Information Security and Access Quiz

Questions and Answers

What is the main reference to check before asking any question in the course?

• Slides
• Syllabus (correct)
• No information provided
• Books

Which of the following is a common method used in social engineering attacks?

• Pharming (correct)
• Timing Attacks
• Benchmarking
• Buffer Overflow

What is the primary purpose of spam?

• To trick users into giving private information
• To target specific users
• To send unsolicited e-mails (correct)
• To distribute malware

What is the main goal of phishing?

To trick users into giving private information (B)

What is the consequence of a buffer overflow?

Application error (A)

Which security model gives recommendations for information security management?

ISO 27000 series (D)

Which of the following is NOT a critical characteristic of information?

Accuracy (B)

What is the definition of a vulnerability?

A weakness or fault in a system (D)

What is the purpose of authentication in information security?

To secure information from unauthorized access (D)

What is the CIA triad in information security?

Confidentiality, Integrity, Availability (B)

What is the McCumber cube used for in information security?

To map security goals to concrete ideas (D)

According to the text, what is the definition of security?

The state of being free from danger or threat. (A)

According to the text, what is the relation between computer security, network security, OS security, and information security?

Computer security, network security, and OS security are all subcategories of information security. (B)

Why are we sure that we will always have attacks in the future, according to the text?

Because all tools used to manage our information are vulnerable, including humans. (A)

What are some examples of security attacks mentioned in the text?

Nigerian 419 advanced fee fraud, malware, identity theft, phishing (D)

What did Stuxnet do, according to the text?

Sabotaged centrifuges used to enrich uranium gas (B)

Which category of attackers is motivated by political or social causes?

Hacktivist or cyberactivist (D)

What is the main difference between viruses and worms?

Viruses can automatically spread to other computers, while worms rely on user action to spread. (D)

What is the purpose of a Trojan?

To do something other than advertised (B)

How does a virus spread through a computer system?

By infecting files opened by the user or operating system (D)

What is the purpose of malware classification?

To predict the future behavior of malware (D)

Which type of malware is designed to hide or remove traces of log-in records and log entries?

Rootkits (A)

Which type of malware lies dormant until triggered by a specific logical event?

Logic bombs (C)

What is the purpose of a backdoor in software code?

To circumvent normal security (B)

What is the main function of spyware?

To gather personal information (B)

What is the purpose of IP spoofing in a man-in-the-middle attack?

To reroute and forge data (A)

According to the text, what is the main requirement for exams in the course?

Exams are open book (D)

According to the text, how are grades determined in the course?

Grades are based on knowledge (C)

According to the text, what is the main motivation for building knowledge in the course?

Intrinsic motivation (D)

Which of the following is NOT a critical characteristic of information?

Availability (B)

What is the purpose of authentication in information security?

To grant access to information (B)

What is the main purpose of IP spoofing in a man-in-the-middle attack?

To hide the attacker's identity (B)

Which type of malware is designed to hide or remove traces of log-in records and log entries?

Rootkit (B)

Which of the following is a social engineering attack that involves sending an email claiming to be from a legitimate source and tries to trick the user into giving private information?

Spear phishing (A)

What is the primary purpose of spam?

To distribute malware (C)

What is a buffer overflow?

An application error that occurs when more data is sent to a buffer than it can handle (D)

Which security model gives recommendations for information security management?

ISO 27000 series (A)

Which type of malware is designed to hide or remove traces of log-in records and log entries?

Rootkit (B)

What is the main function of a keylogger?

To capture user's keystrokes (A)

What is the purpose of IP spoofing in a man-in-the-middle attack?

To modify packets using fake IP addresses (A)

What is the main goal of a denial-of-service (DoS) attack?

To overwhelm a target system with requests (C)

According to the text, what is the main difference between viruses and worms?

Viruses replicate themselves on the same computer, while worms spread to other network devices. (D)

What is the purpose of a Trojan, according to the text?

To do something other than advertised and contain hidden code that launches an attack. (D)

Which category of attackers is motivated by political or social causes?

Hacktivist or cyberactivist (B)

What is the purpose of authentication in information security?

To verify the identity of a user and ensure authorized access to information. (C)

According to the text, what is the main difference between security and trust?

Security is always needed, while trust can be used whenever possible. (B)

According to the text, what is the definition of information security?

The absence of threats or dangers to the information. (D)

According to the text, why are we sure that we will always have attacks in the future?

