CSE 4471 UPDATED Exam Questions and
CORRECT Answers
Information System - CORRECT ANSWER- Software, Hardware, Data, People, Procedure,
Network
Information Security - CORRECT ANSWER- Protection of information and critical elements
including use, storage, and transmission. Uses policy, awareness, training, education, and
technology
Computer - CORRECT ANSWER- Key component in information system, subject or object
of attack - can be on either side of the attack
Balance - CORRECT ANSWER- Between protection and availability. Level must allow
access to authorized users, but protect against threats.
CIA Triangle - CORRECT ANSWER- Confidentiality, Integrity, Availability
History of Information Security - CORRECT ANSWER- Began with the first mainframes in
WWII, with ARPA. Rand Report R-609 began study of safety of data, limiting unauthorized
access, involvement of personnel from multiple levels of an organization
Access - CORRECT ANSWER- Ability to interact with resource, illegal or legal
Asset - CORRECT ANSWER- Specific resource of value
Attack - CORRECT ANSWER- Act, intentional or unintentional that may damage asset
Countermeasure - CORRECT ANSWER- Mechanism or policy intended to improve security
Exploit - CORRECT ANSWER- Technique used to compromise a system
,Loss - CORRECT ANSWER- Instance of asset suffering damage
Threat Agent - CORRECT ANSWER- Person/system who uses exploit to instantiate threat
Vulnerability - CORRECT ANSWER- System weakness or fault that decreases security
Available - CORRECT ANSWER- Attribute which is accessible for use w/o obstruction
Accurate - CORRECT ANSWER- Attribute which is free from errors
Authentic - CORRECT ANSWER- Attribute which is genuine
Confidential - CORRECT ANSWER- Attribute which has access restrictions
Integrity - CORRECT ANSWER- Attribute which is complete and uncorrupted
Utility - CORRECT ANSWER- Attribute which has useful purpose
Possession - CORRECT ANSWER- Attribute which describes data ownership
CNSS Security Model - CORRECT ANSWER- Transmission, Storage, Processing
Confidentiality, Integrity, Availability
Education, Policy, Technology
Software - CORRECT ANSWER- Applications, OS, Utility. Difficult to secure, bugs can be
exploited, created under time/cost constraints and security is usually an afterthought
Hardware - CORRECT ANSWER- Physical computational technology - often no guarantee
of security if physical access to hardware is gained
, Networks - CORRECT ANSWER- Physical communication technology - no guarantee if
physical access is gained, miles of coverage, increased potential for access by unauthorized
users
Data - CORRECT ANSWER- Stored, processed, or transmitted assets. Most valuable, wide
variation of usage, approach is often haphazard, inconsistent, and solutions often impede
access
Procedures - CORRECT ANSWER- Protection of written instruction and policy - often
overlooked and loss thereof can result in loss
C-2 TCSEC Discretionary Access Control - CORRECT ANSWER- Grant/deny access to
specific resources to users/groups
C-2 TCSEC Individual Authentication/Login - CORRECT ANSWER- User identification via
unique password
C-2 TCSEC Object Reuse - CORRECT ANSWER- Memory and disk must not be readable
after deletion
C-2 TCSEC Audit Trail - CORRECT ANSWER- Audited actions must associate user, access
to audit data must be limited to administrators
C-2 TCSEC Resource Isolation - CORRECT ANSWER- System protected from external
modification of running operating system or stored system files
Systems Development Life-Cycle - CORRECT ANSWER- Requirement Analysis, Design,
Implementation, Testing, Evolution
Security Development Life-Cycle - CORRECT ANSWER- Analyze, Design,
Implementation, Testing, Evolution
Analyze - CORRECT ANSWER- - enumerate specific threat impacts
- analyze potential legal issues
- risk evaluation and management
