Cybersecurity Principles Quiz

Questions and Answers

What is the primary goal of the principle of confidentiality in cybersecurity?

• To prevent unauthorized access to sensitive data (correct)
• To collect as much data as possible for analysis
• To ensure data is accessible by all users at any time
• To maintain the integrity and accuracy of data during transmission

Which of the following cybersecurity certifications focuses specifically on ethical hacking?

• CCNA
• CISM
• CISSP
• CEH (correct)

Which cybersecurity safeguard is primarily concerned with the people aspect?

• Encryption techniques
• Training and awareness (correct)
• Policies and practices
• Technology tools

What are the three states of data within cybersecurity?

Data in transit, data at rest, data in process (D)

Which of the following best describes the concept of data integrity in cybersecurity?

Maintains the accuracy and reliability of data (C)

What is the primary focus of ISO 27001 within the ISO 27000 model?

Control objectives (C)

Which of the following is NOT part of the ISO 27000 model?

ISO 27006 (D)

What does the CIA in the CIA triad stand for?

Confidentiality, Integrity, Availability (C)

What is the purpose of the Cybersecurity Cube?

To represent the dimensions of cybersecurity (C)

Which type of malware is designed to trigger under certain conditions?

Logic bomb (A)

Which standard is primarily used in the credit card industry?

PCI DSS (D)

What does ISO 27004 focus on within the ISO 27000 family?

Verification of practices (B)

Which of the following models is considered a high-level framework for cybersecurity?

NIST CSF (C)

What constitutes Entity Integrity in a database?

Each table must have a unique identifier. (A)

Which of the following describes Domain Integrity?

It limits the values of data in a field. (B)

What is a primary key's role in a database?

To ensure each row of data is unique and identified. (B)

What type of integrity ensures security in the relationship between tables?

Referential Integrity (C)

Which strategy is NOT a measure to improve availability in a system?

SSH access limitation (A)

What does the Five Nines concept refer to in terms of availability?

99.999% uptime during peak periods. (C)

Which of the following is considered a threat to availability?

Natural disasters (C)

What is the purpose of validation rules in data entry?

To ensure data adheres to specified parameters. (A)

What is the primary function of ransomware in a cyberattack?

To encrypt user data and demand a ransom for decryption (C)

Which method is NOT commonly used in social engineering?

Dummy training (D)

What type of attack involves overwhelming a server with excessive traffic?

Denial-of-Service attack (B)

Which of the following best describes spyware?

Software that monitors and gathers information from the computer (D)

What tactic is used by attackers when they impersonate a trusted person to gain unauthorized access?

Impersonation (C)

Which type of phishing targets specific individuals, usually high-profile targets?

Whaling (A)

What does a keylogger do?

Record keystrokes to capture user information (D)

What is SEO poisoning in the context of cyber attacks?

Manipulating search engine results to elevate malicious sites (D)

Which of the following is considered a defensive measure against email and browser attacks?

User education on phishing (D)

What is the primary purpose of a rootkit in a cybersecurity context?

To conceal malicious activities from the user and system (D)

Which type of hacker is primarily motivated by ethical reasons and aims to report vulnerabilities?

White hat hacker (D)

What term is used for amateur hackers who typically use existing scripts to carry out attacks?

Script kiddies (A)

Which hacker category is characterized by acting without permission and may sometimes disclose their findings?

Grey hat hacker (D)

Which of the following is typically excluded from the category of ethical hackers?

Cyber criminals (D)

Which type of hacker is specifically known for targeting Linux systems?

Red hat hacker (A)

What is the main motivation for black hat hackers?

Personal gain (D)

Which type of hacktivist is generally considered organized and is classified as a cyber criminal?

State-sponsored hacker (D)

Which one of the following accurately describes a characteristic of grey hat hackers?

May operate illegally but disclose findings sometimes (B)

Which of these hacker types is primarily defined by legal compliance and ethical hacking?