All tools used to manage our information are vulnerable, including humans. (A)

According to the text, what is the main goal of a man-in-the-middle attack?

To modify or manipulate data in transit. (A)

Study Notes

Course Reference

• The course textbook is the main reference for any questions.

Social Engineering Attacks

• A common method is phishing.

Spam

• The primary purpose is to advertise.

Phishing Attacks

• The main goal is to steal sensitive information.

Buffer Overflow

• A buffer overflow can cause a system crash or allow attackers to gain unauthorized access.

Information Security Management Models

• The ISO 27000 series provides recommendations for information security management.

Critical Characteristics of Information

• Critical characteristics of information include confidentiality, integrity, availability, authenticity, and non-repudiation.

Vulnerability

• A vulnerability is a weakness in a system, which can be exploited by an attacker.

Authentication

• The purpose of authentication in information security is to verify the identity of a user or device.

CIA Triad

• The CIA triad is a model for information security that emphasizes confidentiality, integrity, and availability.

McCumber Cube

• The McCumber cube is used to analyze and visualize information security risks.

Security

• Security refers to protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Computer, Network, OS & Information Security

• Computer, network, operating system, and information security are all interconnected and work together to protect information.

Attacks

• Based on the current landscape of security threats, it's certain that attacks will persist.

Security Attack Examples

• Examples include network attacks like denial of service (DoS) attacks, malware like viruses and trojans, and social engineering like phishing attacks.

Stuxnet

• Stuxnet was a sophisticated malware that disrupted industrial control systems, causing significant damage.

Attackers with Political/Social Causes

• Hacktivists are motivated by political and social causes.

Viruses

• Viruses, unlike worms, require human interaction to spread.

Trojan Horses

• Trojans are disguised as legitimate software and are used to steal data or grant access to the system.

Virus Spread

• Viruses typically spread through infected files, attachments, or websites.

Malware Classification

• Malware classification helps to understand the various types of malware and their effects.

Malware that Hides Log-in Records

• Rootkits are designed to hide traces of log-in records.

Malware Triggered by Events

• Logic bombs are malware that lies dormant until triggered by a specific logical event.

Backdoors

• Backdoors in software code allow unauthorized access to a system.

Spyware

• Spyware is malware that collects personal information without the user's knowledge.

IP Spoofing

• In a man-in-the-middle attack, IP spoofing allows an attacker to intercept communication between two parties.

Course Exams

• Exams require understanding of information security concepts, techniques, technologies, and practices.

Course Grading

• Grades are determined based on exam performance, class participation, and assignments, including practical exercises.

Building Knowledge in the Course

• The primary motivation is to build a foundational understanding of information security principles and practices.

Purpose of Authentication

• The purpose of authentication is to ensure the validity of a user or entity's identity.

IP Spoofing Purpose

• IP spoofing is primarily used to deceive the recipient of a communication about the source of the communication.

Malware Designed to Hide Log-in Records

• Rootkits are designed to cover up traces of malicious activities, like log-in records.

Phishing Emails

• Phishing emails appear to come from a legitimate source, but aim to trick users into revealing private information.

Spam

• Spam is unwanted and unsolicited messages sent to a large number of people.

Buffer Overflow

• Buffer overflow occurs when a program tries to write more data into a buffer than it can hold, potentially leading to data corruption or system crashes.

Keylogger

• A keylogger records all the keys that a user types on a keyboard.

Denial-of-Service (DoS) attack

• The main goal of a DoS attack is to prevent legitimate users from accessing a service.

Difference Between Viruses and Worms

• The key difference is that viruses require human interaction, while worms can spread independently.

Trojan Function

• Trojans are designed to give an attacker unauthorized access to a system.

Attackers Motivated by Political/Social Causes

• Hacktivists are groups motivated by political or social causes.

Security & Trust

• Security attempts to prevent unauthorized access, while trust assumes that there is no threat.

Information Security Definition

• Information security refers to protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Future Attacks

• Attacks are inevitable because technology evolves, new vulnerabilities arise, and attackers are constantly finding new ways to exploit systems.

Man-in-the-Middle Attack Goal

• The main goal of a man-in-the-middle attack is to intercept communication between two parties and potentially steal sensitive information.

Description

Test your knowledge on information security and access with this quiz. Learn about the different categories of attackers and understand the importance of balancing protection and availability.