? From Slides

Question 1

What are we protecting in cybersecurity?

Answer 1

Data, systems, networks, intellectual property.

Question 2

Who are we protecting assets from?

Answer 2

Hackers, insiders, malware, nation-states.

Question 3

Why do we need to protect systems and data?

Answer 3

To ensure confidentiality, integrity, and availability (CIA Triad).

Question 4

Does more complexity mean less security?

Answer 4

No, unnecessary complexity increases errors and vulnerabilities.

Question 5

Is goodwill a problem in security?

Answer 5

Yes, attackers can exploit trust through social engineering or insider threats.

Question 6

What assets do we need to protect?

Answer 6

Data, software, hardware, networks, personnel.

Question 7

How are assets threatened?

Answer 7

Malware, phishing, DoS, man-in-the-middle, insiders.

Question 8

How can we counter threats to assets?

Answer 8

Firewalls, encryption, MFA, IDS, and user training.

Question 9

Are all attacks intelligent?

Answer 9

No, some like DoS are simple but effective.

Question 10

Is prevention always possible?

Answer 10

No, detection and recovery are crucial.

Question 11

What are four types of active attacks?

Answer 11

Masquerade, Replay, Modification, DoS.

Question 12

What are passive attacks?

Answer 12

Eavesdropping, traffic analysis; hard to detect.

Question 13

Why is DES limited to 56-bit keys?

Answer 13

NSA and IBM compromised to balance security and performance.

Question 14

What are ECB mode’s advantages and disadvantages?

Answer 14

Fast but vulnerable to replay and pattern attacks.

Question 15

How to deal with non-block data in encryption?

Answer 15

Use stream ciphers or padding.

Question 16

What is padding in encryption?

Answer 16

Extra data to align plaintext to block size.

Question 17

What is the risk of an unsigned public key certificate?

Answer 17

It can be forged, leading to MITM attacks.

Question 18

How will quantum computing affect encryption?

Answer 18

Longer keys for symmetric, new algorithms for public-key.

Question 19

Why can’t we trust CPU random number generators?

Answer 19

Potential backdoors and lack of transparency.

Question 20

Is your face an identifier or password?

Answer 20

Identifier, passwords require secrecy.

Question 21

Why are cleartext passwords or email storage bad?

Answer 21

Intercepted credentials expose systems.

Question 22

Why do we need salt values?

Answer 22

To prevent hash collisions and defeat rainbow tables.

Question 23

Why are slow hash functions important?

Answer 23

They slow down brute-force attacks.

Question 24

How does salting prevent dictionary attacks?

Answer 24

Forces unique hashing for each password.

Question 25

Is bcrypt the most secure Unix hash?

Answer 25

Yes, due to salting and iterative rounds.

Question 26

Why are rainbow tables effective?

Answer 26

They pre-compute hashes to speed up attacks.

Question 27

How does John the Ripper work?

Answer 27

Uses dictionary, brute-force, and hybrid attacks.

Question 28

Are hotel key cards reprogrammed at each room change?

Answer 28

Yes, for security.

Question 29

Is MFA step 2 verification in-band or out-of-band?

Answer 29

Out-of-band preferred; in-band is riskier.

Question 30

What happens if in-band MFA is compromised?

Answer 30

Attacker gains access to both factors.

Question 31

What is the threat model for passkeys?

Answer 31

Device security and backup protection.

Question 32

ACLs vs. Capability Lists – which is better?

Answer 32

ACLs are easier to manage and scale.

Question 33

What are the missing 3 bits in 12-bit systems?

Answer 33

SUID, SGID, sticky bits.

Question 34

Why is SUID/SGID dangerous?

Answer 34

It allows privilege escalation.

Question 35

How can SUID binaries be hidden?

Answer 35

Obfuscation or moving to hidden directories.

Question 36

How do capabilities control binaries?

Answer 36

Grant limited root privileges, unlike SUID.

Question 37

Advantages of capabilities over SUID?

Answer 37

More secure, limits privileges to necessary functions.

Question 38

Disadvantages of capabilities?

Answer 38

Complex to configure and manage.