Cybersecurity Threat Mitigation

Questions and Answers

What type of threat involves an unauthorized party gaining access to an asset?

• Interception (correct)
• Fabrication
• Interruption
• Modification

What happens when an asset of the system becomes lost, unavailable, or unusable?

• Modification
• Interception
• Interruption (correct)
• Fabrication

What type of threat involves tampering with an asset?

• Interception
• Modification (correct)
• Fabrication
• Interruption

What is an example of a directed attack?

Draining a specific person's bank account (D)

What is the result of an unauthorized party creating counterfeit objects on a computing system?

Fabrication (D)

What is the term for unauthorized access to program or data files?

Illicit copying (C)

What is a prerequisite for a malicious attacker to succeed?

Having method, opportunity, and motive (D)

What is an example of a hardware vulnerability?

Adding devices to the network (B)

What is machinicide?

A physical attack on computer hardware or software (C)

What can be inserted into a network communication system by an intruder?

Spurious transactions (B)

What is a possible motive for an attacker to perform an attack?

For fun or challenge (A)

How can the security of hardware components be enhanced?

By using simple physical measures such as locks and guards (B)

What is the term used to describe the possibility of harm occurring?

Risk (A)

What is the primary goal of data encryption in terms of security?

To provide confidentiality of data (C)

What is the term used to describe the weakness in a system that can be exploited by a threat?

Vulnerability (C)

What is the primary goal of deflecting a threat in terms of security?

To make another target more attractive (C)

What is the primary goal of incident response in terms of security?

To recover from the effects of the threat (C)

Which of the following is a type of control that addresses the need for confidentiality and integrity of data?

Encryption (B)

What is the primary goal of deflecting a threat?

To make another target more attractive (D)

What is the term used to describe the possibility of harm occurring?

Risk (A)

What is the primary goal of risk management?

To minimize the impact of potential harm (B)

What is a vulnerability in the context of security?

A weakness in a system that can be exploited by a threat (D)

Which of the following security concepts is NOT directly related to the threat of modification?

Availability (D)

What is the primary goal of preventing an interception threat in terms of security?

Protecting data confidentiality (C)

Which of the following is an example of an interruption threat?

Malicious destruction of a hardware device (A)

What is the primary goal of risk management in relation to threat analysis?

Assessing the likelihood of a threat occurring (D)

Which of the following is a characteristic of a directed attack?

Targets a specific individual or organization (B)

What is the primary goal of implementing security controls in terms of threat analysis?

Preventing threats from occurring (D)

What is the primary concern of a software alteration attack?

To exploit fractional interest truncation (A)

What is the purpose of configuration management in a commercial computing center?

To prevent software deletion (A)

What is a characteristic of a logic bomb?

It is a program that is designed to fail or cause unintended behavior when certain conditions are met (D)

What is the primary goal of a software deletion attack?

To destroy a valuable software asset (D)

What is a common vulnerability of software?

It is easy to modify or delete (C)

What is the primary concern of a software modification attack?

To cause a system to fail or perform unintended tasks (B)

What is the primary purpose of using a key in a scrambled alphabet substitution cipher?

To ensure a unique ciphertext letter for each plaintext letter (A)

What is the encryption process in a substitution cipher with a key as a sentence?

By repeating the keyword along the message and summing them mod 26 (C)

What is a characteristic of a one-time pad?

It is considered the perfect cipher (D)

What is the result of encrypting the message 'gold' using a scrambled alphabet table with key='sand'?

EMJ (D)

What is the purpose of using the alphabet table in a substitution cipher with key as a sentence?

To convert plaintext letters to ciphertext letters (A)

What is the weakness of using a substitution cipher with a key as a sentence?

It is vulnerable to key repetition (C)

What is the purpose of adding a dummy letter in the message before encryption?

To make the message length a multiple of the number of columns (B)

What is the goal of substitution in cryptography?

Confusion in the encryption pattern (A)

What is an encryption algorithm called when it can be broken given enough time and data?

Breakable (C)

What is the purpose of transposition in cryptography?

To achieve diffusion of the information (B)

What is the challenge in decrypting a 25-character message in just uppercase letters with a given cipher scheme?

Selecting the right decipherment from a large set of possibilities (D)

What is the primary goal of a secure encryption algorithm?

To prevent an interceptor from using a small piece of the ciphertext to predict the entire pattern of the encryption (C)

What is the primary purpose of the Caesar cipher in cryptography?

To create a scrambled alphabet for secure communication (B)

What is the major weakness of the Caesar cipher?

It is a repeated pattern that can be easily deciphered (C)

What is the encryption formula for the Caesar cipher?

ci = E(pi) = pi + K mod 26 (D)

What is the decryption formula for the Caesar cipher?

pi = D(ci) = ci - K mod 26 (A)

What type of substitution cipher is the Caesar cipher?

Monoalphabetic cipher (B)

What is the advantage of the Caesar cipher?

It is quite simple and easy to implement (C)

Flashcards are hidden until you start studying

Study Notes

Risk Management in Computing Security

• Risk refers to the possibility of harm arising from vulnerabilities within a system.
• Strategies to manage risk include preventing attacks, making them harder, deflecting threats, detecting breaches, and recovering from damages.

Types of Attacks

• Directed Attack: Targets specific individuals or organizations with malicious intent.
• Types of Threats:
  • Interception: Unauthorized access to assets, compromising confidentiality (e.g., wiretapping).
  • Interruption: Assets become lost or unavailable, violating availability (e.g., hardware destruction).
  • Modification: Tampering with assets, violating integrity (e.g., altering database values).
  • Fabrication: Creation of counterfeit objects in a system, violating authenticity (e.g., inserting fake transactions).

Software Vulnerabilities

• Software Alteration: Can involve truncating interest calculations, leading to financial exploitation.
• Software Deletion: Accidental erasure of files highlights the need for strict configuration management.
• Software Modification: Malicious changes can lead to program failures or unintended behaviors (e.g., logic bombs).

Attacker Profile

• Successful attackers require:
  • Method: Skills and tools to execute an attack.
  • Opportunity: Time and access to target systems.
  • Motive: Reasons such as revenge, fraud, or challenge.

Hardware Vulnerabilities

• Physical Attacks: Can include water damage or direct physical destruction of components.
• Machinicide: Intentional harm to hardware via weapons or vandalism; prevention may involve physical security measures.

Data Controls

• Encryption: Essential for ensuring data confidentiality and integrity by making it unreadable to unauthorized parties.

Cryptography Concepts

• Substitution Cipher: Involves mapping plaintext letters to ciphertext letters using scrambled alphabets or keys.
• Caesar Cipher: A classic method using letter shifting to encrypt messages; simple but vulnerable to pattern recognition.
• One-Time Pads: Considered a perfect cipher due to its unpredictability when used correctly.

Encryption Goals and Challenges

• Confusion and Diffusion: Confusion obfuscates message patterns; diffusion spreads information throughout ciphertext.
• Breakability: An encryption algorithm is considered breakable if it can be deciphered in practical time despite being theoretically secure.

Substitution Techniques

• Simple Substitution: Replaces original message characters with other symbols.
• Key-Based Substitution: Uses keys to organize the alphabet or repeat symbols along with the message for encryption.

Summary of Encryption Practices

• Ciphers like the Caesar cipher exemplify the balance between simplicity and vulnerability.
• Each encryption method has unique strengths and weaknesses affecting its security in practical applications.