CHAPTER 1: SECURITY PRINCIPLES QUESTIONS WITH
ACCURATE ANSWERS
Adequate Security Accurate Answer - Security commensurate with the
risk and the magnitude of harm resulting from the loss, misuse or
unauthorized access to or modification of information. Source: OMB Circular
A-130
Administrative Controls Accurate Answer - Controls implemented
through policy and procedures. Examples include access control processes
and requiring multiple personnel to conduct a specific operation.
Administrative controls in modern environments are often enforced in
conjunction with physical and/or technical controls, such as an access-
granting policy for new users that requires login and approval by the hiring
manager.
Artificial Intelligence Accurate Answer - The ability of computers and
robots to simulate human intelligence and behavior.
Asset Accurate Answer - Anything of value that is owned by an
organization. Assets include both tangible items such as information systems
and physical property and intangible assets such as intellectual property.
Authentication Accurate Answer - The act of identifying or verifying
the eligibility of a station, originator, or individual to access specific categories
of information. Typically, a measure designed to protect against fraudulent
transmissions by establishing the validity of a transmission, message, station
or originator.
Authorization Accurate Answer - The right or a permission that is
granted to a system entity to access a system resource. NIST 800-82 Rev.2
Availability Accurate Answer - Ensuring timely and reliable access to
and use of information by authorized users.
Baseline Accurate Answer - A documented, lowest level of security
configuration allowed by a standard or organization.
, Biometric Accurate Answer - Biological characteristics of an individual,
such as a fingerprint, hand geometry, voice, or iris patterns.
Bot Accurate Answer - Malicious code that acts like a remotely
controlled "robot" for an attacker, with other Trojan and worm capabilities.
Classified or Sensitive Information Accurate Answer - Information that
has been determined to require protection against unauthorized disclosure
and is marked to indicate its classified status and classification level when in
documentary form.
Confidentiality Accurate Answer - The characteristic of data or
information when it is not made available or disclosed to unauthorized
persons or processes. NIST 800-66
Criticality Accurate Answer - A measure of the degree to which an
organization depends on the information or information system for the
success of a mission or of a business function. NIST SP 800-60 Vol. 1, Rev. 1
Data Integrity Accurate Answer - The property that data has not been
altered in an unauthorized manner. Data integrity covers data in storage,
during processing and while in transit. Source: NIST SP 800-27 Rev A
Encryption Accurate Answer - The process and act of converting the
message from its plaintext to ciphertext. Sometimes it is also referred to as
enciphering. The two terms are sometimes used interchangeably in literature
and have similar meanings.
General Data Protection Regulation (GDPR) Accurate Answer - In 2016,
the European Union passed comprehensive legislation that addresses
personal privacy, deeming it an individual human right.
Governance Accurate Answer - The process of how an organization is
managed; usually includes all aspects of how decisions are made for that
organization, such as policies, roles, and procedures the organization uses to
make those decisions.
Health Insurance Portability and Accountability Act (HIPAA) Accurate
Answer - This U.S. federal law is the most important healthcare information
ACCURATE ANSWERS
Adequate Security Accurate Answer - Security commensurate with the
risk and the magnitude of harm resulting from the loss, misuse or
unauthorized access to or modification of information. Source: OMB Circular
A-130
Administrative Controls Accurate Answer - Controls implemented
through policy and procedures. Examples include access control processes
and requiring multiple personnel to conduct a specific operation.
Administrative controls in modern environments are often enforced in
conjunction with physical and/or technical controls, such as an access-
granting policy for new users that requires login and approval by the hiring
manager.
Artificial Intelligence Accurate Answer - The ability of computers and
robots to simulate human intelligence and behavior.
Asset Accurate Answer - Anything of value that is owned by an
organization. Assets include both tangible items such as information systems
and physical property and intangible assets such as intellectual property.
Authentication Accurate Answer - The act of identifying or verifying
the eligibility of a station, originator, or individual to access specific categories
of information. Typically, a measure designed to protect against fraudulent
transmissions by establishing the validity of a transmission, message, station
or originator.
Authorization Accurate Answer - The right or a permission that is
granted to a system entity to access a system resource. NIST 800-82 Rev.2
Availability Accurate Answer - Ensuring timely and reliable access to
and use of information by authorized users.
Baseline Accurate Answer - A documented, lowest level of security
configuration allowed by a standard or organization.
, Biometric Accurate Answer - Biological characteristics of an individual,
such as a fingerprint, hand geometry, voice, or iris patterns.
Bot Accurate Answer - Malicious code that acts like a remotely
controlled "robot" for an attacker, with other Trojan and worm capabilities.
Classified or Sensitive Information Accurate Answer - Information that
has been determined to require protection against unauthorized disclosure
and is marked to indicate its classified status and classification level when in
documentary form.
Confidentiality Accurate Answer - The characteristic of data or
information when it is not made available or disclosed to unauthorized
persons or processes. NIST 800-66
Criticality Accurate Answer - A measure of the degree to which an
organization depends on the information or information system for the
success of a mission or of a business function. NIST SP 800-60 Vol. 1, Rev. 1
Data Integrity Accurate Answer - The property that data has not been
altered in an unauthorized manner. Data integrity covers data in storage,
during processing and while in transit. Source: NIST SP 800-27 Rev A
Encryption Accurate Answer - The process and act of converting the
message from its plaintext to ciphertext. Sometimes it is also referred to as
enciphering. The two terms are sometimes used interchangeably in literature
and have similar meanings.
General Data Protection Regulation (GDPR) Accurate Answer - In 2016,
the European Union passed comprehensive legislation that addresses
personal privacy, deeming it an individual human right.
Governance Accurate Answer - The process of how an organization is
managed; usually includes all aspects of how decisions are made for that
organization, such as policies, roles, and procedures the organization uses to
make those decisions.
Health Insurance Portability and Accountability Act (HIPAA) Accurate
Answer - This U.S. federal law is the most important healthcare information