White hat hacker (A)

Among the various categories of hackers, which one is specifically tied to ethical behavior?

White hat hacker (D)

What distinguishes organized hackers from other types of hackers?

They are usually motivated by activism or personal gain (A)

Which hacker type may operate in a legal grey area and is less predictable in their actions?

Grey hat hacker (A)

Which category of hackers could include individuals working for a government entity?

State-sponsored hackers (B)

What is the primary function of an Intrusion Detection System (IDS)?

To monitor network traffic passively (A)

Which disaster recovery strategy focuses on maintaining essential business functions during a crisis?

Business Continuity Plan (BCP) (D)

Which type of backup enables the restoration of a complete system or data?

Full backup (C)

What is the main security risk associated with WEP encryption?

It has vulnerabilities that render it easily hackable (A)

Which encryption method is commonly used for securing files on Windows systems?

BitLocker (B)

What essential feature must a system have to utilize a VPN effectively?

Encryption for data protection (C)

What is the role of Network Admission Control (NAC) in network security?

To allow only authorized users access to the network (B)

What is one of the primary functionalities of a Host Intrusion Detection System (HIDS)?

Monitor for suspicious activity on the host (D)

Which risk category does vandalism belong to in disaster contexts?

Human-caused disruptions (A)

What is the main purpose of patch management?

To update system security to prevent vulnerabilities (B)

Which of the following is a feature of mutual authentication?

Ensures both parties in a communication verify each other's identity (C)

Which type of filter is typically used to control email spam?

Email filter (B)

What is the main function of a disk cloning tool?

To create a complete copy of a system state or disk (A)

Which of the following is NOT a common physical security measure?

Drop-in voltage regulators (A)

Flashcards

Confidentiality

Preventing unauthorized access to information, ensuring that it remains secret and only accessible to authorized individuals.

Integrity

Data is protected from unauthorized modification or deletion, guaranteeing its accuracy and reliability.

Availability

Ensuring that data is available and accessible to authorized users whenever required.

Cybersecurity Safeguards

A set of measures taken to safeguard data, including technological tools, policies, practices, and training individuals.

Data Privacy

A collection of sensitive data that requires protection from unauthorized access. Examples include personal information, credit card details, and confidential business documents.

ISO 27000

A family of documents related to information security. ISO 27001 lays out the objectives, ISO 27002 provides control recommendations, and other documents cover implementation, verification, and risk management.

ISO 27002

A standard that provides guidelines for implementing information security controls.

ISO 27001

A standard that outlines the objectives of an information security management system.

States of Data

It describes the different stages a piece of information goes through during its lifecycle, influencing security considerations at each stage.

NIST SP 800-53

A cybersecurity framework created by the National Institute of Standards and Technology, focusing on a wide range of security controls.

Malware

Software designed to harm a computer system or steal sensitive data.

Worms

A type of malware that spreads itself from one computer to another without user interaction.

Logic Bomb

A type of malware that awaits a specific event or condition to trigger its malicious action.

Trojan Horse

A technique used to gain unauthorized access to a system by exploiting a flaw in the system's security.

Ransomware

A type of malware that encrypts files on a computer, making them inaccessible until a ransom is paid.

Backdoor

A hidden program that provides unauthorized access to a system, giving the attacker full control over the device.

Rootkit

A type of malware that allows an attacker to gain elevated privileges on a system, often by exploiting vulnerabilities in the operating system.

Privilege Escalation

A type of attack that allows an attacker to gain higher privileges on a system, often by exploiting vulnerabilities, leading to compromised security.

Spyware

A type of malware that collects information about a user's computer usage and sends it to the attacker, often without the user's knowledge.

Phishing

A type of email fraud that attempts to trick users into revealing personal information, such as passwords and credit card details, by impersonating a legitimate organization or person.

Pharming

A type of attack that redirects users to a fake website, often used to steal personal information.

Sniffing

A type of attack that uses network sniffing to capture sensitive data, like passwords and credit card numbers, sent between computers.

