Cybersecurity Concepts and Attacks Quiz

Questions and Answers

What does the acronym 'VPN' stand for?

Virtual Private Network (correct)

Virtual Privacy Node

Virtual Public Network

Visual Protocol Network

What is the primary goal of a penetration test?

To exploit software vulnerabilities

To enhance security protocols

To capture all network traffic

To identify vulnerabilities in a system or network (correct)

Which of the following protocols is used to secure websites over the internet?

HTTP

FTP

SMTP

HTTPS (correct)

What does 'ransomware' do?

Encrypts files and demands a ransom

What is the function of an Intrusion Detection System (IDS)?

To monitor network traffic for signs of malicious activity

What does the term 'vulnerability management' refer to?

The process of identifying, assessing, and mitigating vulnerabilities

Which type of attack involves overwhelming a network with traffic to disrupt its normal operation?

Denial of Service (DoS) attack

What does 'two-factor authentication' (2FA) provide?

An extra layer of security requiring two forms of identification

What was the primary target of the Stuxnet attack in 2010?

Iran's nuclear facilities

Which cybersecurity threat was prominent during the 2016 U.S. election?

Phishing

What does multi-factor authentication (MFA) enhance in terms of cybersecurity?

The number of identity verification steps

What was the significant consequence of the 2014 Target breach?

Compromise of 40 million credit card details

Which characteristic defines Zero Trust security?

Assuming that all entities are untrustworthy by default

What is the primary function of blockchain technology?

To secure transactions and data through a decentralized ledger

How does quantum computing impact current cybersecurity measures?

It could potentially break existing encryption methods

What does ethical hacking primarily involve?

Authorized testing of systems to find vulnerabilities

What is the primary purpose of phishing in cybersecurity?

To steal login credentials

Which type of malware allows unauthorized access to a system without detection?

Rootkit

What does social engineering typically involve?

Manipulating individuals to gain confidential information

Which of these is an example of a best practice for password management?

Changing passwords regularly and using unique ones for each account

What does a DDoS attack aim to achieve?

Overwhelm a service to make it unavailable

In cybersecurity, what does an encryption key do?

Encodes and decodes data for confidentiality

Which term describes a network of controlled infected computers?

Botnet

What does 'patch management' involve?

Regularly updating software to address vulnerabilities

What is an example of a cybersecurity policy?

Password policy

What does 'cyber hygiene' refer to?

Maintaining good security habits

What does a security audit assess?

Compliance with standards and regulations

What is the role of a SIEM system?

To collect and analyze security data in real-time

What is 'public key infrastructure' (PKI)?

A framework for managing digital keys and certificates

What is 'cryptojacking'?

The unauthorized use of a computer’s resources for mining cryptocurrency

Study Notes

Cybersecurity Concepts and Attacks

• VPN: Virtual Private Network
• Firewall: Monitors and controls network traffic based on security rules.
• Phishing: Social engineering attack to acquire sensitive information.
• Ransomware: Malicious software encrypting files for ransom.
• Zero-day vulnerability: Unknown software vulnerability, no patch available.
• HTTPS: Secure protocol for website communication.
• Two-Factor Authentication (2FA): Adds security with two forms of identification.
• Malware: Malicious software designed to harm or compromise systems/data.
• Denial-of-Service (DoS) attack: Overwhelms a network with traffic.
• CIA (in cybersecurity): Confidentiality, Integrity, Availability.
• Social Engineering attacks (examples): Phishing.
• Penetration Test (purpose): Identifying system/network vulnerabilities before exploitation.
• Man-in-the-Middle (MITM) attack: Attacker intercepts and alters communication.
• Intrusion Detection System (IDS): Monitors network traffic for malicious activity.
• TLS (Transport Layer Security): Encryption algorithm for data in transit.
• Data Sanitization: Securely erasing data from storage.
• Vulnerability Management: Identifying, assessing, and mitigating vulnerabilities.
• Brute-force attack: Systematic attempts of every possible password.
• Worm: Malware designed to spread across multiple computers without user action.
• SQL Injection: Allows attackers to execute malicious SQL statements.
• Impersonation: Obtaining sensitive information by pretending to be someone else.
• Cross-site scripting (XSS): Injection of malicious scripts into webpages.
• Cryptojacking: Unauthorized use of resources for cryptocurrency mining.
• Cybersecurity Breach Indicator: Unauthorized access to systems or data.
• Public Key Infrastructure (PKI): Framework for managing digital keys and certificates.
• Security Information and Event Management (SIEM) system: Collects, analyzes, and responds to security data.
• Security Best Practice (Passwords): Use complex, unique passwords for each account.
• Encryption Key: Encodes and decodes data for confidentiality.
• Patch Management: Regularly updating software/hardware for security.
• Backdoor: Bypasses normal authentication/encryption for malicious access.
• Sandbox: Isolates suspicious files/programs for testing.
• Data Encryption at Rest: Encrypting stored data.
• Distributed Denial-of-Service (DDoS) attack: A DoS attack from multiple sources.
• Social Engineering: Manipulating people for security compromise.
• Least Privilege: Granting users only necessary permissions.
• Security Policy (example): Password policy.
• SSL (Secure Socket Layer): Encrypts data between a web server and browser.
• Keylogger: Malware recording keystrokes to steal information.
• Bring Your Own Device (BYOD): Security considerations for employee-owned devices.
• Rootkit: Malware gaining & hiding root-level access.
• Social Media Monitoring: Detecting threats by observing social media.
• Security Control (example): Encryption.
• Security Audit: Review of security policies, systems, and infrastructure.
• Honeypot: Decives attackers with a fake system to study methods.
• Cyber Hygiene: Maintaining good security habits.
• Computer Virus: Infecting maliciouls software.

Historical Cybersecurity Events and Concepts

• Early Computer Viruses: Brain virus (1986), Morris Worm (1988), ILOVEYOU (2000)

• Advanced Persistent Threats (APTs): Coined by U.S. DoD

• Important Breaches: OPM (2013), WannaCry (2017), Stuxnet (2010), Target breach (2014), GDPR implementation (May 2018), DNC email leak (2016)

• Equifax Breach: Exposed personal data of 147 million individuals (2017)

• Blockchain Technology: Decentralized ledger for secure transactions & data.

• Quantum Computing and Cybersecurity: Potential to break current encryption.

• Zero Trust Security Model: No entity trusted by default, verification required for access.

• SolarWinds Hack: A 2020 supply chain attack.

• Ethical Hacking: Authorized system testing to find vulnerabilities.

• Data Exfiltration: Unauthorized data transfer.

• Multi-Factor Authentication (MFA): More authentication factors.

• Cloud Security: Protecting data/applications in cloud environments.

• 5G and Cybersecurity: Increased attack surface.

• Cyber Threat Intelligence: Collecting and analyzing information to predict attacks.

• Heartbleed bug: 2014 OpenSSL vulnerability exposing sensitive data.

• AI and Cybersecurity: Using AI to detect and respond to threats in real time.

Description

Test your knowledge on key cybersecurity concepts and the various types of attacks that can compromise systems. This quiz covers critical topics such as VPNs, firewalls, ransomware, phishing, and more. Perfect for anyone looking to strengthen their understanding of digital security.