Q1: The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity is known as -------------------------
a. authentication
b. accountability
c. confidentiality
d. authorization
Solution: authentication
Q2: An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems is known as ___________________
a. Privacy
b. Integrity
c. disclosure
d. Confidentiality
Solution: Confidentiality
Q3: Which of these statements define threat?
a. A potential weakness in an asset or its defensive control system(s).
b. An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.
c. Any event or circumstance that has the potential to adversely affect operations and assets.
d. A single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use.
Solution: Any event or circumstance that has the potential to adversely affect operations and assets.
Q4: ________________responsible for the security and use of a particular set of information
a. Data user
b. Data Subject
c. Data Custodian
d. Data owner
Solution: Data owner
Q5: Recently, a ransomware incident was announced in the local news that could infect similar Operating Systems that are being used by your company.
Identify THREE (3) most important assets in your company that could be affected by this malware threat.
Solution: 1. Bussiness Documents and Excel Sheets
2. Websites images and other resources
3. Back up server files
Q6: Explain why those assets are considered important.
Solution: 1. Bussiness Documents and Excel Sheets: All the business corresponding and financial data of the organization is stored in these documents
2. Websites images and other resources: This will damage the reputation of the company as the notice of the ransomware will be shown on the website
3. Back up server files: The backup data of the company will also not be available and nothing will be available for employees to do work on.
Q7: List at least TWO (2) vulnerabilities for each of the assets in (a) that are relevant to the malware threat.
Solution: 1. Bussiness Documents and Excel Sheets:
+ Using Microsoft office macros.
+ By clicking links of downloaded word file
2. Websites images and other resources:
+ By SQL injection Attack
+ By OS command injection Attack
3. Back up server files:
+ Malware spreading from network
+ SMB protocol (Eternal Blue)
Q8: Identify ONE (1) possible RISK for each of the asset you listed
Solution: 1. Bussiness Documents and Excel Sheets:
Unavailability of the resources
2. Websites images and other resources:
Damage to the reputation of the company
3. Back up server files:
Unavailability of the resources
No comments:
Post a Comment