dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f895051277d0a58cc45fd5f4925d4b9ef2d2f9c3
WebGoat/webgoat-lessons/cia/src/main/resources/js/questions_cia.json
Kelly Marchewa e4ec90db8a chore: update CIA grammar and content 
- misc. grammatical edits
  - add a few more examples
2020-10-15 08:39:28 +02:00

40 lines
2.1 KiB
JSON
Raw Blame History

{
"questions": [
{
"text": "How could an intruder harm the security goal of confidentiality?",
"solutions": {
"1": "By deleting all the databases.",
"2": "By stealing a database where general configuration information for the system is stored.",
"3": "By stealing a database where names and emails are stored and uploading it to a website.",
"4": "Confidentiality can't be harmed by an intruder."
}
},
{
"text": "How could an intruder harm the security goal of integrity?",
"solutions": {
"1": "By changing the names and emails of one or more users stored in a database.",
"2": "By listening to incoming and outgoing network traffic.",
"3": "By bypassing the access control mechanisms used to manage database access.",
"4": "Integrity can only be harmed when the intruder has physical access to the database."
}
},
{
"text": "How could an intruder harm the security goal of availability?",
"solutions": {
"1": "By exploiting a software bug that allows the attacker to bypass the normal authentication mechanisms for a database.",
"2": "By redirecting sensitive emails to other individuals.",
"3": "Availability can only be harmed by unplugging the power supply of the storage devices.",
"4": "By launching a denial of service attack on the servers."
}
},
{
"text": "What happens if at least one of the CIA security goals is harmed?",
"solutions": {
"1": "All three goals must be harmed for the system's security to be compromised; harming just one goal has no effect on the system's security.",
"2": "The system's security is compromised even if only one goal is harmed.",
"3": "It is acceptable if an attacker reads or changes data since at least some of the data is still available. The system's security is compromised only if its availability is harmed.",
"4": "It is acceptable if an attacker changes data or makes it unavailable, but reading sensitive data is not tolerable. The system's security is compromised only if its confidentiality is harmed."
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink