Computer Security Chapter 1 Quiz

Questions and Answers

What is the primary goal of computer security?

• To preserve the integrity, availability, and confidentiality of information (correct)
• To eliminate all cyber threats
• To increase network speed
• To ensure user privacy at all times

A sophisticated attack method is less of a concern than insecure applications.

False (B)

Name one common security problem related to network devices.

Insecure network devices

The main objectives of computer security include ensuring the integrity, availability, and __________ of information system resources.

confidentiality

Match the following security problems with their descriptions:

Lack of cybersecurity awareness = People unaware of security practices Increasing sophistication of attack techniques = More advanced methods of attack Misconfigurations = Incorrect settings that weaken security Insecure applications = Software that exposes vulnerabilities

What is a primary security concern associated with on-premises platforms?

Inadequate security configurations over time (C)

Cloud platforms are immune to vulnerabilities due to their pay-per-use model.

False (B)

What creates numerous entry points for vulnerabilities in on-premises platforms?

USB flash drives, wireless network transmissions, mobile devices, and email messages

Cloud computing resources can be _______ or scaled back based on needs.

scaled up

Match the platform type with its vulnerability characteristics:

On-Premises = Numerous entry points from various sources Cloud Platforms = Misconfigurations by personnel Configuration Issues = Weak security settings due to improper implementation Physical Security = Not relevant to digital vulnerabilities

Which of the following is NOT a vulnerability related to cloud platforms?

Advanced encryption features (A)

Weak configurations often result from properly implemented security settings.

False (B)

What is often the result of inadequate configuration for security over time?

Increased vulnerabilities

What is a potential vulnerability associated with supply chain management?

Unmonitored product storage (C)

The complexity of cloud systems makes them an unlikely target for cyber threats.

False (B)

What is termed as 'supply chain infections'?

Malware injected into products during their manufacturing or storage.

The cost of __________ is continuously rising, fostering an environment for cybercrime.

cybercrime

Match the following attack vectors with their descriptions:

Supply Chain = Malware injection into products during manufacturing or storage Cloud = Exploiting complexities in remote storage systems

What has been observed about the cost of cybercrime in recent years?

It has ever-increasing costs. (B)

Cyber attacks are expected to slow down and significantly decrease in the coming years.

False (B)

What characterizes a passive attack?

It involves monitoring without altering the system. (C)

What is one trend in computer security mentioned in the content?

The ongoing increase in cybercrime costs.

A fabrication attack involves intercepting data without modification.

False (B)

Name two types of passive attacks.

Release of message contents and traffic analysis.

Almost ___ percent of all malware is delivered through email.

94

Which of the following is NOT an attack vector category?

Spam Filtering (D)

Match the attack vectors with their descriptions:

Email = Malware delivery via attachments or links Wireless = Data can be intercepted in the air Removable Media = Data can be infected through USB drives Supply Chain = Vulnerabilities introduced by third-party vendors

What is the goal of a threat actor when performing an active attack?

To alter system resources or affect their operation.

Traffic analysis is a type of active attack.

False (B)

What are Zero Day vulnerabilities?

Vulnerabilities that can be exploited before anyone knows they exist (C)

A threat is a dangerous event that has already occurred.

False (B)

Name a type of attack that cyber attackers might use to exploit vulnerabilities.

Ransomware

Individuals or entities responsible for cyber incidents are known as _____ actors.

threat

Which of the following is NOT a type of threat actor?

Application developers (A)

What is one method to protect against zero-day attacks?

Using machine learning to collect data from previously detected exploits

Match the following types of threats to their descriptions:

Denial of Service (DoS) = Overloading a system to prevent legitimate access Ransomware = Malware that locks data and demands payment Unauthorized access = Gaining entry to systems without permission Zero-Day = Exploits unknown vulnerabilities instantly

Threats have the potential to cause _____ if they occur.

damage

Flashcards are hidden until you start studying

Study Notes

Security Problems

• Cybersecurity awareness among employees is often lacking, leading to security challenges.
• Security attack techniques are evolving and becoming more sophisticated.
• Increased number of insecure network devices, such as mobile gadgets and IoT devices.
• Common security issues include misconfigurations of systems and applications.

Computer Security Concepts

• Computer security involves protecting automated information systems to maintain integrity, availability, and confidentiality of resources like hardware, software, and data.

Vulnerabilities, Threats, and Attacks

• Platforms with vulnerabilities include:

  • On-Premises Platforms: Security concerns arise from inadequate configurations and numerous external entry points like USB drives and email.
  • Cloud Platforms: Vulnerabilities often stem from misconfigurations and constant exposure to threats due to remote accessibility.

• Configuration Vulnerabilities: Weak configurations arise from improperly implemented security settings and delays in applying patches to firmware or software.

• Zero-Day Vulnerabilities: Exploited by attackers before discovery, these are highly dangerous due to the absence of available patches.

• Threats are potential damaging events, with cybersecurity threats exploiting existing vulnerabilities. Examples include unauthorized server access, ransomware, and Denial of Service (DoS) attacks.

• Threat Actors: Individuals or entities responsible for cyber incidents, targeting users, enterprises, and governments. Categories include script kiddies, hacktivists, state actors, and insiders.

• Types of Attacks:

  • Passive Attacks: Focus on gathering information without altering system resources.
  • Active Attacks: Aim to modify system resources or disrupt operations, with categories including fabrication, modification, and interruption.

• Attack Vectors: Pathways used by threat actors to breach systems. Common vectors include:

  • Email: Main delivery method for malware, often through deceptive attachments or links.
  • Wireless: Vulnerable to interception if not adequately protected.
  • Supply Chain: Risk of malware insertion during production and storage phases.

Computer Security Trends

• The financial impact of cybercrime is continually rising, with costs expected to escalate further.
• Cyber attacks are projected to persist indefinitely, posing ongoing threats to organizations.
• Live cyber attack maps provide real-time visualization of ongoing threats and incidents.