CyberS C4 Flashcards
Explain the concept of cryptology and its application in modern cryptography. Provide examples of historical uses of cryptography
Cryptology is the science of creating and breaking secret codes. In modern cryptography, data is stored and transmitted in a way that only the intended recipient can read or process it. Historical uses include messengers encrypting messages in diplomatic circles and military commanders using encryption for secure communication
Differentiate between symmetric and asymmetric encryption algorithms. Provide examples of each type
Symmetric algorithms use a pre-shared key for both encryption and decryption, while asymmetric algorithms use different keys for encryption and decryption. Examples of symmetric algorithms include 3DES, IDEA, and AES. Asymmetric algorithms include RSA, Diffie-Hellman, ElGamal, and Elliptic Curve Cryptography (ECC)
How does private-key encryption work? Provide examples of encryption standards that use symmetric encryption
Private-key encryption, a type of symmetric encryption, uses a pre-shared key for both encryption and decryption. Examples of encryption standards using symmetric encryption include 3DES, IDEA, and AES
Explain the process and characteristics of public-key encryption. Provide examples of asymmetric encryption algorithms
Public-key encryption, or asymmetric encryption, uses different keys for encryption and decryption. Examples of asymmetric encryption algorithms include RSA, Diffie-Hellman, ElGamal, and Elliptic Curve Cryptography (ECC)
Describe the types of access control and their significance in cybersecurity
Access control includes physical, logical, and administrative controls. Physical controls prevent unauthorized physical access, logical controls manage access to resources, and administrative controls focus on policies and procedures to enforce access control
Differentiate between mandatory access control (MAC) and discretionary access control (DAC). Provide examples of situations where each is applicable
MAC restricts actions a subject can perform on an object, while DAC grants or restricts access based on the object’s owner. An example of MAC is an authorization rule determining access to a file. DAC is exemplified when an object owner passes on access permissions to another subject
MAC controls what actions can be done on an object, like a file, while DAC allows the owner to decide who gets access. For instance, MAC decides who can open a file, while DAC lets the owner share access with others
Explain the importance of identification, authentication, and authorization in access control. Provide examples of authentication methods
Identification enforces access rules, authentication verifies a user’s identity, and authorization controls access after authentication. Authentication methods include “What You Know” (passwords), “What You Have” (smart cards), and “Who You Are” (biometrics)
Discuss the concept of data masking and its importance in cybersecurity. Provide techniques used in data masking.
Data masking secures data by replacing sensitive information with a non-sensitive version. Techniques include substitution (replacing with authentic values), shuffling (using data from the same column), and steganography (concealing data in another file).
: What is steganography, and how does it differ from cryptography? Explain the components involved in hiding data using steganography
Steganography conceals data in another file without attracting attention, unlike cryptography. Components include embedded data (secret message), cover-text (hides embedded data), and a stego-key (controls the hiding process).
: Define data obfuscation and provide examples of its application in cybersecurity
Data obfuscation makes a message confusing or harder to understand. Examples include scrambling messages to prevent unauthorized access and software watermarking, inserting a secret message as proof of ownership