InfoSec_Deck-0.11959936320610942

Question 1

Elements of Information Security

Answer 1

Confidentiality, Integrity, Availability, Authenticity, Non-repudiation

Question 2

What is confidentiality in information security?

Answer 2

Confidentiality is the assurance that information is accessible only to authorized individuals.

Question 3

How can confidentiality be maintained?

Answer 3

Through data classification, data encryption, and proper disposal of equipment.

Question 4

What is integrity in information security?

Answer 4

Integrity is the trustworthiness of data or resources, ensuring they are not improperly or unauthorizedly changed.

Question 5

How can integrity be maintained?

Answer 5

Using checksums and access control.

Question 6

What is availability in information security?

Answer 6

Availability is the assurance that systems are accessible when required by authorized users.

Question 7

How can availability be maintained?

Answer 7

Using redundant systems, antivirus software, and DDoS prevention.

Question 8

What is authenticity in information security?

Answer 8

Authenticity ensures that communication or data is genuine and uncorrupted.

Question 9

How can authenticity be ensured?

Answer 9

Using biometrics, smart cards, and digital certificates.

Question 10

What is non-repudiation in information security?

Answer 10

Non-repudiation guarantees that a message’s sender cannot deny having sent the message.

Question 11

How is non-repudiation ensured?

Answer 11

Using digital signatures.

Question 12

What motivates attackers in information security?

Answer 12

Disrupt business continuity, perform information theft, manipulate data, create fear, and more.

Question 13

How are information security attacks classified?

Answer 13

Passive, active, close-in, insider, and distribution.

Question 14

What is a passive attack?

Answer 14

Passive attacks involve intercepting and monitoring network traffic without tampering with data.

Question 15

Examples of passive attacks?

Answer 15

Footprinting, sniffing, network traffic analysis.

Question 16

What is an active attack?

Answer 16

Active attacks tamper with data in transit or disrupt communication to break into secured systems.

Question 17

Examples of active attacks?

Answer 17

DoS attacks, malware attacks, spoofing, and more.

Question 18

What are close-in attacks?

Answer 18

Close-in attacks are performed when the attacker is physically close to the target system.

Question 19

Examples of close-in attacks?

Answer 19

Social engineering, eavesdropping, shoulder surfing.

Question 20

What are insider attacks?

Answer 20

Insider attacks are performed by trusted individuals with physical access to critical assets.

Question 21

Examples of insider attacks?

Answer 21

Data theft, eavesdropping, social engineering.

Question 22

What are distribution attacks?

Answer 22

Distribution attacks occur when attackers tamper with hardware or software before installation.

Question 23

Examples of distribution attacks?

Answer 23

Planting backdoors during production or distribution.

Question 24

What is information warfare?

Answer 24

The use of ICT for competitive advantages over an opponent.

Question 25

What are some forms of information warfare?

Answer 25

Command and control warfare, intelligence-based warfare, electronic warfare, and more.

Question 26

What is the CEH hacking methodology?

Answer 26

A step-by-step process followed by ethical hackers to perform hacking.

Question 27

What is footprinting in hacking?

Answer 27

Footprinting involves gathering information about a target to identify vulnerabilities.

Question 28

What is scanning in hacking?

Answer 28

Scanning identifies active hosts and open ports in the target network.

Question 29

What is enumeration in hacking?

Answer 29

Enumeration involves making active connections to a target system to gather information.

Question 30

What is vulnerability analysis?

Answer 30

The examination of a system's ability to withstand assault by identifying security vulnerabilities.

Question 31

What is the cyber kill chain methodology?

Answer 31

A framework for identifying and preventing malicious intrusion activities.

Question 32

What is reconnaissance in the cyber kill chain?

Answer 32

The adversary collects information about the target to probe for weak points.

Question 33

What is weaponization in the cyber kill chain?

Answer 33

The adversary creates a tailored malicious payload based on identified vulnerabilities.

Question 34

What is delivery in the cyber kill chain?

Answer 34

The transmission of the malicious payload to the intended victim.

Question 35

What is exploitation in the cyber kill chain?

Answer 35

The malicious code exploits a vulnerability in the target system.

Question 36

What is installation in the cyber kill chain?

Answer 36

The adversary installs malicious software on the target system to maintain access.

Question 37

What is command and control in the cyber kill chain?

Answer 37

The adversary establishes a communication channel with the victim's system.

Question 38

What are tactics in TTPs?

Answer 38

Tactics describe the way an attacker performs their attack from beginning to end.

Question 39

What are techniques in TTPs?

Answer 39

Techniques are the methods used by an attacker to achieve intermediate results during an attack.

Question 40

What are procedures in TTPs?

Answer 40

Procedures involve the sequence of actions performed by the threat actors to execute different steps of an attack.