Cyber

Question 1

Define the internet

Answer 1

Globally connected communications network over which devices send and receive data, communicating and accessing data resources.

Question 2

Identify types of equipment that make up the internet

Answer 2

Networking hardware that routes traffic
Physical cabling
Radio transmissions

Question 3

What does not make up the internet?

Answer 3

User devices
Smart devices
Data servers
The data itself

Question 4

World Wide Web definition

Answer 4

The interconnected system of public webpages that are accessible thru the internet

Question 5

Come up with an example of a Uniform Resource Locator (URL)

Answer 5

Domain name + elements after that identify the specific location on that domain (www.whatever/something.com)

Question 6

What percent of overall content can be accessed over the internet that’s on the WWW?

Answer 6

4%

Question 7

List characteristics of the Deep Web (3)

Answer 7

Access controlled portion of the internet
Requires some type of user authentication to access
Info is private and cannot be found with a search engine

Question 8

Examples of info on the deep web

Answer 8

Anything that is private info (banking, medical) as opposed to a shopping website

Question 9

What percent of overall content that can be accessed over the internet that is on the deep web?

Answer 9

90%

Question 10

List characteristics of the dark web (4)

Answer 10

Hides both the content and identity of the user trying to access it
Set of websites intentionally hidden from the public
Can only be accessed using a special browser
Cannot use a regular search engine to find websites there

Question 11

What’s the name of the network that controls the dark web?

Answer 11

The onion network

Question 12

What percent of overall content can be accessed on the dark web?

Answer 12

6%

Question 13

Definition of confidentiality as it relates to the cia triad

Answer 13

Privacy

Question 14

Definition of integrity as it relates to the cia triad

Answer 14

Maintaining the consistency, accuracy, and trustworthiness of data

Question 15

Definition of availability as it relates to the cia triad

Answer 15

Ensuring systems can be accessed when requested by authorized and authenticated users

Question 16

Definition of authentication as it relates to info assurance

Answer 16

Verification of a users credential to confirm identity

Question 17

Definition of authorization as it relates to info assurance

Answer 17

Verification of an authenticated users permissions to access a resource

Question 18

Definition of non-repudiation as it relates to info assurance

Answer 18

Assurance that the sender of info received proof of delivery and the recipient is provided with proof of the senders identity so neither can later deny they processed the info

Question 19

List the 2 basic steps in the risk management process

Answer 19

Identify and prioritize all potential risks
Determine how the organization with deal with each potential risk

Question 20

Identify aspects of risk that are evaluated (3)

Answer 20

The ASSETS you want to protect
The VULNERABILITIES each asset has that can be exploited by a specific threat
The potential THREATS that could exploit a vulnerability

Question 21

Definition of asset

Answer 21

Thing of value or something we care about that we are trying to protect

Question 22

Definition of critical infrastructure

Answer 22

Physical and cyber systems and assets that are considered essential services that are vital to American society

Question 23

How many sectors in the US are considered critical infrastructure

Answer 23

16

Question 24

Vulnerability definition

Answer 24

Weakness in an organizations info system, security system, internal controls, or implementation

Question 25

List the categories of vulnerabilities (3)

Answer 25

Weakness in a system
Flaw in the program
Absence or weakened of safeguards

Question 26

Zero day attack definition

Answer 26

Attack that exploits a vulnerability that a software developer may not have been aware of prior to the attack

Question 27

White hat hacker

Answer 27

Hacker who legally has permission to try and hack a system

Question 28

Penetration testing

Answer 28

Hackers hired to test an organizations networks for vulnerabilities

Question 29

Bug bounty

Answer 29

Reward offered by an organization to someone who finds and tells that about flaws or vulnerabilities in its system

Question 30

Gray hat hacker (permission to hack? Legal?)

Answer 30

No permission and illegal

Question 31

Cyber criminal

Answer 31

Black hat hacker whose primary motivation is to make money by stealing sensitive company info or personal data

Question 32

List possible categories of disgruntled insiders (3)

Answer 32

Current employee
Former employee
Third party vendors who have access to the network

Question 33

Hacktivist

Answer 33

Black hat hacker whose goal is to further social or political end

Question 34

Corporate spy

Answer 34

Black hat hacker whose goal is to conduct industrial espionage to steal trade secrets from competitors

Question 35

What black hat hacker poses the highest risk due to their ability to effectively employ tech against the most difficult targets

Answer 35

Hostile nation-state

Question 36

List cyberattacks conducted by terrorist organizations (3)

Answer 36

Stealing sensitive, secret info, that they use to terrorize personnel
Attacks in critical infrastructure
Attacks against military weaponry

Question 37

White hat hacker

Answer 37

Legal hacker

Question 38

Scenario of data at rest

Answer 38

Data in storage on some device and is not being hsef

Question 39

Scenario based on data in transit

Answer 39

Data being communicated between a sender and a receiver over a network and or internet

Question 40

Scenario based on data at use

Answer 40

Data being processed and currently in the devices memory

Question 41

Scenarios of pen testing, grey hat hacking, hacktivist, cyber criminal, corporate spy

Answer 41

Idk list them

Question 42

Risk avoidance

Answer 42

Choosing not to perform an activity that may carry risk

Question 43

Risk mitigation

Answer 43

Actions taken to reduce the likelihood or overall impact of risk occurring

Question 44

Risk transfer

Answer 44

Getting and insurance policy that would pay money to cover financial losses due to risk occurrence

Question 45

Risk acceptance

Answer 45

Retaining some risks that you feel are unlikely to occur and or the possible impact is acceptable to your organization

Question 46

Scenarios showing risk avoidance, risk mitigation, risk transfer, risk acceptance

Answer 46

Better know them