Ethical Hacker

Someone who uses hacking skills for ethical reasons, such as reporting security vulnerabilities to companies.

Cyber Criminal

A person who exploits vulnerabilities for malicious purposes, often for personal gain.

Vulnerability Broker

A type of ethical hacker who specializes in finding and selling vulnerabilities to companies or individuals.

Hacktivists

A group of hackers who engage in political or social activism by launching cyber attacks against organizations or individuals.

Organized Hackers

A type of cyber criminal who operates within an organized group, often with a specific goal in mind.

State-sponsored Hackers

Hacking activities that are sponsored by governments or nation-states, often for intelligence gathering or cyber warfare.

Red Hat Hacker

A hacker who focuses on exploiting vulnerabilities in Linux systems.

Grey Hat Hacker

A type of hacker who operates within a grey area, often engaging in compromises without permission but sometimes disclosing their findings.

White Hat Hacker

A hacker who acts in a way that is considered ethical and legal.

Script Kiddie

A person who is new to hacking and often uses pre-made scripts or tools to launch attacks.

Hobbyist

A person who enjoys hacking as a hobby, often without malicious intent.

Denial-of-Service (DoS) Attack

A type of attack that aims to overload a server or network with traffic, making it unavailable to legitimate users.

Sniffing Attack

A type of attack that involves intercepting data transmitted over a network.

Spoofing Attack

A type of attack that involves disguising a malicious entity as a trusted one, misleading users.

Man-in-the-Middle (MitM) Attack

A type of attack where an attacker inserts themselves between a user and a website, intercepting and potentially manipulating communication.

Data Integrity

Ensuring that data is accurate, consistent, and reliable by implementing rules that enforce data integrity.

Primary Key

A primary key is a unique identifier for each row (record) in a table. It ensures that each row can be distinguished from others and makes searching for specific records efficient.

Domain Integrity

Ensuring that data values in a column (field) meet specific criteria, such as data type, format, or range. Think of it as limiting the kinds of information allowed in a column.

Referential Integrity

Maintaining the consistency and reliability of data relationships between tables. It prevents errors that could arise from inconsistencies between linked data.

Five Nines

A concept aiming for a near-perfect uptime of a system or service, typically measured as a percentage of time a system is available. Five nines mean 99.999% uptime.

Threats to Availability

Factors that can potentially disrupt a system's availability, including natural disasters, power failures, attacks, hardware failures, software bugs, human errors, and theft.

Measures to Improve Availability

Measures taken to reduce the impact of threats and improve availability. These include asset management, redundancy, defense-in-depth, and more.

CSIRT (Computer Security Incident Response Team)

A team responsible for responding to computer security incidents, like data breaches or malware attacks. They identify, analyze, and contain threats to protect systems and data.

Network Admission Control (NAC)

A security technology that controls access to a network based on user identity and device health. It allows only authorized users and devices to connect.

Intrusion Detection System (IDS)

A security technology that passively monitors network traffic looking for suspicious patterns or activities that might indicate a cyberattack. It doesn't stop attacks, but raises an alarm.

Intrusion Prevention System (IPS)

A security technology that actively monitors network traffic and blocks suspicious activities, preventing attacks from reaching their targets. It acts as a shield.

NetFlow and IPFIX

A Cisco IOS technology that captures and records statistics about network traffic, like the number and types of packets flowing through routers or switches. It helps analyze network usage and identify potential security issues.

Advanced Threat Intelligence

Information collected about known threats and attack patterns, which can be used to detect, prevent, and respond to cybersecurity incidents. It includes details like malware signatures and attack indicators.

Disaster Recovery Plan (DRP)

A plan outlining how an organization will recover from a disaster by restoring critical systems and data. It minimizes the impact of disruptions and helps to get back on track quickly.

Business Continuity Plan (BCP)

A plan that ensures the continuity of an organization's operations in the face of various threats. It covers a broader range of events than just disaster recovery.

