Copy of 320_R_Computer Security 2024

Computer Security Exam Overview

Type: Computer Security (320) REGIONAL 2024Format: Multiple Choice (50 questions, 2 points each)Total Points: 100 pointsTest Duration: 60 minutes

General Guidelines

Strict adherence to the following rules is mandatory; violations will lead to disqualification:

  • Must submit test booklet and any printouts.

  • Only specified materials allowed in the testing area; no previous BPA tests or samples permitted.

  • Electronic devices are subject to monitoring according to ACT standards.

Key Concepts Covered in Multiple Choice Questions

Cryptography

Definition: The science of secure communication ensuring confidentiality and protection from unauthorized access.Importance: Protects sensitive data in transit and at rest; crucial for privacy and breach prevention. Common applications include securing online communications and safeguarding stored data.

Access Control

Purpose: Ensures data confidentiality and prevents unauthorized usage by regulating access.Models:

  • MAC: Predefined security levels; individuals cannot change access rights.

  • DAC: Users dictate permissions for their own data.

  • RBAC: Access rights based on organizational roles.

  • ABAC: Access based on user attributes and environmental factors.

Encryption

  • Symmetric Encryption: Same key for encryption and decryption; faster but key distribution is challenging. Commonly uses AES.

  • Asymmetric Encryption: Uses a public/private key pair; provides better key distribution security but is slower. Notable example is RSA.

Network Security

  • Firewall: Monitors and controls network traffic based on security rules to prevent unauthorized access.

  • VPN: Creates a secure, encrypted connection over the internet for remote access.

  • Nonce: A unique number used once in cryptographic communications to prevent replay attacks.

Authentication Methods

  • Biometric: Uses unique physical traits for identity verification.

  • 2FA: Combines two different types of credentials for enhanced security.

  • SSO: One set of credentials to access multiple applications, simplifying authentication.

Common Security Threats

  • Social Engineering: Tricks individuals into revealing confidential information; awareness training is essential.

  • SQL Injection: Inserts malicious SQL code to manipulate databases.

  • Brute Force Attacks: Attempts various password combinations; strong password policies can mitigate risks.

Security Policies

  • Acceptable Use Policy: Guidelines for ethical use of organizational resources.

  • Incident Response Policy: Procedures for responding to security incidents effectively.

  • Network Security Policy: Rules for protecting network resources and compliance with regulations.

  • Regular updates and patches are critical for addressing vulnerabilities.

Physical Security Considerations

  • Examples include biometric systems that restrict access to authorized personnel.

  • Risks like tailgating must be addressed through training and physical measures.

Best Practices for Security

  • Regular updates to systems are essential to minimize vulnerabilities.

  • Strong password policies should enforce complexity and regular updates.

  • Ongoing security awareness training is vital for recognizing and responding to threats.