Cybersecurity Concepts and Attacks Quiz

Questions and Answers

What does the acronym 'VPN' stand for?

• Virtual Private Network (correct)
• Virtual Privacy Node
• Virtual Public Network
• Visual Protocol Network

What is the primary goal of a penetration test?

• To exploit software vulnerabilities
• To enhance security protocols
• To capture all network traffic
• To identify vulnerabilities in a system or network (correct)

Which of the following protocols is used to secure websites over the internet?

• HTTP
• FTP
• SMTP
• HTTPS (correct)

What does 'ransomware' do?

Encrypts files and demands a ransom (C)

What is the function of an Intrusion Detection System (IDS)?

To monitor network traffic for signs of malicious activity (A)

What does the term 'vulnerability management' refer to?

The process of identifying, assessing, and mitigating vulnerabilities (C)

Which type of attack involves overwhelming a network with traffic to disrupt its normal operation?

Denial of Service (DoS) attack (B)

What does 'two-factor authentication' (2FA) provide?

An extra layer of security requiring two forms of identification (B)

What was the primary target of the Stuxnet attack in 2010?

Iran's nuclear facilities (B)

Which cybersecurity threat was prominent during the 2016 U.S. election?

Phishing (D)

What does multi-factor authentication (MFA) enhance in terms of cybersecurity?

The number of identity verification steps (A)

What was the significant consequence of the 2014 Target breach?

Compromise of 40 million credit card details (B)

Which characteristic defines Zero Trust security?

Assuming that all entities are untrustworthy by default (D)

What is the primary function of blockchain technology?

To secure transactions and data through a decentralized ledger (B)

How does quantum computing impact current cybersecurity measures?

It could potentially break existing encryption methods (B)

What does ethical hacking primarily involve?

Authorized testing of systems to find vulnerabilities (B)

What is the primary purpose of phishing in cybersecurity?

To steal login credentials (C)

Which type of malware allows unauthorized access to a system without detection?

Rootkit (A)

What does social engineering typically involve?

Manipulating individuals to gain confidential information (C)

Which of these is an example of a best practice for password management?

Changing passwords regularly and using unique ones for each account (B)

What does a DDoS attack aim to achieve?

Overwhelm a service to make it unavailable (B)

In cybersecurity, what does an encryption key do?

Encodes and decodes data for confidentiality (B)

Which term describes a network of controlled infected computers?

Botnet (D)

What does 'patch management' involve?

Regularly updating software to address vulnerabilities (B)

What is an example of a cybersecurity policy?

Password policy (A)

What does 'cyber hygiene' refer to?

Maintaining good security habits (D)

What does a security audit assess?

Compliance with standards and regulations (A)

What is the role of a SIEM system?

To collect and analyze security data in real-time (B)

What is 'public key infrastructure' (PKI)?

A framework for managing digital keys and certificates (A)

What is 'cryptojacking'?

The unauthorized use of a computer’s resources for mining cryptocurrency (D)

Flashcards

VPN

A Virtual Private Network, creating a secure connection over a public network.

Firewall

A security system that controls network traffic based on rules.

Phishing

A social engineering attack to trick people into giving up info.

Ransomware

Malware that encrypts your files and demands payment for access.

Zero-day vulnerability

A software flaw unknown to the vendor, very dangerous.

HTTPS

Secure internet protocol, used for secure website communication.

2FA

Two-factor authentication requiring 2 forms of identification.

Penetration Test

A simulated cyberattack to find vulnerabilities in a system.

Stuxnet attack

A 2010 cyberattack targeting Iran's nuclear facilities.

2016 US election cyberattack tactic

Phishing was used in the 2016 election.

2014 Target breach

Exposed 40 million credit card details.

Blockchain technology

Decentralized ledger for secure transactions and data.

Quantum computing impact on cybersecurity

Could break existing encryption, requiring post-quantum cryptography.

SolarWinds hack

A 2020 supply chain attack compromising U.S. government agencies.

AI-powered cybersecurity

Using AI for real-time detection and response to cyber threats.

Password Attack (Brute-Force)

A systematic attempt to guess passwords by trying every possible combination.

Malware Worm

Malicious software designed to spread automatically to other computers.

SQL Injection

A method to inject malicious SQL code into a database query to gain unauthorized access.

Impersonation (Cybersecurity)

Gaining access to systems or information by pretending to be someone else.

Cryptojacking

Unauthorized use of a computer to mine cryptocurrency.

Cybersecurity Breach

Unauthorized access to a system or sensitive data.

PKI (Public Key Infrastructure)

A framework for managing digital keys and certificates for secure communication.

SIEM (Security Information and Event Management)

A system for collecting and analyzing security logs to detect threats.

XSS (Cross-Site Scripting)

A vulnerability allowing attackers to inject malicious scripts into websites.

Weak Passwords

Easily guessed passwords that increase the risk of unauthorized access.

