Cybersecurity Fundamentals Quiz

Questions and Answers

What is the primary goal of cybersecurity?

• Preventing hardware failures
• Protecting physical devices
• Safeguarding data and systems (correct)
• Enhancing software speed

What does the OSI model stand for?

• Open Systems Interconnection (correct)
• Overhead Systems Infrastructure
• Online Security Interface
• Operational Security Integration

Which layer of the OSI model handles data encryption?

• Physical
• Network
• Presentation (correct)
• Transport

What is the purpose of a firewall in cybersecurity?

Monitoring and controlling network traffic (C)

Define "network security."

It encompasses the practices, policies, and technologies that protect a network and its data from unauthorized access, use, disclosure, disruption, modification, or destruction.

What was the original purpose of ARPANET?

Secure communication during the Cold War (D)

What is a vulnerability in software?

A weakness or flaw in software that can be exploited to compromise security.

Name one tool used to identify vulnerabilities in software.

Nessus

What is the primary focus of data security?

Ensuring authorized access and preventing breaches (C)

Which of these is an example of vulnerable software exploitation?

Stack overflow (C)

Which layer of the OSI model deals with IP addressing?

Network (D)

What is "packet switching"?

A method of breaking data into smaller packets that are transmitted independently and reassembled at the destination.

What is the role of a Domain Name Server (DNS)?

Translates human-readable domain names (e.g., google.com) into IP addresses.

What is a common IP address format in IPv4?

Four decimal numbers separated by dots, e.g., 192.168.1.1

Define the term "port" in computer networking.

A virtual communication endpoint used to identify specific processes or services on a network.

Why is port 80 commonly used in web communication?

It is the default port for HTTP, the protocol used for web communication.

What is the local loopback IP address?

127.0.0.1

What does the acronym ARP stand for?

Address Resolution Protocol

What is the main function of the transport layer in networking?

To ensure data delivery between devices, handling tasks like segmentation and error checking.

Give an example of a reserved TCP port number.

Port 21 (FTP)

Define the term "packet capture" in network security.

Capturing and logging data packets that pass through a network for analysis.

What is the purpose of tools like NMAP?

To scan networks and identify open ports and services.

What is an application layer protocol? Provide one example.

An application layer protocol defines communication rules for applications. Example: HTTP.

How does data security differ from network security?

Data security focuses on protecting the integrity and privacy of data, while network security protects the infrastructure and transmission channels.

What is the main risk of unencrypted communication over networks?

Data can be intercepted and read by unauthorized parties.

What is encryption?

The process of converting plaintext into ciphertext to prevent unauthorized access.

Name one use case of encryption.

Securing communications, protecting sensitive data, or enabling safe online transactions.

Which is the most secure symmetric encryption algorithm in common use today?

AES (A)

What is plaintext?

The original, readable form of data before encryption.

What is ciphertext?

The scrambled, unreadable form of data after encryption.

What are the two primary types of encryption?

Symmetric encryption and asymmetric encryption.

What is the primary weakness of the DES algorithm?

Its short key length (56 bits), which makes it vulnerable to brute-force attacks.

What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of keys (public and private) for these operations.

Define the term "encryption key."

A secret value used in the encryption and decryption process.

Why are longer encryption keys more secure?

Longer keys have more possible combinations, making brute-force attacks computationally infeasible.

What is brute force in cryptography?

A method of attempting all possible keys until the correct one is found.

What is the purpose of modular arithmetic in encryption?

It is used to perform encryption and decryption operations, ensuring data is within a defined numeric range.

Why is RC4 no longer considered secure?

Its keystream generation has predictable patterns, making it vulnerable to attacks.

What is the main benefit of AES over DES?

AES has longer key lengths, faster performance, and better resistance to cryptanalysis.

In symmetric encryption, how are keys shared between sender and receiver?

Keys are shared through secure channels, such as using Diffie-Hellman or pre-shared methods.

What is the primary use of asymmetric encryption?

Key exchange and digital signatures.

Define "public key" and "private key."

Public key: Used for encryption and shared openly. Private key: Used for decryption and kept secret.

What is the role of cryptanalysis?

The study of analyzing and breaking cryptographic systems

What is the ECB mode in encryption, and why is it insecure for some applications?

ECB encrypts blocks independently, so identical plaintext blocks produce identical ciphertext blocks, revealing patterns.

What is an initialization vector (IV), and why is it used?

An IV is a random value used to ensure that ciphertext for identical plaintexts is different.

In Cipher Block Chaining (CBC), what is XORed with the plaintext before encryption?

The ciphertext of the previous block is XORed with the plaintext.

What is the purpose of hashing in encryption?

Hashing is used to verify data integrity and create unique digital fingerprints of data.

Why is it impractical to brute-force AES with a 256-bit key?

There are 2^256 possible keys, making brute-force attacks impractical with current technology.

What does the term "entropy" refer to in cryptography?

The measure of randomness or unpredictability in a cryptographic system.

Explain the term "key exchange" in encryption.

Key exchange refers to securely sharing encryption keys between parties.

