Computer Security:
Principles and Practice
Midterm Review Exam
1. What is computer security?
Answer:
Computer security is the protection of information systems from theft, damage,
disruption, or unauthorized access while maintaining confidentiality, integrity, and
availability (CIA triad).
2. What are the three primary security objectives?
Answer:
Confidentiality – Prevent unauthorized disclosure of data.
Integrity – Ensure data accuracy and completeness.
Availability – Ensure systems and data are accessible when needed.
3. What is the difference between a threat, vulnerability, and attack?
Answer:
Threat: A potential cause of an unwanted event.
,Vulnerability: A weakness that could be exploited by a threat.
Attack: An action that exploits a vulnerability to cause harm.
4. What are the main types of security attacks?
Answer:
Passive attacks: Eavesdropping or monitoring (e.g., traffic analysis, sniffing).
Active attacks: Altering or disrupting data (e.g., modification, denial of service).
5. What is risk management in security?
Answer:
The process of identifying, assessing, and mitigating risks to acceptable levels using
risk analysis, control selection, and continuous monitoring.
🔒 Section 2: Cryptography
6. What is the difference between symmetric and asymmetric encryption?
Answer:
Symmetric: Same key for encryption and decryption (e.g., AES, DES).
Asymmetric: Different keys for encryption and decryption (e.g., RSA, ECC).
7. What are the key components of a symmetric encryption system?
Answer:
Plaintext
,Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
8. What is the purpose of a hash function?
Answer:
To produce a fixed-size digest from variable-length input data, ensuring data
integrity (e.g., SHA-256).
9. What is a digital signature?
Answer:
A cryptographic mechanism that authenticates the sender and ensures message
integrity and non-repudiation using a private key.
10. What is a Public Key Infrastructure (PKI)?
Answer:
A system of hardware, software, and policies used to manage digital certificates and
public-key encryption.
🧱 Section 3: Access Control and Authentication
11. What are the main types of authentication factors?
Answer:
, Something you know (password, PIN)
Something you have (token, smart card)
Something you are (biometrics)
12. What is the difference between DAC, MAC, and RBAC?
Answer:
DAC (Discretionary Access Control): Owner controls access.
MAC (Mandatory Access Control): Access based on system-enforced policies.
RBAC (Role-Based Access Control): Access based on user roles.
13. What is multifactor authentication and why is it important?
Answer:
Combining two or more authentication factors to strengthen security and reduce
unauthorized access.
14. What are the main components of an access control system?
Answer:
Subjects – Active entities (users/processes)
Objects – Resources (files, databases)
Access rights – Permissions
Principles and Practice
Midterm Review Exam
1. What is computer security?
Answer:
Computer security is the protection of information systems from theft, damage,
disruption, or unauthorized access while maintaining confidentiality, integrity, and
availability (CIA triad).
2. What are the three primary security objectives?
Answer:
Confidentiality – Prevent unauthorized disclosure of data.
Integrity – Ensure data accuracy and completeness.
Availability – Ensure systems and data are accessible when needed.
3. What is the difference between a threat, vulnerability, and attack?
Answer:
Threat: A potential cause of an unwanted event.
,Vulnerability: A weakness that could be exploited by a threat.
Attack: An action that exploits a vulnerability to cause harm.
4. What are the main types of security attacks?
Answer:
Passive attacks: Eavesdropping or monitoring (e.g., traffic analysis, sniffing).
Active attacks: Altering or disrupting data (e.g., modification, denial of service).
5. What is risk management in security?
Answer:
The process of identifying, assessing, and mitigating risks to acceptable levels using
risk analysis, control selection, and continuous monitoring.
🔒 Section 2: Cryptography
6. What is the difference between symmetric and asymmetric encryption?
Answer:
Symmetric: Same key for encryption and decryption (e.g., AES, DES).
Asymmetric: Different keys for encryption and decryption (e.g., RSA, ECC).
7. What are the key components of a symmetric encryption system?
Answer:
Plaintext
,Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
8. What is the purpose of a hash function?
Answer:
To produce a fixed-size digest from variable-length input data, ensuring data
integrity (e.g., SHA-256).
9. What is a digital signature?
Answer:
A cryptographic mechanism that authenticates the sender and ensures message
integrity and non-repudiation using a private key.
10. What is a Public Key Infrastructure (PKI)?
Answer:
A system of hardware, software, and policies used to manage digital certificates and
public-key encryption.
🧱 Section 3: Access Control and Authentication
11. What are the main types of authentication factors?
Answer:
, Something you know (password, PIN)
Something you have (token, smart card)
Something you are (biometrics)
12. What is the difference between DAC, MAC, and RBAC?
Answer:
DAC (Discretionary Access Control): Owner controls access.
MAC (Mandatory Access Control): Access based on system-enforced policies.
RBAC (Role-Based Access Control): Access based on user roles.
13. What is multifactor authentication and why is it important?
Answer:
Combining two or more authentication factors to strengthen security and reduce
unauthorized access.
14. What are the main components of an access control system?
Answer:
Subjects – Active entities (users/processes)
Objects – Resources (files, databases)
Access rights – Permissions
