Cybersecurity Concepts Overview
40 Questions
15 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which three methods are effective in ensuring system availability?

  • Equipment maintenance (correct)
  • Quality assurance testing
  • System backups (correct)
  • Up-to-date operating systems
  • System resiliency (correct)
  • Fire extinguishers
  • Which two signs commonly indicate that an email is spam?

  • The email has no subject line. (correct)
  • The email includes multiple spelling mistakes. (correct)
  • The email has excessive promotional content.
  • The email is from a work colleague.
  • The email discusses a recent purchase.
  • The email is from a known contact.
  • What term refers to a phishing attack aimed at a specific individual?

  • Vishing
  • Spoofing
  • Spear phishing (correct)
  • Whaling
  • What does a rootkit typically alter to create unauthorized access?

    <p>Operating system</p> Signup and view all the answers

    Which term describes deceptive SMS messages designed to lure users to a harmful website?

    <p>Smishing</p> Signup and view all the answers

    What code allows unauthorized users to bypass normal authentication mechanisms?

    <p>Backdoor</p> Signup and view all the answers

    Which three components are essential in AAA security framework?

    <p>Authorization</p> Signup and view all the answers

    Which option is NOT a common characteristic of spam emails?

    <p>The email is personalized with the recipient's name.</p> Signup and view all the answers

    What is the technique called when letters are rearranged to create ciphertext?

    <p>Transposition</p> Signup and view all the answers

    Which encryption algorithm is recognized by the US government for safeguarding classified information?

    <p>AES</p> Signup and view all the answers

    What is the term for the process of replacing sensitive information with a non-sensitive version?

    <p>Masking</p> Signup and view all the answers

    Which type of cipher encrypts fixed-length blocks of plaintext into blocks of ciphertext?

    <p>Block</p> Signup and view all the answers

    Which of the following accurately describes social steganography?

    <p>Creating a message with dual meanings</p> Signup and view all the answers

    What does steganalysis involve?

    <p>Detecting hidden information</p> Signup and view all the answers

    Which terms are associated with the technology that makes messages harder to understand?

    <p>Obfuscation</p> Signup and view all the answers

    Which of the following is a feature of a one-time pad?

    <p>Is unbreakable with the right key</p> Signup and view all the answers

    Which three items are considered physical access controls?

    <p>Video cameras</p> Signup and view all the answers

    Which three scenarios can utilize a hashing function?

    <p>PPoE</p> Signup and view all the answers

    What should a user do to ensure a program is not altered during download?

    <p>Create a hash of the program file</p> Signup and view all the answers

    What measure can ensure the sender of an email cannot deny sending it?

    <p>Digital signature</p> Signup and view all the answers

    Which three algorithms are NIST-approved for digital signatures?

    <p>RSA</p> Signup and view all the answers

    If Alice and Bob use the same password, what will their password hashes be?

    <p>The same, since the input value is identical</p> Signup and view all the answers

    Which of the following is not a function of physical access controls?

    <p>Monitor network traffic</p> Signup and view all the answers

    Which of these options could jeopardize the integrity of a program file during distribution?

    <p>Using unverified download links</p> Signup and view all the answers

    What could be a reason for different password hash values between two systems?

    <p>Both systems scramble the passwords before hashing.</p> Signup and view all the answers

    What is an example of a data integrity control implemented during data entry?

    <p>A validation rule ensuring completeness and accuracy of data.</p> Signup and view all the answers

    Which technology should be used to ensure an encrypted connection and authenticate a website?

    <p>Digital certificate</p> Signup and view all the answers

    What key technology is necessary for verifying the identity of customers during electronic transactions?

    <p>Public key infrastructure</p> Signup and view all the answers

    What security measure helps prevent unauthorized data entry by limiting input types?

    <p>Implementation of a limitation rule for data fields</p> Signup and view all the answers

    Why might hashing and salting be used together in password security?

    <p>To enhance password protection against rainbow table attacks.</p> Signup and view all the answers

    How does data entry control enhance data integrity in organizations?

    <p>By limiting the range of data entry to qualified personnel.</p> Signup and view all the answers

    What is one disadvantage of using a hashing algorithm that is not secure for storing passwords?

    <p>It can lead to the exposure of plaintext passwords.</p> Signup and view all the answers

    What term describes hackers who operate outside the law but may not necessarily intend to cause harm?

    <p>Gray hat hackers</p> Signup and view all the answers

    Which of the following is an early warning system that can help identify cyberattacks?

    <p>Honeynet project</p> Signup and view all the answers

    Which technology is used to ensure that a device is equipped with the latest antivirus before connecting to a network?

    <p>NAC</p> Signup and view all the answers

    What type of data is maintained primarily by NAS and SAN technologies?

    <p>Stored data</p> Signup and view all the answers

    Which technology is specifically designed to protect data confidentiality?

    <p>Encryption</p> Signup and view all the answers

    What type of impersonation attack typically exploits a trusted relationship between two systems?

    <p>Spoofing</p> Signup and view all the answers

    Which type of malware is likely to cause slow network performance after downloading a suspicious application?

