Cybersecurity Overview Quiz

Questions and Answers

PDF Questions PDF Answers

What is the purpose of a URL interpretation attack?

To alter the meaning of a URL without changing its syntax (correct)

To enhance HTTPS security

To improve website navigation

To prevent user access to a website

Which type of attack is characterized by manipulating DNS records?

Malware attack

Session hijacking

Brute force attack

DNS spoofing (correct)

What is the main goal of a cyberattack?

To access, change, or destroy sensitive information (correct)

To protect sensitive data

To improve network security

To enhance system performance

What characterizes a DoS attack?

It overwhelms a server with malicious traffic

What distinguishes a black hat hacker from a white hat hacker?

Black hat hackers exploit systems for malicious purposes.

What is the main goal of session hijacking?

To steal session tokens and gain unauthorized control

In a phishing attack, what is the primary tactic used by attackers?

Sending fraudulent communication that appears legitimate

Which of the following describes a brute force attack?

Trial and error method of cracking passwords

What is the difference between spear-phishing and whaling attacks?

Whaling is a form of phishing directed at high-level executives

What is the core method used in a Man-in-the-Middle (MITM) attack?

Intercepting communications between two parties

What type of malicious software is known to spread between computers and cause damage?

Worm

What is the primary characteristic of malware attacks?

They are designed to harm or damage systems without user knowledge.

What is the primary goal of an attacker using SQL Injection?

To manipulate backend database for unauthorized access

Which of the following attacks typically involves multiple infected machines?

DDoS attack

Hacking is defined as what?

Identifying and exploiting weaknesses in a system to gain unauthorized access.

Which method refers specifically to unauthorized authentication attempts into password-protected accounts?

Password attack

What is the purpose of a firewall in a network?

To protect the network from unauthorized access

Which of the following network devices is specifically used to connect different networks with differing technologies?

Router

What does the acronym TCP stand for in networking protocols?

Transmission Control Protocol

Which of these network topologies connects devices in a circular manner?

Ring Topology

What is the role of the Network Interface Card (NIC)?

To connect a computer to a network

Which protocol is used for sending emails?

SMTP

Which of the following statements best defines network security?

Action intended to safeguard data integrity and usefulness

What is the primary goal of white hat hackers?

To test and improve network security

Which technology is primarily used for wireless internet access in a small area?

WiFi

Which type of hacker operates between ethical and unethical practices, often raising awareness of vulnerabilities?

Grey hat hackers

What is the primary difference between half duplex and full duplex communication modes?

Half duplex permits data transmission one at a time, while full duplex allows simultaneous transmission

What is the role of an IP address?

To uniquely identify a device connected to the Internet

Which of the following is NOT a characteristic of a computer network?

Must use copper wires for connections

What is a MAC address?

A 12-digit hexadecimal number assigned to network interfaces

In which communication mode can the sender send and receive data simultaneously?

Full duplex mode

What distinguishes black hat hackers from white hat hackers?

Black hat hackers seek to exploit systems for malicious purposes

What is the primary focus of technical network security?

Safeguarding data during transitions and storage

Which of the following is NOT a component of administrative network security?

Protecting data from malicious software

What function does data loss prevention (DLP) technology primarily serve?

To stop employees from leaking sensitive data

Which type of network security ensures that malicious software is detected and handled?

Antivirus and anti-malware software

What is a significant aspect of network access control?

Restricting access to known users and devices

How can application security be defined?

Techniques and methods for safeguarding the application during its development

What is the main goal of physical network security?

To protect the physical infrastructure of the network

Which of the following best describes the purpose of technical network security?

Protecting data from malware and unauthorized users

Study Notes

What is Cybersecurity?

• Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.
• These cyberattacks typically aim to access, change, or destroy sensitive information, extort money from users via ransomware, or disrupt normal business processes.

Types of Cyber Attacks

• Denial-of-Service (DoS) Attack: One machine sends malicious traffic to overwhelm a server or application, making it unavailable to legitimate users.

  • Can crash services or flood services.
  • A buffer overflow attack can cause a machine to use up all its hard disk space, memory, or CPU time.

