Fundamental of Sec

Question 1

CIA

Answer 1

Confidentiality - Information is only available for the people who have appropriate authorization

Integrity - data is not modified or altered (checksum use for checking)

Availability - Information or data available when needed with proper authorization.

Later add two more letters for this: N & A

N - Non-repudiation - When any action occurs, the people involved in that incident cannot deny that they are not involved.

A- Authentication

Question 2

What is AAA?

Answer 2

A- Authentication - Verifying the identity of the user who tries to logon

A - Authorization - what are the resources and actions that can be performed by authenticated users.

A - Accounting - tracing of activities and usage of the users for billing and auditing purposes.

Question 3

What are the mentioned for data confidentiality?

Answer 3

Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness

Question 4

How to maintain Integrity of the data?

Answer 4

Hashing - When any data get alter in small amount, hash will change in vastly.
Hash Digest work as a digital finger print and any data integrity change will indicate it.

Digital Signature - When the hash digest encrypt using users private key.

Regular Audits - Will help to identify any issue related to data

Checksum - Need to compare Origination checksum and Destination checksum. If the values are same then data did not alter when it transmitting.

ACL - Only authorized users can access the file or data.

Question 5

What are the Authentication factors?

Answer 5

Knowledge Factors
Possession Factors
Inherence Factors
Action Factors
Location Factors

Question 6

What is the meaning of accounting in Cyber Sec:

Answer 6

Keep the track of the all the actions of users and monitor them.

Question 7

What we can use to check the accounting on the system?

Answer 7

Audit Trail

Regulatory compliance

Forensic Analysis

Resource Optimization - Monitor the resources and regulate accordingly to have more availability for the resources.

User Accountability - Monitor every individual actions.

Question 8

What are the tools which we can use for accountability?

Answer 8

Syslog Servers

Network Analyzers

SIEM - Security Information and event Management - Provide Realtime insight of the network and hardware using different tool about the network.

Question 9

Security Control Categories

Answer 9

Technical
Managerial
Operational
Physical

Question 10

Security Control Types

Answer 10

Preventative

Deterrent - Make it seem to be difficult to attack or appeal

Detective

Corrective - After detecting the treat we can use corrective controls the mitigate the action. Jumping the emergency

Compensating - This tools use to protect the system if the other protecting tools not capable of doing it with modern tech. Offer backup and mitigation

Directive - Policies or documents that used to set the rule

Question 11

Threat Actors

Answer 11

Unskilled Attackers
Hacktivists
Organized Crimes
Nation-State Actors
Insider Threats

Question 12

Threat actors attributes

Answer 12

Internal vs External

Resources and Finding

Level of Sophistication and capability

Question 13

APT

Answer 13

Advance Persistent Threat - Mostly this kind of attack can be launch by State-Sponsored Hackers. Because they have the capability of waiting and launching.

Question 14

Threat Vector

Answer 14

Pathway or the source that attacker gain the access for deploying the attack.

Question 15

Attack Surface

Answer 15

Every point where attacker try to enter the network and launch the attack.

Question 16

Threat Actor

Answer 16

The person who attack the launch

Question 17

Motivational Triggers for Social engineering attack?

Answer 17

Authority
Urgency
Social Proof
Scarcity
Likability
Fear

Question 18

Type of Impersonations?

Answer 18

Impersonation
Brand Impersonation
Typo squatting
Watering Hole Attack

Question 19

boot sector

Answer 19

Stored in the first sector of the hard drive and when it boot it will load in t main memory.

Question 20

macro viruses

Answer 20

A form of a code that embedded in to a document and when the document open inside the computer virus start to spread. which we use in spread sheets.

Question 21

Program Viruses

Answer 21

These type pf viruses try to to find executable program or application to run the virus. When every time you open that program malicious code start to run.

Question 22

Multipart viruses

Answer 22

Boot time viruses + Programable viruses. These viruses reside in the boot sector and when the computer start it transfer the viruses to a program which run on the main memory. Even if the virus removed from the pc it start to load again from the boot.

Question 23

Polymorphic Virus

Answer 23

It is also type of encrypted virus but it change the code each time it executed by change the decryption algorithm.

Question 24

Metamorphic

Answer 24

Change the whole code each time it get execute.

Question 25

Stealth Viruses

Answer 25

This is a technique that use on top of the viruses to avoid been identified by any anti-virus software.

Question 26

Root Kit

Answer 26

It get administrative privilege and do the harm. It start from the low-level of access rings and gradually get the full control of all the admin level. Root KIT monitor the calls between windows OS and DLL. It use SHRIM to intercept those two calls. SHRIM can redirect the calls to whenever it need.
The way to detect this is to do external scan.

Question 27

Backdoor

Answer 27

This is use in a software by the programmers who can have the access to the program by-passing firewall and authentications which organization has provided. Logic bomb also come with the program and when it execute when the proper criteria meet.

Question 28

Data Ownership

Answer 28

MedHealth is the data owner as they are the entity that has collected the data and has legal rights and complete control over the data. CloudSafe is the data controller because it determines how and why the patient data is processed (stored and managed in this case). The data scientists are the data processors as they are analyzing the data on behalf of MedHealth, following the instructions of the data controller. CloudSafe is also the data custodian because it is responsible for the safe custody, transport, storage of the data and the implementation of business rules.
Question 2:
A healthcare company, MedHealth, collects patient data for treatment purposes. They use a third-party cloud service called CloudSafe to store and manage this data. The data is then analyzed by an in-house team of data scientists to improve patient care. In this context, identify the roles of data owner, data controller, data processor, and data custodian.

