Fundamentals IT

Question 1

Ceasar Cipher

Answer 1

An encryption that is subsituition cipher which requires you to shift letter a certain amount to decipher as letter were replaced by other letters to cipher the plaintext

Question 2

Kerckhoff’s Principles

Answer 2

6 principles that should serve as the basis for all cryptographic systems.

Question 3

Symmetric cryptography

Answer 3

uses a single key to both encrypt the plaintext and decrypt the ciphertext

Question 4

Asymmetric cryptography

Answer 4

uses 2 keys, a public and a private key

Question 5

Block Cipher

Answer 5

take predetermined number of bits like binary numbers which is a block and encrpts the block

Question 6

Stream Cipher

Answer 6

encypts each bit of plaintext one bit at a time

Question 7

ECC ( elliptic curve cyptography}

Answer 7

use short keys while maintaining a higher cyptography strength

Question 8

DES

Answer 8

a block cipher that use 56 bits, the lenght of the key determines the strength of the algorithm

Question 9

3DES

Answer 9

3DES uses 3 round of DES

Question 10

Detterence

Answer 10

letting people or employees known that they will be held accountable for their actions if they step out of line dettering them from even trying to have bad intentions

Question 11

The brewer and nash model

Answer 11

if you access (A) files you lose access to (B) files and vice versa

Question 12

The Biba Model

Answer 12

those with high level access cannot have access to lower classification and those with lower classification cannot alter higher classification

Question 13

Attribute Based Access Control

Answer 13

specific attributes of a person, resource, or environment have access

Question 14

Mandatory Access control

Answer 14

the owner doesn’t get decide who has access, but a seperate group or individual has the authority to set who accesses

Question 15

DAC (Discretionary access control)

Answer 15

the owner gets to decide who hass access and what level of access they have

Question 16

Capabilities

Answer 16

a user’s token or key known as capability also could be like a badge to enter. The capability is that everyone can enter the same door but others have the capability to enter anytime while others only can enter on a specific timeframe

Question 17

Clickjacking

Answer 17

an attacker must hold some portion of a website control and place a invinsible layer on top of something a person might click which executes a command to do what the attacker wants like make purchases or steal info

Question 18

Black Holes

Answer 18

large scale filtering which traffic is sent to filtered destinations which appear to have vanished into a black hole

Question 19

FAR (False acceptance rate)

Answer 19

how often you accept a user who should be rejected

Question 20

FRR (false rejection rate)

Answer 20

how often we reject a legitimate user

Question 21

Mutual Authentication

Answer 21

authenitcation methos where both parties in a transaction authenticate each other

Question 22

Entropy in passwords

Answer 22

classic strong contruction scheme of creating passwords 8 characters or longer which us symbols, numbers, charcters, lower and uppercase

Question 23

Fabrication attack

Answer 23

generating fake information

Question 24

Interception attack

Answer 24

affects confidentiality, take forms of unauthorized viewing, copying, eavesdropping, reading someone elses’ email

Question 25

Modification attack

Answer 25

modifies or tampers with data of a file or other information

Question 26

Interrupption attack

Answer 26

makes assets unusable or unavailable for a set period of time or permanent

Question 27

Pakerian Hexad

Answer 27

uses CIA Triad model but also inludes 3 more models, possesion of control, autheniticity, and utility

Question 28

Possesion of control

Answer 28

physical disposition of media on which data is stored,

Question 29

Authenticity

Answer 29

allows to say whether you’ve attributed the data to the proper owner or cretor

Question 30

Utility

Answer 30

how useful a data is to you

Question 32

Regulatory Compliance

Answer 32

adherence to the laws to the specific industry that you are operating in

Question 33

Industry Compliance

Answer 33

regulations that are not mandated by law but have severe consequences to your business if not being compliant

Question 34

PCI DSS (Payment Card Industry Data Security Standard)

Answer 34

regulations that govern proccessing credit cards any info associated with the card

Question 35

FISMA (Federal Information Security Management Act)

Answer 35

applies to all federal agencies to implement security controls

Question 36

SOX (Sarbanes Oxley Act)

Answer 36

regulates financial data operstions and assets for publiclicly held companies

Question 37

GLBA (Gramm Leach Bliley Act)

Answer 37

aims to protect (PII) Personal identifiable information

Question 38

CIPA (Childrens Internet Protection Act)

