Computer Security Quiz 1 Name___________________________________ ID_______________________

TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false. 1) The CIA triad embodies the fundamental security objectives for both data and for information and computing services. 2) A loss of confidentiality is the unauthorized modification or destruction of information. 3) The OSI security architecture provides a systematic framework for defining security attacks, mechanisms, and services. 4) The data integrity service inserts bits into gaps in a data stream to frustrate traffic analysis attempts. 5) Two specific authentication services defined in X.800 are peer entity authentication and Data form authentication.

1) _______

2) _______ 3) _______

4) _______

5) _____________

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. 6) __________ involves the passive capture of a data unit and its subsequent retransmission to 6) _______ produce an unauthorized effect. A) Masquerade B) Disruption C) Replay D) Service denial 7) Verifying that users are who they say they are and that each input arriving at the system came from a trusted source is _________ . A) accountability B) integrity C) authenticity D) credibility 8) A __________ takes place when one entity pretends to be a different entity. A) masquerade B) service denial C) replay 7) _______

8) _______ D) passive attack 9) _______

9) A(n) __________ service is one that protects a system to ensure its availability and addresses the security concerns raised by denial-of-service attacks. A) masquerade B) integrity C) availability D) replay 10) A _________ level breach of security could cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced. A) high B) low C) catastrophic D) moderate

10) ______

1) 2) 3) 4) 5) 6) 7) 8) 9) 10) D

TRUE FALSE TRUE FALSE TRUE C C A C

Computer Security Quiz 1 Name___________________________________ ID_______________________________

TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false. 1) Security attacks are classified as either passive or aggressive. 2) Security services include access control, data confidentiality and data integrity, but do not include authentication. 3) Patient allergy information is an example of an asset with a high requirement for integrity. 4) Viruses and worms are two examples of software attacks.

1) _______ 2) _______

3) _______ 4) _______

5) X.800 divides security services into five categories: authentication, access control, nonrepudiation, data integrity and data confidentiality.

5_____ )

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. 6) A common technique for masking contents of messages or other information traffic so that 6) _______ opponents can not extract the information from the message is __________ . A) integrity B) analysis C) masquerade D) encryption 7) The three concepts that form what is often referred to as the CIA triad are ________ . These three concepts embody the fundamental security objectives for both data and for information and computing services. A) confidentiality, integrity, access control B) communication, information and authenticity C) confidentiality, integrity and availability D) communication, integrity and authentication 8) A loss of __________ is the unauthorized disclosure of information. A) authenticity B) integrity C) reliability 7) _______

8) _______ D) confidentiality 9) _______

9) A _________ level breach of security could cause a significant degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced. A) high B) moderate C) catastrophic D) low 10) A __________ takes place when one entity pretends to be a different entity. A) service denial B) passive attack C) replay

10) ______ D) masquerade

1) 2) 3) 4) 5) 6) 7) 8) 9) 10) D

FALSE FALSE TRUE TRUE TRUE D C D B

Computer Security Quiz 1 Name___________________________________ ID_______________________

TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false. 1) The OSI security architecture provides a systematic framework for defining security attacks, mechanisms, and services. 2) Data origin authentication does not provide protection against the modification of data units. 3) The emphasis in dealing with active attacks is on prevention rather than detection. 4) Symmetric encryption is used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords. 5) The field of network and Internet security consists of measures to deter, prevent, detect and correct security violations that involve the transmission of information.

1) _______

2) _______ 3) _______ 4) _______

5) _______

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. 6) __________ is the most common method used to conceal small blocks of data, such as encryption 6) _______ keys and hash function values, which are used in digital signatures. A) Authentication protocols B) Symmetric encryption C) Asymmetric encryption D) Data integrity algorithms 7) __________ involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. A) Masquerade B) Disruption C) Service denial D) Replay 8) A loss of __________ is the unauthorized disclosure of information. A) authenticity B) integrity C) reliability 7) _______

8) _______ D) confidentiality 9) _______

9) Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery is a(n) ___________ . A) digital signature B) security audit trail C) authentication exchange D) encipherment 10) The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ . A) authenticity B) privacy C) accountability D) integrity

10) ______

1) 2) 3) 4) 5) 6) 7) 8) 9) 10)

TRUE TRUE FALSE TRUE TRUE C D D A C