the technical expertise to find vulnerabilities or create scripts. Only knows
just enough to be able to download and execute scripts. - ANSWERSScript Kiddie
, Is characterized by a much longer period of time (years are not uncommon), tremendous financial
backing, and a large organized group of attackers. - ANSWERSHighly structured threat
Is the term used to describe a condition where the user cannot deny that an event has occurred -
ANSWERS
Is an integrity based security model that bases its security on the control of the processes that are
allowed to modify critical data referred to as constrained data items. - ANSWERSClark-Wilson security
model
The security principle used in the bell-lapadula model that states that no subject can read from an object
with a higher security classification is called? - ANSWERSSimple security rule
The principal that states that a subject has only the necessary rights and privileges to preform its task,
with no additional permissions is called? - ANSWERSleast privilege
Is the principle in security where protection mechanisms should be kept as simple and as small as
possible. - ANSWERSEconomy of mechanism
is the principle that protection mechanisms should minimize user level impact. - ANSWERSpsychological
acceptability
Is the process used to ensure that individuals are who they claim to be. - ANSWERSAuthentication
The architecture in which multiple methods of security defense are applied to prevent realization of
threat based risks is called? - ANSWERSlayered security
is the process of combining seemingly unimportant information with other pieces of information to
divulge potentially sensitive information. - ANSWERSsecurity through obscurity
implicit deny is the operational term for the principle of? - ANSWERSDefault deny
2024/2025
An__________ is characterized by a greater amount of planning, a longer period of time to conduct the
activity, more financial backing to accomplish it, and the and the possible corruption of or collusion with
insiders. - ANSWERSStructured Threat
A hacker whose activities are motivated by a personal cause or position is known as? -
ANSWERSHacktivist
An ___________________ is one whose loss would have a severe detrimental impact on the nation. -
ANSWERSCritical Infrastructure
_____________ is conducted against information and the information processing equipment used by an
adversary. - ANSWERSInformation Hardware
People who deliberately access computer systems and networks without authorization are called
__________ - ANSWERShackers
Generally short term in nature, does not involve a large group o individuals, does not have a large
financial backing, and does not include collusion with insiders. - ANSWERSUnstructured Threat
A highly technically competent individual who conducts intrusive activity on the internet and is capable
of not only exploiting known vulnerabilities but also finding new ones. - ANSWERSElite hacker
The act of deliberately accessing computer systems and networks without authorization is know as -
ANSWERSHacking.
Someone who does not have the technical expertise to find vulnerabilities or create scripts. Only knows
just enough to be able to download and execute scripts. - ANSWERSScript Kiddie
, Is characterized by a much longer period of time (years are not uncommon), tremendous financial
backing, and a large organized group of attackers. - ANSWERSHighly structured threat
Is the term used to describe a condition where the user cannot deny that an event has occurred -
ANSWERS
Is an integrity based security model that bases its security on the control of the processes that are
allowed to modify critical data referred to as constrained data items. - ANSWERSClark-Wilson security
model
The security principle used in the bell-lapadula model that states that no subject can read from an object
with a higher security classification is called? - ANSWERSSimple security rule
The principal that states that a subject has only the necessary rights and privileges to preform its task,
with no additional permissions is called? - ANSWERSleast privilege
Is the principle in security where protection mechanisms should be kept as simple and as small as
possible. - ANSWERSEconomy of mechanism
is the principle that protection mechanisms should minimize user level impact. - ANSWERSpsychological
acceptability
Is the process used to ensure that individuals are who they claim to be. - ANSWERSAuthentication
The architecture in which multiple methods of security defense are applied to prevent realization of
threat based risks is called? - ANSWERSlayered security
is the process of combining seemingly unimportant information with other pieces of information to
divulge potentially sensitive information. - ANSWERSsecurity through obscurity
implicit deny is the operational term for the principle of? - ANSWERSDefault deny
