Computer & IW Fundamental Term II Quiz

Questions and Answers

If the time stamp and the current time are within ______ minutes of each other, then the Kerberos Authentication Server Request is assumed to be valid.

5 (correct)

15

20

10

What is basic troubleshooting of domain PC?

Basic troubleshooting of a domain PC involves identifying and resolving common issues that prevent users from successfully logging in, often caused by problems with the system clock, DNS servers, or user authentication.

CII stands for:

Critical Information Internet

Critical Information Infrastructure (correct)

Control Internet Infrastructure

Control Information Infrastructure

Security Policy describes a common set of practices, based on international standards and allows in the protection of government assets.

Security Policy

Why do we need information security?

Information security is crucial because it protects valuable data and systems from unauthorized access, modification, destruction, or disruption of services. This ensures the confidentiality, integrity, and availability of essential information and resources.

What is Critical Information infrastructure?

Critical Information Infrastructure (CII) refers to physical or virtual information systems that control, process, transmit, receive, or store electronic data. It is considered crucial to the functioning of essential services and infrastructure. Examples of CII include national energy grids, transportation networks, and communication systems.

Explain CIA triad in brief?

The CIA Triad is a foundational concept in information security, comprised of Confidentiality, Integrity, and Availability. Confidentiality protects sensitive data from unauthorized disclosure. Integrity ensures that information remains accurate and unaltered. Availability ensures that information is accessible to authorized users when needed. The CIA Triad is a fundamental framework for designing security controls and policies.

Write some example of vulnerability?

Examples of vulnerabilities include weak passwords, outdated software without security updates, unsecured network configurations, inadequate physical security measures, lack of proper user training, and social engineering tactics that exploit human trust.

Write points for information security breaches?

Information security breaches can occur due to various actions, including unauthorized access to data, disclosure of sensitive information, data tampering, destruction or interference with computing systems, system outages or failures, and denial of service.

Write general IT policies?

General IT policies encompass a comprehensive set of guidelines and regulations to ensure the secure and efficient operation of IT systems, networks, user access, and data security. They often include policies on password management, virus protection, data backups, incident response, network access, and user behavior within the IT environment.

What is Cyberspace?

Cyberspace refers to the virtual, interconnected realm where electronic systems, networks, and individuals interact through digital communication channels. It encompasses the internet, intranets, wireless networks, and various digital platforms. Cyberspace transcends physical boundaries.

What is attack methodology analysis (AMA)?

Attack Methodology Analysis (AMA) is a structured approach for identifying vulnerabilities in computer-based systems and networks. It involves assessing potential attack vectors, mapping existing exploits, and analyzing the gap between security capabilities and accessible exploit technology. AMA helps organizations better understand threat actors and their tactics, enhancing security measures.

Explain social media?

Social media encompasses a wide variety of online platforms where people connect and share content. These platforms allow users to interact through profiles, news feeds, messages, photos, and videos. Common examples include Facebook, Twitter, Instagram, and YouTube. Social media platforms facilitate communication, information sharing, entertainment, and community building.

Write name of probable cyber weapons?

Examples of cyber weapons include: (a) Duqu, a sophisticated malware designed for espionage, (b) Flame, a highly sophisticated malware that targets specific systems, (c) Great Cannon, a tool used for network censorship and cyberattack, and (d) Stuxnet, a malware that targeted specific industrial systems. Cyber weapons are designed for military, paramilitary, or intelligence objectives.

What is physical security of IT assets?

Physical security of IT assets encompasses protecting valuable hardware, software, and data centers from unauthorized access and physical harm. This includes measures like secure server rooms, access control systems, surveillance cameras, environmental monitoring, and securing network infrastructure.

Briefly explain physical controls?

Physical controls are tangible measures to protect IT assets, such as doors, locks, fences, security guards, surveillance systems, environmental systems, and fire suppression systems. They implement physical barriers and security measures to prevent unauthorized access.

Explain categories of access controls?

Access controls categorize various security measures to regulate access to IT systems and sensitive data. Categories commonly include: Directive (defining acceptable rules), Deterrent (discouraging unauthorized actions), Preventive (blocking security breaches), Compensating (providing alternative security measures), Detective (detecting security incidents), Corrective (remediating breaches), Recovery (restoring normal operations after incidents).

