ITN 263 Chapter 1 – Flashcards

A security analyst is performing a security assessment. The analyst should not:

True or False? Authentication is a security service that ensures information is reliably available

True or False? The term "security theater" refers to security measures intended to make potential victims feel safe and secure without regard to their effectiveness.

True or False? People can be threat agents in some cases but trustworthy in others.

An attempt by a threat agent to exploit assets without permission is referred to as: A. an attack B. a trade-off C. a vulnerability D. a safeguard

True or False? A supervisory control and data acquisition (SCADA) device is a computer that controls motors, valves, and other devices in industrial applications

When disclosing a security vulnerability in a system or software, the manufacturer should avoid: A. patching the system or software B. including enough detail to allow an attacker to exploit the vulnerability C. notifying customers D. all of the above

OCTAVE is a: A. type of layered defense B. risk-assessment process C. security architecture D. code of conduct

True or False? A vulnerability is a security measure intended to protect an asset.

A rational security decision, such as locking your vehicle when not in use, is an example of: A. reasoned paranoia B. the hunter's dilemma C. integrity D. none of the above

Supervisory control and data acquisition (SCADA) devices are most often associated with: A. retail stores B. universities C. utilities D. business offices

True or False? Authentication is a security service that ensures information is reliably available.

A person skilled in attacking computer systems, who uses those skills as a security expert to help protect systems, is a: A. cracker B. white-hat hacker C. black-hat hacker D. script kiddy

Supervisory control and data acquisition (SCADA) devices are most often associated with: A. retail stores B. universities C. utilities D. business offices

When you analyze a system using the six-phase security process, you are performing a: A. boundary analysis B. risk assessment C. plan-do-check-act cycle D. security architecture study

CIA properties do not include: A. availability B. authentication C. integrity D. confidentiality

A security analyst is performing a security assessment. The analyst should not: A. securely erase all collected information that's not needed for business purposes B. take actions to mitigate a serious risk C. protect all working notes D. get written authorization from the organization to verify that the assessment should take place

An attempt by a threat agent to exploit assets without permission is referred to as: A. a safeguard B. a vulnerability C. an attack D. a trade-off