Operating System (OS)

The core of a computer system, responsible for managing resources and executing tasks. It's crucial to secure the OS to protect the entire system.

Operating System Hardening

The process of strengthening the security of an OS by modifying its default configurations and implementing security policies. It reduces vulnerabilities and strengthens defenses.

Anti-Malware Software

Software designed to detect and remove malware, like viruses, worms, and ransomware, protecting computers from malicious code.

Patch Management

The process of applying security patches to software, fixing known vulnerabilities and bugs. It's essential for keeping software secure and up-to-date.

Host-Based Firewalls

A firewall designed to protect a single computer or host. It's like a gatekeeper for the machine, blocking malicious traffic from reaching it.

Host Intrusion Detection System (HIDS)

A software intrusion detection system designed to detect suspicious activities on a single computer or host. It monitors for unusual behavior that might indicate an attack.

VPN (Virtual Private Network)

A technology that allows users to securely access a private network over a public network, like the internet. It encrypts data and often includes authentication.

Wi-Fi Protected Access (WPA)

A standard that defines how wireless devices authenticate and encrypt communication. It's like a key and lock for your WiFi network, preventing unauthorized access.

Mutual Authentication

A process where both the user and the server authenticate each other, preventing unauthorized access and man-in-the-middle attacks. It's like a two-way handshake, verifying both parties.

Study Notes

Security Essentials - Images

• Images depict a keypad lock and a picture of a blank face with a security lock. The number 3944 is visible on the keypad lock.
• The images are associated with security measures.

Cybersecurity Criminals vs Specialists

• Cybercriminals are categorized as amateurs, hackers (ethical, vulnerability broker), organized hackers (hacktivists, cybercriminals, state-sponsored, terrorists), white hats and grey hats.
• Motives for cybercriminals include personal profit and illegal gain.

• Ethical hackers report vulnerabilities, grey hats compromise without permission sometimes disclosing, black hats act unethically to gain personal profit, red hats attack systems, and Blue hats test systems before launch.
  

Common Threats

• Threats target Internet Services (DNS, HTTP, databases, wireless access points, packet interception).
• Threats target key industry sectors including ICS, SCADA systems, and Smart meters (manufacturing, transportation, energy, communications).

Spreading Cybersecurity Threats

• Internal Threats: former employees, external contractors, or partners
• These individuals may have access to sensitive data or networks and pose a security risk.
• External Threats: amateurs, hackers, organized hackers and their tactics.
• External attacks often exploit vulnerabilities or knowledge of systems to gain access.

Vulnerability of Mobile Devices

• BYOD (Bring Your Own Device) management
• Lack of central control, updates, and software vulnerabilities.

The Internet of Things (IoT)

• IoT is the collection of technologies that enable the connection of various devices to the Internet. These devices include appliances, locks, motors, and entertainment devices.
• Managing and securing the data from these devices presents a growing challenge.

Big Data

• Data encompasses volume, velocity (speed of data), and variety (types of data).
• Data volume, velocity, and variety present challenges for storing, securing, and analyzing data.

Advanced Weapons

• Software vulnerabilities (bugs, protocol weaknesses, implementation errors) are often exploited by criminals.
• Criminals also use sophisticated attacks such as those categorized as Advanced Persistent Threats, which are targeted attacks, algorithm attacks that track system data, and trigger false alarms to select targets, overload the computer and attack vulnerable targets.

Broader Scope & Cascade Effect

• Network interconnections allow cascade effects, where vulnerabilities in one area cause problems in other areas.
• The impact of a cyberattack can be widespread, affecting multiple systems and organizations.

Safety Implications

• Cyberattacks can greatly disrupt services such as electricity, telephone, water, and traffic.