What is personnel security?

Personnel security focuses on managing the risk of employees or contractors abusing their access privileges to compromise organizational security. It includes processes for selecting trustworthy personnel, conducting background checks, training on security policies, monitoring employee behavior, and implementing proper termination procedures.

Briefly explain core categories of personnel security?

Core categories of personnel security include: Screening (verifying employee credentials), Contracts (legal agreements to protect interests), Security Policy Acknowledgement (ensuring employees understand security policies), Security Education (training on information security principles), Monitoring (tracking employee actions), and Termination Procedures (managing employee departures).

Study Notes

Computer & IW Fundamental (Common Subject for 48 Weeks TPT)

• Course offered by Communication Training Institute
• Duration: 48 weeks
• Term: II (IPT/Term II)
• Date: June 2021
• Authority: Air HQ /18910/4/Trg (G-II) BM-II Dated 15 Jun 21
• Compiled by: Sgt N Rajashekhar
• Edited by: WO D Singh
• Edited on: Jun 21
• Checked by: Sqn Ldr RS Girish

Contents

• Chap No. 1: Troubleshooting of IAF Domain (PC) - 4 periods
• Chap No. 2: Cyber Security - 3 periods
• Chap No. 3: Cyber Threat - 3 periods
• Chap No. 4: Defensive Cyber Security - 3 periods
• Chap No. 5: Cyber Security in IAF - 5 periods
• Chap No. 6: Vayusenix - 1 period
• Chap No. 7: Introduction to i-Keys - 1 period
• Chap No. 8: Computer Typing-II - 4 periods

Basic Troubleshooting of Domain PC

• Logging into a computer is a routine task
• PC logon failures can be caused by various reasons
• System Clock: A workstation's clock can cause a logon failure if the clock is more than five minutes different from the domain controllers' time.
• The workstation sends a request to the Key Distribution Server with user ID, service requested, and an encrypted authenticator (using the user's master key)
• When the server receives the request, it validates the time stamp
• If the time difference is more than five minutes, the login fails.
• DNS server failure can prevent logon access if domain controllers are functional.

Cyber Security

• Computer security (cyber security) protects information systems from theft, damage, disruption, or misdirection.
• It includes controlling physical access, network access, data and code injection, and malpractice by operators.
• It is important due to increased reliance on computers and smart devices (like smartphones, internet and wireless networks like Bluetooth and Wi-Fi)
• Information needs to be timely, accurate and complete.

Cyber Threat

• Cyber threats are actions by persons attempting unauthorized access to control systems or networks using data communications.
• Sources include hostile governments, terrorists groups, disgruntled employees, and malicious intruders.
• Cyberspace is a conceptual electronic space, not bounded by physical geography
• Attack methodologies include hacking, cyber crime, and cyber espionage.

Defensive Cyber Security

• Physical security of IT assets is still under threat.
• Measures include access controls, physical security of server rooms, environmental control (e.g., ensuring proper fire and emergency power systems).
• Implementing access controls (e.g., ID cards, biometric access control, CCTV.)
• Auditing access rights and permissions on a regular basis.
• Personnel have a duty to be compliant with policies and procedures.

Vayusenix

• A customized Linux-based operating system developed by the IAF.
• Released in October 2009 and subsequently updated (e.g., 2.0, 3.0, 4.0, 4.1)
• Designed to handle cyber attacks relating to client access to computers.
• Built on Ubuntu
• Includes security features of Linux (e.g., SELINUX)

Appendix

• Multiple case studies are described concerning security incidents
• Includes details about security breaches through social media, mobile phone use and other means.
• Security policy, practices, procedures, and technology are highlighted.

Amendment Record

• There is a section to record any amendments to the document.

Description

Test your knowledge on Computer & IW fundamentals covered in Term II of the Communication Training Institute's 48-week course. This quiz includes troubleshooting, cyber security, and more, with a focus on the IAF domain. Prepare to assess your understanding across various chapters including defensive cyber security and computer typing.