Cybersecurity Fundamentals

Question 1

Q: What is the CIA Triad in cybersecurity?

Answer 1

A: Confidentiality, Integrity, and Availability.

Question 2

Q: What is confidentiality in the CIA Triad?

Answer 2

A: Ensuring information is accessible only to authorised individuals.

Question 3

Q: What is integrity in the CIA Triad?

Answer 3

A: Ensuring data is accurate and has not been tampered with.

Question 4

Q: What is availability in the CIA Triad?

Answer 4

A: Ensuring systems and data are accessible when needed.

Question 5

Q: What is the principle of least privilege?

Answer 5

A: Granting users only the minimum access rights they need to perform their tasks.

Question 6

Q: What is a vulnerability?

Answer 6

A: A weakness in a system or application that can be exploited.

Question 7

Q: What is a threat?

Answer 7

A: Any potential danger to information security.

Question 8

Q: What is risk in cybersecurity?

Answer 8

A: The potential for loss or damage when a threat exploits a vulnerability.

Question 9

Q: What is malware?

Answer 9

A: Malicious software designed to harm or exploit systems.

Question 10

Q: What are common types of malware?

Answer 10

A: Viruses, worms, ransomware, spyware, and Trojans.

Question 11

Q: What is a phishing attack?

Answer 11

A: An attack where attackers trick users into revealing sensitive information via fake emails or websites.

Question 12

Q: What is a denial-of-service (DoS) attack?

Answer 12

A: An attack that overwhelms a system or network, making it unavailable to users.

Question 13

Q: What is a man-in-the-middle (MITM) attack?

Answer 13

A: An attack where the attacker intercepts and alters communication between two parties.

Question 14

Q: What is a brute-force attack?

Answer 14

A: An attack that tries multiple password combinations until the correct one is found.

Question 15

Q: What is social engineering in cybersecurity?

Answer 15

A: Manipulating people into revealing confidential information or performing actions.

Question 16

Q: What is the Zero Trust model?

Answer 16

A: A security model that assumes no user or system is trusted by default, even inside the network.

Question 17

Q: What is Defense in Depth?

Answer 17

A: A layered security approach that uses multiple measures to protect data and systems.

Question 18

Q: What is the difference between symmetric and asymmetric encryption?

Answer 18

A: Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a public and private key pair.

Question 19

Q: What is multi-factor authentication (MFA)?

Answer 19

A: A security mechanism requiring two or more verification factors to access a resource.

Question 20

Q: What is a firewall?

Answer 20

A: A network security device that monitors and controls incoming and outgoing traffic based on security rules.

Question 21

Q: What is the purpose of patch management?

Answer 21

A: Keeping systems up to date with the latest security fixes to reduce vulnerabilities.

Question 22

Q: What is encryption?

Answer 22

A: Converting data into an unreadable format to protect it from unauthorised access.

Question 23

Q: What is the purpose of a security policy?

Answer 23

A: To define an organisation’s security rules, practices, and procedures.

Question 24

Q: Why is employee training important in cybersecurity?

Answer 24

A: To help employees recognise and avoid threats like phishing and social engineering.

Question 25

Q: What is the importance of incident response in cybersecurity?

Answer 25

A: To identify, contain, and mitigate security breaches effectively.