Cybersecurity Concepts Overview

Questions and Answers

Which three methods are effective in ensuring system availability?

Equipment maintenance (correct)

Quality assurance testing

System backups (correct)

Up-to-date operating systems

System resiliency (correct)

Fire extinguishers

Which two signs commonly indicate that an email is spam?

The email has no subject line. (correct)

The email includes multiple spelling mistakes. (correct)

The email has excessive promotional content.

The email is from a work colleague.

The email discusses a recent purchase.

The email is from a known contact.

What term refers to a phishing attack aimed at a specific individual?

Vishing

Spoofing

Spear phishing (correct)

Whaling

What does a rootkit typically alter to create unauthorized access?

Operating system

Which term describes deceptive SMS messages designed to lure users to a harmful website?

Smishing

What code allows unauthorized users to bypass normal authentication mechanisms?

Backdoor

Which three components are essential in AAA security framework?

Authorization

Which option is NOT a common characteristic of spam emails?

The email is personalized with the recipient's name.

What is the technique called when letters are rearranged to create ciphertext?

Transposition

Which encryption algorithm is recognized by the US government for safeguarding classified information?

AES

What is the term for the process of replacing sensitive information with a non-sensitive version?

Masking

Which type of cipher encrypts fixed-length blocks of plaintext into blocks of ciphertext?

Block

Which of the following accurately describes social steganography?

Creating a message with dual meanings

What does steganalysis involve?

Detecting hidden information

Which terms are associated with the technology that makes messages harder to understand?

Obfuscation

Which of the following is a feature of a one-time pad?

Is unbreakable with the right key

Which three items are considered physical access controls?

Video cameras

Which three scenarios can utilize a hashing function?

PPoE

What should a user do to ensure a program is not altered during download?

Create a hash of the program file

What measure can ensure the sender of an email cannot deny sending it?

Digital signature

Which three algorithms are NIST-approved for digital signatures?

RSA

If Alice and Bob use the same password, what will their password hashes be?

The same, since the input value is identical

Which of the following is not a function of physical access controls?

Monitor network traffic

Which of these options could jeopardize the integrity of a program file during distribution?

Using unverified download links

What could be a reason for different password hash values between two systems?

Both systems scramble the passwords before hashing.

What is an example of a data integrity control implemented during data entry?

A validation rule ensuring completeness and accuracy of data.

Which technology should be used to ensure an encrypted connection and authenticate a website?

Digital certificate

What key technology is necessary for verifying the identity of customers during electronic transactions?

Public key infrastructure

What security measure helps prevent unauthorized data entry by limiting input types?

Implementation of a limitation rule for data fields

Why might hashing and salting be used together in password security?

To enhance password protection against rainbow table attacks.

How does data entry control enhance data integrity in organizations?

By limiting the range of data entry to qualified personnel.

What is one disadvantage of using a hashing algorithm that is not secure for storing passwords?

It can lead to the exposure of plaintext passwords.

What term describes hackers who operate outside the law but may not necessarily intend to cause harm?

Gray hat hackers

Which of the following is an early warning system that can help identify cyberattacks?

Honeynet project

Which technology is used to ensure that a device is equipped with the latest antivirus before connecting to a network?

NAC

What type of data is maintained primarily by NAS and SAN technologies?

Stored data

Which technology is specifically designed to protect data confidentiality?

Encryption

What type of impersonation attack typically exploits a trusted relationship between two systems?

Spoofing

Which type of malware is likely to cause slow network performance after downloading a suspicious application?

Virus

What is the term for when data exceeds the memory areas assigned to an application?

