Fundamentals of Information Security - C836 -
Chapter 1 questions and answers 2024\2025 A+
Grade
Explain the difference between a vulnerability and a threat.
- correct answer Threat
· Person or a thing likely to cause damage or danger
· Danger posed by someone else
· Can be identified, but cannot be controlled
Vulnerability
· Refers to being open to attack or damage
· Flaw or weakness in us
· Can be identified and corrected
What are six items that might be considered logical controls?
- correct answer 1. Passwords 2. Encryption 3. Access controls 4. Firewalls 5. Intrusion detection systems
6. Biometric
What term might you use to describe the usefulness of data?
- correct answer Utility
Which category of attack is an attack against confidentiality?
- correct answer Interception
How do you know at what point you can consider your environment to be secure?
- correct answer You can never be sure if an environment is secure. It's easier to name what is insecure.
We can take action & fix insecurities.
,Using the concept of defense in depth, what layers might you use to secure yourself against someone
removing confidential data from your environment on a USB flash drive?
- correct answer Implement control layers; specifically technical and administrative controls
Based on the Parkerian hexad, what principles are affected if you lose a shipment of encrypted backup
tapes that contain personal and payment information for your consumers?
- correct answer possession or control
If the web servers in your environment are based on Microsoft's Internet Information Services (IIS) and a
new worm is discovered that attacks Apache web servers, what do you not have?
- correct answer We do not have security***
If you develop a new policy for your environment that requires you to use complex and automatically
generated passwords that are unique to each system and are a minimum of 30 characters in length,
such as "!Qa4(j0nO$&xn1%2AL34ca#!Ps321$", what will be adversely impacted?
- correct answer The difficulty of passwords would increase exponentially
Considering CIA triad and Parkerian hexad, what are the advantages and disadvantages of each model?
- correct answer The Parkerian Hexad advantage is that it is an updated approach that expands on the
original three elements of the CIA Triade.
The Parkerian Hexad disadvantage would be that it does not take into account the authorized but
incorrect modification of data.
The advantage of the CIA is that it tends to be more security focused towards data.
A disadvantage to the CIA is that it is sometimes confused with the Central Intelligence Agency.
8 High-level Domains of Certified Information System Security Professionals (CISSP)
- correct answer 1. Security & Risk Management
2. Asset Security
3. Security Architecture & Engineering
4. Communication & Network Security
, 5. Identity & Access Management
6. Security Assessment & Testing
7. Security Operations
8. Software Development Security
CIA Triade
- correct answer 1. Confidentiality (IT security)
2. Integrity (IT security)
3. Availability (Business Need)
Confidentiality (CIA Triade)
- correct answer · Protection of information from unauthorized access
· Emphasizes the need for information protection
· Requires measures to ensure that only authorized people are allowed to access the information
Integrity (CIA Triade)
- correct answer the condition where information is kept accurate and consistent unless authorized
changes are made
integrity is maintained when the information remains unchanged during storage, transmission, and
usage not involving modification to the information
relates to information security because accurate and consistent information is a result of proper
protection
Availability (CIA Triade)
- correct answer where information is available when and where it is rightly needed.
Secure data, ensure it is not tampered with & ensure it is available when it needs to be for business
purposes
Chapter 1 questions and answers 2024\2025 A+
Grade
Explain the difference between a vulnerability and a threat.
- correct answer Threat
· Person or a thing likely to cause damage or danger
· Danger posed by someone else
· Can be identified, but cannot be controlled
Vulnerability
· Refers to being open to attack or damage
· Flaw or weakness in us
· Can be identified and corrected
What are six items that might be considered logical controls?
- correct answer 1. Passwords 2. Encryption 3. Access controls 4. Firewalls 5. Intrusion detection systems
6. Biometric
What term might you use to describe the usefulness of data?
- correct answer Utility
Which category of attack is an attack against confidentiality?
- correct answer Interception
How do you know at what point you can consider your environment to be secure?
- correct answer You can never be sure if an environment is secure. It's easier to name what is insecure.
We can take action & fix insecurities.
,Using the concept of defense in depth, what layers might you use to secure yourself against someone
removing confidential data from your environment on a USB flash drive?
- correct answer Implement control layers; specifically technical and administrative controls
Based on the Parkerian hexad, what principles are affected if you lose a shipment of encrypted backup
tapes that contain personal and payment information for your consumers?
- correct answer possession or control
If the web servers in your environment are based on Microsoft's Internet Information Services (IIS) and a
new worm is discovered that attacks Apache web servers, what do you not have?
- correct answer We do not have security***
If you develop a new policy for your environment that requires you to use complex and automatically
generated passwords that are unique to each system and are a minimum of 30 characters in length,
such as "!Qa4(j0nO$&xn1%2AL34ca#!Ps321$", what will be adversely impacted?
- correct answer The difficulty of passwords would increase exponentially
Considering CIA triad and Parkerian hexad, what are the advantages and disadvantages of each model?
- correct answer The Parkerian Hexad advantage is that it is an updated approach that expands on the
original three elements of the CIA Triade.
The Parkerian Hexad disadvantage would be that it does not take into account the authorized but
incorrect modification of data.
The advantage of the CIA is that it tends to be more security focused towards data.
A disadvantage to the CIA is that it is sometimes confused with the Central Intelligence Agency.
8 High-level Domains of Certified Information System Security Professionals (CISSP)
- correct answer 1. Security & Risk Management
2. Asset Security
3. Security Architecture & Engineering
4. Communication & Network Security
, 5. Identity & Access Management
6. Security Assessment & Testing
7. Security Operations
8. Software Development Security
CIA Triade
- correct answer 1. Confidentiality (IT security)
2. Integrity (IT security)
3. Availability (Business Need)
Confidentiality (CIA Triade)
- correct answer · Protection of information from unauthorized access
· Emphasizes the need for information protection
· Requires measures to ensure that only authorized people are allowed to access the information
Integrity (CIA Triade)
- correct answer the condition where information is kept accurate and consistent unless authorized
changes are made
integrity is maintained when the information remains unchanged during storage, transmission, and
usage not involving modification to the information
relates to information security because accurate and consistent information is a result of proper
protection
Availability (CIA Triade)
- correct answer where information is available when and where it is rightly needed.
Secure data, ensure it is not tampered with & ensure it is available when it needs to be for business
purposes
