Cyber Sec Exam

Question 1

Ransomware

Answer 1

Encrypts data then demands payment or information in order to receive it back

Question 2

Keylogger

Answer 2

Tracks Keystrokes

Question 3

Spyware

Answer 3

Monitors devices secretly and potential control of the device in places

Question 4

Phishing

Answer 4

Steals information from people while pretending to be something else

Question 5

Stealth Backdoor

Answer 5

Entering through intentional holes in the system left by attackers to secretly bypass security procedures

Question 6

Rootkit

Answer 6

A set of programs installed on a system to maintain covert access to that
system with administrator (or root) privileges

Question 7

Attack Agents

Answer 7

Take over another internet attached computer and use it to attack

Question 8

Payload

Answer 8

The main action that the virus or malware is built to carry out

Question 9

Clickjacking

Answer 9

Clickjacking is a malicious technique used by attackers to trick users into clicking on something different from what they perceive they are clicking on

Question 10

Malvertising

Answer 10

Malware placed on websites without infecting them typically in advertisements.

Question 11

Drive-by downloads

Answer 11

This type of attack typically occurs when a user visits a compromised or malicious website, and the malicious code is automatically downloaded and executed in the background. This exploits issues in the browser or OS.

Question 12

Watering Hole attacks

Answer 12

A targeted form of a drive-by download

Question 13

Trojan

Answer 13

Malware that disguises itself as a not malicious program

Question 14

Worms

Answer 14

Seeks out other files while infecting as much as possible. Can spread through network connections and files based on the goal condition that is set for it.

Question 15

Metamorphic virus

Answer 15

A virus that mutates and rewrites itself completely at each iteration and may change behavior as well as appearance.

Question 16

Polymorphic virus

Answer 16

A virus that mutates with every infection

Question 17

Stealth virus

Answer 17

A form of virus explicitly designed to hide itself from detection by anti-virus software.

Question 18

Encrypted virus

Answer 18

A portion of the virus creates a random encryption key and encrypts the remainder of the virus

Question 19

Virus

Answer 19

Infects software and modifies, replicates and spreads upon a condition being met. Examples such as logic bombs

Question 20

Logic Bomb

Answer 20

A virus which activates upon certain conditions being met such as a date/time.

Question 21

Attack Kit

Answer 21

Malware kits used to create malware. Examples such as Zeus and Angler

Question 22

What is the difference between worms, viruses and Trojans?

Answer 22

how they spread

Question 23

What is social engineering

Answer 23

“tricking” users to assist in the compromise of their own systems or personal
information. This can occur when a user views and responds to some SPAM
e-mail, or permits the installation and execution of some Trojan horse program or
scripting code. E.g trojans, spam

Question 24

Brute Force

Answer 24

Guessing every individual combination of a password or key till the correct combination has been found

Question 25

What is a hash function and what do they do?

Answer 25

The purpose of a hash function is to produce a “fingerprint” of a file, message, or other block of data. Ensures file integrity, increases security.

Question 26

Rainbow Table

Answer 26

Logs common passwords and the corresponding pre-computed hashes from dictionary's on a table. When receiving a hashed password they can then find the corresponding plaintext.

Question 27

Dictionary Attack

Answer 27

Systematically attempting to guess a password or key based on the most likely possibilities.

Question 28

Authenticity

Answer 28

making sure people are who they say they are

Question 29

Authorization

Answer 29

determines whether an entity or person is permitted to access information

Question 30

Accountability

Answer 30

intrusion detection and prevention and after-action recovery and legal action

Question 31

Plaintext

Answer 31

the original data

Question 32

Encryption algorithm

Answer 32

Performs various actions on the plaintext to warp it and make it harder to guess

Question 33

Secret Key

Answer 33

the key used to decrypt the ciphertext

Question 34

Ciphertext

Answer 34

The plaintext after the algorithm has been applied to it

Question 35

Decryption Algorithm

Answer 35

works in the opposite way to the encryption algorithm

Question 36

Symmetric encryption

Answer 36

Uses a single key for both encryption and decryption.

Question 37

Asymmetric encryption

Answer 37

Asymmetric encryption, also known as public-key encryption, uses a pair of keys: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. The public key can be freely distributed, while the private key is kept secret. Messages encrypted with the public key can only be decrypted by someone who possesses the corresponding private key.

Question 38

Cost benefit analysis

Answer 38

Weighs whether an option is worth it or not

Question 39

What should an IT security plan include:

Answer 39

What will be done, what resources and who is responsible.

Question 40

Name the 3 Control Classifications

Answer 40

Management, Operational and Technical.

Question 41

Management control

Answer 41

focuses on the policies, planning and guidelines

Question 42

Operational controls

Answer 42

Address the correct implementation and use of security policies. Relate to people rather than systems

Question 43

Technical Controls

Answer 43

involve the correct use of hardware and software security in systems.

Question 44

Supportive controls

Answer 44

Pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls

Question 45

Preventative controls

Answer 45

Focus on preventing security breaches from occurring, by inhibiting attempts to violate security policies or exploit a vulnerability

Question 46

Detection and recovery controls

Answer 46

Focus on the response to a security breach, by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources

Question 47

Residual Risk

Answer 47

Lowering likelihood, impact or capability reduces the level of a risk

Question 48

What does a Implementation Plan consist of

Answer 48

security plan documents, identified personnel and authorization for the system to be used.