Creating More Experts

• US National Cybersecurity Workforce Framework: includes aspects of 'Operate and Maintain,' 'Protect and Defend', 'Investigate,' 'Collect and Operate,' 'Analyze,' 'Oversight and Development,' 'Securely Provision IT Systems'.
• Roles (operations and maintenance, security, investigation, data collection, analysis, oversight, and provision) provide support and security administration for systems, identifying and mitigating threats, and investigating cyber events.
• Certifications and training are necessary to address the growing need for experts in the industry to conduct cybersecurity work effectively, and a framework that helps in efficiently building and deploying secure IT systems.

Network Security Organisations

• ECS, MITRE, SANS Institute, ISC 2, ENISA are prominent organizations that develop training, certificates, organizations, and frameworks to help individuals advance their skills and roles in cybersecurity.

The Cybersecurity Cube (Three Dimensions)

• The three dimensions of the Cybersecurity Cube are Confidentiality, Integrity, and Availability (CIA triad).
• The cube model illustrates the different states of data.

Principles of Security

• Confidentiality ensures data secrecy.
• Integrity enforces data accuracy.
• Availability ensures data accessibility.

The States of Data

• Data in transit, data at rest, and data in process are the three states in which data exists.

Cyber Security Safeguards

• Data is needed to describe the physical, ethical, technology, and people-related aspects of cyber security, including data privacy and threats, and how to secure it.

Protecting Data Privacy

• Sensitive information (PII) requires protection. Organizational and business information also requires protection as well.

Laws and Liability

• Data integrity ensures data accuracy.
• Integrity is important so data is usable, reliable, and accurate.
• Legal and ethical frameworks for handling data need to be taken into account as well as who is and how data is dealt with.

Principle of Availability

• Data availability means access to data and services, which includes redundancy and fault tolerance, among other measures.

Types of Data Storage

• Includes Direct-attached storage (DAS), Network-attached storage (NAS), and storage area networks(SAN).
• Different methods to store data include Redundant Array of Independent Disks (RAID).

Methods of Transmitting Data

• Data transmissions include wired (ethernet, fiber optic) and wireless methods (WiFi, Bluetooth).

Challenges of Protecting Data in-Transit

• Risks involved with data transmission, including confidentiality, integrity, and availability.

Challenges of Protecting Data in-Process

• Risks involved in protecting data collection, modification, and output, including vulnerabilities in systems, and data manipulation through malicious code.

Cybersecurity Safeguards

• Use technology, policies and procedures, and employee training to safeguard data.

Implementing Cybersecurity Education and Training

• Awareness, procedures, training sessions, and continuous education to ensure relevant knowledge and skill to deal with fast-evolving technology and tactics.

Security Policies, Standards & Procedures

• Policies, standards, and procedures provide a framework for consistently ensuring security.

IT Security Framework

• The ISO 27000 family of standards provides a structured model for information security management.

Other Cybersecurity Models

• NIST SP 800-53, NIST CSF, CIS Controls, ITIL, PCI DSS are frameworks for guidance and management systems.

Cybersecurity Cube Overview

• The cybersecurity cube comprises confidentiality, integrity, and availability, crucial principles for data protection.
• It outlines various phases of data in transition, at rest, and during processing.
• The model describes different countermeasures to maintain security.

Malware and Malicious Code

• Malware encompasses various forms of malicious software including viruses, worms, logic bombs.
• Malware actions include causing disruption and enabling access to systems.

Email and Browser Attacks

• Spam is unsolicited email, often used for advertisement or the distribution of malware.
• Spyware collects user information.
• Phishing attempts to collect sensitive user information through fraudulent means (e.g., emails, websites, etc.) to gain access to accounts.
• Browser vulnerabilities (plugins) are attack points that could allow malicious software and code to be introduced.

Deception or Social Engineering

• Social engineering manipulates individuals rather than systems to gain access to information and/or systems
• Deception tactics include pretexting, quid pro quo, hoaxes, piggybacking, and social engineering tactics.
• Defending against these attacks requires awareness training and policies to prevent exploitation.

