1. A group of hackers including some ex-employees of a reputed e-commerce company attacked the company’s website which resulted in leak of personal data of its customers. They exploited the flaw present in single authentication feature of website that authenticated users before login. Based on the above scenario, which of following statement(s) is/are CORRECT?
Explanation:
Correct answers: b) Personal data of Customers is an Asset, c) Single Authentication feature is a Vulnerability, d) Ex-employee is a Threat Agent
Option b is correct because anything that has value to an organization or person is termed as an asset.
Option c is correct because a flaw or weakness in system security procedures, design, implementation, or internal controls that might result in a security breach is termed as vulnerability.
Option d is correct because a threat agent is a term used to represent an individual or group that can cause a threat.
2. ___________ means that the computer system assets can be modified only by authorized parties.
Explanation:
Correct answer: b) Integrity
Integrity assures that data is protected from accidental or any deliberate modification.
3. Businesses are increasingly leveraging new technologies such as mobile and cloud to enable strategic initiatives, and facilitate innovation. Although these initiatives provide many business benefits, the new evolving technology landscape can also introduce substantial security risks that threaten the sensitive corporate information. Choose the most appropriate security objective/service that must be implemented to ensure that the sensitive information is not leaked.
Explanation:
Correct answer: a) Confidentiality
Confidentiality ensures that data remains private and confidential. It should not be viewed by unauthorized people through any means.
4. A hacker hacked into your Facebook account. He uploaded some objectionable content on your account. You tried accessing your Facebook account but were unable to login as he has changed your password and the answers of all possible password recovery options. According to your understanding, what all security objectives were violated in this scenario?
Explanation:
Correct answer: d) All (i), (ii) and (iii)
Confidentiality, Integrity, and Availability are all violated in this scenario. The hacker has accessed your private information (confidentiality), altered the content on your account (integrity), and prevented you from accessing your account (availability).
0 Comments