CSE 4471 Quizzes and Homework- Qs & As
evolution Correct Ans-considered the first phase in the security development life-cycle,
concerns include establishing project goals and determining feasibility
analyze Correct Ans-a phase of the security development life-cycle which includes
analyzing potential legal issues as well as performing other risk evaluation processes
design Correct Ans-a phase of the SDLC where we select key components, and finalize
plans for business continuity and incident response
implementation Correct Ans-a phase of the SDLC where we "build it or buy it"
What is the difference between a threat and a threat agent? Correct Ans-threat - an
object, person or entity that represents a danger to assets
threat agent - a person or system who uses exploits to instantiate threats
What are the 3 components of the CIA triangle? Correct Ans-1. confidentiality
2. integrity
3. availability
What are the sides of the McCumber Cube (CNSS security model)? Correct Ans-security
aspect
, CSE 4471 Quizzes and Homework- Qs & As
1. confidentiality
2. integrity
3. availability
state of data
1. storage
2. processing
3. transmission
tool category
1. policy
2. technology
3. education
What is C-2 security? Correct Ans-C-2 security is a level of security where the
person/company must follow those standards to achieve C-2 security. This is part of an A-D, 1-
4 security standard where it shows how strict the security is.
Name the 6 major components of an information system Correct Ans-1. data
2. people
3. networks
4. hardware
, CSE 4471 Quizzes and Homework- Qs & As
5. software
6. procedures
According to the 2015 Information Systems Audit and Control Association (ISAC) report, what
was the biggest gap in the knowledge of security professionals today? Correct Ans-Not
knowing that a security risk exists
asset Correct Ans-a specific organizational resource of value
attack Correct Ans-an intentional or unintentional act that may damage an asset; an action
which instantiates a threat; when a threat becomes realized
countermeasure Correct Ans-a specific security mechanism or policy which is intended to
improve security
threat Correct Ans-an object, person or other entity which represents a danger to assets
authentic Correct Ans-an attribute of information which is genuine
confidential Correct Ans-an attribute of information which has access restrictions
evolution Correct Ans-considered the first phase in the security development life-cycle,
concerns include establishing project goals and determining feasibility
analyze Correct Ans-a phase of the security development life-cycle which includes
analyzing potential legal issues as well as performing other risk evaluation processes
design Correct Ans-a phase of the SDLC where we select key components, and finalize
plans for business continuity and incident response
implementation Correct Ans-a phase of the SDLC where we "build it or buy it"
What is the difference between a threat and a threat agent? Correct Ans-threat - an
object, person or entity that represents a danger to assets
threat agent - a person or system who uses exploits to instantiate threats
What are the 3 components of the CIA triangle? Correct Ans-1. confidentiality
2. integrity
3. availability
What are the sides of the McCumber Cube (CNSS security model)? Correct Ans-security
aspect
, CSE 4471 Quizzes and Homework- Qs & As
1. confidentiality
2. integrity
3. availability
state of data
1. storage
2. processing
3. transmission
tool category
1. policy
2. technology
3. education
What is C-2 security? Correct Ans-C-2 security is a level of security where the
person/company must follow those standards to achieve C-2 security. This is part of an A-D, 1-
4 security standard where it shows how strict the security is.
Name the 6 major components of an information system Correct Ans-1. data
2. people
3. networks
4. hardware
, CSE 4471 Quizzes and Homework- Qs & As
5. software
6. procedures
According to the 2015 Information Systems Audit and Control Association (ISAC) report, what
was the biggest gap in the knowledge of security professionals today? Correct Ans-Not
knowing that a security risk exists
asset Correct Ans-a specific organizational resource of value
attack Correct Ans-an intentional or unintentional act that may damage an asset; an action
which instantiates a threat; when a threat becomes realized
countermeasure Correct Ans-a specific security mechanism or policy which is intended to
improve security
threat Correct Ans-an object, person or other entity which represents a danger to assets
authentic Correct Ans-an attribute of information which is genuine
confidential Correct Ans-an attribute of information which has access restrictions
