uni cyber security

Question 1

Security Controls - Directive

Answer 1

Encourages users to adopt less risky behaviours. Security training, codes of conduct. Punishment to discourage hacking etc.

Question 2

Security Control - Preventative

Answer 2

Stopping risky actions. Requiring passwords, locked doors. Prevent unauthorized access.

Question 3

What is an attack vector

Answer 3

The means by which a threat actor gains access to a system. Could be malware, phishing, social engineering.

Question 4

Security Control - Compensating / alternative

Answer 4

Implemented in place of those security controls that are too difficult or impractical to implement.

Question 5

Security Control - Detective

Answer 5

Identify an attack. Monitor unsuccessful login attempts.

Question 6

Security Control - Corrective

Answer 6

Minimise risk when it occurs. Backup power supply ect.

Question 7

Security Control - Recovery

Answer 7

Attempt to recover after an incident. Backups to restore data.

Question 8

Security Control Considerations

Answer 8

1, Are they appropriate?
2, Implemented correctly?
3, Are processes in place to determine if controls are effective?
4, Have they introduced new vulnerabilities?

Question 9

Legislation that requires organisations to protect data at all times.

Answer 9

Data Protection Act 2018

Question 10

NCSC stands for

Answer 10

National Cyber Security Centre

Question 11

Reduce the risk of legacy systems by…

Answer 11

1, Regularly erasing and rebuilding obsolete systems to remove any malicious software.
2, Treating obsolete systems as unmanaged or untrusted – such systems should have only very limited access to other systems. Should not store sensitive information.
3, Intensive monitoring and logging.

Question 12

When systems are completely isolated from the outside world, this is called….

Answer 12

Air-gapping

Question 13

What is an attack vector?

Answer 13

An attack vector is a pathway or method used by a hacker to illegally access a network or computer in an attempt to exploit system vulnerabilities

Question 14

What does the acronym AAA stand for?

Answer 14

Authentication, Authorization, Accounting

Question 15

Possible techniques to ensure confidentiality

Answer 15

Cryptography, access control

Question 16

What is non-repudiation

Answer 16

In general, non-repudiation is agreeing to adhere to an obligation. In the context of cyber security, it refers to a property that a sender of a message cannot deny that the message was originated by them.

Question 17

Interception

Answer 17

Stopping something or someone from reaching the intended destination

Question 18

Attack vector - Interception

Answer 18

The threat actor intercepts and then modifies the information. This is a breach of integrity.

Question 19

Attack vector - Interruption

Answer 19

The threat actor interrupts the transfer of data. Breaches integrity and availability.

Question 20

Attack vector - Replay

Answer 20

Threat actor sends the same message again to try to solicit a response from the receiver.

Question 21

Attack vector - Fabrication

Answer 21

The threat actor fabricates a message after observing message exchanges.

Question 22

Attack vector - Interception- What part of CIA is breached?

Answer 22

Confidentiality

Question 23

Attack vector - Modification - What part of CIA is breached?

Answer 23

Confidentiality, integrity

Question 24

Attack vector - Interruption - What part of CIA is breached?

Answer 24

Integrity and availability. Confidentiality may also be breached.

Question 25

Attack vector - replay - What part of CIA is breached?

Answer 25

Integrity and confidentiality - possibly a breach of availability

Question 26

Attack vector - fabrication - What part of CIA is breached?

Answer 26

Integrity and confidentiality