• Distributed Denial-of-Service (DDoS) Attack: Multiple machines or sources, such as a botnet, send malicious traffic to overwhelm a server or application.

  • Often use thousands of hosts infected with malware.

• Man-in-the-Middle (MitM) Attack: The attacker secretly intercepts and relays messages between two parties who believe they are communicating directly.

• Phishing Attack: A fraudulent attempt to steal sensitive data or install malware on a victim's device by sending a communication that appears to come from a reputable source.

  • The goal is to trick the victim into clicking on a link or replying to an email.

• Whaling Attack: A spear-phishing attack directed at high-level executives where attackers masquerade as familiar, trusted entities to encourage the victim to share sensitive information or make a wire transfer.

• Spear-Phishing Attack: Targets specific individuals or organizations, typically through malicious emails.

  • Aims to steal sensitive information like login credentials, important files, and then demands payment to unlock and decrypt the data.

• Password Attack: Uses various methods to maliciously authenticate into password-protected accounts.

  • Often facilitated by software that speeds up cracking or guessing passwords.

• SQL Injection (SQLi): A common attack vector that uses malicious SQL code to manipulate a backend database and gain access to information that wasn't intended to be displayed.

  • Can expose sensitive company data, user lists, or private customer details.

• URL Interpretation Attack (URL Poisoning): Alters the meaning of a URL while maintaining the syntax.

  • Allows attackers to access personal and professional data, perform actions that are normally forbidden, or access harmful information.

• Domain Name Server (DNS) Spoofing or DNS Cache Poisoning: Manipulates DNS records to redirect users to malicious websites.

• Session Hijacking: Takes control of a user's web session, which is a series of interactions between two communication endpoints that share a unique session token to ensure security and continuity.

• Brute Force Attack: Uses trial and error to crack passwords, login credentials, and encryption keys.

  • A simple yet reliable tactic for gaining unauthorized access to individual accounts and organizational systems and networks.

• Malware Attacks: Involves malicious software designed to harm a computer, server, client, or computer network by causing damage or disrupting infrastructure without the user's knowledge.

• Computer Virus: Malicious software that spreads between computers and damages data and software.

• Worm Virus: Exploits vulnerabilities in security software to steal sensitive information, install backdoors, corrupt files, and cause other harm.

What is Hacking?

• Hacking is the act of identifying and exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

Types of Hackers

• Black Hat Hackers: The 'bad guys' who discover vulnerabilities in computer systems and software to exploit them for financial gain or malicious purposes such as gaining reputation, corporate espionage, or nation-state hacking campaigns.

  • Can inflict serious damage by stealing personal information, compromising computer and financial systems, and altering or disabling websites and critical networks..

• White Hat Hackers: The 'good guys' who prevent black hat hackers through proactive hacking called ethical hacking.

  • Use their technical skills to break into systems to assess and test network security.
  • Help expose vulnerabilities in systems before black hat hackers can detect and exploit them.
  • Techniques used by white hat hackers are similar to those of black hat hackers, but they are hired by organizations to test and discover potential weaknesses.

• Grey Hat Hackers: Sit somewhere between the good and bad guys.

  • Attempt to violate standards and principles but without intending to do harm or gain financially.
  • Actions are typically carried out for the common good, such as exploiting a vulnerability publicly to raise awareness of its existence.

IP Address and MAC Address

• IP Address (Internet Protocol Address): A unique identifying number assigned to every device connected to the internet.

• MAC Address (Media Access Control Address): A unique identifier assigned to a network interface controller, used as a network address for communication within a network segment.

  • A 12-digit hexadecimal number assigned to each device connected to the network.

Communication Modes

• Simplex Mode: Sender can send data, but the sender cannot receive data.

  • Unidirectional communication.

• Half Duplex Mode: Sender can send data and receive data, but only one at a time.

  • Two-way directional communication, but restricted to one direction at a time.

• Full Duplex Mode: Sender can send data and receive data simultaneously.

  • Two-way directional communication happening simultaneously.

Network

• A collection of autonomous computers interconnected by a single technology.

