Week 1

Question 1

What is Computer Security?

Answer 1

Measures and controls that ensure confidentiality, integrity, and availability of information system assets.

Question 2

Name the 5 Computer Security Requirements (AACIA)

Answer 2

1_  Accountability
2_ Availability
3_ Confidentiality
4_ Integrity
5_ Authenticity

Question 3

List 3 levels of impact on computer security breach

Answer 3

1_ Low
2_ Moderate
3_ High

Question 4

Describe 3 challenges of computer security

Answer 4

1_ Computer security is not as simple as it might first appear to the novice.
2_ Attackers only need to find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security.
3_ Security requires regular and constant monitoring

Question 5

What is an Adversary?

Answer 5

An entity that has the intent to conduct detrimental activities.

Question 6

What is an Attack?

Answer 6

Any malicious activity that attempts to destroy information system resources.

Question 7

What is a Countermeasure?

Answer 7

A device or techniques that has as its objective the impairment of adversarial activity.

Question 8

What is a Risk?

Answer 8

A measure of the extent to which an entity is threatened.

Question 9

What is a Security Policy?

Answer 9

A set of criteria for the provision of security services.

Question 10

What is a System Resource (Asset)?

Answer 10

A logically related group of systems.

Question 11

What is a Threat?

Answer 11

Any circumstance or event with the potential to adversely impact organisational operations.

Question 12

What is Vulnerability?

Answer 12

Weakness in an information system that could be exploited by a threat source.

Question 13

List the hierarchy of assets of a computer system.

Answer 13

• > Hardware
• -> Software
• –> Data (raw facts and figures)
• —> Communication facilities and networks

Question 14

What are the 3 categories of vulnerabilities?

Answer 14

1- Corrupted (loss of integrity)
2- Leaky (loss of confidentiality)
3- Very slow (loss of availability)

Question 15

What are the 2 types of threats?

Answer 15

1- Exploit vulnerabilities

2- Harm to assets

Question 16

What are the 4 types Attacks?

Answer 16

1- Passive (Attempts to make use of info but wont affect the system)
2- Active (Attempts to affect the system)
3- Insider
4- Outsider

Question 17

What are the 4 types of Threat Consequences and list two attacks that may have caused them?

Answer 17

1- Unauthorised disclosure (e.g. Exposure, Interception)
2- Deception (e.g. Masquerade, Falsification)
3- Disruption (e.g. Corruption, Obstruction)
4- Usurpation (e.g. Misuse, Misappropriation)

Question 18

List 3 Countermeasures

Answer 18

1_ Incident response
2_ Access Control
3_ Audit and accountability

Question 19

List 3 Security design principles

Answer 19

• Encapsulation
• Separation of privileges
• Layering

Question 20

What is an attack surface?

Answer 20

A reachable and exploitable vulnerability in a system

Question 21

List the 3 Attack Surface types

Answer 21

• Network Attack surfaces
• Software Attack surfaces
• Human Attack surfaces

Question 22

What is an attack tree?

Answer 22

A hierarchical data structure that represents a set of

techniques for exploiting security vulnerabilities.

Question 23

What are the 4 Computer Security strategies?

Answer 23

1) Security policy
2) Security implementation
3) Assurance
4) Evaluation

Question 24

What is Malware?

Answer 24

A program that is inserted into a system with the intent of compromising the confidentiality, integrity, or availability of the victim’s data

Question 25

What are the 2 categories malware is split into?

Answer 25

1- How it spreads to desired targets (propagation)

2- How it performs once a target is reached (payload)

Question 26

What is an Attack Kit?

Answer 26

The deployment and development of malware by skilled software authors. E.g. Angler, Zeus

Question 27

Name 3 Attack Sources

Answer 27

• Politics
• Criminals
• Government agencies

Question 28

What is an Advanced Persistent Threat (APT)? Give two examples of APTs

Answer 28

Well-resourced, persistent application of malware to selected targets. E.g. Social engineering, spear phishing emails

Question 29

What is a Virus?

Answer 29

A piece of software that infects programs

Question 30

What are the Virus components?

Answer 30

• Infection mechanism
• Trigger
• Payload

Question 31

What are the phases of a Virus?

Answer 31

1 Dormant phase
2 Triggering phase
3 Propagation phase
4 Execution phase

Question 32

What is a Macro virus?

Answer 32

A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.

Question 33

List 3 virus target categories

Answer 33

• Boot sector infector
• File infector
• Macro virus

Question 34

List 3 virus concealment strategies

Answer 34

• Encrypted virus
• Polymorphic virus
• Stealth virus