Flashcards

Network Security

The practice of protecting networks, devices, and data from unauthorized access or cyberattacks.

Software Vulnerability

A weakness or flaw in software that can be exploited to compromise security.

Packet Switching

A method of breaking data into smaller packets that are transmitted independently and reassembled at the destination.

Domain Name Server (DNS)

Translates human-readable domain names (e.g., google.com) into IP addresses.

Port (in Networking)

A port is a virtual communication endpoint used to identify specific processes or services on a network.

Why is port 80 commonly used?

It is the default port for HTTP, the protocol used for web communication.

Packet Capture

Capturing and logging data packets that pass through a network for analysis.

Application Layer Protocol

An application layer protocol defines communication rules for applications. Example: HTTP.

Data Security vs. Network Security

Data security focuses on protecting the integrity and privacy of data, while network security protects the infrastructure and transmission channels.

Encryption

The process of converting plaintext into ciphertext to prevent unauthorized access.

Plaintext

Plaintext is the original, readable form of data before encryption.

Ciphertext

Ciphertext is the scrambled, unreadable form of data after encryption.

Symmetric vs. Asymmetric Encryption

Symmetric encryption uses the same key for encryption and decryption, whereas asymmetric encryption uses a key pair (public and private).

Encryption Key

A secret value used in the encryption and decryption process.

Brute Force (Cryptography)

A method of attempting all possible keys until the correct one is found.

Modular Arithmetic in Encryption

It is used to perform encryption and decryption operations, ensuring data is within a defined numeric range.

AES Advantages over DES

AES has longer key lengths, faster performance, and better resistance to cryptanalysis.

Key Sharing in Symmetric Encryption

Keys are shared through secure channels, such as using Diffie-Hellman or pre-shared methods.

Public Key and Private Key

Public key: Used for encryption and shared openly. Private key: Used for decryption and kept secret.

Cryptanalysis

The study of analyzing and breaking cryptographic systems.

ECB Mode (Encryption)

ECB encrypts blocks independently, so identical plaintext blocks produce identical ciphertext blocks, revealing patterns.

Initialization Vector (IV)

An IV is a random value used to ensure that ciphertext for identical plaintexts is different.

Cipher Block Chaining (CBC)

The ciphertext of the previous block is XORed with the plaintext.

Hashing in Encryption

Hashing is used to verify data integrity and create unique digital fingerprints of data.

Brute-forcing AES (256-bit key)

There are 2^256 possible keys, making brute-force attacks impractical with current technology.

Entropy (Cryptography)

The measure of randomness or unpredictability in a cryptographic system.

Key Exchange 

Key exchange refers to securely sharing encryption keys between parties.

Study Notes

Cybersecurity Fundamentals

• Primary goal of cybersecurity: Safeguarding data and systems
• OSI model: Open Systems Interconnection
• Firewall purpose: Monitoring and controlling network traffic
• Network security: Protecting networks, devices, and data from unauthorized access
• ARPANET original purpose: Secure communication during the Cold War
• Software vulnerability: A weakness or flaw exploitable to compromise security
• Tools to identify vulnerabilities: Vulnerability scanners (Nessus, OpenVAS)
• Data Security Focus: Ensuring authorized access and preventing breaches

Network Security

• Firewall role: Encrypting data before transmission (incorrect), monitoring and controlling network traffic, and detecting viruses (incorrect).
• OSI model Data Encryption layer: Presentation layer
• Packet Switching: A method of breaking data into smaller packets for independent transmission and reassembly at the destination.

Computer Networking

• Port 80 use in web communication: Used for HTTP communication (web traffic)
• Local loopback IP address: 127.0.0.1 (used for testing)
• ARP: Address Resolution Protocol
• Transport layer function: Handles the reliable delivery of data between applications
• Reserved TCP port number example: 22 (SSH), 80 (HTTP), 443 (HTTPS)
• Packet capture: Capturing and logging data packets for analysis

Cryptography and Encryption

• Plaintext: Original, readable form of data
• Ciphertext: Scrambled, unreadable form of data, result of encryption
• Symmetric encryption methods: AES, DES
• Asymmetric encryption method: Diffie-Hellman, RSA,
• Symmetric encryption: Uses same key for encryption and decryption.
• Asymmetric encryption: Uses a public and private key pair.
• Brute-force attack: Trying all possible keys until the correct one is found
• Key exchange: Securely sharing encryption keys between parties
• Initialization vector (IV): Random value used to prevent identical plaintext from producing identical ciphertext
• Hashing in encryption: Creating unique digital fingerprints of data for integrity verification
• Key length vulnerability: Short keys vulnerable to brute-force attacks (ex: 56-bit DES keys)
• Entropy: Measure of randomness or unpredictability in a cryptographic system.
• Cryptoanalysis: The study of analyzing and breaking cryptographic systems

Description

Test your knowledge on the essential concepts of cybersecurity, including the OSI model, the role of firewalls, and network security practices. This quiz covers key topics like data security, software vulnerabilities, and tools for identifying risks. Perfect for anyone looking to strengthen their understanding of cybersecurity fundamentals.