Answer 38

requires schools and libraries to prevent from children accessing harmful content on the internet

Question 39

COPPA (Childrens Online Privacy Protection Act)

Answer 39

protects minors younger than 13 by restricting organizations from collecting PII

Question 40

FERPA (Family Educational Rights and Privacy Act)

Answer 40

protects students records once students turn 18 the rights to the records shift from the parents to the students

Question 41

GDPR (General Data Protection Regulation)

Answer 41

cover data protection and privacy for all individuals in the European Union

Question 42

Laws of OPSEC

Answer 42

First law: if you don’t know the threat how do you know what to protect?

Second Law: if you don’t know what you are protecting then how do you know you are protecting it?

Third Law:if you are not protecting it, the DRAGON WINS

Question 43

Competitive intellegence

Answer 43

conducting intelligence gathering information to make business decisions

Question 44

Pretexting

Answer 44

atttacker use information gathered to disguise as a manager, customer, reporter,etc. to convince targets to give up senstive information

Question 45

Phishing

Answer 45

attacker uses communications apps like, email, phone calls, texts and try to get user to click on a malicious link that contain malware

Question 46

RAID (Redundant Array of Independant Disks)

Answer 46

takes multiple hard drives and allows them to be used a one large hard drive with benefits

Question 47

Firewall

Answer 47

network security that maintains control of traffic that flow in and out of networks

Question 48

Packet Filtering

Answer 48

the firewall looks at the contents of each packet entering and decides whether to allows or disallows it

Question 49

Stateful Packet Inspection

Answer 49

watches traffic over a given connection

Question 50

Deep Packet Inspection

Answer 50

the same as stateful packet inspection but goes futher with actually inspecting the contents in the packet

Question 51

Proxy Servers

Answer 51

provides a layer of security on devices usually on apps like mail or web browsing and adds choke points

Question 52

DMZ(Demilitirized zone)

Answer 52

seperate a device from the rest of the network as and example of INTRANET zone, Extranet zone, and Internet

Question 53

Scanners

Answer 53

hardware or software tools that enable you to interrogate devices and networks for information. Like a port scanners that scans info on ports and vulnurability scanners to find weak points in a system

Question 54

Packet Sniffers

Answer 54

a tool that can intercept traffic on a network and see if you were intended to recieve it or not

Question 55

Honeypot

Answer 55

are bait as a fake vulnerability where attackers are tricked to think that thst they are attacked the real thing but instead they are being monitored and observed on how they carry attacks and learn on how they think

Question 56

Operating system hardening

Answer 56

reducing every way vulnerabilites can be exposed to attackers by, uninstalling software not being used, closing ports that arn’t used, adding anti virus software, perform updates, adding principle of least privledge, turn on logging and auditing

Question 57

Buffer Overflow

Answer 57

when you put in ore data that the application is expecting, example you put in 10 digits when the app only requires 8 digits in the field

Question 58

Jailbreaking

Answer 58

modifying and removing restrictions on a device bypass security features

Question 59

Authentication attacks

Answer 59

attacks tha attempt to gain access to resouces without the proper credentials to do so

Question 60

Authorization attacks

Answer 60

attack to gain access to resources without the proper authorization to do so

Question 61

Client side attacks

Answer 61

attacks that take advantage of weaknesses on software loaded users clients or social enginering on clients

Question 62

Server side attacks

Answer 62

vulnerabilities on the server side of transactions, web server, software and its version, scripting languages

Question 63

Arbitrary code exection

Answer 63

attackers have the ability to execute commands on a system they choose without restriction they are able to do this because of secuirty flaws in scripting languages

Question 64

Priviledge Escalation

Answer 64

attacks that increase the level of access of what you are authorized, to gain higher access control to carry out attacks on a higher level

Question 65

Black Box

Answer 65

penetration texting where the tester has no knowledge environment or entity

Question 66

Grey Box

Answer 66

penetration testing where the tester has some insider knowledge of the environment but not everything

Question 67

White box

Answer 67

penetration testing where the tester has all insider knowledge of the environment

Question 68

Bug bounty programs

Answer 68

an organizations offers rewards to individuals who find vulnertbilities in their resouces, depending on severtiy of the bug they will get compensated with monetary value or other ways