14 Questions
What is the primary goal of confidentiality in information security?
Ensuring that information is not revealed to unauthorized persons
What is the formula to calculate risk in information security?
Risk = Threat x Vulnerabilities
What is the primary purpose of a firewall in information security?
To control incoming and outgoing network traffic
What is the key difference between symmetric and asymmetric key cryptography?
Asymmetric key uses two keys, while symmetric key uses one key
What is the primary focus of security in information security?
Risk
What is the reason why it's impossible to totally eliminate risk in information security?
Because there is no simple solution to securing information
What is an example of a passive attack?
An attacker capturing packets from the network and attempting to decrypt them
What is the primary goal of a reconnaissance attack?
To gather as much information as possible about a target
What is the term for the ability of someone or something to influence the behavior of a group of people?
Social engineering
What type of attack involves someone from the inside, such as a disgruntled employee, attacking the network?
Insider attack
What is the term for a fake web page that looks exactly like a popular website, used to persuade users to enter sensitive information?
Phishing attack
What is the term for a hacker taking over a session between two individuals and disconnecting the other individual from the communication?
Hijacking attack
What is the primary goal of a scanning attack?
To scan the network with specific information gathered during reconnaissance
What is the term for activities undertaken by a hacker to extend their misuse of the system without being detected?
Covering tracks
Study Notes
Information Security Goals
- Confidentiality: ensuring that information is not revealed to unauthorized persons
- Integrity: ensuring consistency of data and detecting any modifications
- Availability: ensuring that legitimate users have access to information and resources
- Security is a shared responsibility that each person must accept when connecting to a network
Risks and Threats
- Risk = Threat x Vulnerability
- Vulnerability: degree of weakness found in every network and device
- Threat: a person, thing, event, or idea that poses danger to an asset's confidentiality, integrity, availability, or legitimate use
- It's impossible to totally eliminate risk, and there is no simple solution to securing information
Attack and Attack Types
- Attack: any attempt to destroy, expose, alter, disable, steal, or gain unauthorized access to an asset
- Passive Attack: difficult to detect, involves capturing and attempting to decrypt packets from a network
- Active Attack: easier to detect, involves actively sending traffic to access information or modify data
- Malicious Hacker Methods:
- Reconnaissance: gathering information about a target system
- Scanning: scanning a network with gathered information
- Gaining Access: exploiting a system
- Maintaining Access: retaining ownership of a system
- Covering Tracks: undertaking activities to remain undetected
Social Engineering
- Phishing Attack: creating a fake website to persuade users to enter sensitive information
- Hijack Attack: taking over a session between two parties and disconnecting one party
- Insider Attack: an attack from within, such as a disgruntled employee attacking the network
Security Defenses
- Firewalls: static and dynamic
- IDS/IPS
- VPN
- Proxy
- Next-generation Firewalls
- Encryption:
- Symmetric Key Cryptography
- Asymmetric Key Cryptography
- Digital Signatures/Digital Certificates
This quiz covers the basics of information security, including confidentiality, integrity, availability, risks and threats, and security defenses. It also explores topics such as firewalls, intrusion detection systems, VPNs, and cryptography.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
