ICT 550 Mid-term Exam Questions With
Already Solved Correctly Answers | 2025
What are two certifications that are good to get? CORRECT ANSWERS 1. ISC
2. EC Council
Explain the connection between vulnerability, threat and risk CORRECT ANSWERS
There is only RISK if you have BOTH vulnerability and a threat (think vin diagram)
Name all 6 types of threats CORRECT ANSWERS 1. Modification
2. Destruction
3. Disclosure
4. Interception
5. Interruption
6. Fabrication
MDDIIF
6 Types of Threats:
Modification CORRECT ANSWERS Accidentally or maliciously changing the data
6 Types of Threats:
Destruction CORRECT ANSWERS Destroying the data
6 Types of Threats:
Disclosure CORRECT ANSWERS Someone accesses data they are not authorized to
see
6 Types of Threats:
Interception (the tricky one) CORRECT ANSWERS Unauthorized actor gains access to
computer or data resources. Think 'wiretapping' the network and listening
6 Types of Threats:
Interruption CORRECT ANSWERS Services are interrupted or slowed. Think DOS
attack
6 Types of Threats:
Fabrication CORRECT ANSWERS Adding false accounts or records to a database
5 Pillars of data security (w/ explaination) CORRECT ANSWERS *C.I.A (A.N)*
*C*onfidentiality
*I*ntegrity - only authorized people make changes
, *A*vailabillity - everyone that needs access can
*A*unthentication - checking accuracy of data
*N*on-repudiation - people cannot deny performing an action on the data
What are *three* core principles to ensure tech security? CORRECT ANSWERS
*Principle of easiest penetration* - attacker stick to the safest, easiest and fastest
means to achieve goals.
*Principle of timeliness* - have systems in place that trigger a delay in cracking the
system.
*Principle of effectiveness* - If your security polices are not PRACTICAL then they will
be ignored. Must not interfere with normal operations.
Define an 'attack' CORRECT ANSWERS any attempt to gain unauthorized access to or
deny authorized users access to a system
Since attacks are always going to happen, the focus should be on ... CORRECT
ANSWERS Detecting and recovering from them
A good security policy includes what two parts? CORRECT ANSWERS 1. Ability to
detect attacks
2. Have spelled out exactly what to do in the event of an attack
Is a computer hack necessarily a crime? CORRECT ANSWERS No. Computer crimes
are only those that break laws and regulations
Name as many of the 6 types of attacks as possible. What is the difference between
business and financial? CORRECT ANSWERS 1. Military/intelligence attacks
2. Business attacks
3. Financial attacks
4. terrorist attacks
5. grudge attacks
6. fun attacks
*Business is stealing sensitive data, financial is focused on money/goods stolen*
Define • Computer Security Incident CORRECT ANSWERS the act of violating an
explicit or implied security policy (as laid out in the security policy)
Distinguish between an incident and a attack CORRECT ANSWERS Incident is a
violation of the SECURITY POLICY, which may not even be malicious (using FB)
Already Solved Correctly Answers | 2025
What are two certifications that are good to get? CORRECT ANSWERS 1. ISC
2. EC Council
Explain the connection between vulnerability, threat and risk CORRECT ANSWERS
There is only RISK if you have BOTH vulnerability and a threat (think vin diagram)
Name all 6 types of threats CORRECT ANSWERS 1. Modification
2. Destruction
3. Disclosure
4. Interception
5. Interruption
6. Fabrication
MDDIIF
6 Types of Threats:
Modification CORRECT ANSWERS Accidentally or maliciously changing the data
6 Types of Threats:
Destruction CORRECT ANSWERS Destroying the data
6 Types of Threats:
Disclosure CORRECT ANSWERS Someone accesses data they are not authorized to
see
6 Types of Threats:
Interception (the tricky one) CORRECT ANSWERS Unauthorized actor gains access to
computer or data resources. Think 'wiretapping' the network and listening
6 Types of Threats:
Interruption CORRECT ANSWERS Services are interrupted or slowed. Think DOS
attack
6 Types of Threats:
Fabrication CORRECT ANSWERS Adding false accounts or records to a database
5 Pillars of data security (w/ explaination) CORRECT ANSWERS *C.I.A (A.N)*
*C*onfidentiality
*I*ntegrity - only authorized people make changes
, *A*vailabillity - everyone that needs access can
*A*unthentication - checking accuracy of data
*N*on-repudiation - people cannot deny performing an action on the data
What are *three* core principles to ensure tech security? CORRECT ANSWERS
*Principle of easiest penetration* - attacker stick to the safest, easiest and fastest
means to achieve goals.
*Principle of timeliness* - have systems in place that trigger a delay in cracking the
system.
*Principle of effectiveness* - If your security polices are not PRACTICAL then they will
be ignored. Must not interfere with normal operations.
Define an 'attack' CORRECT ANSWERS any attempt to gain unauthorized access to or
deny authorized users access to a system
Since attacks are always going to happen, the focus should be on ... CORRECT
ANSWERS Detecting and recovering from them
A good security policy includes what two parts? CORRECT ANSWERS 1. Ability to
detect attacks
2. Have spelled out exactly what to do in the event of an attack
Is a computer hack necessarily a crime? CORRECT ANSWERS No. Computer crimes
are only those that break laws and regulations
Name as many of the 6 types of attacks as possible. What is the difference between
business and financial? CORRECT ANSWERS 1. Military/intelligence attacks
2. Business attacks
3. Financial attacks
4. terrorist attacks
5. grudge attacks
6. fun attacks
*Business is stealing sensitive data, financial is focused on money/goods stolen*
Define • Computer Security Incident CORRECT ANSWERS the act of violating an
explicit or implied security policy (as laid out in the security policy)
Distinguish between an incident and a attack CORRECT ANSWERS Incident is a
violation of the SECURITY POLICY, which may not even be malicious (using FB)
