Follow and like us on our Facebook page where we post on the new release subject and answering tips and tricks to help save your time so that you can never feel stuck again.

Ctrl + F is the shortcut in your browser or operating system that allows you to find words or questions quickly.

Ctrl + Tab to move to the next tab to the right and Ctrl + Shift + Tab to move to the next tab to the left.

On a phone or tablet, tap the menu icon in the upper-right corner of the window; Select "Find in Page" to search a question.

Share Us

Sharing is Caring

It's the biggest motivation to help us to make the site better by sharing this to your friends or classmates.

Information Assurance and Security 3

Are detail-oriented, technology savvy and committed to securing accurate data that will love spreadsheets, databases and enforcing security policies.

computer science

information technology












Hackers are individuals that use legal means to obtain trade secrets from competitors of their sponsor. It can involve the theft of new product designs, production data, marketing information, or new software source code.

  • True
  • False

is a program in which malicious code is hidden inside a seemingly harmless program

  • Trojan horse

Assure that the information has not been tempered

  • Integrity

DES exhibits strong __.


Hash functions

  • no key

the access to the whole or any part of a computer system without right.

  • Illegal Access

algorithm for transforming plaintext to ciphertext

  • cipher

__ a way to classify and refer to threats (and attacks) by names/categories


Assure that authenticated party has indeed done something and it can not deny it

  • Non-Repudiation

the coded message

  • ciphertext

Data security is concerned with vulnerabilities pertaining to unauthorized access to data.

  • True
  • False

_____________ look like an extremely large substitution

  • Rail Fence Cipher
  • Block Cipher Principles
  • Substitution-Permutation Ciphers

Outline of what the organization considers to be the appropriate / inappropriate use of company resources.

  • Service Level Agreement (SLA)
  • Acceptable Use Policy (AUP)

Cyber criminals are motivated by the potential for monetary gain and hack into corporate computers to steal, often by transferring money from one account to another to another

  • True
  • False

Hackers penetrate a computer system for a number of reasons and uses a variety of techniques. Using the skills they have, they download attack scripts and protocols from the Internet and launch them against victim sites

  • True
  • False

Private/secret/single key cryptography uses two keys – a public & a private key

  • True
  • False

RSA stand for

  • Rivest, Shamir, Adelman
  • Rivest, Shamir, Adleman
  • Rivest, Shamira, Adleman

Information security includes the integrity, confidentiality, and availability of information at the servers, including information in files and databases and in transition between servers and between clients and servers. The security of information can be ensured in a number of ways.

  • True
  • False

RA 10175 punishes content-related offenses such as cybersex, child pornography and libel which may be committed through a computer system. It also penalizes unsolicited commercial communication or content that advertises or sells products or services.

  • True
  • False

Denial of service attacks, commonly known as distributed denial of service (DDoS) attacks, are a new form of computer attacks. They are directed at computers connected to the Internet. They are not penetration attacks, and therefore, they do not change, alter, destroy, or modify system resources. However, they affect the system by diminishing the system’s ability to function; hence, they are capable of bringing a system down without destroying its resources.

  • True
  • False

Passwords – it is a string of usually six or more to verify a user to an information system facility, usually digital system. Therefore, system security is the responsibility of every individual user of the system.

  • True
  • False

DES stands for


confidentiality is to prevent unauthorized disclosure of information to third parties. This is important in a number of areas including the disclosure of personal information such as medical, financial, academic, and criminal records.

  • True
  • False

Authentication is a process whereby the system gathers and builds up information about the user to assure that the user is genuine. In computer systems, authentication protocols based on cryptography use either secret-key or public-key schemes to create an encrypted message digest that is appended to a document as a digital signature.

  • True
  • False

Companies are exposed to a wide range of fraud risks, including diversion of company funds, theft of assets, fraud connected with bidding processes, invoice and payment fraud, computer fraud, and credit card fraud. Often, frauds involve some form of collusion, or cooperation, between an employee and an outsider

  • True
  • False

Flaws in system and/or networks that could be exploited to violate the security policy of system or network

  • Intrusion Detection (ID)
  • Intrusion
  • Vulnerability

The step in an attack which exploit service

  • Ping Sweeps (ping/whois)
  • Port Scans (nmap)
  • Bypass firewall
  • Bypass IDS & IPS: Avoid detection / logs

study of encryption principles/methods

  • cryptography

The digital signature is similar to a handwritten signature in printed documents. Just like handwritten signatures, digital signatures ensure that the person whose signature the system is authenticating is indeed the true person, but digital signatures provide a greater degree of security than handwritten signatures.

