Lesson 2 Flashcards

1
Q

True or False: Cyberattacks may be conducted by criminals, but also by states for industrial espionage, for economic damage to apply pressure, or to inflict real damage to infrastructure as an act of war

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or False: Our protection level is still considered largely insufficient compared to the risks and potential damages

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This is the protection of computer systems from the damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide

A

Computer Security or Cybersecurity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Duplicating and exchanging data and code is a fast process with zero cost. Hence, an attack or malware launched by a single person can spread worldwide, at a large-scale, in less than an hour.

Q: What idea is being implied?

A

Digital information is immaterial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

this is concerned with the absence of misbehavior, both in normal and exceptional situations, but still in a neutral environment when no one is trying to intentionally attack the system.

A

software safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A single bit flip may introduce a critical failure and turn a perfectly working system into a malfunctioning one. Digital information ignores borders, and may even play with contradictions between the legislations of different countries.

Q: What idea is being implied?

A

Digital information is discrete nature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

this aims for the absence of misbehavior in an adversarial environment, where an attacker intentionally tries to misuse a system

A

software security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

this can be approached by modeling the environment. this requires us to keep up-to-date with attackers’ progress in all areas

A

security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

this refers to accidental threats, due to internal misbehaviors or non-intentional misuse of the system; this deals with fault-tolerance

A

safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

this refers to intentional threats; it deals with resistance to attacks

A

security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

security or safety: car crashing because of a software specification or an implementation bug

A

safety issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

security or safety: a car crashes because an attacker took remote control of the vehicle

A

security issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

this is a malware designed to hijack Internet of Things (IoT) devices and turn them into remotely controlled “bots” capable of launching distributed denial of service (DDoS) attacks.

A

Mirai Botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

this ransomware attack was a global epidemic on may 2017. this spread through computers operating microsoft windows. user’s files were held hostage, and a bitcoin ransom was demanded for their return.

A

wannacry ransomware attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what was attacked in the case of wannacry ransomware?

A

windows server message block (smb) protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False: Education is essential to security

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True or False: The security of a system is always limited by that of its weakest component

A

True

16
Q

True or False: Security and privacy are closely related

A

True, It is essential that security and privacy be considered
together at the design stage so that, for instance, malicious intrusions do not put data at risk.

16
Q

True or False: Large, complex systems cannot be totally validated through human inspection

A

True, automatic verification tools are needed to find security protocol
flaws as well as implementation flaws.

17
Q

What malware quickly followed WannaCry in June 2017, which disguised itself as ransomware in order to muddy attribution and potentially to delay investigation

A

NotPetya, a state-sponsored malware

18
Q

True or False: Zero risk cannot exist

A

True

19
Q

what is the CIA triad?

A

confidentiality, integrity, and availability

20
Q

True or False: The early detection and mitigation of attacks is as important as the attempt to reduce the risk of successful attacks

A

True

21
Q

True or False: Security comes at a cost

A

True

22
Q

this is the assurance that information is disclosed only to authorized persons, entities, or processes

A

confidentiality

23
Q

assurance that the system or information are modified only by a voluntary and legitimate action

A

integrity

24
Q

assurance that a system or information is accessible in a timely manner to those who need to use it

A

availability

25
Q

assurance that a message is from the source it claims to be from

A

authenticity

26
Q

defined as the right of individuals, groups, institutions to determine how and to what extent information about them is communicated to others

A

privacy

26
Q

ability for individuals to control their personal data and decide what to reveal to whom and under what conditions

A

privacy

27
Q

confidentiality of the identity the user or entity; this aims at hiding who performs some action

A

anonymity

28
Q

a set of rules that specify how sensitive and critical resources are protected

A

security policy

29
Q

defined as the ability of a system to return to its original state after an attack; capacity of a system to deliver its services continuously, even while under attack

A

resilience

30
Q

this involves precisely defining which entity may access what information and in which way: permissions, prohibitions, or obligations to read or write information are to be defined; so-called security policy

A

prevention

31
Q

this can take place before the definition of a policy

A

prevention

32
Q

detecting early source and binary code vulnerabilities that could be exploited to violate the security properties

A

security by design principle

33
Q

proving that a given property is guaranteed by the software

A

formally proved security

33
Q

this refers to the capacity to tolerate attacks; ability for a computer system to deliver the intended outcome despite adverse cyber events

A

cyber-resilience

34
Q

this policy is concretely enforced through these security services:
- entity identification and authentication
- control of access to information
- control of information flows
- detection of attempts to exploit potential vulnerabilities of the system
- response to these attempts

A

security policy

35
Q

this deals with hazardous hardware failures or software bugs

A

fault-tolerance

36
Q

what is the basic principle of cyber-resilience?

A

replication of data and backups in the context of a distributed system to avoid a single point of failure