INFA610 Quiz Short Answers and Detailed Questions

INFA610 Quiz Short Answers and Detailed Questions

Short Answer or Fill-In: (2 points each)

1. ________ is a set of circumstances that has the potential to cause loss or harm.
2. ____________ is an access control mechanism that is based on two sets of attributes—one set of attributes associated with the current domain of execution of a subject and the other set of attributes is associated with an object.
3. The ________ model is a lattice-based formal model for confidentiality, and it continues to be the dominant security policy model even today.
4. The _________ model is an integrity policy model that is a dual of the Bell-LaPadula model in that it inverts the dominance relation.
5. A __________ computer system is a system that employs sufficient hardware and software assurance techniques to allow it to process information at multiple security levels.
6. Which security model is most useful for preventing the contamination of data?
7. __________ is a protective measure that is an action, device, procedure, or _________ that removes or minimizes risk or its impact.
8. The fundamental security design principles include fail-safe defaults, complete mediation, open design, isolation, _________, __________, ___________, and _____________.
9. A(n) _________ is a weakness in an asset or group of assets that can be exploited by one or more threats.
10. The _________________ security model is an information flow model used to implement dynamically changing access permissions.

Questions (5 points each)

11. Explain the Trusted Computing Base (TCB). What does it maintain? What basic functions are monitored by the TCB?
12. What is information security? What is information assurance? What is the difference between the two terms?
13. Explain the relationship between a threat, a risk, and a countermeasure.
14. What is the function of the Reference Monitor?
15. What are the guiding principles of the Reference Validation Mechanism?
16. Define and provide examples of the three core aspects of information security.

Course: INFA 610 Foundations of Information Security and Assurance
School: University of Maryland University College

  • : 09/06/2017
  • : 20