cyber

Question 1

What is the primary concern of cybersecurity?

Answer 1

Protecting systems, networks, and programs from digital attacks.

Question 2

What does the CIA Triad stand for in cybersecurity?

Answer 2

Confidentiality, Integrity, Availability.

Question 3

What is meant by ‘confidentiality’ in cybersecurity?

Answer 3

Ensuring that data is not disclosed to unauthorized parties using methods like encryption, access control, and authentication.

Question 4

How is ‘integrity’ maintained in cybersecurity?

Answer 4

By ensuring data is accurate and unaltered using intrusion detection systems and hashing.

Question 5

What does ‘availability’ imply in the context of cybersecurity?

Answer 5

Ensuring data and resources are available to users when needed, including redundancy and DDoS prevention.

Question 6

What is the purpose of an Enterprise Information Security Program Policy (EISP)?

Answer 6

Establishes the overall security direction aligned with organizational objectives.

Question 7

What do Issue-Specific Security Policies (ISSP) address?

Answer 7

Specific issues like internet use, email policies, and incident response.

Question 8

What guidelines do System-Specific Security Policies (SSSP) provide?

Answer 8

Guidelines for specific systems and technologies like intrusion detection systems and firewalls.

Question 9

What is the main function of cryptography in cybersecurity?

Answer 9

Maintaining confidentiality and integrity of data through techniques like hashing and encrypting.

Question 10

Define ‘symmetric cryptography’.

Answer 10

Uses the same key for both encryption and decryption.

Question 11

What is ‘asymmetric cryptography’?

Answer 11

Uses a public key for encryption and a private key for decryption, enhancing security for key distribution.

Question 12

What is the purpose of risk assessment in cybersecurity?

Answer 12

To prioritize mitigation efforts by assessing the likelihood and impact of potential incidents.

Question 13

What is Annualized Loss Expectancy (ALE) in risk assessment?

Answer 13

A calculation used to estimate the expected monetary loss per year from an incident, calculated as Single Loss Expectancy (SLE) multiplied by the Annualized Rate of Occurrence (ARO).

Question 14

What does TCP/IP stand for and what is its role in network security?

Answer 14

Transmission Control Protocol/Internet Protocol; it defines how data is exchanged over the internet by providing end-to-end communications that identify how it should be broken into packets, addressed, transmitted, routed, and received at the destination.

Question 15

What is the purpose of TLS in networking?

Answer 15

Transport Layer Security provides confidentiality, integrity, and authentication between application processes.

Question 16

How does IPv6 enhance network security?

Answer 16

IPv6 increases security through a larger address space and built-in support for IPsec, improving address configuration and end-to-end connectivity without NAT.

Question 17

What is the function of IPsec at the Internet Layer?

Answer 17

IPsec secures IP communications by authenticating and encrypting each IP packet of a communication session.

Question 18

What are the purposes of the Ping and Traceroute commands?

Answer 18

They are network diagnostic tools; Ping is used to test the reachability of a host on an IP network, while Traceroute traces the path that a packet takes to reach the host.

Question 19

How is the network address calculated using an IP address and a subnet mask?

Answer 19

By applying a bitwise AND operation between the IP address and the subnet mask.

Question 20

What is the result of inverting a subnet mask and applying a bitwise OR operation with an IP address?

Answer 20

It results in the broadcast address for the network segment.

Question 21

What protocols ensure web and remote access security?

Answer 21

SSL/TLS for web security, SSH for secure remote access, and IPsec for secure network layer communications.

Question 22

What were the vulnerabilities of Wired Equivalent Privacy (WEP) in WiFi security?

Answer 22

WEP had key management issues and was susceptible to statistical analysis and plaintext attacks due to the reuse of initialization vectors.

Question 23

What are the four main types of access control in cybersecurity?

Answer 23

Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).

Question 24

What is a Reference Monitor in the context of access control?

Answer 24

A theoretical construct that enforces access controls at the operating system level, ensuring that all access to system resources is controlled and cannot be bypassed.

Question 25

How do Access Control Lists (ACLs) function?

Answer 25

ACLs specify which users or system processes are granted access to objects and what operations they can perform.