CYBERSECURITY MANAGEMENT TEST BANK (LATEST
UPDATE 2024; 2025); REVIEW QUESTIONS WITH
VERIFIED ANSWERS; 100% CORRECT; GRADE A
Confidentiality - ANS-It's crucial in today's world for people to protect their sensitive, private
information from unauthorized access.
Protecting confidentiality is dependent on being able to define and enforce certain access levels for
information. In some cases, doing this involves separating information into various collections that are
organized by who needs access to the information and how sensitive that information actually is - i.e.
the amount of damage suffered if the confidentiality was breached.
Some of the most common means used to manage confidentiality include access control lists, volume
and file encryption, and Unix file permissions.
Integrity - ANS-Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the
CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and
it ensures that when an authorized person makes a change that should not have been made the damage
can be reversed.
Availability - ANS-This is the final component of the CIA Triad and refers to the actual availability of your
data. Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.
High availability systems are the computing resources that have architectures that are specifically
designed to improve availability. Based on the specific HA system design, this may target hardware
failures, upgrades or power outages to help improve availability, or it may manage several network
connections to route around various network outages.
Identification - ANS-Identification is "the access control mechanism whereby unverified entities who
seek access to a resource provide a label by which they are known to the system"
An information system possesses the characteristic of identification when it is able to recognize
individual users
Identification and authentication are essential to establishing the level of access or authorization that an
individual is granted
Identification is typically performed by means of a user name or other ID
, Authentication - ANS-Authentication is "the access control mechanism that requires the validation and
verification of an unauthenticated entity's purported identity"
Authorization - ANS-Authorization is "the access control mechanism that represents the matching of an
authenticated entity to a list of information assets and corresponding access levels"
After the identity of a user is authenticated, authorization defines what the user (whether a person or a
computer) has been specifically and explicitly permitted by the proper authority to do, such as access,
modify, or delete the contents of an information asset
accountability - ANS-Accountability is "the access control mechanism that ensures all actions on a
system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as
auditability"
Accountability of information occurs when a control provides assurance that every activity undertaken
can be attributed to a named person or automated process
Accountability is most commonly associated with system audit logs
SETA programs - ANS-security education training and awareness
Security program planning including security education, training, and awareness
applied ethics - ANS-Applied ethics is a branch of ethics devoted to the treatment of moral problems,
practices, and policies in personal life, professions, technology, and government
descriptive ethics - ANS-Descriptive ethics is a form of empirical research into the attitudes of individuals
or groups of people. In other words, this is the division of philosophical or general ethics that involves
the observation of the moral decision-making process with the goal of describing the phenomenon.
- ANS-Descriptive ethics is a form of empirical research into the attitudes of individuals or groups of
people. In other words, this is the division of philosophical or
meta ethics - ANS-Metaethics is the study of moral thought and moral language. Rather than addressing
questions about what practices are right and wrong, and what our obligations to other people or future
generations are - questions of so-called 'normative' ethics - metaethics asks what morality actually is.
normative ethics - ANS-Normative ethics, that branch of moral philosophy, or ethics, concerned with
criteria of what is morally right and wrong. It includes the formulation of moral rules that have direct
implications for what human actions, institutions, and ways of life should be like.
deontological ethics - ANS-Deontological ethics, in philosophy, ethical theories that place special
emphasis on the relationship between duty and the morality of human actions. ... In deontological ethics
an action is considered morally good because of some characteristic of the action itself, not because the
product of the action is good.
Civil law - ANS-Civil law encompasses a wide variety of laws that regulate relationships between and
among individuals and organizations.
criminal law - ANS-Criminal law addresses violations that harm society and that are prosecuted by the
state.
UPDATE 2024; 2025); REVIEW QUESTIONS WITH
VERIFIED ANSWERS; 100% CORRECT; GRADE A
Confidentiality - ANS-It's crucial in today's world for people to protect their sensitive, private
information from unauthorized access.
Protecting confidentiality is dependent on being able to define and enforce certain access levels for
information. In some cases, doing this involves separating information into various collections that are
organized by who needs access to the information and how sensitive that information actually is - i.e.
the amount of damage suffered if the confidentiality was breached.
Some of the most common means used to manage confidentiality include access control lists, volume
and file encryption, and Unix file permissions.
Integrity - ANS-Data integrity is what the "I" in CIA Triad stands for. This is an essential component of the
CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and
it ensures that when an authorized person makes a change that should not have been made the damage
can be reversed.
Availability - ANS-This is the final component of the CIA Triad and refers to the actual availability of your
data. Authentication mechanisms, access channels and systems all have to work properly for the
information they protect and ensure it's available when it is needed.
High availability systems are the computing resources that have architectures that are specifically
designed to improve availability. Based on the specific HA system design, this may target hardware
failures, upgrades or power outages to help improve availability, or it may manage several network
connections to route around various network outages.
Identification - ANS-Identification is "the access control mechanism whereby unverified entities who
seek access to a resource provide a label by which they are known to the system"
An information system possesses the characteristic of identification when it is able to recognize
individual users
Identification and authentication are essential to establishing the level of access or authorization that an
individual is granted
Identification is typically performed by means of a user name or other ID
, Authentication - ANS-Authentication is "the access control mechanism that requires the validation and
verification of an unauthenticated entity's purported identity"
Authorization - ANS-Authorization is "the access control mechanism that represents the matching of an
authenticated entity to a list of information assets and corresponding access levels"
After the identity of a user is authenticated, authorization defines what the user (whether a person or a
computer) has been specifically and explicitly permitted by the proper authority to do, such as access,
modify, or delete the contents of an information asset
accountability - ANS-Accountability is "the access control mechanism that ensures all actions on a
system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as
auditability"
Accountability of information occurs when a control provides assurance that every activity undertaken
can be attributed to a named person or automated process
Accountability is most commonly associated with system audit logs
SETA programs - ANS-security education training and awareness
Security program planning including security education, training, and awareness
applied ethics - ANS-Applied ethics is a branch of ethics devoted to the treatment of moral problems,
practices, and policies in personal life, professions, technology, and government
descriptive ethics - ANS-Descriptive ethics is a form of empirical research into the attitudes of individuals
or groups of people. In other words, this is the division of philosophical or general ethics that involves
the observation of the moral decision-making process with the goal of describing the phenomenon.
- ANS-Descriptive ethics is a form of empirical research into the attitudes of individuals or groups of
people. In other words, this is the division of philosophical or
meta ethics - ANS-Metaethics is the study of moral thought and moral language. Rather than addressing
questions about what practices are right and wrong, and what our obligations to other people or future
generations are - questions of so-called 'normative' ethics - metaethics asks what morality actually is.
normative ethics - ANS-Normative ethics, that branch of moral philosophy, or ethics, concerned with
criteria of what is morally right and wrong. It includes the formulation of moral rules that have direct
implications for what human actions, institutions, and ways of life should be like.
deontological ethics - ANS-Deontological ethics, in philosophy, ethical theories that place special
emphasis on the relationship between duty and the morality of human actions. ... In deontological ethics
an action is considered morally good because of some characteristic of the action itself, not because the
product of the action is good.
Civil law - ANS-Civil law encompasses a wide variety of laws that regulate relationships between and
among individuals and organizations.
criminal law - ANS-Criminal law addresses violations that harm society and that are prosecuted by the
state.
