Follow and like us on our Facebook page where we post on the new release subject and answering tips and tricks to help save your time so that you can never feel stuck again.

Ctrl + F is the shortcut in your browser or operating system that allows you to find words or questions quickly.

Ctrl + Tab to move to the next tab to the right and Ctrl + Shift + Tab to move to the next tab to the left.

On a phone or tablet, tap the menu icon in the upper-right corner of the window; Select "Find in Page" to search a question.

Share Us

Sharing is Caring

It's the biggest motivation to help us to make the site better by sharing this to your friends or classmates.

Information Assurance and Security 3

Are detail-oriented, technology savvy and committed to securing accurate data that will love spreadsheets, databases and enforcing security policies.

computer science

information technology












AES stands for


_____________ look like an extremely large substitution

  • Rail Fence Cipher
  • Block Cipher Principles
  • Substitution-Permutation Ciphers

converting plaintext to ciphertext

  • encipher (encrypt)

Electronic terrorism by individuals or groups are targeting enterprise systems, institutions and governments. But cyber terrorism is not only about obtaining information; it is also about instilling fear and doubt and compromising the integrity of the data, which leads to extortion.

  • True
  • False

It uses two different keys, a public key known by all and a private key known by only the sender and the receiver. Both the sender and the receiver each have a pair of these keys, one public and one private. It is commonly known as public-key encryption.

  • Symmetric encryption
  • Asymmetric encryption

RA 10175 punishes content-related offenses such as cybersex, child pornography and libel which may be committed through a computer system. It also penalizes unsolicited commercial communication or content that advertises or sells products or services.

  • True
  • False

The step in an attack which identify targets

  • Ping Sweeps (ping/whois)
  • Denial of Service (DoS)
  • Port Scans (nmap)
  • Distributed Denial of Service (DDoS)

The physical barrier can be a fence made of barbed wire, brick walls, natural trees, mounted noise or vibration sensors, security lighting, close circuit television (CCTV), buried seismic sensors, or different photoelectric and microwave systems.

  • True
  • False

Public key cryptography

  • two keys - public, private

MD5 stand for


Outline of what the organization considers to be the appropriate / inappropriate use of company resources.

  • Service Level Agreement (SLA)
  • Acceptable Use Policy (AUP)

Prevent information from being exposed to unintended party

  • Confidentiality

The step in an attack which exploit service

  • Ping Sweeps (ping/whois)
  • Port Scans (nmap)
  • Bypass firewall
  • Bypass IDS & IPS: Avoid detection / logs

Persons found guilty of unsolicited communication face arresto mayor (imprisonment for 1 month and 1 day to 6 months) or a fine of at least P50,000 but not more than P250,000, or both.

  • True
  • False

Hash used to detect changes to message

  • True
  • False

Protection of multiple connected (networked) computer systems

  • Information Assurance (IA) & Security
  • Network Security
  • Computer Security (COMPUSEC)

Contractual agreements between entities that describe specified levels of service.

  • Bell-LaPadula Confidentiality Security Model
  • Acceptable Use Policy (AUP)
  • Service Level Agreement (SLA)

recovering ciphertext from plaintext

  • decipher (decrypt)

The Operational Model of Computer Security

  • Prevention = Detection + Protection + Response
  • Protection = Detection + Response + Prevention
  • Protection = Prevention + Detection + Response
  • Prevention = Detection + Response + Protection =

Stream ciphers process messages in into blocks, each of which is then en/decrypted

  • True
  • False

These hide the message by rearranging the letter order, without altering the actual letters used

  • Monoalphabetic Cipher Security
  • Caesar Cipher
  • Transposition Ciphers

__ a way to classify and refer to threats (and attacks) by names/categories


Hash functions

  • no key

Hackers penetrate a computer system for a number of reasons and uses a variety of techniques. Using the skills they have, they download attack scripts and protocols from the Internet and launch them against victim sites

  • True
  • False

Often referred to as the secret-key encryption, it uses a common key and the same cryptographic algorithm to scramble and unscramble the message. One problem with symmetric encryption is the security of the keys which must be passed from the sender to the receiver.

  • Symmetric encryption
  • Asymmetric encryption

is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.

  • Viruses

RSA stand for

  • Rivest, Shamir, Adelman
  • Rivest, Shamir, Adleman
  • Rivest, Shamira, Adleman

Control what a subject can perform or what objects the subject can interact with.

  • Access
  • Authentication
  • Authorization

is the act of using e-mail fraudulently to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate looking e- mails urging the recipient to take action to avoid a negative consequence or to receive a reward.