Question 29

Stream Cipher

Answer 29

Utilize a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext.
Online transferring data like streaming data

Question 30

Block Cipher

Answer 30

Divided the input in to blocks and encrypt each blocks.

Question 31

DES

Answer 31

DES Encryption and Decryption:
Encryption:
Key: Let’s assume a 64-bit key is used for DES encryption.

Plain text: “HELLO123” (This text will be converted into binary and divided into 64-bit blocks.)

The DES algorithm performs multiple rounds of permutation and substitution, manipulating the bits based on the key. The result after encryption becomes the ciphertext.

Decryption:
Key: Same 64-bit key used for encryption.

Ciphertext: Resulting encrypted text from the encryption process.

The DES decryption algorithm uses the same key to reverse the encryption process and retrieve the original plaintext.

Question 32

3DES

Answer 32

3DES Encryption and Decryption:
Encryption:
Keys: Three different keys (Key1, Key2, Key3) are used sequentially for each step of encryption.

Plain text: “HELLO123”

Encrypt with Key1
Decrypt with Key2
Encrypt with Key3
This process involves encrypting, decrypting, and encrypting the text using three different keys, which enhances security compared to DES.

Decryption:
Keys: Same three keys (Key1, Key2, Key3) used in reverse order for decryption.

Ciphertext: The text obtained after the 3DES encryption process.

Decrypt with Key3
Encrypt with Key2
Decrypt with Key1
Reversing the encryption involves decrypting, encrypting, and decrypting again with the three keys used in the encryption process.

Question 33

SAN - Subject Name Alternative

Answer 33

If you have different domains inside the digital certificate you have to use SAN

Question 34

Wild Card Domain

Answer 34

But if you have one domain but different subdomain you have to use WCD.

Question 35

Self Signed Certificate

Answer 35

Unlike certificates issued by recognized CAs, a self-signed certificate is generated and signed by the entity itself without involving a CA. Since there is no third-party validation, these certificates aren’t inherently trusted by other systems or entities. As a result, they are more prone to security risks because they lack the external verification provided by a trusted CA. Mostly use for testing purposes.

Question 36

CSR

Answer 36

CSR stands for Certificate Signing Request. It’s a message sent from an applicant to a Certificate Authority (CA) when requesting a digital certificate. The CSR contains information that the applicant wants to include in the certificate, such as the public key and identifying information (like the domain name or organization name).

Here are the key components typically found in a CSR:

Public Key: The cryptographic key pair, including the public key, which will be included in the digital certificate. This public key is used for encryption and verifying signatures.

Identification Information: Details about the entity requesting the certificate, such as the Common Name (CN) for SSL/TLS certificates (often a domain name), organization information, locality, country, etc.

Signature: The CSR is digitally signed using the private key corresponding to the public key included in the request. This signature helps validate the authenticity of the information provided in the CSR.

Question 37

AES

Answer 37

AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm that encrypts and decrypts data using a single secret key.

Question 38

Diffie-Hellman

Answer 38

Diffie-Hellman is an asymmetric cryptographic technique specifically designed for securely exchanging cryptographic keys over public channels, allowing two parties to generate a shared secret without having previously met.

Question 39

Steganography

Answer 39

Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The primary objective of steganography is to hide the existence of the message from unauthorized parties. In the context of embedding a message within an image, steganography is the most appropriate choice.

Question 40

MD5

Answer 40

MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. It’s designed to take an input of arbitrary length and produce a fixed-size output, which is typically represented as a 32-character hexadecimal number.

Question 41

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

Answer 41

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
RIPEMD is a family of cryptographic hash functions (RIPEMD-160, RIPEMD-128, RIPEMD-256) developed in the early 1990s in Europe. They were designed as an alternative to the then-commonly used MD4 and MD5 algorithms. RIPEMD-160, for example, produces a 160-bit hash value. While RIPEMD is not as widely used as some other hash functions, it’s considered more secure than MD5 but has also seen some theoretical vulnerabilities

Question 42

RTO

Answer 42

Recovery Time Objective (RTO), which is the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization. In this case, the company’s RTO for their production line is 3 hours. This means they aim to restore the production line within this timeframe following a disruption to avoid unacceptable consequences.

Question 43

RPO

Answer 43

RPO stands for “Recovery Point Objective.” It refers to the maximum acceptable amount of data loss that an organization is willing to experience during a disruption or incident.

Question 44

MTTR

Answer 44

MTTR stands for Mean Time To Recovery or Mean Time To Repair. It’s a metric used to measure the average time taken to repair or recover from a system failure, an incident, or a disruption.

Question 45

MTBF

Answer 45

MTBF stands for Mean Time Between Failures. It’s a metric used to measure the average time elapsed between one failure of a system, component, or equipment and the next occurrence of a failure.

Question 46

Port 22

Answer 46

TCP methode
Used for SSH,SCP and SFTP
secure remote access
secure copy function
secure file transfer