Deck 4: Basic Information Security Model

A) Resources or information that is to be protected
B) Safeguards used to minimize the impact of threats
C) Capabilities, intentions and attack methods of adversaries to cause harm to assets
D) Weaknesses in an information system that can lead to a compromise of an asset

A) They highlight resource or information that is to be protected
B) They highlight weaknesses in information systems that can be compromised
C) They draw attention to the essential details of a problem
D) They describe safeguards used to minimize the impact of threats

A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity

A) Programs that propagate through the network without a user's consent
B) Unauthorized prevention of access to resources
C) Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication
D) Code specifically designed to exploit a computer or data, without the user's consent

A) Unrestricted uploads vulnerability
B) Cross-site scripting vulnerability
C) Buffer overflow vulnerability
D) Lack of input validation vulnerability

A) Viruses
B) Vulnerabilities
C) IDEs to create new attacks
D) Systems to defend against attacks

A) Safeguards used to minimize the impact of threats
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset

A) Describes likely impacts and measures to remove vulnerabilities
B) A list of all known viruses
C) A list of all known information security firms
D) An inventory of known software vulnerabilities

A) Users are allowed access to privileged parts of a program without verification of credentials
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity

A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity

A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity

A) A list of all likely impacts of vulnerabilities
B) A list of all known viruses
C) A list of all known information security firms
D) An inventory of known software vulnerabilities

A) Assets are largely invisible
B) Most assets are easily duplicated
C) Both the above
D) None of the above

A) Safeguards used to minimize the impact of threats
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset

A) Increasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going up
B) Decreasing numbers of new vulnerabilities are being discovered, but the number of attacks is going up
C) Decreasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going down
D) Increasing numbers of new vulnerabilities are being discovered, but the number of attacks is going down

A) Programs that propagate through the network without a user's consent
B) Unauthorized prevention of access to resources
C) Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication
D) Code specifically designed to exploit a computer or data, without the user's consent

A) Programs that propagate through the network without a user's consent
B) Unauthorized prevention of access to resources
C) Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication
D) Code specifically designed to exploit a computer or data, without the user's consent

A) Files are accepted as input without verifying their specifications
B) Input from other users is supplied as output to other users
C) A program puts more data into a storage location than it can hold
D) User input is used without confirming its validity

A) Software used to hide the existence of malicious software on computer systems
B) Exploits that compromise a previously unknown software vulnerability
C) Computers that perform malicious tasks at the direction of a remote controller
D) Manipulating people into performing desired actions

A) Software used to hide the existence of malicious software on computer systems
B) Exploits that compromise a previously unknown software vulnerability
C) Computers that perform malicious tasks at the direction of a remote controller
D) Manipulating people into performing desired actions

A) Use non-technical methods of preventing harm
B) Are the security measures built into the information system itself
C) Perform malicious tasks at the direction of a remote controller
D) Manipulate people into performing desired actions

A) Software used to hide the existence of malicious software on computer systems
B) Exploits that compromise a previously unknown software vulnerability
C) Computers that perform malicious tasks at the direction of a remote controller
D) Manipulating people into performing desired actions

A) Software used to hide the existence of malicious software on computer systems
B) Exploits that compromise a previously unknown software vulnerability
C) Computers that perform malicious tasks at the direction of a remote controller
D) Manipulating people into performing desired actions