  • Phishing

Assure that unused service or resource is available to legitimate users

  • Availability

Ensure computer systems are secure

  • Information Assurance (IA) & Security
  • Computer Security (COMPUSEC)
  • Network Security

If we can’t completely prevent attack from happening, detection is the only option

  • True
  • False

the intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses.


the study of principles/ methods of deciphering ciphertext without knowing key

  • cryptanalysis (codebreaking)

Public-Key Cryptography

  • asymmetric

is a set of programs that enables its user to gain administrator level access to a computer without the end user’s consent or knowledge.

  • Rootkit

Hackers are individuals that use legal means to obtain trade secrets from competitors of their sponsor. It can involve the theft of new product designs, production data, marketing information, or new software source code.

  • True
  • False

Availability is to prevent unauthorized withholding of information from those who need it when they need it.

  • True
  • False

info used in cipher known only to sender/receiver

  • key

Emphasis on the data; Our assurance (confidence) in the protection of our information / Information Security Services.

  • Network Security
  • Computer Security (COMPUSEC)
  • Information Assurance (IA) & Security

Companies are exposed to a wide range of fraud risks, including diversion of company funds, theft of assets, fraud connected with bidding processes, invoice and payment fraud, computer fraud, and credit card fraud. Often, frauds involve some form of collusion, or cooperation, between an employee and an outsider

  • True
  • False

is a harmful program that resides in the active memory of the computer and duplicates itself.

  • Worm

Firewalls - it is hardware or software used to isolate the sensitive portions of an information system facility from the outside world and limit the potential damage that can be done by a malicious intruder.

  • True
  • False

Encryption is a method that protects the communications channel from sniffers — programs written for and installed on the communication channels to eavesdrop on network traffic, examining all traffic on selected network segments.

  • True
  • False

The protection of systems that store, transmit, and process information.


Data security is concerned with vulnerabilities pertaining to unauthorized access to data.

  • True
  • False

the coded message

  • ciphertext

the original message

  • plaintext

Assure that authenticated party has indeed done something and it can not deny it

  • Non-Repudiation

Verifies what a subject is authorized to do.

  • Authentication
  • Authorization
  • Access

Authentication is a process whereby the system gathers and builds up information about the user to assure that the user is genuine. In computer systems, authentication protocols based on cryptography use either secret-key or public-key schemes to create an encrypted message digest that is appended to a document as a digital signature.

  • True
  • False

integrity is to prevent unauthorized modification of files and maintain the status quo. It includes system, information, and personnel integrity. The alteration of information may be caused by a desire for personal gain or a need for revenge.

  • True
  • False

Passwords – it is a string of usually six or more to verify a user to an information system facility, usually digital system. Therefore, system security is the responsibility of every individual user of the system.

  • True
  • False

The art and science of identify attempted intrusions

  • Intrusion Detection (ID)
  • Vulnerability
  • Intrusion

the intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.


the field of both cryptography and cryptanalysis

  • cryptology

A facility is physically secure if it is surrounded by a barrier such as a fence, has secure areas both inside and outside the facility, and can resist penetration by intruders.

  • True
  • False

Cracking is a form of hacking that is clearly criminal activity. Crackers break into other people’s networks and systems to cause harm.

  • True
  • False

Flaws in system and/or networks that could be exploited to violate the security policy of system or network

  • Intrusion Detection (ID)
  • Intrusion
  • Vulnerability

Child pornography via computer carries a penalty one degree higher than that provided by RA 9775, or the Anti-Child Pornography Act of 2009. Under RA 9775, those who produce, disseminate or publish child pornography will be fined from P50,000 to P5 million, and slapped a maximum jail term of reclusion perpetua, or 20 to 40 years.

  • True
  • False

the interception made by technical means without right of any non-public transmission of computer data to, from, or within a computer system including electromagnetic emissions from a computer system carrying such computer data.

  • Illegal Interception

Individuals found guilty of cybersex face a jail term of prision mayor (6 years and one day to 12 years) or a fine of at least P200,000 but not exceeding P1 million.

  • True
  • False

Secret key cryptography

  • one key

the use, production, sale, procurement, importation, distribution, or otherwise making available, without right.


Private/secret/single key cryptography uses two keys – a public & a private key

  • True
  • False

Where a change of one input or key bit results in changing more than half output bits

  • RSA
  • DES
  • Avalanche Effect
  • AES

the acquisition of a domain name on the Internet in bad faith or with the intent to profit, mislead, destroy one’s reputation or deprive others from registering the same domain name.


Block ciphers process messages a bit or byte at a time when en/decrypting

  • True
  • False

The digital signature is similar to a handwritten signature in printed documents. Just like handwritten signatures, digital signatures ensure that the person whose signature the system is authenticating is indeed the true person, but digital signatures provide a greater degree of security than handwritten signatures.

