PRELIM

Question 1

___ is the most concerned matter as cyber threats and attacks are overgrowing.

Answer 1

Cyber security

Question 2

Measures taken to protect a computer or computer system (on the internet) against unauthorized access or attack?

Answer 2

Cyber security

Question 3

Sending emails that appear to be from legitimate companies requesting personal information.

Answer 3

Phishing

Question 4

An interruption in an authorized user’s access to a computer network, typically one caused with MALICIOUS INTENT.

Answer 4

DoS or Denial-of-Service

Question 5

Any type of malicious software is designed to harm or exploit any programmable device, service or network.

Answer 5

Malware

Question 6

_____ is a method of gaining unauthorized access to a network or computer system.

Answer 6

Hacking

Question 7

An individual who intends to gain unauthorized access to a network or computer system.

Answer 7

Hacker

Question 8

The entirety of potential and identified cyberthreats affecting a particular sector, group of users, time period, and so forth.

Answer 8

Threat landscape

Question 9

Give two examples of Treat landscape

Answer 9

• ENISA (European Union Agency for Network and Information Security)
• NIST (National Institute of Standards and Technology)

Question 10

____ defined as the collection of threats that are observed, information about threat agents, and the current trends of threats

Answer 10

Threat landscape

Question 11

___ are security incidents or circumstances with the potential to have a negative outcome for your network or other data management systems.

Answer 11

Cyber threats

Question 12

The three categories under cyber threats

Answer 12

• Intentional threats
• Unintentional threats
• Natural threats

Question 13

___ are the gaps or WEAKNESSES in a SYSTEM that MAKE threats possible and tempt threat actors to EXPLOIT them.

Answer 13

Vulnerabilities

Question 14

___ is the POTENTIAL for LOSS, damage or destruction of assets or data caused by a cyber threat.

Answer 14

Risk

Question 15

___ is a process that magnifies the likelihood of a negative event, such as the exploit of a vulnerability.

Answer 15

Threat

Question 16

____ is a weakness in your infrastructure, networks or applications that potentially exposes you to threats

Answer 16

Vulnerability

Question 17

____ makes sure that only authorized personnel are given access or permission to modify data

Answer 17

Confidentiality

Question 18

___ helps maintain the trustworthiness of data by having it in the correct state and immune to any improper modifications

Answer 18

Integrity

Question 19

____ means that the authorized users should be able to access data whenever required

Answer 19

Availability

Question 20

Pros of the CIA triad

Answer 20

• Simplicity
• Balanced
• Open-ended

Question 21

Cons of the CIA triad

Answer 21

• Limited
• Lack of specificity
• Not holistic

Question 22

Threat probability is multiplied by the POTENSIAL LOSS that may result, cyber security experts, refer to this as a ___

Answer 22

Risk

Question 23

Five common types of cyber attacks

Answer 23

• DoS and DDoS
• Malware
• Man-in-the-middle (MITM)
• Phishing
• SQL Injection

Question 24

OTHER type of cyber attacks

Answer 24

• DNS Spoofing
• Session Hijacking
• Brute force
• Dictionary attacks
• URL Interpretation
• File Inclusion attacks

Question 25

____ stands for "Malicious Software"

Answer 25

Malware

Question 26

___ it is designed to gain access or be installed into the computer without the consent of the user

Answer 26

Malware

Question 27

Types of Malware

Answer 27

- Adware - Spyware - Browser hijacking software - Virus - Worms - Trojan Horse - Scareware

Question 28

It represents threats that are result of a harmful decision. For example computer crimes, or when someone purposely damages property or information. Computer crimes include espionage, identity theft, child pornography, and credit card crime.

Answer 28

Intentional threats

Question 29

_____are acts performed without malicious intent that nevertheless represent a serious threat to information security. _____are often attributed to human error.

Answer 29

Unintentional threats

Question 30

While acts of nature aren’t typically associated with cybersecurity, they are unpredictable and have the potential to damage your assets.

Answer 30

Natural threats

Question 31

When AUTHENTICATION credentials are compromised, user sessions and identities can be hijacked by malicious actors to pose as the original user.

Answer 31

Broken Authentication

Question 32

to gain access to database content via malicious code injection

Answer 32

SQL Injection

Question 33

also injects malicious code into a website. targets website users

Answer 33

Cross-Site Scripting

Question 34

to trick an authenticated user into performing an action that they DO NOT intend to do

Answer 34

Cross-Site Request Forgery

Question 35

Any component of a security system that can be leveraged by attackers due to a configuration error can be considered a __________

Answer 35

Security Misconfiguration

Question 36

Five most common examples of Security Vulnerabilities

Answer 36

- Broken Authentication - SQL Injection - Cross-Site Scripting - Cross-Site Request Forgery - Security Misconfiguration

Question 37

is “an attack initiated from a computer against a website, computer system or individual computer ... that compromises the confidentiality, integrity or availability of the computer or information stored on it.