    <p>Virus</p> Signup and view all the answers

    What is the term for when data exceeds the memory areas assigned to an application?

    <p>Buffer overflow</p> Signup and view all the answers

    Study Notes

    Authentication, Authorization and Accountability

    • AAA stands for Authentication, Authorization, and Accountability
    • Authentication verifies a user’s identity
    • Authorization grants access based on verified identity
    • Accountability tracks all user actions

    System Availability

    • System backups prevent data loss
    • System resiliency ensures system uptime in case of failure
    • Equipment maintenance optimizes system performance

    Spam

    • Spam is unsolicited electronic messages, often advertising
    • Spam is used to spread malware
    • Spam often contains misspelled words or punctuation errors
    • Spam has keywords in it and may target a specific person or institution (spear phishing)

    Phishing

    • Phishing is a deceptive attempt to acquire sensitive information
    • Spear phishing targets specific individuals or organizations
    • Smishing is phishing through SMS messages

    Rootkits

    • Rootkits are programs that modify operating systems to bypass authentication

    Backdoors

    • Backdoors bypass normal authentication mechanisms
    • Backdoors are often implemented by criminals

    Multi-factor Authentication

    • Multi-factor authentication uses two or more verification methods
    • Methods may include something you have (physical token), something you know (password) and something you are (biometrics)

    Ciphertext

    • Transposition ciphers rearrange letters
    • Substitution ciphers replace letters
    • One-time pads combine plaintext with a key to create ciphertext

    AES Encryption

    • The US government uses the Advanced Encryption Standard (AES) to protect classified information
    • AES is a strong block cipher algorithm with 128-bit blocks
    • AES uses longer key lengths than other ciphers

    Steganography

    • Steganography is the practice of hiding data within other data
    • Steganography can use audio, image, or text files to conceal data

    Data Masking

    • Data masking replaces sensitive information with nonsensitive data
    • This helps protect sensitive information without losing data functionality

    Block Ciphers

    • Block ciphers operate on fixed-length blocks of plaintext
    • Block ciphers encrypt a block of plaintext into a block of ciphertext
    • The same key is used in reverse to decrypt the ciphertext

    Physical Access Controls

    • Physical access controls are physical measures that restrict access
    • Examples include locks, swipe cards, video cameras, and fences

    Hashing

    • Hashing creates a unique fingerprint for a file or data
    • Hashing is used to verify data integrity
    • Hashing ensures the data is not altered
    • Hashing can be used in IPsec, PPP CHAP, and PKI certificates

    Digital Signatures

    • Digital signatures ensure authenticity and non-repudiation
    • Digital signatures use cryptographic techniques to verify the sender's identity
    • NIST approved digital signature algorithms include DSA, ECDSA, and RSA

    Hashing and Salting

    • Hashing generates a unique identifier from input data
    • Salting adds random data to the input before hashing
    • Salting makes it more difficult to crack passwords

    Data Integrity

    • Data integrity ensures data is accurate, complete, and consistent
    • Data integrity can be achieved through validation rules, limitations, and encryption

    Digital Certificates

    • Digital certificates verify the identity of an organization or website
    • Digital certificates provide an encrypted connection between the client and website

    Hacker Classifications

    • Black hat hackers engage in illegal activities
    • Gray hat hackers operate in a gray area between legal and illegal
    • Script kiddies exploit existing vulnerabilities
    • White hat hackers work ethically to improve security

    Early Warning Systems

    • Early warning systems detect and respond to cyberattacks
    • Examples include Infragard, honeynet projects, and the CVE database

    Network Access Control (NAC)

    • NAC enforces security policy by checking device compliance before network access
    • NAC ensures devices meet security standards

    Network-Attached Storage (NAS) and Storage Area Network (SAN)

    • NAS and SAN store data, but NAS uses a single storage device
    • SAN uses multiple devices, allowing for more complex configurations

    Encryption

    • Encryption transforms data into an unreadable format
    • Encryption protects confidentiality
    • Encryption uses cryptographic algorithms

    Impersonation Attacks

    • Impersonation attacks exploit trusted relationships
    • Spoofing attacks mimic a legitimate system or user
    • Spoofing can involve MAC addresses, IP addresses, or ARP relationships

    Malware

    • Malware is malicious software that can harm systems and data
    • Viruses infect files and spread through shared files
    • Worms replicate autonomously
    • Phishing attempts to trick users into providing sensitive information
    • Spam is unsolicited electronic messages, often used for advertising

    Buffer Overflow Attacks

    • Buffer overflow attacks target applications
    • Attacks exploit vulnerabilities by exceeding allocated memory
    • This can cause crashes, data corruption, or provide attackers access to the system

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    ITC Final Exam PDF

    Description

    This quiz covers essential cybersecurity principles, including Authentication, Authorization, Accountability, system availability, spam, phishing, and rootkits. You'll test your knowledge on how these concepts work together to protect information and systems. Perfect for anyone looking to enhance their understanding of cybersecurity.

    More Like This

    Use Quizgecko on...
    Browser
    Browser