  • Two computers are interconnected if they can exchange information.
  • Connections can be via copper wire, fiber optics, microwaves, infrared, and communication satellites.

• Networks come in different sizes, shapes, and forms.

• The internet is not a single network but a network of networks.

• The web is a distributed system that runs on top of the internet.

• The internet is the largest network in the world, a network of networks.

• ARPANET (Advanced Research Projects Agency Network) was the world's first network.

• A firewall is used to protect a network.

Types of Networks

• Star Topology: All devices connect to a central hub, forming a star shape.

• Ring Topology: Devices connect in a closed loop, forming a ring or circle shape.

• Bus Topology: Devices connect to a single shared cable or bus.

• Mesh Topology: All devices connect directly to each other, creating a mesh-like network.

• Hybrid Topology: Combines elements of different network topologies.

• Tree Topology: A hierarchical network resembling a tree, where devices connect to a central root.

• Point-to-Point Topology: Provides direct communication between two devices.

Network Devices

• Repeater: Strengthens the signal in a network.

• Hub: The central point of a network, connecting multiple devices.

• Switch: Interconnects different computers in a network, allowing for more efficient communication than a hub.

• NIC (Network Interface Card): Connects a computer to a network.

• Modem (Modulator Demodulator): Converts digital signals to analog signals and vice versa.

  • Can be analog-digital or light-digital.

• Router: Connects different networks with different technologies, allowing data transfer between networks.

• Console Port: An interface that allows for management and configuration of network devices.

• Serialization/Deserialization: Complementary processes that allow data to be stored and transferred.

• Gateway: Connects different networks.

• Bluetooth: Allows communication between devices over a short range.

• WiFi (Wireless Fidelity): Provides wireless internet access within a small area.

Network Protocols

• Protocol: A predefined set of rules and regulations defining how devices communicate with each other.

• WWW (World Wide Web): A mechanism for collecting all the information scattered on the internet.

• FTP (File Transfer Protocol): Used for transferring large files over the internet, including file uploading and downloading.

• SMTP (Simple Mail Transfer Protocol): Used for sending emails.

• POP3 (Post Office Protocol): Used for receiving emails.

• IP (Internet Protocol): Used to create data packets.

• TCP (Transmission Control Protocol): Provides reliable communication by ensuring data is sent and received correctly.

• WAP (Wireless Application Protocol): Used to access the internet on wireless devices.

Network Security

• Any action taken to protect the integrity and usability of data and networks.

• Aims to ensure data traveling over the network is safe and secure.

• Keeps sensitive information away from hackers and other threats.

• Examples of simple network security measures are password protection.

How Network Security Works

• Physical Network Security: The most basic level of networking security that protects data and networks from unauthorized physical access.

  • Can be achieved using devices like biometric systems.

• Technical Network Security: Protects the data stored or in transit on the network.

  • Provides security against unauthorized users and malicious activities.

• Administrative Network Security: Protects user behavior such as granting permissions and the authorization process.

  • Also ensures necessary network sophistication to protect it against various attacks.

Types of Network Security

• Network Access Control: Monitors user access to the network, including access to sensitive parts.

  • Restricts access to only known users and devices through security policies.

• Antivirus and Anti-Malware Software: Prevents harmful software from entering the network and compromising data security.

  • Handles malicious software such as viruses, Trojans, and worms.
  • Provides protection against malware entry and helps fight it once it has entered.

• Application Security: Security precautions taken at the application level to prevent data or code inside the application from being stolen or captured.

  • Includes security considerations during the development and design of applications, as well as techniques and methods for protecting applications.

• Data Loss Prevention (DLP): Prevents employees from accidentally or intentionally sharing valuable company or confidential data outside the network.

  • Prevents actions like uploading and downloading files, forwarding messages, or printing that could expose data to external threats.

Description

Explore the fundamentals of cybersecurity and learn about different types of cyberattacks. This quiz will cover key concepts like Denial-of-Service, Distributed Denial-of-Service, and Man-in-the-Middle attacks. Test your knowledge and enhance your understanding of digital security.