Computer Security; Principles | Exam Questions
with Complete Solutions 100% Verified Newest
2025
Adequate Security - ANSWER Security commensurate with the risk and the magnitude of
harm resulting from the loss, misuse or unauthorized access to or modification of
information. Source: OMB Circular A-130
Administrative Controls - ANSWER Controls implemented through policy and
procedures. Examples include access control processes and requiring multiple personnel
to conduct a specific operation. Administrative controls in modern environments are
often enforced in conjunction with physical and/or technical controls, such as an access-
granting policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence - ANSWER The ability of computers and robots to simulate human
intelligence and behavior.
Asset - ANSWER Anything of value that is owned by an organization. Assets include both
tangible items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication - ANSWER The act of identifying or verifying the eligibility of a station,
originator, or individual to access specific categories of information. Typically, a measure
designed to protect against fraudulent transmissions by establishing the validity of a
transmission, message, station or originator.
Authorization - ANSWER The right or a permission that is granted to a system entity to
access a system resource. NIST 800-82 Rev.2
, Availability - ANSWER Ensuring timely and reliable access to and use of information by
authorized users.
Baseline - ANSWER A documented, lowest level of security configuration allowed by a
standard or organization.
Biometric - ANSWER Biological characteristics of an individual, such as a fingerprint,
hand geometry, voice, or iris patterns.
Bot - ANSWER Malicious code that acts like a remotely controlled "robot" for an
attacker, with other Trojan and worm capabilities.
Classified or Sensitive Information - ANSWER Information that has been determined to
require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
Confidentiality - ANSWER The characteristic of data or information when it is not made
available or disclosed to unauthorized persons or processes. NIST 800-66
Criticality - ANSWER A measure of the degree to which an organization depends on the
information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
Data Integrity - ANSWER The property that data has not been altered in an unauthorized
manner. Data integrity covers data in storage, during processing and while in transit.
Source: NIST SP 800-27 Rev A
Encryption - ANSWER The process and act of converting the message from its plaintext
to ciphertext. Sometimes it is also referred to as enciphering. The two terms are
sometimes used interchangeably in literature and have similar meanings.
with Complete Solutions 100% Verified Newest
2025
Adequate Security - ANSWER Security commensurate with the risk and the magnitude of
harm resulting from the loss, misuse or unauthorized access to or modification of
information. Source: OMB Circular A-130
Administrative Controls - ANSWER Controls implemented through policy and
procedures. Examples include access control processes and requiring multiple personnel
to conduct a specific operation. Administrative controls in modern environments are
often enforced in conjunction with physical and/or technical controls, such as an access-
granting policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence - ANSWER The ability of computers and robots to simulate human
intelligence and behavior.
Asset - ANSWER Anything of value that is owned by an organization. Assets include both
tangible items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication - ANSWER The act of identifying or verifying the eligibility of a station,
originator, or individual to access specific categories of information. Typically, a measure
designed to protect against fraudulent transmissions by establishing the validity of a
transmission, message, station or originator.
Authorization - ANSWER The right or a permission that is granted to a system entity to
access a system resource. NIST 800-82 Rev.2
, Availability - ANSWER Ensuring timely and reliable access to and use of information by
authorized users.
Baseline - ANSWER A documented, lowest level of security configuration allowed by a
standard or organization.
Biometric - ANSWER Biological characteristics of an individual, such as a fingerprint,
hand geometry, voice, or iris patterns.
Bot - ANSWER Malicious code that acts like a remotely controlled "robot" for an
attacker, with other Trojan and worm capabilities.
Classified or Sensitive Information - ANSWER Information that has been determined to
require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
Confidentiality - ANSWER The characteristic of data or information when it is not made
available or disclosed to unauthorized persons or processes. NIST 800-66
Criticality - ANSWER A measure of the degree to which an organization depends on the
information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
Data Integrity - ANSWER The property that data has not been altered in an unauthorized
manner. Data integrity covers data in storage, during processing and while in transit.
Source: NIST SP 800-27 Rev A
Encryption - ANSWER The process and act of converting the message from its plaintext
to ciphertext. Sometimes it is also referred to as enciphering. The two terms are
sometimes used interchangeably in literature and have similar meanings.