Botnet

A network of infected computers controlled by an attacker for malicious purposes.

Patch (Cybersecurity)

A software update that fixes vulnerabilities and bugs.

Social Engineering

Manipulating people into revealing sensitive information or performing actions that compromise security.

Study Notes

Cybersecurity Concepts and Attacks

• VPN: Virtual Private Network
• Firewall: Monitors and controls network traffic based on security rules.
• Phishing: Social engineering attack to acquire sensitive information.
• Ransomware: Malicious software encrypting files for ransom.
• Zero-day vulnerability: Unknown software vulnerability, no patch available.
• HTTPS: Secure protocol for website communication.
• Two-Factor Authentication (2FA): Adds security with two forms of identification.
• Malware: Malicious software designed to harm or compromise systems/data.
• Denial-of-Service (DoS) attack: Overwhelms a network with traffic.
• CIA (in cybersecurity): Confidentiality, Integrity, Availability.
• Social Engineering attacks (examples): Phishing.
• Penetration Test (purpose): Identifying system/network vulnerabilities before exploitation.
• Man-in-the-Middle (MITM) attack: Attacker intercepts and alters communication.
• Intrusion Detection System (IDS): Monitors network traffic for malicious activity.
• TLS (Transport Layer Security): Encryption algorithm for data in transit.
• Data Sanitization: Securely erasing data from storage.
• Vulnerability Management: Identifying, assessing, and mitigating vulnerabilities.
• Brute-force attack: Systematic attempts of every possible password.
• Worm: Malware designed to spread across multiple computers without user action.
• SQL Injection: Allows attackers to execute malicious SQL statements.
• Impersonation: Obtaining sensitive information by pretending to be someone else.
• Cross-site scripting (XSS): Injection of malicious scripts into webpages.
• Cryptojacking: Unauthorized use of resources for cryptocurrency mining.
• Cybersecurity Breach Indicator: Unauthorized access to systems or data.
• Public Key Infrastructure (PKI): Framework for managing digital keys and certificates.
• Security Information and Event Management (SIEM) system: Collects, analyzes, and responds to security data.
• Security Best Practice (Passwords): Use complex, unique passwords for each account.
• Encryption Key: Encodes and decodes data for confidentiality.
• Patch Management: Regularly updating software/hardware for security.
• Backdoor: Bypasses normal authentication/encryption for malicious access.
• Sandbox: Isolates suspicious files/programs for testing.
• Data Encryption at Rest: Encrypting stored data.
• Distributed Denial-of-Service (DDoS) attack: A DoS attack from multiple sources.
• Social Engineering: Manipulating people for security compromise.
• Least Privilege: Granting users only necessary permissions.
• Security Policy (example): Password policy.
• SSL (Secure Socket Layer): Encrypts data between a web server and browser.
• Keylogger: Malware recording keystrokes to steal information.
• Bring Your Own Device (BYOD): Security considerations for employee-owned devices.
• Rootkit: Malware gaining & hiding root-level access.
• Social Media Monitoring: Detecting threats by observing social media.
• Security Control (example): Encryption.
• Security Audit: Review of security policies, systems, and infrastructure.
• Honeypot: Decives attackers with a fake system to study methods.
• Cyber Hygiene: Maintaining good security habits.
• Computer Virus: Infecting maliciouls software.

Historical Cybersecurity Events and Concepts

• Early Computer Viruses: Brain virus (1986), Morris Worm (1988), ILOVEYOU (2000)

• Advanced Persistent Threats (APTs): Coined by U.S. DoD

• Important Breaches: OPM (2013), WannaCry (2017), Stuxnet (2010), Target breach (2014), GDPR implementation (May 2018), DNC email leak (2016)

• Equifax Breach: Exposed personal data of 147 million individuals (2017)

• Blockchain Technology: Decentralized ledger for secure transactions & data.

• Quantum Computing and Cybersecurity: Potential to break current encryption.

• Zero Trust Security Model: No entity trusted by default, verification required for access.

• SolarWinds Hack: A 2020 supply chain attack.

• Ethical Hacking: Authorized system testing to find vulnerabilities.

• Data Exfiltration: Unauthorized data transfer.

• Multi-Factor Authentication (MFA): More authentication factors.

• Cloud Security: Protecting data/applications in cloud environments.

• 5G and Cybersecurity: Increased attack surface.

• Cyber Threat Intelligence: Collecting and analyzing information to predict attacks.

• Heartbleed bug: 2014 OpenSSL vulnerability exposing sensitive data.

• AI and Cybersecurity: Using AI to detect and respond to threats in real time.

Description

Test your knowledge on key cybersecurity concepts and the various types of attacks that can compromise systems. This quiz covers critical topics such as VPNs, firewalls, ransomware, phishing, and more. Perfect for anyone looking to strengthen their understanding of digital security.