Fundamentals of Information Security -
D430 Chapter Exercises (ALL)
Explain the difference between a vulnerability and a hazard.
A threat has the potential to motive harm however can best cause damage if there may be a
vulnerability the danger can make the most.
Without a vulnerability, the hazard can't reason damage.
A vulnerability is a flaw or weakness in an asset's design, implementation, or operation and
control that could be exploited by using a hazard. A chance is a capability for a danger agent to
exploit a vulnerability. A threat is the capacity for loss while the threat happens.
What is a Threat?
A hazard is something that has the capability to cause harm. Threats have a tendency to be
specific to sure environments. I.E. A virus may be elaborate on a Windows OS however the
same virus could be not likely to have any impact on a Linux OS.
What is a vulnerability?
A vulnerability is a weak spot or hole that threats can take advantage of to reason you damage.
Might contain a selected OS or software which you're strolling, the physical vicinity of your
workplace building, a statistics middle that is overpopulated with servers and producing more
warmness than its air-conditioning machine can manage, a loss of backup turbines, or different
factors.
What are six gadgets that might be taken into consideration logical controls?
Passwords, encryption, logical get admission to controls, firewalls, intrusion detection systems,
access control lists.
What time period would possibly you operate to explain the usefulness of information?
Utility refers to how useful the information is to you.
Which category of attack is an assault in opposition to confidentiality?
,Interception attacks allow unauthorized customers to access your data, programs, or
environments, and they are in the main attacks against confidentiality.
How do you already know at what point you can recollect your environment to be cozy?
You never clearly can be completely sure. You conduct regular Pen assessments and
vulnerability exams at the same time as encrypting your facts.
No unmarried hobby or movement will make you certain in every situation.
Defining while you're no longer relaxed is less difficult to explain:
-Not applying protection patches or application updates to your systems.
-Using weak passwords along with "password" or "1234".
-Downloading applications from the net.
-Opening e mail attachments from unknown senders.
-Using wi-fi networks without encryption.
Using the concept of defense in depth, what layers may you use to relaxed your self against a
person getting rid of exclusive facts from your environment on a USB flash force?
Data- encryptionApplication- now not allowing copying of dataHost- multi-aspect
authenticationAll layers can use Logging and auditing in addition to Pen trying out and
vulnerability analyses
Based on the Parkerian hexad, what concepts are affected if you lose a cargo of encrypted
backup tapes that contain private and charge information for your customers?
Confidentiality (someone unauthorized has this facts)Integrity (your backups)Availability (you no
longer have get right of entry to to safe backups)Possession (obvs you don't have it
anymore)Utility (payment data may be very useful to malicious threats)
If the net servers in your surroundings are primarily based on Microsoft's Internet Information
Services (IIS) and a new computer virus is observed that attacks Apache internet servers, what
do you no longer have?
A danger
If you expand a new policy in your surroundings that requires you to use complicated and
automatically generated passwords which are particular to every machine and are a minimum of
30 characters in period, which includes "Qa4(j0nO$&xnlp.C2AL34ca#!Ps321$," what will be
adversely impacted?
Unauthorized sports
, Considering the CIA triad and the Parkerian hexad, what are the advantages and downsides of
each version?
CIA considers unauthorized get admission to to the facts. Parkerian Hexad lets in more intensity
with the addition of ownership/manipulate, application and authenticity.
What is the distinction among verification and authentication of an identity?
Authentication is the established order that a declare to one's identity is genuine, whilst
verification is simply more aid for who they may be claiming to be.
How do you degree the fee at which you fail to authenticate legitimate users in a biometric
system?
This is measured via metrics the False Rejection Rate (FRR) and False Acceptance Rate
(FAR). Ideally, we need the 2 to identical each different.
What do you call the procedure in which the purchaser authenticates to the server and the
server authenticates to the patron?
Mutual authentication
A key would be defined as which type of authentication component?
Something you have
What biometric element describes how properly a characteristic resists alternate through the
years?
Permanence
If you're using an identification card as the premise in your authentication scheme, what steps
may you add to the procedure to can help you flow to multifactor authentication?
Use greater various factors are some thing (password), something you're (Iris experiment),
something you have (swipe card), some thing you do (gait (taking walks) popularity), and the
place you're (at a selected terminal).
If you're the use of an eight-character password that carries best lowercase characters, could
increasing the period to ten characters constitute any widespread increase in electricity? Why or
why now not?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Ashley96. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