Attacks

• Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks flood a system, preventing authorized users from accessing it.
• Sniffing captures network traffic.
• Spoofing impersonates a legitimate entity to gain access.
• Zero-day exploits vulnerabilities unknown to vendors.

Wireless and Mobile Attacks

• Grayware, SMS phishing, Rogue access points, RF jamming, Bluetooth attacks (bluejacking, bluesnarfing) and WEP/WPA attacks (key capture) can target wireless and mobile devices in an organization.

Application Attacks

• Cross-site scripting (XSS) exploits website vulnerabilities.

Cybersecurity Models Overview

• Overview of various security frameworks and models like NIST SP 800-53, frameworks developed by the Center for Internet Security (CIS). ITIL, PCI DSS, and other relevant models/frameworks.

The Art of Protecting Secrets

• Covers encryption types (symmetric, asymmetric), algorithm types (block, stream), standards (3DES, IDEA, AES), key management, and cryptographic practices.

Digital Signatures

• Digital signatures authenticate and confirm the integrity of a message, comparable to a physical signature on a document

Certificates

• Certificates (X.509) verify the authenticity of entities on the network.

Multi-Tiered Certification Authorities

• Multi-layered approaches to certificate management
• Provides more trust and security for end-user interactions

Cipher Suite

• A combination of cryptographic algorithms (for key exchange, encryption, MAC).

Database Integrity Enforcement

• Ensuring the integrity of databases; aspects include rules, constrains, input controls, and measures to prevent security risks.

High Availability - Five Nines Concept

• Measurement of the availability of a system as a percentage.
• The goal is to minimize data losses and enhance system performance.

Measures to Improve Availability

• Methods for enhancing system availability, including asset identification, classification, standardization, and threat identification.

Risk Analysis

• Methods of analyzing and mitigating risk in an organization.

Defense in Depth

• Multiple layers of security to lessen the chance of a security incident

Redundancy

• Includes a backup system to prevent loss of data or system disruption that may be critical.

System Resiliency

• The ability of a system to maintain operations during an incident, attack, or disaster.

Incident Response

• Processes and procedures to manage and resolve security incidents in an appropriate manner. Includes various steps like containment, eradication, and post-incident analysis.

Disaster Recovery

• Methods for restoring a damaged organization's systems and operations, and the importance of DRPs and backup plans.

Operational System Security

• Methods for operational system security
• Includes operating systems, patches, and policies for security in a given system, and the ways to improve the security.

Secure Communication

• VPN, remote access, data encryption and protocols.

Hardening Wireless and Mobile

• Methods for enhancing wireless, mobile, and network security configurations.

Images and Content Control

• Filtering content on a website
• Disk cloning and deep freeze

Cables and Locks

• Protecting physical systems

GPS Tracking and RFID

• Methods to monitor and secure systems

Server Hardening

• Enhancing security in server configurations, including privileges, ports, services, logs, etc.

Securing Network Devices

• Protection of devices in the network

Network and Routing Services

• Operational components for networks such as DHCP, DNS, ICMP, NTP

Physical Access Control

• Control of access to physical locations
• Surveillance

Cybersecurity Domains

• Categorizes the different areas of a cybersecurity system (users, devices, LAN, clouds, physical facilities and applications)

User Domain

• Security awareness training, access control, software updates.

Device Domain

• User account policies, software updates, and acceptable use policy.

LAN Domain

• Secure wiring, access control, operating system & application patches.

Private Cloud Domain

• Network probing, access to resources, errors, and remote user data.

Public Cloud Domain

• Data breach, property loss.

Physical Facilities Domain

• Natural threats, unauthorized access, power issues and security breaches.

Understanding Ethics

• Ethical considerations in cybersecurity

Belgian Legislation

• Laws, regulations, and punishments for cybersecurity crimes.

GDPR/AVG and PCI DSS

• Compliance with data privacy regulations.

Additional notes

• These notes cover the core concepts and different aspects of security in detail, including details on practical applications and standards.