Cybersecurity

Question 1

What is Lateral Movement?

Answer 1

Once within the system, the hacker can access other areas within the system

Question 2

What is Firmware?

Answer 2

permanent software programmed in read only memory or hardware

Question 3

What does “DDoS” stand for and what is a DDoS attack?

Answer 3

(Distributed Denial of Service Attack); malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Question 4

What is a Zombie Machine?

Answer 4

A machine one can control because they are vulnerable

Question 5

It is difficult to filter the high amount of data when an attack comes from multiple ______?

Answer 5

Nodes

Question 6

Three Factors impacting security:

Answer 6

The amount of time it takes, the amount of money (resources) and probability of success.

Question 7

When designing a system, what is the “KISS” rule?

Answer 7

Keep it Simple, Stupid.

Question 8

_________ Surface

Answer 8

Attack

Question 9

What are the three types of entities?

Answer 9

1) Software
2) Hardware
3) Humanware

Question 10

What is Pseudo Anonymity?

Answer 10

Pseudonymous merely means you are not using your real, legal name to identify yourself

Question 11

What is a Bug Bounty?

Answer 11

A bug bounty is a reward that is paid out to developers who find critical flaws in software

Question 12

What is “Kerckhoff’s principle?

Answer 12

Kerckhoff’s principle is the concept that a cryptographic system should be designed to be secure, even if all its details, except for the key, are publicly known

Question 13

Three fundamental questions you need to ask yourself when designing a system?

Answer 13

1) What assets do we need to protect? Ex. Phone, data, system, etc
2) How are those assets threatened?
3) What can we do to counter those threats?

Question 14

What are the three components of computer security?

Answer 14

Integrity
Availability
Confidentiality

Question 15

What is integrity?

Answer 15

Guarding against improper information modification or destruction. Including ensuring information non-repudiation and authenticity

Question 16

What is dat availability?

Answer 16

Ensuring timely and reliable access to an use of information

Question 17

What is data confidentiality?

Answer 17

Preserving authorized restrictions on information access and disclosure. Including means for protecting personal privacy and proprietary information

Question 18

What are 6 Computer Security Challenges?

Answer 18

1. Attackers only need to find a single weakness, the developer/admin needs to find ALL the weaknesses.
2. The attacker can exploit Multiple weaknesses
3. Users and system managers tend to no see the benefits of security until a failure occurs
4. Security requires regular and constant monitoring
5. It’s often an afterthought + incorporated into a system after the design is completed
6. Thought of as an impediment to efficient and user-friendly operations

Question 19

Three types of System Vulnerabilities (of System Resources)

Answer 19

Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)

Question 20

3 Types of attacks

Answer 20

Active – Attempt to alter/affect system resources
Passive – does not (directly) affect the system resources
Insider vs Outsider

Question 21

What is “Legacy Approach”?

Answer 21

Bad guys are outside, good guys are inside your org.

Question 22

Dealing with a Security Attack (3x)

Answer 22

Prevent
Detect
Recover

Question 23

What is the Old Encryption Standard - Acronym and meaning) + how many bits ?

Answer 23

Data Encryption Standard (DES) + 56 bits

Question 24

What is the New Encryption Standard - Acronym and meaning) + how many bits ?

Answer 24

Advanced Encryption Standard (AES) + 64 BITS

Question 25

What is a countermeasure?

Answer 25

an action, device, procedure, or
technique that reduces a threat, a vulnerability, or an
attack by eliminating or preventing it, by minimizing the
harm it can cause

Question 26

What is Security Policy?

Answer 26

a set of rules and practices that specify
how a system or organization provides security services to
protect sensitive and critical system resources

Question 27

Active Attack

Answer 27

attempt to alter/affect system resources

Question 28

Passive Attack

Answer 28

does not (directly) affect the system resources

Question 29

Three Types of Attacks

Answer 29

Active
Passive
Insider/Outsider

Question 30

Interception (Unauthorized Disclosure)

Answer 30

Unauthorized access to data

Question 31

Inference (Unauthorized Disclosure)

Answer 31

traffic analysis or use of limited

access to get detailed information

Question 32

What is intrusion? (Unauthorized Disclosure)

Answer 32

unauthorized access to sensitive data

Question 33

What is a Masquerade? (Deception)

Answer 33

e.g., Trojan horse; or an attempt by
an unauthorized user to gain access to a system by
posing as an authorized user

Question 34

What is Falsification? (Deception)

Answer 34

altering or replacing of valid data or

the introduction of false data

Question 35

What is repudiation? (Deception)

Answer 35

an entity deceives another by falsely

denying responsibility for an act?

Question 36

What is incapacitation? (Disruption)

Answer 36

a result of physical destruction of or

damage to system hardware

Question 37

What is Corruption? (Disruption)

Answer 37

system resources or services function in

an unintended manner; unauthorized modification

Question 38

What is obstruction? (Disruption)

Answer 38

e.g. overload the system or interfere

with communications

Question 39

What is Misappropriation? (Usurpation)

Answer 39

an entity assumes unauthorized

logical or physical control of a system resource

Question 40

What is misuse? (Usurpation)

Answer 40

causes a system component to perform a
function or service that is detrimental to system
security

Question 41

What are the 4 kinds of Threat Consequences?

Answer 41

1. Unauthorized disclosure
2. Deception
3. Disruption
4. Usurpation

Question 42

What is a Passive Attack?

Answer 42

Passive attacks attempt to learn or make use
of information from the system but does not
affect system resources

Question 43

What is an Active Attack and what are the 4 main types?

Answer 43

Masquerade
Replay
Modification of Messages
Denial of Service