Questions and Answers
In a symmetric cryptosystem, how many keys are used for encryption and decryption?
One key
What type of document provides a general description of assets that need securing and states security goals of an organization?
Security policy
What key is used to encrypt a message in asymmetric encryption when sending a confidential message?
The recipient's public key
When decrypting a message received from someone using asymmetric encryption, what key is used?
Signup and view all the answers
Which key would the recipient not have access to in an asymmetric encryption scenario?
Signup and view all the answers
What key should be used to digitally sign a message and prove its authenticity?
Signup and view all the answers
Based on the given scenario, what is the exposure factor for the effect of a tornado on the data center?
Signup and view all the answers
What is the annualized rate of occurrence for a tornado at the data center?
Signup and view all the answers
What type of malware is disguised as a legitimate program?
Signup and view all the answers
What type of attack involves submitting many passwords or passphrases with the hope of eventually guessing correctly?
Signup and view all the answers
Which principle of the CIA triad is a website developer trying to enforce by adding security controls to prevent users from modifying their own grades?
Signup and view all the answers
What is the purpose of a Hash function?
Signup and view all the answers
What is the second step of the Cyber Kill Chain?
Signup and view all the answers
What is the primary goal of the Bell-LaPadula security model?
Signup and view all the answers
What type of information is protected under the GDPR law?
Signup and view all the answers
What is the main difference between HTTP and HTTPS?
Signup and view all the answers
Which of the following is not a necessary condition of a good Hash function?
Signup and view all the answers
What is the main purpose of the Chinese Wall model?
Signup and view all the answers
Which principle of the CIA triad was violated when an office laptop was infected by ransomware?
Signup and view all the answers
What type of authentication factor is used in voice pattern recognition?
Signup and view all the answers
What is the total number of keys required for an asymmetric encryption system with 1,000 employees?
Signup and view all the answers
What type of access control allows the owner of a file to grant other users access to it using an access control list?
Signup and view all the answers
What type of SOC engagement examines the security controls implemented for financial data?
Signup and view all the answers
What step of AAA is being performed when you input a password?
Signup and view all the answers
Study Notes
Malware and Attacks
- A type of malware that downloads onto a computer disguised as a legitimate program is called a Trojan.
- A brute-force attack is a type of attack where an attacker submits many passwords or passphrases with the hope of eventually guessing correctly.
CIA Triad
- The principle of integrity is about ensuring data is not modified without authorization.
- The principle of availability is about ensuring data is accessible and usable when needed.
- The principle of confidentiality is about ensuring data is only accessible to authorized individuals.
Cybersecurity Concepts
- A logic bomb is a malicious piece of code that is waiting for certain conditions to be met before activating.
- Hash functions can be used to check the integrity of a file.
- The second step of the Cyber Kill chain is Weaponization.
- HTTPS provides encryption and security features, while HTTP does not.
Hash Functions
- A good hash function should not be reversible.
Authorization and Access Control
- Mandatory Access Control (MAC) is an authorization method that uses security levels and compartments.
- Discretionary Access Control (DAC) allows the owner of a file to grant other users access to it using an access control list.
- Separation of duties is a security practice that involves splitting critical tasks between two or more people.
Security Models and Frameworks
- The Bell-LaPadula security model is implemented to enforce confidentiality.
- The BIBA security model does not allow read downs.
- The PCI DSS security framework is used to guide actions related to securing systems used to process credit card information.
Data and Information
- Personally identifiable information (PII) is information maintained about an individual that can be used to distinguish or trace their identity.
- Data in use is data stored in RAM.
- PHI (Protected Health Information) is a type of information that includes prescriptions and X-rays.
Cryptography
- Asymmetric encryption systems use two keys, one for encryption and one for decryption.
- Symmetric cryptosystems use one key for encryption and decryption.
- If User A wants to send User B a message that is encrypted for confidentiality, using asymmetric encryption, User A would use User B's public key to encrypt the message.
Security Documents and Practices
- A security policy gives a general description of assets that need securing and states security goals of an organization.
- Security frameworks, such as NIST Cybersecurity Framework or ISO 27001, provide practical guidance and a list of best practices on how an organization can protect their systems and data from cyber threats.
- A baseline document provides configuration information regarding the minimum level of security that every system in an organization must meet.
Risk Analysis
- The annualized rate of occurrence for a tornado at a data center is 0.005.
- The annualized loss expectancy for a tornado at a data center is $25,000.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge of cybersecurity concepts, including malware, attacks, and security principles. Covers topics such as Trojan malware, brute-force attacks, and CIA triad principles.
