Exam 2: General Security Concepts

Computer security and information assurance are the same thing.

A person who tries to gradually obtain information necessary to compromise a network-by first appealing for help,and then,if necessary,by a more aggressive approach-is a(n)__________.

Jane spends quite a bit of time on Facebook,and other social networking sites during work hours.This has resulted in reduced productivity.This is likely a violation of which policy?

In the context of information security,what does the acronym CIA stand for? Explain each term.

A list of web sites that can be visited is created.Only sites that are on the list are allowed to be accessed.This is an example of which principle?

Which of the following is not one of the three general methods used in authentication?

Requiring one employee to place an order and another employee to authorize the sale is an example of which principle?

A database server is put on the network by the for a project manager.No one is told it is there except for the project manager,so that he can work on it without worrying that other individuals will try to get to it.This is an example of which principle?

Bob works in a small office with a network of computers.Bob,along with all the other employees,is responsible for securing his own computer on the network.This is an example of network security.

Ensuring that users have access only to the files they need to complete their tasks is an example of which principle?

_______________ deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified.

The objective of the Bell-LaPadula security model is integrity.

The operational model of security is _____________.

The IDS fails to alert on an intruder's ping sweep and port scan.This is a failure of which element of the operational model of computer security?

_______________ security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.

A company doing business online conducted all financial transactions over the Internet without any encryption.As a result,customer information such as credit card numbers,expiration dates,and the security codes found on the back of the credit cards was stolen.This is a violation of which policy?

Authentication means that the person who sends and e-mail will be unable to deny sending the e-mail.

Operating systems and applications all implement rights and permissions the same way.

Ensuring that changes made to the data are only done by users who are authorized to do so protects the data's _______________.

Ensuring that and individual is who they claim to be is the function of _________.