4. Security Requirements

Question 1

What is the CIA triad in information security?

Answer 1

Confidentiality, Integrity, and Availability — the three core security objectives.

Question 2

What is confidentiality?

Answer 2

Preventing unauthorized reading of information; keeping data secret from unauthorized entities.

Question 3

What is integrity in information security?

Answer 3

Ensuring data cannot be altered by unauthorized or unknown means.

Question 4

What is availability?

Answer 4

Ensuring authorized users can access information and services when needed.

Question 5

What type of attack threatens availability?

Answer 5

Denial of Service (DoS) attacks.

Question 6

Why is availability important for both users and organizations?

Answer 6

Users need access to services; organizations lose revenue and trust if systems are unavailable.

Question 7

What is Denial of Service (DoS)?

Answer 7

An attack aimed at reducing or preventing access to information or services.

Question 8

Why is CIA not sufficient alone for security?

Answer 8

It does not address identity verification, permissions, or accountability.

Question 9

What is authentication?

Answer 9

Verifying the identity of an entity (user, system, device).

Question 10

What is entity authentication?

Answer 10

Confirming the identity of a person, computer, or device.

Question 11

What is message authentication?

Answer 11

Verifying the source of information (data origin authentication).

Question 12

Why is network authentication difficult?

Answer 12

Attackers can intercept, modify, replay, or forge messages.

Question 13

What is replay attack?

Answer 13

Reusing old valid messages to impersonate a legitimate user.

Question 14

What role does cryptography play in authentication?

Answer 14

It secures credentials and protects authentication protocols.

Question 15

What is authorization?

Answer 15

Restricting what an authenticated user is allowed to do.

Question 16

How does authorization differ from authentication?

Answer 16

Authentication verifies identity; authorization controls permissions.

Question 17

What is access control?

Answer 17

The combined process of authentication and authorization.

Question 18

What is non-repudiation?

Answer 18

Preventing an entity from denying previous actions or commitments.

Question 19

What is a digital signature used for?

Answer 19

Binding information to an entity and supporting integrity and non-repudiation.

Question 20

What is certification?

Answer 20

Endorsement of information by a trusted entity.

Question 21

What is validation in security objectives?

Answer 21

Ensuring authorization is timely and still valid.

Question 22

What is timestamping?

Answer 22

Recording the time of creation or existence of information.

Question 23

What is witnessing?

Answer 23

Verifying information creation or existence by a third party.

Question 24

What is receipt?

Answer 24

Acknowledgement that information has been received.

Question 25

What is confirmation?

Answer 25

Acknowledgement that a service has been provided.

Question 26

What is ownership in information security?

Answer 26

The legal right to use or transfer a resource.

Question 27

What is anonymity?

Answer 27

Concealing the identity of an entity involved in a process.

Question 28

What is revocation?

Answer 28

Withdrawal of authorization or certification.

Question 29

Why is revocation important?

Answer 29

It limits damage when credentials or permissions are compromised.