Cyber Security Fundamentals Quiz

Questions and Answers

What does the CIA Triangle stand for in cyber security?

Control, Integrity, Access

Confidentiality, Integrity, Availability (correct)

Communication, Integrity, Availability

Confidentiality, Identity, Access

Cyber security only involves protecting digital systems and does not include human beings.

False

Name one type of security threat that involves unauthorized access to information.

Disclosure

Keeping data secret is referred to as __________ in the CIA Triangle.

Confidentiality

Match the following security threats with their descriptions:

Disclosure = Unauthorized access to information Deception = Acceptance of false information Disruption = Break in the availability of a system Usurpation = Unauthorized control of a system

What is the primary purpose of a security policy?

To outline goals and mechanisms for maintaining security

Role-Based Access Control (RBAC) assigns permissions based only on job roles.

True

What are the three components of the Identification, Authentication, and Authorisation process?

Identification, Authentication, and Authorisation

In access control, the term 'DAC' stands for ______.

Discretionary Access Control

Which type of access control is typically found in high-security systems?

Mandatory Access Control

Match the type of access control with its description:

Discretionary Access Control = Access decisions made by the resource owner Role-Based Access Control = Permissions assigned based on job role Mandatory Access Control = Access determined by security labels Authentication = Process of verifying user identity

Authentication creep occurs when old privileges are not revoked after an employee changes departments.

True

What is one of the main purposes of digital signatures?

To ensure the integrity of the document

Identification is not necessary in the process of authentication.

False

What are the three types of authentication?

What you know, What you are, What you have

A ___ key is used in encryption to secure the digital signature.

private

How does requiring two modes of authentication impact safety?

It reduces the chances of unauthorized access.

Match the following terms with their definitions:

Digital Signature = Ensures integrity and authenticity of documents Identification = Associates actions with specific individuals One-way Hash = Transforms input into a fixed-length string Authentication = Verifies the user's identity

A digital signature guarantees the signer can deny the validity of the document.

False

What is the role of a public key in the context of digital signatures?

It is used for validation and decryption of the signature.

The authentication process checks the user's details against a user ___ database.

authentication

Match the types of authentication with their examples:

What you know = Password What you are = Fingerprint What you have = Security token

What does 2 Factor Authentication (2FA) typically involve?

Entering a password and receiving a one-time password (OTP)

Asymmetric encryption uses the same key for both encryption and decryption.

False

What is the primary purpose of cryptography?

To encode messages so they can only be understood by the intended recipient.

A ______________ is a malicious piece of code that can replicate itself.

virus

Match the types of malware with their descriptions:

Virus = A malicious code that replicates itself Worm = A self-spreading virus Trojan Horse = Malware disguised as useful software Ransomware = Blocks access until ransom is paid

Which of the following is NOT a type of malware?

Firewall

Malware can be used for non-destructive purposes, such as adware.

True

What is a key requirement for encryption?

A plain text, a key, and an encryption function.

