Computer Security Threats

Questions and Answers

What is the primary goal of ensuring confidentiality in a cybersecurity strategy?

Protecting data from unauthorized access

Which of the following is NOT a primary goal of a disaster recovery plan?

Protecting data from unauthorized access

What is the primary purpose of a backup strategy in the context of cybersecurity?

Ensuring data availability in case of a disaster

Which of the following is a key benefit of data encryption?

Ensuring data confidentiality

What is the primary goal of data storage optimization in the context of cybersecurity?

Reducing data storage costs

Which of the following is a phishing attack?

A malicious email attempting to trick the recipient

What is the primary goal of phishing attacks?

To steal sensitive information

What is the most common method of delivering ransomware to victims?

Malicious email attachments

What type of malicious code is designed to appear as a legitimate program?

Trojan

What is the main goal of data integrity and confidentiality?

To protect sensitive data from unauthorized access or disclosure

What is the primary purpose of a Service Level Agreement (SLA)?

To establish service quality expectations

What type of malicious code is triggered by a specific event or condition?

Logic bomb

What is the most common way of delivering malware to victims?

All of the above

What is the primary goal of disaster recovery planning?

To ensure business continuity in the event of a disaster

What type of attack involves flooding a network with traffic to disrupt normal operations?

Flooding a network with traffic

What is the primary responsibility of a Security Analyst in a Security Operations Center (SOC)?

Monitoring network traffic and detecting security incidents

What is the main difference between a worm and a virus?

A worm spreads on its own, while a virus requires human interaction

What is the primary function of a Public Key Infrastructure (PKI)?

Managing digital certificates and keys for secure communication

What is the key difference between a zero-day vulnerability and a known vulnerability?

A zero-day vulnerability is unknown to the public, while a known vulnerability is known to the public

What is the primary goal of a Data Protection Officer (DPO)?

To ensure compliance with data protection regulations

What type of attack involves intercepting communication between two parties?

Man-in-the-middle (MitM) attack

What is the primary purpose of a firewall?

To block unauthorized access to a network

Study Notes

Malware and Attacks

• Trojan's main purpose is to provide unauthorized access to the system.
• Ransomware is often delivered to victims through malicious email attachments.
• Logic bomb is a type of malicious code that is triggered by a specific event or condition.
• Phishing attacks aim to steal sensitive information.

Malware Types

• Virus is a type of malware that replicates itself and spreads to other systems.
• Trojan is designed to appear as a legitimate program but performs malicious actions.
• Malware can be delivered to victims through malicious email attachments, social engineering, exploit kits, or all of the above.

Cybersecurity Concepts

• Service Level Agreement (SLA) is a formal agreement between two parties.
• Data integrity and confidentiality aim to protect sensitive data from unauthorized access or disclosure.
• Information recording is important in organizations to ensure compliance with data protection laws and regulations.

CIA Triad

• Confidentiality refers to protecting data from unauthorized access.
• Integrity refers to maintaining the accuracy and completeness of data.
• Availability refers to ensuring that data is accessible when needed.

Attacks and Security Roles

• A Denial of Service (DoS) attack is where an attacker floods a network with traffic to disrupt normal operations.
• A Security Analyst in a Security Operations Center (SOC) monitors network traffic and detects security incidents.
• A worm is a type of malware that spreads on its own, while a virus requires human interaction to spread.

Cryptography and Vulnerabilities

• Public Key Infrastructure (PKI) is a framework that manages digital certificates and keys for secure communication.
• A zero-day vulnerability is unknown to the public, while a known vulnerability is known to the public.
• A Data Protection Officer (DPO) ensures compliance with data protection laws and regulations.