  • True
  • False

Prevent information from being exposed to unintended party

  • Confidentiality

Firewalls - it is hardware or software used to isolate the sensitive portions of an information system facility from the outside world and limit the potential damage that can be done by a malicious intruder.

  • True
  • False

is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

  • Viruses

What is Malware?

  • Malicious Software
  • Includes “Viruses” & “Worms”
  • All of the above
  • Protect using Anit-virus software & System Patching

Ensure computer systems are secure

  • Information Assurance (IA) & Security
  • Computer Security (COMPUSEC)
  • Network Security

Private-Key Cryptography

  • symmetric

The Operational Model of Computer Security

  • Prevention = Detection + Protection + Response
  • Protection = Detection + Response + Prevention
  • Protection = Prevention + Detection + Response
  • Prevention = Detection + Response + Protection =

is a harmful program that resides in the active memory of the computer and duplicates itself.

  • Worm

MD5 stand for


converting plaintext to ciphertext

  • encipher (encrypt)

Often referred to as the secret-key encryption, it uses a common key and the same cryptographic algorithm to scramble and unscramble the message. One problem with symmetric encryption is the security of the keys which must be passed from the sender to the receiver.

  • Symmetric encryption
  • Asymmetric encryption

Insiders are a major source of computer crimes because they do not need a great deal of knowledge about the victim computer system. Insiders are not necessarily employees; they can also be consultants and contractors.

  • True
  • False

In the Philippines it is known as Republic Act No. 10175 or the Cybercrime Prevention Act of 2012. It was signed into law by President Aquino on Sept. 12, 2012. Its original goal was to penalize acts like cybersex, child pornography, identity theft and unsolicited electronic communication in the country.

  • True
  • False

Electronic terrorism by individuals or groups are targeting enterprise systems, institutions and governments. But cyber terrorism is not only about obtaining information; it is also about instilling fear and doubt and compromising the integrity of the data, which leads to extortion.

  • True
  • False

Control what a subject can perform or what objects the subject can interact with.

  • Access
  • Authentication
  • Authorization

an example of cyber technology vulnerability is unauthorized access to data, which are either resident in or exchanged between computer systems.

  • True
  • False

Encryption is a method that protects the communications channel from sniffers — programs written for and installed on the communication channels to eavesdrop on network traffic, examining all traffic on selected network segments.

  • True
  • False

Stream ciphers process messages in into blocks, each of which is then en/decrypted

  • True
  • False

Public key cryptography

  • two keys - public, private

Secret key cryptography

  • one key

These hide the message by rearranging the letter order, without altering the actual letters used

  • Monoalphabetic Cipher Security
  • Caesar Cipher
  • Transposition Ciphers

The step in an attack which identify targets

  • Ping Sweeps (ping/whois)
  • Denial of Service (DoS)
  • Port Scans (nmap)
  • Distributed Denial of Service (DDoS)

the intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses.


Verifies what a subject is authorized to do.

  • Authentication
  • Authorization
  • Access

Contractual agreements between entities that describe specified levels of service.

  • Bell-LaPadula Confidentiality Security Model
  • Acceptable Use Policy (AUP)
  • Service Level Agreement (SLA)

The physical barrier can be a fence made of barbed wire, brick walls, natural trees, mounted noise or vibration sensors, security lighting, close circuit television (CCTV), buried seismic sensors, or different photoelectric and microwave systems.

  • True
  • False

Child pornography via computer carries a penalty one degree higher than that provided by RA 9775, or the Anti-Child Pornography Act of 2009. Under RA 9775, those who produce, disseminate or publish child pornography will be fined from P50,000 to P5 million, and slapped a maximum jail term of reclusion perpetua, or 20 to 40 years.

  • True
  • False

Block ciphers process messages a bit or byte at a time when en/decrypting

  • True
  • False

integrity is to prevent unauthorized modification of files and maintain the status quo. It includes system, information, and personnel integrity. The alteration of information may be caused by a desire for personal gain or a need for revenge.

  • True
  • False

info used in cipher known only to sender/receiver

  • key

the interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data.

  • Illegal Interception

Availability is to prevent unauthorized withholding of information from those who need it when they need it.

  • True
  • False

the original message

  • plaintext

AES stands for


Persons found guilty of unsolicited communication face arresto mayor (imprisonment for 1 month and 1 day to 6 months) or a fine of at least P50,000 but not more than P250,000, or both.

  • True
  • False

Rotation individuals through jobs / tasks.

  • Layered Security
  • Job Rotation
  • Separation of Duties

The protection of systems that store, transmit, and process information.


Emphasis on the data; Our assurance (confidence) in the protection of our information / Information Security Services.