Buffer overflow

Study Notes

Authentication, Authorization and Accountability

• AAA stands for Authentication, Authorization, and Accountability
• Authentication verifies a user’s identity
• Authorization grants access based on verified identity
• Accountability tracks all user actions

System Availability

• System backups prevent data loss
• System resiliency ensures system uptime in case of failure
• Equipment maintenance optimizes system performance

Spam

• Spam is unsolicited electronic messages, often advertising
• Spam is used to spread malware
• Spam often contains misspelled words or punctuation errors
• Spam has keywords in it and may target a specific person or institution (spear phishing)

Phishing

• Phishing is a deceptive attempt to acquire sensitive information
• Spear phishing targets specific individuals or organizations
• Smishing is phishing through SMS messages

Rootkits

• Rootkits are programs that modify operating systems to bypass authentication

Backdoors

• Backdoors bypass normal authentication mechanisms
• Backdoors are often implemented by criminals

Multi-factor Authentication

• Multi-factor authentication uses two or more verification methods
• Methods may include something you have (physical token), something you know (password) and something you are (biometrics)

Ciphertext

• Transposition ciphers rearrange letters
• Substitution ciphers replace letters
• One-time pads combine plaintext with a key to create ciphertext

AES Encryption

• The US government uses the Advanced Encryption Standard (AES) to protect classified information
• AES is a strong block cipher algorithm with 128-bit blocks
• AES uses longer key lengths than other ciphers

Steganography

• Steganography is the practice of hiding data within other data
• Steganography can use audio, image, or text files to conceal data

Data Masking

• Data masking replaces sensitive information with nonsensitive data
• This helps protect sensitive information without losing data functionality

Block Ciphers

• Block ciphers operate on fixed-length blocks of plaintext
• Block ciphers encrypt a block of plaintext into a block of ciphertext
• The same key is used in reverse to decrypt the ciphertext

Physical Access Controls

• Physical access controls are physical measures that restrict access
• Examples include locks, swipe cards, video cameras, and fences

Hashing

• Hashing creates a unique fingerprint for a file or data
• Hashing is used to verify data integrity
• Hashing ensures the data is not altered
• Hashing can be used in IPsec, PPP CHAP, and PKI certificates

Digital Signatures

• Digital signatures ensure authenticity and non-repudiation
• Digital signatures use cryptographic techniques to verify the sender's identity
• NIST approved digital signature algorithms include DSA, ECDSA, and RSA

Hashing and Salting

• Hashing generates a unique identifier from input data
• Salting adds random data to the input before hashing
• Salting makes it more difficult to crack passwords

Data Integrity

• Data integrity ensures data is accurate, complete, and consistent
• Data integrity can be achieved through validation rules, limitations, and encryption

Digital Certificates

• Digital certificates verify the identity of an organization or website
• Digital certificates provide an encrypted connection between the client and website

Hacker Classifications

• Black hat hackers engage in illegal activities
• Gray hat hackers operate in a gray area between legal and illegal
• Script kiddies exploit existing vulnerabilities
• White hat hackers work ethically to improve security

Early Warning Systems

• Early warning systems detect and respond to cyberattacks
• Examples include Infragard, honeynet projects, and the CVE database

Network Access Control (NAC)

• NAC enforces security policy by checking device compliance before network access
• NAC ensures devices meet security standards

Network-Attached Storage (NAS) and Storage Area Network (SAN)

• NAS and SAN store data, but NAS uses a single storage device
• SAN uses multiple devices, allowing for more complex configurations

Encryption

• Encryption transforms data into an unreadable format
• Encryption protects confidentiality
• Encryption uses cryptographic algorithms

Impersonation Attacks

• Impersonation attacks exploit trusted relationships
• Spoofing attacks mimic a legitimate system or user
• Spoofing can involve MAC addresses, IP addresses, or ARP relationships

Malware

• Malware is malicious software that can harm systems and data
• Viruses infect files and spread through shared files
• Worms replicate autonomously
• Phishing attempts to trick users into providing sensitive information
• Spam is unsolicited electronic messages, often used for advertising

Buffer Overflow Attacks

• Buffer overflow attacks target applications
• Attacks exploit vulnerabilities by exceeding allocated memory
• This can cause crashes, data corruption, or provide attackers access to the system

Description

This quiz covers essential cybersecurity principles, including Authentication, Authorization, Accountability, system availability, spam, phishing, and rootkits. You'll test your knowledge on how these concepts work together to protect information and systems. Perfect for anyone looking to enhance their understanding of cybersecurity.