Podcast
Questions and Answers
Which of the following BEST defines a 'threat' in cybersecurity?
Which of the following BEST defines a 'threat' in cybersecurity?
- An event that compromises system integrity.
- Gaining unauthorized access to system resources.
- An attempt to exploit a system's vulnerability.
- An event with the potential to impact security properties. (correct)
Which scenario exemplifies a passive attack?
Which scenario exemplifies a passive attack?
- Monitoring network traffic to capture sensitive information. (correct)
- Exploiting a software vulnerability for unauthorized access.
- Exploiting legitimate access to steal sensitive data.
- Using a brute-force attack to guess a user's password.
What does the acronym 'CIA' stand for in the context of information security?
What does the acronym 'CIA' stand for in the context of information security?
- Confidentiality, Identity, Availability
- Confidentiality, Integrity, Availability (correct)
- Control, Integrity, Authentication
- Confidentiality, Integrity, Accountability
Which statement accurately compares the Data Encryption Standard (DES) and Rivest–Shamir–Adleman (RSA) algorithms?
Which statement accurately compares the Data Encryption Standard (DES) and Rivest–Shamir–Adleman (RSA) algorithms?
According to Claude Shannon's principles, what component is MOST critical to keep secret in a cryptographic system?
According to Claude Shannon's principles, what component is MOST critical to keep secret in a cryptographic system?
Which statement accurately describes a transposition cipher?
Which statement accurately describes a transposition cipher?
Which of the following data types is unsuitable for a Caesar cipher key?
Which of the following data types is unsuitable for a Caesar cipher key?
Which modern cryptographic algorithm is the MOST susceptible to brute-force attacks, assuming a short key length?
Which modern cryptographic algorithm is the MOST susceptible to brute-force attacks, assuming a short key length?
What is the primary security risk associated with using Electronic Codebook (ECB) mode encryption?
What is the primary security risk associated with using Electronic Codebook (ECB) mode encryption?
What critical problem does the Diffie-Hellman key exchange primarily address?
What critical problem does the Diffie-Hellman key exchange primarily address?
What property is not a characteristic of a secure hash function?
What property is not a characteristic of a secure hash function?
Which of the following is the MOST accurate definition of a rainbow table?
Which of the following is the MOST accurate definition of a rainbow table?
What is the primary reason for using password salting?
What is the primary reason for using password salting?
Which password is most likely to be easily guessed by both humans and dictionary attacks?
Which password is most likely to be easily guessed by both humans and dictionary attacks?
What is the defining characteristic of password spraying?
What is the defining characteristic of password spraying?
Which authentication factor category does a smart card belong to?
Which authentication factor category does a smart card belong to?
What term describes when a valid user's biometric scan is rejected?
What term describes when a valid user's biometric scan is rejected?
Based on the lectures, what is typically the initial action performed by a virus?
Based on the lectures, what is typically the initial action performed by a virus?
What is the primary purpose of a webshell?
What is the primary purpose of a webshell?
When is a system considered safe from a zero-day exploit?
When is a system considered safe from a zero-day exploit?
Flashcards
Definition of a threat
Definition of a threat
An event with the potential to adversely impact the security properties of an information system.
Example of a passive attack
Example of a passive attack
Attacker exploits vulnerability in bank system to view bank balances without authorization.
CIA acronym
CIA acronym
Confidentiality, Integrity, and Availability.
DES vs. RSA keys
DES vs. RSA keys
Signup and view all the flashcards
Claude Shannon's key principle
Claude Shannon's key principle
Signup and view all the flashcards
Transposition cipher
Transposition cipher
Signup and view all the flashcards
Invalid Caesar cipher key
Invalid Caesar cipher key
Signup and view all the flashcards
Brute-forcing cryptographic algorithms
Brute-forcing cryptographic algorithms
Signup and view all the flashcards
Avoid ECB mode because
Avoid ECB mode because
Signup and view all the flashcards
Diffie-Hellman solves
Diffie-Hellman solves
Signup and view all the flashcards
False property of a hash function
False property of a hash function
Signup and view all the flashcards
Rainbow table definition
Rainbow table definition
Signup and view all the flashcards
Password salting reason
Password salting reason
Signup and view all the flashcards
Password easy to guess
Password easy to guess
Signup and view all the flashcards
Password spraying
Password spraying
Signup and view all the flashcards
Smart card authentication type
Smart card authentication type
Signup and view all the flashcards
Biometric system fails to recognize an enrolled user
Biometric system fails to recognize an enrolled user
Signup and view all the flashcards
Main purpose of a web shell?
Main purpose of a web shell?
Signup and view all the flashcards
Most important requirement for a switched packet network
Most important requirement for a switched packet network
Signup and view all the flashcards
Source port in packet header
Source port in packet header
Signup and view all the flashcards
Study Notes
Section A - Concepts
- A threat is defined best as an event with the potential to adversely impact the security properties of information systems
- The best example of a passive attack involves an attacker exploiting system vulnerability to view bank balances
- CIA acronym stands for Confidentiality, Integrity, Availability
- RSA uses two different keys for both encryption and decryption
- According to Claude Shannon, the key is the most important thing to keep secret
- Transposition cipher reorders each character to form the ciphertext
- String of alphabetic characters cannot be chosen as a key for Caesar cipher
- DES is one of the modern cryptography algorithms that is the most vulnerable to brute-forcing attacks
- It's easy to see the relationship between plaintext and ciphertext is the best reason to avoid using Electronic Code Book (ECB) mode of operation
- Third party making a copy of a key sent between communicating parties is the main problem solved by the Diffie-Hellman method
- A false property for a hash function is different output for the same input
- Rainbow table is best defined as a dictionary of hashes
- Password salting is used to increase the work required to brute force a password
- A password like "apple" is easy for humans to remember and easy for computers to guess using dictionary attacks
- Password spraying is using the same password on many different accounts
- A smart card is best described as "something you possess"
- When an enrolled user presents a biometric to an authentication system and it doesn't recognise them, it's called a "False non-match"
- The initial action a virus performs involves checking whether a condition is met that enables it to find a program to infect
- Web shell's primary function is to maintain access
- A system is safe from a zero-day exploit once the vulnerability is fixed
- The most important requirement for a switched packet network is the delivery of packets
- Including a source port identifies which program on client will process the reply
- With a shared key in a WPA2 network, it is false to say that you can protect your web traffic from sniffing using HTTPS
- A digital certificate does not contain the owner's private key
- For a MITM attack using an evil twin, it is LEAST important that the evil twin implements a captive portal
Section B - Applying Concepts
- Being guilty because the action is more important than intention is the correct statement regarding guilt
- Encrypting the plaintext MAXY with the Vigenere cipher and a key of BZ yields the ciphertext NZYX
- Using a cipher with a block size of 16 bits requires 9 bits to be added as padding for a 151-bit plaintext
- If Alice is using RSA to authenticate that she encrypted a message, she should use Alice’s private key
Section C - Short Answers
- Credential stuffing attack: Attacker obtains usernames and passwords then test stolen credentials and gains access if credentials reused, use password per site and some form of SSO
- Hash-based tokens and authenticators using a one-time-password need to have the counter synchronised with each other, since there is no direct communication between the token and the authenticator
- Post quantum computing reduces the time to do number factorisation that is the basis of asymmetric crypto, this allows uses of code that is hard to solve that don't rely on factorising and cannot easily be solved using quantum algorithms
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.