Chapter 1 – Computer Systems Overview
Answer Key
TRUE/FALSE QUESTIONS:
1. F
2. T
3. T
4. T
5. F
6. T
7. T
8. F
9. T
10. T
11. T
12. F
13. T
14. T
15. F
MULTIPLE CHOICE QUESTIONS:
1. B
2. A
3. A
4. D
5. C
6. B
7. C
8. A
9. C
10. D
11. A
12. B
13. C
14. D
15. A
,SHORT ANSWER QUESTIONS:
1. Computer Security
2. CIA triad
3. availability
4. FERPA (Family Educational Rights and Privacy Act)
5. attack
6. countermeasure
7. usurpation
8. data
9. passive
10. active
11. contingency
12. risk
13. mechanisms
14. digital signature
15. recovery
Chapter 1 – Computer Systems Overview
TRUE/FALSE QUESTIONS:
T F 1. Threats are attacks carried out.
T F 2. Computer security is protection of the integrity, availability, and
confidentiality of information system resources.
T F 3. Data integrity assures that information and programs are changed only
in a specified and authorized manner.
T F 4. Availability assures that systems works promptly and service is not
denied to authorized users.
T F 5. The “A” in the CIA triad stands for “authenticity”.
T F 6. The more critical a component or service, the higher the level of
availability required.
T F 7. Computer security is essentially a battle of wits between a perpetrator
, who tries to find holes and the administrator who tries to close them.
T F 8. Security mechanisms typically do not involve more than one particular
algorithm or protocol.
T F 9. Many security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system.
T F 10. In the context of security our concern is with the vulnerabilities of
system resources.
T F 11. Hardware is the most vulnerable to attack and the least susceptible to
automated controls.
T F 12. Contingency planning is a functional area that primarily requires
computer security technical measures.
T F 13. X.800 architecture was developed as an international standard and
focuses on security in the context of networks and communications.
T F 14. The first step in devising security services and mechanisms is to
develop a security policy.
T F 15. Assurance is the process of examining a computer product or system
with respect to certain criteria.
MULTIPLE CHOICE QUESTIONS:
1. __________ assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may be
disclosed.
A. Availability C. System Integrity
B. Privacy D. Data Integrity
2. ________ assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system.
A. System Integrity C. Data Integrity
B. Availability D. Confidentiality
3. A loss of _________ is the unauthorized disclosure of information.
A. confidentiality C. integrity
B. authenticity D. availability
, 4. A ________ level breach of security could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational assets, or individuals.
A. low C. normal
B. moderate D. high
5. A flaw or weakness in a system’s design, implementation, or operation and management
that could be exploited to violate the system’s security policy is a(n) __________.
A. countermeasure C. vulnerability
B. adversary D. risk
6. An assault on system security that derives from an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a system is a(n)
__________.
A. risk C. asset
B. attack D. vulnerability
7. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that correct action can be taken.
A. attack C. countermeasure
B. adversary D. protocol
8. A(n) _________ is an attempt to learn or make use of information from the system that
does not affect system resources.
A. passive attack C. inside attack
B. outside attack D. active attack
9. Masquerade, falsification, and repudiation are threat actions that cause __________ threat
consequences.
A. unauthorized disclosure C. deception
B. disruption D. usurpation
10. A threat action in which sensitive data are directly released to an unauthorized entity is
__________.
Answer Key
TRUE/FALSE QUESTIONS:
1. F
2. T
3. T
4. T
5. F
6. T
7. T
8. F
9. T
10. T
11. T
12. F
13. T
14. T
15. F
MULTIPLE CHOICE QUESTIONS:
1. B
2. A
3. A
4. D
5. C
6. B
7. C
8. A
9. C
10. D
11. A
12. B
13. C
14. D
15. A
,SHORT ANSWER QUESTIONS:
1. Computer Security
2. CIA triad
3. availability
4. FERPA (Family Educational Rights and Privacy Act)
5. attack
6. countermeasure
7. usurpation
8. data
9. passive
10. active
11. contingency
12. risk
13. mechanisms
14. digital signature
15. recovery
Chapter 1 – Computer Systems Overview
TRUE/FALSE QUESTIONS:
T F 1. Threats are attacks carried out.
T F 2. Computer security is protection of the integrity, availability, and
confidentiality of information system resources.
T F 3. Data integrity assures that information and programs are changed only
in a specified and authorized manner.
T F 4. Availability assures that systems works promptly and service is not
denied to authorized users.
T F 5. The “A” in the CIA triad stands for “authenticity”.
T F 6. The more critical a component or service, the higher the level of
availability required.
T F 7. Computer security is essentially a battle of wits between a perpetrator
, who tries to find holes and the administrator who tries to close them.
T F 8. Security mechanisms typically do not involve more than one particular
algorithm or protocol.
T F 9. Many security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system.
T F 10. In the context of security our concern is with the vulnerabilities of
system resources.
T F 11. Hardware is the most vulnerable to attack and the least susceptible to
automated controls.
T F 12. Contingency planning is a functional area that primarily requires
computer security technical measures.
T F 13. X.800 architecture was developed as an international standard and
focuses on security in the context of networks and communications.
T F 14. The first step in devising security services and mechanisms is to
develop a security policy.
T F 15. Assurance is the process of examining a computer product or system
with respect to certain criteria.
MULTIPLE CHOICE QUESTIONS:
1. __________ assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may be
disclosed.
A. Availability C. System Integrity
B. Privacy D. Data Integrity
2. ________ assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system.
A. System Integrity C. Data Integrity
B. Availability D. Confidentiality
3. A loss of _________ is the unauthorized disclosure of information.
A. confidentiality C. integrity
B. authenticity D. availability
, 4. A ________ level breach of security could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational assets, or individuals.
A. low C. normal
B. moderate D. high
5. A flaw or weakness in a system’s design, implementation, or operation and management
that could be exploited to violate the system’s security policy is a(n) __________.
A. countermeasure C. vulnerability
B. adversary D. risk
6. An assault on system security that derives from an intelligent act that is a deliberate
attempt to evade security services and violate the security policy of a system is a(n)
__________.
A. risk C. asset
B. attack D. vulnerability
7. A(n) __________ is an action, device, procedure, or technique that reduces a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can
cause, or by discovering and reporting it so that correct action can be taken.
A. attack C. countermeasure
B. adversary D. protocol
8. A(n) _________ is an attempt to learn or make use of information from the system that
does not affect system resources.
A. passive attack C. inside attack
B. outside attack D. active attack
9. Masquerade, falsification, and repudiation are threat actions that cause __________ threat
consequences.
A. unauthorized disclosure C. deception
B. disruption D. usurpation
10. A threat action in which sensitive data are directly released to an unauthorized entity is
__________.