Answer 37

Cyber Attack

Question 38

The seven layers of cyber security

Answer 38

- Mission Critical Assets - Data Layer - Application Layer - End Point Layer - Network Layer - Perimeter Layer - Human Layer

Question 39

___is designed to stop your networks from working. They can’t pull the plug on your systems, so instead they bombard them with requests and data.

Answer 39

denial-of-service attack

Question 40

Once inside your system, malware can do some or all of the following: Block access to key components of your network Covertly obtain information by transmitting data out of your network Disrupt components and render your system inoperable

Answer 40

Malware

Question 41

___ occur when attackers insert themselves into a data transaction. Between you and your online bank, for example. Once the attacker interrupts the traffic, they can filter and steal data.

Answer 41

Man-in-the-middle (MitM) attacks

Question 42

comes from the word “fishing” and deploys the same tactics. Using the right kind of bait, an unsuspecting target can be caught.

Answer 42

Phishing

Question 43

An attacker can force a server to reveal information you would rather have safe by injecting queries using __________

Answer 43

Structured Query Language (SQL)

Question 44

____ can go on for a lOng periOd of time without being detected and can cause serious security issues

Answer 44

DNS Spoofing

Question 45

It is a security attack on a user SESSION over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data

Answer 45

Session Hijacking

Question 46

It is a type of attack which uses a trial-and-error method. This attack generates a large number of guesses and validates them to obtain actual data like user passwords and personal identification numbers. This attack may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.

Answer 46

Brute force

Question 47

This type of attack stored the LIST of a commonly used passwords and validated them to get original password

Answer 47

Dictionary attacks

Question 48

It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse.

Answer 48

URL Interpretation

Question 49

It is a type of attack that allows an attacker to access unauthorized or ESSENTIAL files which is available on the web server or to execute malicious files on the web server by making use of the include functionality.

Answer 49

File Inclusion attacks

Question 50

It is a special type of malware which is used for forced ADvertising.

Answer 50

Adware

Question 51

It is a special type of which is installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine.

Answer 51

Spyware

Question 52

There is some malicious software which are downloaded along with the free software offered over the internet and installed in the host computer without the knowledge of the user. This software modifies the browsers setting and redirect links to other unintentional sites.

Answer 52

Browser hijacking software

Question 53

___ is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc.

Answer 53

Virus

Question 54

They are a class of viruses which can REPLICATE themselves.

Answer 54

Worms

Question 55

____is a malicious code that is installed in the HOST machine by pretending to be useful software. The user clicks on the link or download the file which pretends to be a useful file or software from legitimate source.

Answer 55

Trojan Horse

Question 56

While surfing the Internet, suddenly a pop-up alert | appears in the screen which warns the presence of dangerous virus, spywares, etc.

Answer 56

Scareware

Question 57

Operational cyber security risks arise from | Three types of actions

Answer 57

1. Inadvertent actions 2. Deliberate actions 3. Inaction actions

Question 58

Three categories of motivation when deliberate

Answer 58

1. Political motivations 2. Economic motivations 3. Socio-cultural motivations

Question 59

Categories of Attacks

Answer 59

- Active | - Passive

Question 60

____are a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target

Answer 60

Active attacks

Question 61

Types of Active attacks

Answer 61

- Masquerade - Session replay - Message modification

Question 62

_____ are relatively scarce from a classification perspective, but can be carried out with relative ease, particularly if the traffic is not encrypted

Answer 62

Passive attacks

Question 63

Types of PassivE aTtackS

Answer 63

- Eavesdropping (tapping) - Traffic analysis - Software Attacks

Question 64

Decide which of the CIA | Alice and Bob are students. Alice copies Bob’s homework.

Answer 64

Confidentiality

Question 65

Decide which of the CIA Alice and Bob play computer games. Right as Alice is about to slay Bob's character with a +10 spell, Bob yanks her Ethernet cable.

Answer 65

Availability

Question 66

Decide which of the CIA Alice writes a private note in her diary and then locks it. Unfortunately, Bob finds the key and is able to open Alice's diary and read her private note.

Answer 66

Confidentiality

Question 67

Decide which of the CIA Bob sends Alice a check for $10. She then adds a "0" to the amount so now Bob has sent Alice a check for $100.

Answer 67

Integrity

Question 68

Decide which of the CIA Alice has online homework due at 2:00 PM and she is rushing to finish it. Right before she is about to submit, her power cuts out and Alice is no longer able to submit her homework by the due date.

Answer 68

Availability