Exam 1

Question 1

What is cybersecurity?

Answer 1

Protection of networked system and data from unauthorized use or harm

Question 2

offline identity is?

Answer 2

your identity that interacts on a regular basis at home, school or work

Question 3

Online identity is?

Answer 3

Your identity while you are in cyberspace

Question 4

your data is?

Answer 4

medical records, education recors and emplyment and financial records

Question 5

how to the criminals get your money?

Answer 5

online credentials and creative schemes

Question 6

goals of cybersecurity?

Answer 6

confidentiallity, integrity and availability

Question 7

ruined reputation, vandalism, theft, revenue lost and damaged intellectual property are

Answer 7

impacts of a security breach

Question 8

who is the most dangerous attacker

Answer 8

script kiddies

Question 9

what is the most common type of security attacks?

Answer 9

internal security attacks

Question 10

what is cyberwarfare

Answer 10

use to gain advantage over adversaries, nations or competitors

Question 11

what is risk managment

Answer 11

A process aiming at an efficient balance between realizing opportunities for gains while minimizing vulnerabilities and losses

Question 12

What it is for and the focus of OCTAVE

Answer 12

A risk based stategic assessment and planning technique for security and is focused on strategic, and practice related issues

Question 13

SP-800-30 NIS Explain what is for and its focus

Answer 13

Is a guide for conducting risk assessments of federal information systems and organizations and is focus is to provide senior leaders with the information needed to determine appropiate courses of action in response to identified risks

Question 14

explain the difference between qualitative and cuantitative risk managment

Answer 14

qualitative risk does not analyze the risks mathematically to identify the probability meanwhile quantitative uses probability to characterize the risk probability and impact

Question 15

what are the steps for cuantitative risk managment

Answer 15

Determine the asset value, identify threats to the asset, determine the exposure factor, calculate the single loss expectancy, calculate the annualized rate of occurance and calculate the annualized loss expectancy

Question 16

how do you calculate the asset value?

Answer 16

based on their book values and replacement costs

Question 17

what is the exposure factor? and how do you compute it?

Answer 17

A subjective potential percentage of loss to a specific asset if a specific threat is realized and is calculated by the vulnerability and its consequences to the asset when the threat occurs

Question 18

how do you calculate the ALE and what is it for?

Answer 18

Is the annual expected financial loss to an organization’s information asset because of a particular threat occurring within that same calendar year. It is calculated as ALE = SLE x ARO

Question 19

What is Cryptography, Cryptology and Cryproanalysis

Answer 19

Cryptography: the art of writing and solving codes, cryptoanalisis: act of studying a cryptographic algorithm, to try to break the protection of encryption and cryptology: inventing codes and breaking them

Question 20

Substitution and Transposition are types of cyphers?

Answer 20

Yes

Question 21

Transposition is

Answer 21

rearranging the order of the ciphertext to break any repeating patterns in the
underlying plaintext.

Question 22

subtitution is

Answer 22

one set of bits is exchanged for another.

Question 23

confusion is

Answer 23

The interceptor should not be able to predict what will happen to the ciphertext by changing
one character in the plaintext.

Question 24

diffusion is

Answer 24

The cipher should also spread the information from the plaintext over the entire ciphertext so
that changes in the plaintext affect many parts of the ciphertext.

Question 25

Explain symmetric Cryptography

Answer 25

Everyone who knows k knows the full secret

Question 26

What is the difference between: Message Privacy and Message Authenticity and Integrity

Answer 26

Privacy is not knwoing the message because of protection of the medium and message authentification code is Only people with the
private key k could have sent the message.

Question 27

A symmetric key cipher consust of 3 polynomial time algorithms

Answer 27

KeyGen(l), E(k,m), and D(k,c):

Question 28

One time pad is a pure transposition cypher

Answer 28

True

Question 29

One Time Pad and Vernam are different algoritms

Answer 29

False

Question 30

Is this True for all cyphers?

Answer 30

True