__________ is designed to block access to a system until a ransom is paid.

Ransomware

Study Notes

Lecture 10: Security Principles

• Cyber security is more than just protecting digital systems; it also encompasses human beings and physical protection.
• The CIA Triangle (Confidentiality, Integrity, Availability) is a fundamental concept in data security, illustrating three key aspects:
  • Confidentiality: Keeping data secret, preventing sensitive information from being leaked. Examples include email addresses and sensitive data.
  • Integrity: Ensuring data remains unaltered or unchanged, preventing hacks and modifications. Examples include preventing alterations to personal information or hacks altering data in systems.
  • Availability: Ensuring data is accessible when needed, and preventing ransomware attacks, for example.
• Security threats include:
  • Disclosure: Unauthorized access to information.
  • Deception: Acceptance of false information.
  • Disruption: A break in the availability or regular function of a system.
  • Usurpation: Unauthorized control of a system.
• Security principles rely on risk evaluation, selecting risks worth preventing, and conducting a security trade-off analysis, balancing the cost of security measures against the time and effort required to breach defenses.
• Good security considers people, processes, and technology, along with well-defined policies.
• Four areas of security are:
  • Preventative: Stopping problems from happening.
  • Detective: Identifying and understanding why issues occurred.
  • Reactive: Responding to problems as they happen.
  • Reconstructive: Recovering from issues.
• Security policies outline organizational security goals and mechanisms, often implemented as multiple policies.
• Access control restricts resources to authorized users. This includes different control models (like hierarchical and compartmentalized access models) and functions that dictate access according to role or function.
  • Hierarchical access control involves levels of security clearance (e.g., official, secret, top secret).
  • Compartmentalized access control restricts access based on roles and functions, ensuring only necessary individuals have access.
• Identification, authentication, and authorization are essential security components. Knowing who you are (identification), confirming you are who you claim to be (authentication), and granting access accordingly (authorization) are vital.
  • Authentication encompasses methods like passwords, touch ID, or other multi-factor auth.
  • Authorization is controlling access based on established roles.
• Types of Authentication:
  • What you know (passwords)
  • What you have (physical tokens)
  • What you are (biometrics)
• A 2-factor authentication (2FA) is a method that improves security by requiring two forms of authentication.
• Cryptography is the art of encoding messages for intended recipients, protecting confidentiality, and ensuring data integrity. This has existed for centuries and has become more complex with advancements in computing.
  • Symmetric cryptography and asymmetric cryptography (using public and private keys) are two common types of cryptography.
• Encryption issues arise from difficulty of implementing, resource intensiveness, and the influence of random number generator quality. There are also political and privacy issues associated with encryption.
• Attacks against systems include Malware, Traditional DoS (Denial of Service) and DDoS(Distributed DoS), Man-in-the-Middle (MitM), and Web-based.
• Types of malware include:
  • Viruses
  • Worms
  • Trojan Horses
  • Rootkits
  • Ransomware
• Malware propagation (spreading) occurs through various methods, including self-replication (worms) and human intervention.
• Denial-of-service (DoS) attacks are designed to flood a system with requests, overwhelming it and stopping legitimate traffic.
• MitM attacks intercept legitimate transactions, enabling malicious actors to read or alter them.
• Poorly coded websites are susceptible to web-based attacks like SQL injection and cross-site scripting (XSS).
• Physical security protects hardware from theft, damage, and natural disasters (e.g., fire, power failure, earthquakes, floods). Physical security risks include Sabotage and theft.
• IoT (Internet of Things) devices are embedded computing devices connected via the internet to gather and send data.
• IoT security difficulties, including unique hardware architectures, insufficient update procedures, various access methods, and third-party integrations, often leads to security conflicts and the collection of unnecessary data.
• Security and IoT are examined at the device, gateway, and cloud layers, with separate Data and System Security concerns.
• End-to-end security of IoT devices ensures secure data transfer using encryption, and ideally only decrypts data at the end-user level.
• Building systems can be wholly customized or implemented utilizing prebuilt and configurable systems using different approaches and methods to develop systems suitable for their needs.

Part 2: Building Systems

• Building a system in systems development doesn't always mean creating a new system from scratch.
• Alternatives include custom-built, off-the-shelf (OTS) solutions (free/commercial), and customization of existing systems.
• Custom-built software:
  • Pros: Complete control, perfect fit, IP ownership, and resale opportunities.
  • Cons: Specialist knowledge required, costly development, non-standard and difficult maintenance.
• Off-the-shelf (OTS) software:
  • Pros: Existing, quick installation, no development costs, more mature software, usually cheaper, and no specialist required knowledge.
  • Cons: Finding a precise solution, no IP ownership, ongoing licensing costs, adding new requirements difficult, and may not be a perfect fit.
• Systems can be built from various approaches – a scale from fully custom to entirely off-the-shelf.
• Customisation of existing systems (light to heavy, typical with open-source software).
• Outsourcing involves contracting out a portion of a company's internal activity (e.g., software development) to another company. Strategies include Staff Augmentation, Co-sourcing, Managed Services, and Total Outsourcing.
• Total Outsourcing has best use when little or no involvement is desired in the developed system.

Description

Test your knowledge of the CIA Triangle and key concepts in cyber security. This quiz covers topics such as security threats, access control models, and the importance of security policies. Demonstrate your understanding of how to protect digital systems effectively.