Tag: security

Questions Related to security

Messages protected by steganography can be transmitted to:

technology security

  1. Picture files

  2. Music files

  3. Video files

  4. All of the above

Show answer
Correct Option: D

An unauthorized and unintended communication path that provides for exchange of information is a:
technology security

  1. Secret link

  2. Covert channel

  3. Covert encryption

  4. Communication pipe

Show answer
Correct Option: B

What is the primary risk of using cryptographic protection for systems or data?
technology security

  1. Loss of the system may mean loss of all data.

  2. A hardware failure may lead to lost data or system integrity.

  3. A disgruntled user may lead to denial of service.

  4. An employee may hide his activities from the security department.

Show answer
Correct Option: C

The testing or reconciliation of evidence of a user’s identity is:
technology security

  1. Authorization

  2. Accountability

  3. Auditing

  4. Authentication

Show answer
Correct Option: D
Explanation:

To solve this question, the user needs to know the definitions of different security concepts and their applications. The user must identify the concept that refers to the testing or reconciliation of evidence of a user's identity.

Now, let's go through each option and explain why it is right or wrong:

A. Authorization: Authorization refers to the process of granting or denying access to a resource based on a user's identity and the permissions associated with that identity. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

B. Accountability: Accountability refers to the state of being responsible or answerable for one's actions. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

C. Auditing: Auditing refers to the process of tracking and evaluating the use of resources or actions taken by users to ensure compliance with policies and regulations. This option is not the correct answer since it does not refer to the testing or reconciliation of evidence of a user's identity.

D. Authentication: Authentication refers to the process of verifying the identity of a user or system. This includes the testing or reconciliation of evidence of a user's identity such as passwords, biometric data, or security tokens. This option is the correct answer.

Therefore, the answer is: D. Authentication.

An ongoing activity that examines either the system or the users, such as intrusion detection, is:
technology security

  1. Auditing

  2. Monitoring

  3. Accounting

  4. Eavesdropping

Show answer
Correct Option: B

The ability to determine the actions and behaviors of a single individual within a system and to identify that particular individual is:
technology security

  1. Authentication

  2. Accountability

  3. Authorization

  4. Nonrepudiation

Show answer
Correct Option: B
Explanation:

To solve this question, the user needs to have knowledge of basic cybersecurity concepts.

The correct answer is:

B. Accountability

Option A, Authentication refers to the process of verifying the identity of a user or system before granting access.

Option C, Authorization is the process of granting or denying access to specific resources or actions.

Option D, Nonrepudiation refers to the ability to prove that a particular action or event occurred and that it cannot be denied by the party who performed it.

Option B, Accountability is the ability to determine the actions and behaviors of a single individual within a system and to identify that particular individual. It is the answer to the question "who did what, when, and how" in a given system.

Therefore, the correct answer is B. Accountability.

The application of multiple layers of protection wherein a subsequent layer will provide protection if a previous layer is breached is:

technology security

  1. Defense-in-depth

  2. Weakest link

  3. Fail-safe

  4. Control analysis

Show answer
Correct Option: A

One of the main characteristics of black box testing of information systems is:
technology security

  1. The testing team is provided full knowledge of the resources to be tested.

  2. The testing team is provided partial knowledge of the resources to be tested and has to acquire some information on its own.

  3. The testing team is provided no knowledge of the resources to be tested and has to acquire information on its own.

  4. The testing team is not permitted direct access to the resources to be tested.

Show answer
Correct Option: C

The right of an individual to protection from unauthorized disclosure of personally identifiable information (PII) is the definition of:
technology security

  1. Security

  2. Confidentiality

  3. Authorization

  4. Privacy

Show answer
Correct Option: D

Which standard addresses credit card and cardholder authentication and is organized as 12 requirements under 6 logically consistent control objectives?
technology security

  1. Payment Card Industry (PCI) Data Privacy Standard (DPS)

  2. Payment Card Industry (PCI) Data Confidentiality Standard (DCS)

  3. Payment Card Industry (PCI) Data Security Standard (DSS)

  4. Payment Card Industry (PCI) Data Authorization Standard (DAS)

Show answer
Correct Option: C