Lesson 2

Question 1

True or False: Cyberattacks may be conducted by criminals, but also by states for industrial espionage, for economic damage to apply pressure, or to inflict real damage to infrastructure as an act of war

Answer 1

True

Question 2

True or False: Our protection level is still considered largely insufficient compared to the risks and potential damages

Answer 2

True

Question 3

This is the protection of computer systems from the damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide

Answer 3

Computer Security or Cybersecurity

Question 4

Duplicating and exchanging data and code is a fast process with zero cost. Hence, an attack or malware launched by a single person can spread worldwide, at a large-scale, in less than an hour.

Q: What idea is being implied?

Answer 4

Digital information is immaterial

Question 5

A single bit flip may introduce a critical failure and turn a perfectly working system into a malfunctioning one. Digital information ignores borders, and may even play with contradictions between the legislations of different countries.

Q: What idea is being implied?

Answer 5

Digital information is discrete in nature

Question 6

this is concerned with the absence of misbehavior, both in normal and exceptional situations, but still in a neutral environment when no one is trying to intentionally attack the system.

Answer 6

software safety

Question 7

this aims for the absence of misbehavior in an adversarial environment, where an attacker intentionally tries to misuse a system

Answer 7

software security

Question 8

this can be approached by modeling the environment. this requires us to keep up-to-date with attackers’ progress in all areas

Answer 8

security

Question 9

this refers to accidental threats, due to internal misbehaviors or non-intentional misuse of the system; this deals with fault-tolerance

Answer 9

safety

Question 10

this refers to intentional threats; it deals with resistance to attacks

Answer 10

security

Question 11

security or safety: car crashing because of a software specification or an implementation bug

Answer 11

safety issue

Question 12

security or safety: a car crashes because an attacker took remote control of the vehicle

Answer 12

security issue

Question 13

this ransomware attack was a global epidemic on may 2017. this spread through computers operating microsoft windows. user’s files were held hostage, and a bitcoin ransom was demanded for their return.

Answer 13

wannacry ransomware attack

Question 14

this is a malware designed to hijack Internet of Things (IoT) devices and turn them into remotely controlled “bots” capable of launching distributed denial of service (DDoS) attacks.

Answer 14

Mirai Botnet

Question 15

True or False: Education is essential to security

Answer 15

True

Question 16

True or False: The security of a system is always limited by that of its weakest component

Answer 16

True

Question 17

what was attacked in the case of wannacry ransomware?

Answer 17

windows server message block (smb) protocol

Question 18

True or False: Large, complex systems cannot be totally validated through human inspection

Answer 18

True, automatic verification tools are needed to find security protocol
flaws as well as implementation flaws.

Question 19

True or False: Security and privacy are closely related

Answer 19

True, It is essential that security and privacy be considered
together at the design stage so that, for instance, malicious intrusions do not
put data at risk.

Question 20

What malware quickly followed WannaCry in June 2017, which disguised itself as ransomware in order to muddy attribution and potentially to delay investigation

Answer 20

NotPetya, a state-sponsored malware

Question 21

True or False: Zero risk cannot exist

Answer 21

True

Question 22

True or False: The early detection and mitigation of attacks is as important as the attempt to reduce the risk of successful attacks

Answer 22

True

Question 23

True or False: Security comes at a cost

Answer 23

True

Question 24

what is the CIA triad?

Answer 24

confidentiality, integrity, and availability

Question 25

this is the assurance that information is disclosed only to authorized persons, entities, or processes

Answer 25

confidentiality

Question 26

assurance that the system or information are modified only by a voluntary and legitimate action

Answer 26

integrity

Question 27

assurance that a system or information is accessible in a timely manner to those who need to use it

Answer 27

availability

Question 28

assurance that a message is from the source it claims to be from

Answer 28

authenticity

Question 29

ability for individuals to control their personal data and decide what to reveal to whom and under what conditions

Answer 29

privacy

Question 30

defined as the right of individuals, groups, institutions to determine how and to what extent information about them is communicated to others

Answer 30

privacy

Question 31

confidentiality of the identity the user or entity; this aims at hiding who performs some action

Answer 31

anonymity

Question 32

a set of rules that specify how sensitive and critical resources are protected

Answer 32

security policy

Question 33

defined as the ability of a system to return to its original state after an attack; capacity of a system to deliver its services continuously, even while under attack

Answer 33

resilience

Question 34

this involves precisely defining which entity may access what information and in which way: permissions, prohibitions, or obligations to read or write information are to be defined; so-called security policy

Answer 34

prevention

Question 35

this can take place before the definition of a policy

Answer 35

prevention

Question 36

detecting early source and binary code vulnerabilities that could be exploited to violate the security properties

Answer 36

security by design principle

Question 37

proving that a given property is guaranteed by the software

Answer 37

formally proved security

Question 38

this refers to the capacity to tolerate attacks; ability for a computer system to deliver the intended outcome despite adverse cyber events

Answer 38

cyber-resilience

Question 39

this policy is concretely enforced through these security services:
- entity identification and authentication
- control of access to information
- control of information flows
- detection of attempts to exploit potential vulnerabilities of the system
- response to these attempts

Answer 39

security policy

Question 40

this deals with hazardous hardware failures or software bugs

Answer 40

fault-tolerance

Question 41

what is the basic principle of cyber-resilience?

Answer 41

replication of data and backups in the context of a distributed system to avoid a single point of failure