6

Question 1

What encryption does?

Answer 1

Protects data from prying eyes by putting it in a secret code (cipher text)

Question 2

What decryption does?

Answer 2

Converts the ciphertext into plaintext using a key.

Question 3

Give example of encryption:

Answer 3

Caesar cipher, One-time Pad

Question 4

What Steganography does?

Answer 4

Hides sensitive information inside other information, it prevents the message from being found.

Question 5

What is the best practice related to encryption?

Answer 5

Using a scheme/algorithm that is open & published. ONLY keep the key secret!

Question 6

Two types of Cryptography:

Answer 6

Symmetric & Asymmetric

Question 7

Describe symmetric cryptography.

Answer 7

Encrypts & decrypts with the same key (kept secret).
AES standard, mature, reliable & widely used.
It provides secrecy & authenticity.

Question 8

How any encryption can be attacked?

Answer 8

By brute force.

Question 9

Applications of symmetric encryption are…

Answer 9

HTTPS, Disk Encryption

Question 10

Describe asymmetric cryptography.

Answer 10

It uses two keys, a private key (kept secret) to decrypt/encrypt and a public key (can be shared) to encrypt/decrypt which are mathematically linked.

Question 11

Applications of asymmetric encryption are…

Answer 11

Digital Signature
Bitcoin

Question 12

What is end-to-end encrypted?

Answer 12

Message is encrypted when it leaves your phone & decrypted only on your friend’s end. The service provider sees gibberish.

Question 13

What does a VPN do?

Answer 13

Mask your IP adress with an IP adress in a foreign location.

Question 14

What’s a hash?

Answer 14

Mathematical function that takes in a plaintext, returns random-looking information.

Question 15

Sensitive information is “hashed” means:

Answer 15

turned into random-looking information

Question 16

Describe multi-factor authentication. Add examples.

Answer 16

Knowledge (something you know, ex: password)
Posession (something you have, ex: device)
Bio-metric (something you are, ex: fingerprint, retina scan…)

Question 17

What’s phising?

Answer 17

Someone tricks you into typing your password into a “bad guy” site, so the “bad guy” gets your password.

Question 18

What’s the counter to phising?

Answer 18

Always check the URL, and verify whom you give information to.

Question 19

Give an example of “phising” in real life.

Answer 19

Fake ATM Machine, it prints error message, but records card details & PIN.

Question 20

How do we know if a web is secure?

Answer 20

It starts with HTTPS (S stands for secure).
It has the padlock icon.
Verify the URL.

Question 21

Which are the two main purposes of secure web communication?

Answer 21

Domain Verification: prevents phising via domain identification.
Data Encryption: safeguards transmitted data from interception.

Question 22

How do we name a specially crafted & sophisticated attack against a specific person?

Answer 22

Atypical Spear Phising Case

Question 23

Typical attacks are…

Answer 23

Bulks

Question 24

A bulk is…

Answer 24

when million of generic attacks are sent

Question 25

What’s a dictionary attack?
Is it effective?

Answer 25

When you try every known password. It fails mostly, but works some percentage of the time.

Question 26

What do we need to have a stronger password?

Answer 26

Longer, more characters, not a word or pun.

Question 27

What is cracking passwords?

Answer 27

Typing to decrypt the stolen passwords, many per second.

Question 28

Name the counters of cracking.

Answer 28

Programmers can build in a short delay, so it takes longer to try passwords.
Programmers can limit the number of attempted logins.
Make your password unique and long.
Two-Factor-Authentication.

Question 29

What’s 2FA?

Answer 29

Two-Factor-Authentication.

Question 30

Which are the options to have a second thing to log in?

Answer 30

SMS
OTP generator App (like Microsoft Authenticator, Apple Password)
U2F (Apple Passkey)

Question 31

Which are the issues with SMS based 2FA?

Answer 31

Bad guys could trick your mobile provider: FTC’s lead Technologist gets hacked.
Phising
Malware on phone

Question 32

What’s the future of 2FA?

Answer 32

U2F, so the device acts as the 2nd factor (apple passkeys, google passkeys)