  • True
  • False

Assure that the information has not been tempered

  • Integrity

Assure that the identity of some party is remain anonymous

  • Anonymity

Denial of service attacks, commonly known as distributed denial of service (DDoS) attacks, are a new form of computer attacks. They are directed at computers connected to the Internet. They are not penetration attacks, and therefore, they do not change, alter, destroy, or modify system resources. However, they affect the system by diminishing the system’s ability to function; hence, they are capable of bringing a system down without destroying its resources.

  • True
  • False

DES stands for


the access to the whole or any part of a computer system without right.

  • Illegal Access

is a program in which malicious code is hidden inside a seemingly harmless program

  • Trojan horse

Private-Key Cryptography

  • symmetric

study of encryption principles/methods

  • cryptography

Rotation individuals through jobs / tasks.

  • Layered Security
  • Job Rotation
  • Separation of Duties

Ensures tasks are broken down and are accomplished / involve by more than one individual.

  • Job Rotation
  • Separation of Duties
  • Layered Security

A penetration attack involves breaking into a computer system using known security vulnerabilities to gain access to a cyberspace resource. Penetration can be done in both local (using a computer on a LAN) or global (by means of the internet).

  • True
  • False

Assure that the party of concern is authentic - it is what it claims to be

  • Authentication

What is Malware?

  • Malicious Software
  • Includes “Viruses” & “Worms”
  • All of the above
  • Protect using Anit-virus software & System Patching

Information security includes the integrity, confidentiality, and availability of information at the servers, including information in files and databases and in transition between servers and between clients and servers. The security of information can be ensured in a number of ways.

  • True
  • False

Cyber criminals are motivated by the potential for monetary gain and hack into corporate computers to steal, often by transferring money from one account to another to another

  • True
  • False

In the Philippines it is known as Republic Act No. 10175 or the Cybercrime Prevention Act of 2012. It was signed into law by President Aquino on Sept. 12, 2012. Its original goal was to penalize acts like cybersex, child pornography, identity theft and unsolicited electronic communication in the country.

  • True
  • False

DES exhibits strong __.


algorithm for transforming plaintext to ciphertext

  • cipher

Insiders are a major source of computer crimes because they do not need a great deal of knowledge about the victim computer system. Insiders are not necessarily employees; they can also be consultants and contractors.

  • True
  • False

an example of cyber technology vulnerability is unauthorized access to data, which are either resident in or exchanged between computer systems.

  • True
  • False

confidentiality is to prevent unauthorized disclosure of information to third parties. This is important in a number of areas including the disclosure of personal information such as medical, financial, academic, and criminal records.

  • True
  • False
Paypal Donation

To keep up this site, we need your assistance. A little gift will help us alot.


- The more you give the more you receive.

Related Subject

Object Oriented Programming Laboratory

Mobile Programming

Management Information Systems

Managing Information and Technology

Living in the Information Technology Era

Mail and Web Services

Introduction to Computing

Intro to Hardware Description Language

Introduction to Human Computer

Integrative Programming and Technology 2

Information Assurance and Security 2

Information Security and Management

Information Systems Operations and Maintenance

Fundamentals of Database System

Fundamentals of Investigation and Intelligence

Digital Imaging

Computer Fundamentals

3D Game Art Development

Animation Project

Computer Programming

Network Security

Mobile Application Design and Development 2

Mobile Application Design and Development

Information Technology Practicum

Information Technology Capstone Project

Introduction to Information Systems

Introduction to Multimedia

Internet Marketing and Entrepreneurship

Internet Technology in Real Estate

Cyber Security: Theories and Practice

Data Communications and Networking

Data Communications and Networking 2

Data Structures and Algorithms

Database Management System

Chemistry for Engineers

Load Testing

Auditing and Assurance Concepts and Applications

Software Engineering

Linux Administration

Current Trends and Issues

Integrative Programming and Technology

System Administration and Maintenance

Data Communications and Networking 4

Applied Business Tools and Technologies

Data Communications and Networking 3

Application Lifecycle Management

Systems Integration and Architecture

Information Assurance and Security

Principles of Operating System and its Application

Operating System Functions

Web Application Development

Web Systems Technologies

Web Development

Network Administration

Health Information Technology

Computer Information Systems

Computer Support Technician

Risk Management Applied to Safety Security and Sanitation

Property Management System

Investment and Portfolio Management

Information Management

Advanced Database Management Systems

Office Assistant

Medical Office Administration

Administrative Assistant

Public Service

Relational Database Systems

Professional Ethics and Values

Geographic Information Systems

Thesis Writing 2

Show All Subject
Affiliate Links

Shopee Helmet

Shopee 3D Floor

Lazada Smart TV Box