Information Security Quiz

Which of the following is NOT a core principle of most security models? a) Confidentiality: Protecting information from unauthorized access. b) Integrity: Ensuring information accuracy and completeness. c) Availability: Guaranteeing authorized access to information. d) Transparency: Making security policies and procedures clear.

What is the term for a potential source of harm or damage to an information system? a) Vulnerability: A weakness that can be exploited. b) Threat: An actor capable of causing harm. c) Control: A measure to mitigate risk. d) Harm: The negative impact of a security incident.

What type of harm does data manipulation and corruption fall under? a) Confidentiality breach b) Integrity violation c) Availability disruption d) All of the above

Which of the following is NOT a common vulnerability in software applications? a) Input validation flaws b) Buffer overflows c) Logic errors d) Physical security weaknesses

What is the main purpose of access control mechanisms? a) To grant authorized users access to information. b) To prevent unauthorized users from accessing information. c) To track and monitor user activity. d) All of the above

What is the difference between authentication and authorization? a) Authentication verifies identity, while authorization grants permissions. b) Authentication verifies authorization, while authorization restricts access. c) They are the same concept with different names. d) Authentication is for users, while authorization is for systems.

Unintentional programming oversights can create vulnerabilities. What is an example of such an oversight? a) Leaving debug code active in production software. b) Using insecure cryptographic algorithms. c) Failing to properly handle user input. d) All of the above

Malicious code, such as malware, can exploit vulnerabilities to cause harm. What is a common type of malware that spreads through email attachments? a) Trojan horse b) Worm c) Ransomware d) Spyware

What is a countermeasure that can help prevent malware infections? a) Regular system updates and patching. b) User training on phishing and social engineering tactics. c) Implementing strong antivirus and endpoint protection software. d) All of the above

What is the principle of least privilege in the context of access control? a) Users should have the minimum access necessary for their tasks. b) Administrators should have unrestricted access to all systems. c) Access should be granted based on seniority level. d) All users should have equal access to all information.