Question 49

is security management cyclical?

Answer 49

Yes and it needs to be constantly monitored and evaluated

Question 50

Security Compliance

Answer 50

audit process to review security processes and ensure they are up to standard

Question 51

Change management

Answer 51

the process used to review proposed changes to systems for implications on the organization’s systems and use.

Question 52

IT security management

Answer 52

A process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability.

Question 52

Configuration management

Answer 52

specifically keeping track of the configuration of each system in use and the changes made to each

Question 53

What does PDCA stand for?

Answer 53

Plan, do, check and act

Question 54

Whatis mandatory to implement Management Support

Answer 54

Needs senior management, a security officer

Question 55

What makes up a security risk assessment?

Answer 55

critical component of process, ideally examine every organizational asset, approach to mitigate the risks

Question 56

Baseline Approach

Answer 56

Use industry best practice to implement agreed controls against common threats

Question 57

Informal approach

Answer 57

Informally analyze a it system and make quick judgements

Question 58

What are the pros and cons of Detailed risk analysis

Answer 58

Most comprehensive approach but takes the longest and costs the most

Question 59

combined approach

Answer 59

hybrid of all 4 other analysis methods

Question 60

Asset

Answer 60

A system resource or capability of value

Question 61

Threat

Answer 61

A potential for a threat source to exploit a vulnerability

Question 62

Vulnerability

Answer 62

A flaw or weakness in a assets design

Question 63

Risk

Answer 63

The potential for loss

Question 64

Risk appetite

Answer 64

the level of risk which is considered acceptable

Question 65

What is important with regards to the context of an organization

Answer 65

the political and social environment they are in.

Question 66

formula for risk

Answer 66

Risk = probability threat occurs x cost to organization

Question 67

Logical Security

Answer 67

Protects computer-based data from software-based and communication-based threats

Question 68

Physical Security

Answer 68

Also called infrastructure security Protects the information systems that contain data and the people who use, operate, and maintain the systems Must prevent any type of physical access or intrusion that can compromise logical security. Physical Security can also cover premises security

Question 69

3 types of threats based on physical security

Answer 69

environmental, human and technical

Question 70

what could water damage cause

Answer 70

electrical shortage

Question 71

how can chemical, radiological and biological be caused?

Answer 71

Accidental discharges, flooding

Question 72

How can dust collect and impact?

Answer 72

blocks ventilation and can be caused by windstorms and maintenance

Question 73

Infestation

Answer 73

Humidity can cause mold and mildew, also insects can be dealt with pest control

Question 74

List the main technical threat

Answer 74

Power utility problems from incorrect amount of voltages

Question 75

Name some human caused threats

Answer 75

theft, vandalism, misuse of resources

Question 76

How to mitigate water damage

Answer 76

Cloud computing, manage lines, cutoff sensors and equipment location

Question 77

how to mitigate fire and smoke?

Answer 77

alarms, fire mitigation, smoke detectors, no smoking policy

Question 78

How to mitigate human based threats

Answer 78

Restrict building access, lock entry points, intruder sensors, the standards

Question 79

Recovery from security breaches

Answer 79

Ensure data is backed up, may require specialists to deal with damage to equipment

Question 80

Security audit

Answer 80

A review of system records and activities to ensure system controls are up to standard and adjust it accordingly based on any issues

Question 81

Audit Trail

Answer 81

A chronological record of system activities

Question 82

What is needed for event detection?

Answer 82

monitoring software, analysis software as well as hooks and analysis software hooked up

Question 83

What to audit

Answer 83

anything relating to access of the system, security mechanisms and the auditing software itself

Question 84

what are physical audit trails

Answer 84

key card system, logs access attempts as well as date/time info for example

Question 85

how to protect audit trail data

Answer 85

read write file on host, write once/read many device. Write only device. Implement CIA

Question 86

Logging

Answer 86

Software with hooks which trigger data collection and predetermined events

Question 87

what are the 3 types of event logs

Answer 87

system application security

Question 88

Name methods of authentication

Answer 88

biometrics, pins, key

Question 89

Biometrics

Answer 89

Something completely unique to you such as anamtomy, handwriting or voice

Question 90

Name behavioural biometrics

Answer 90

voice, handwriting

Question 91

name physiological biometrics

Answer 91

fingerprints, veins, retina

Question 92

Confusion matrices

Answer 92

false positives/negatives in information retrieval

Question 93

3 types of authentication architecture

Answer 93

transparent, continuous and convenient

Question 94

Transparent architecture

Answer 94

* Non-intrusive * Maintains usability * Seamless experience for the end-use

Question 95

Continuous Architecture

Answer 95

* improved security for mobile devices * Multi-modal transparent authentication architectur

Question 96

Convenient authentication

Answer 96

Application specific authentication

Question 97

Confidence level

Answer 97

Due to the fact biometrics are not perfect there is a threshold of error which it has with regards to a match to determine if it authorises

Question 98

Feature Extraction

Answer 98

the process of collecting the biometric data via specialist technology e.g sensors

Question 99

Discretionary Access Control

Answer 99

Based on identity of the requestor and on access rules stating what the requestors are allowed to do

Question 100

Role based access control (RBAC)

Answer 100

Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles

Question 101

Mandatory access control (MAC)

Answer 101

Controls access based on comparing security labels with security clearances

Question 102

Attribute-based access control (ABAC)

Answer 102

Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions