TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false. 1) With the introduction of the computer the need for automated tools for protecting files and other information stored on the computer became evident. 2) There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs. 3) There are clear boundaries between network security and internet security. 4) The CIA triad embodies the fundamental security objectives for both data and for information and computing services. 5) In developing a particular security mechanism or algorithm one must always consider potential attacks on those security features. 6) A loss of confidentiality is the unauthorized modification or destruction of information. 7) Patient allergy information is an example of an asset with a moderate requirement for integrity. 8) The more critical a component or service, the higher the level of availability required. 9) Data origin authentication provides protection against the duplication or modification of data units. 10) The emphasis in dealing with passive attacks is on prevention rather than detection. 11) Data integrity is the protection of data from unauthorized disclosure. 12) Information access threats exploit service flaws in computers to inhibit use by legitimate users. 13) Viruses and worms are two examples of software attacks. 14) A connection-oriented integrity service deals with individual messages without regard to any larger context and generally provides protection against message modification only. 15) Pervasive security mechanisms are not specific to any particular OSI security service or protocol layer. MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. 16) _________ security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. A) Internet B) Computer C) Network D) Intranet 16) 1)
6) 7) 8) 9)
10) 11) 12) 13) 14)
17) Verifying that users are who they say they are and that each input arriving at the system came from a trusted source is _________ . A) accountability B) authenticity C) integrity D) confidentiality 18) __________ assures that systems work promptly and service is not denied to authorized users. A) Availability B) Integrity C) System integrity D) Data confidentiality 19) __________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. A) System integrity B) Availability C) Data confidentiality D) Privacy 20) The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is _________ . A) authenticity B) privacy C) accountability D) integrity 21) __________ attacks attempt to alter system resources or affect their operation. A) Active B) Release of message content C) Traffic analysis D) Passive 22) A __________ takes place when one entity pretends to be a different entity. A) masquerade B) passive attack C) replay D) modification of message 23) X.800 defines _________ as a service that is provided by a protocol layer of communicating open systems and that ensures adequate security of the systems or of data transfers. A) integrity B) security service C) replay D) authenticity 24) _________ is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB. A) ITU-T B) ISOC C) ISO D) FIPS 25) The protection of data from unauthorized disclosure is _________ . A) nonrepudiation B) data confidentiality C) access control D)...