Final Review

Question 1

CIA

Answer 1

Confidentiality - preventing unauthorized access to sensitive information

Integritiy - assurance that data is not altered/destroyed unauthorized

Availability - continuous operation of computing systems (DOS prevention)

Question 2

Exploit

Answer 2

Any attack that takes advantage of vulnerabilities in applications, networks, or hardware

Question 3

T/F New exploits tend to be variations of common past exploits

Answer 3

True

Question 4

Cracker

Answer 4

A person/entity that attempts to gain unauthorized access to a computer system, network, or data with malicious intent

Question 5

Hacker

Answer 5

White hat - ethical cybersecurity
Black hat - cybercriminals
Gray hat - between the lines

Question 6

DLP

Answer 6

Data Loss Prevention - software designed to detect to detect data leaks or breaches

Question 7

IDS/IPS

Answer 7

Intrusion Detection / Prevention System

Located behind the firewall on protected network.
Detect and log abnormal traffic based on programmed signatures (data pattern).
Response capability based on signature = IPS.

Question 8

Web Content Filtering

Answer 8

Originally intended to stop people from getting to specific websites / limit inappropriate content getting to children, now is often used to block malware

Question 9

Hacker Goals

Answer 9

Reconnaissance - scanning, fingerprinting, enumerating

Exploit - steal/use/destroy info, stop/slow access, extortion

Question 10

Hacker Motivation

Answer 10

Profit
Revenge
Challenge
Vandalism

Question 11

Causes of Threats

Answer 11

Technology weakness
Configuration weakness
Policy weakness
Human error

Question 12

PHP

Answer 12

O - Personal Home Pages
N - Php: Hypertext Preprocessor

Question 13

PHP Key Benefits

Answer 13

Familiarity, Simplicity, Flexibility, Open Source

Question 14

PHP Tag

Answer 14

<?php … ?>
or
<? … ?>

Question 15

T/F You can have as many php blocks as you need spread throughout your HTML

Answer 15

True

Question 16

phpinfo( )

Answer 16

A built-in function that outputs information about PHP’s configuration

Question 17

print vs echo

Answer 17

print can return an error code (int), echo returns void

Question 18

PHP Identifiers

Answer 18

Can begin with letter or underscore, be any length, consist of ASCII characters 127-255, case sensitive characters

Question 19

PHP Variables

Answer 19

preceeded by a $

Question 20

What is <?=$x?>

Answer 20

If short tags are enabled in php.ini, it is the short form of
<?php echo $x; ?>

Question 21

Are there problems with Short Tags?

Answer 21

Unexpected behaviors, SQL injection vulnerabilities, Loose comparisons issues

Question 22

T/F You can reassign variables dynamically?

Answer 22

True (risky)

Question 23

How to Get/Set a variable’s type?

Answer 23

.gettype( ) and .settype( )

Question 24

What are Variable Variables?

Answer 24

Allow you to use the value of one variable as the name of another. Defined by a variable name preceded by another $
eg. $varname = “student_num”;
$$varname = 121131;
// means $student_num = 121131;

Question 25

PHP String Concatenation

Answer 25

. instead of +

Question 26

Primary Functions of Cryptography

Answer 26

Confidentiality - Cannot be read by others
Authentication - Mathematically prove the source of the data
Integrity - Assurance the data has not been altered
Nonrepudiation - verify the identity of the sender

Question 27

Encryption vs Hashing

Answer 27

Encryption - two way
Hashing - one way

Question 28

Symmetric Algorithms

Answer 28

Same key, requires sender & receiver to agree on a key, AKA secret key, single-key, or one-key algorithms

Question 29

Asymmetric Encryption

Answer 29

Different keys. Encrypt with private, decrypt with public. Recommended minimum length is now 2048-bit

Question 30

Digital Signatures

Answer 30

Utilize hash functions to create and verify digital signatures. Provides non repudiation and authentication. Issue is that computation is done by the computer, not the person.

Question 31

Digital Certificates

Answer 31

Electronic document attached to a public key by a trusted third party which provides proof that the public key belongs to a legitimate owner and has not been compromised. Consist of cert. owner’s public key, unique info, and digital signatures of an endorser (trusted third party)

Question 32

Nonrepudiation

Answer 32

Practice of using a trusted, third-party entity to verify the authenticity of a party who sends a message

Question 33

TLS

Answer 33

Transport Layer Security
Uses cryptography to enable encryption of data between two parties and digital certificates to enable authentication of the parties involved in a secure transaction.

Question 34

Hashing

Answer 34

Method used to verify data integrity. Uses variable-length input that is converted to a fixed-length output string. Ex. digital signatures and secure storing of passwords

Question 35

Zero-Day Exploit

Answer 35

Technique used to attack systems that have a vulnerability that is unknown to the public, or “zero days” old

Question 36

Hardening

Answer 36

Process of modifying an OS’s default configuration to make it more secure to outside threats.
Remove unnecessary programs / services, apply patches to eliminate known vulnerabilities

Question 37

Change Management Process

Answer 37

Document existing state
Determine impact of change
Seek approval for change
Test the change
Document the changes
Review proposed changes
Schedule change and notify affected users
Deploy the change
Test and Report Success
Close the change ticket

Question 38

Obfuscation

Answer 38

The obscuring of intended meaning in communication, making the message confusing, willfully ambiguous, or harder to understand. Intentional or unintentional.