  • Network Security
  • Computer Security (COMPUSEC)
  • Information Assurance (IA) & Security

Where a change of one input or key bit results in changing more than half output bits

  • RSA
  • DES
  • Avalanche Effect
  • AES

the field of both cryptography and cryptanalysis

  • cryptology

The art and science of identify attempted intrusions

  • Intrusion Detection (ID)
  • Vulnerability
  • Intrusion

A penetration attack involves breaking into a computer system using known security vulnerabilities to gain access to a cyberspace resource. Penetration can be done in both local (using a computer on a LAN) or global (by means of the internet).

  • True
  • False

Protection of multiple connected (networked) computer systems

  • Information Assurance (IA) & Security
  • Network Security
  • Computer Security (COMPUSEC)

Assure that the identity of some party is remain anonymous

  • Anonymity

the use, production, sale, procurement, importation, distribution, or otherwise making available, without right.


recovering ciphertext from plaintext

  • decipher (decrypt)

A facility is physically secure if it is surrounded by a barrier such as a fence, has secure areas both inside and outside the facility, and can resist penetration by intruders.

  • True
  • False

Public-Key Cryptography

  • asymmetric

the study of principles/ methods of deciphering ciphertext without knowing key

  • cryptanalysis (codebreaking)

the acquisition of a domain name on the Internet in bad faith or with the intent to profit, mislead, destroy one’s reputation or deprive others from registering the same domain name.


Individuals found guilty of cybersex face a jail term of prision mayor (6 years and one day to 12 years) or a fine of at least P200,000 but not exceeding P1 million.

  • True
  • False

If we can’t completely prevent attack from happening, detection is the only option

  • True
  • False

is the act of using e-mail fraudulently to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate looking e- mails urging the recipient to take action to avoid a negative consequence or to receive a reward.

  • Phishing

Ensures tasks are broken down and are accomplished / involve by more than one individual.

  • Job Rotation
  • Separation of Duties
  • Layered Security

Hash used to detect changes to message

  • True
  • False

It uses two different keys, a public key known by all and a private key known by only the sender and the receiver. Both the sender and the receiver each have a pair of these keys, one public and one private. It is commonly known as public-key encryption.

  • Symmetric encryption
  • Asymmetric encryption

Assure that unused service or resource is available to legitimate users

  • Availability

the intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.


Cracking is a form of hacking that is clearly criminal activity. Crackers break into other people’s networks and systems to cause harm.

  • True
  • False

Assure that the party of concern is authentic - it is what it claims to be

  • Authentication

is a set of programs that enables its user to gain administrator level access to a computer without the end user’s consent or knowledge.

  • Rootkit
Paypal Donation

To keep up this site, we need your assistance. A little gift will help us alot.


- The more you give the more you receive.

Related Subject

Object Oriented Programming Laboratory

Mobile Programming

Management Information Systems

Managing Information and Technology

Living in the Information Technology Era

Mail and Web Services

Introduction to Computing

Intro to Hardware Description Language

Introduction to Human Computer

Integrative Programming and Technology 2

Information Assurance and Security 2

Information Security and Management

Information Systems Operations and Maintenance

Fundamentals of Database System

Fundamentals of Investigation and Intelligence

Digital Imaging

Computer Fundamentals

Animation Project

3D Game Art Development

Computer Programming

Network Security

Mobile Application Design and Development

Mobile Application Design and Development 2

Information Technology Practicum

Information Technology Capstone Project

Introduction to Information Systems

Introduction to Multimedia

Internet Marketing and Entrepreneurship

Internet Technology in Real Estate

Data Communications and Networking

Cyber Security: Theories and Practice

Data Communications and Networking 2

Data Structures and Algorithms

Database Management System

Chemistry for Engineers

Load Testing

Auditing and Assurance Concepts and Applications

Integrative Programming and Technology

Linux Administration

Software Engineering

Applied Business Tools and Technologies

System Administration and Maintenance

Current Trends and Issues

Data Communications and Networking 4

Principles of Operating System and its Application

Systems Integration and Architecture

Application Lifecycle Management

Data Communications and Networking 3

Information Assurance and Security

Intrusion Detection System

Operating System Functions

Web Application Development

Web Systems Technologies

Web Development

Network Administration

Health Information Technology

Computer Information Systems

Computer Support Technician

Risk Management Applied to Safety Security and Sanitation

Property Management System

Investment and Portfolio Management

Information Management

Advanced Database Management Systems

Quality Assurance Testing

Office Assistant

Medical Office Administration

Administrative Assistant

Public Service

Relational Database Systems

Professional Ethics and Values

Show All Subject
Affiliate Links

Shopee Helmet

Shopee 3D Floor

Lazada Smart TV Box