Information Security Fundamentals
14 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of confidentiality in information security?

  • Ensuring that information is not revealed to unauthorized persons (correct)
  • Denying access to information and resources
  • Detecting any modification of data
  • Ensuring that data is accessible to all users
  • What is the formula to calculate risk in information security?

  • Risk = Threat x Vulnerabilities (correct)
  • Risk = Threat ÷ Vulnerabilities
  • Risk = Threat + Vulnerabilities
  • Risk = Threat - Vulnerabilities
  • What is the primary purpose of a firewall in information security?

  • To encrypt data transmission
  • To control incoming and outgoing network traffic (correct)
  • To provide virtual private network access
  • To detect and prevent malware attacks
  • What is the key difference between symmetric and asymmetric key cryptography?

    <p>Asymmetric key uses two keys, while symmetric key uses one key</p> Signup and view all the answers

    What is the primary focus of security in information security?

    <p>Risk</p> Signup and view all the answers

    What is the reason why it's impossible to totally eliminate risk in information security?

    <p>Because there is no simple solution to securing information</p> Signup and view all the answers

    What is an example of a passive attack?

    <p>An attacker capturing packets from the network and attempting to decrypt them</p> Signup and view all the answers

    What is the primary goal of a reconnaissance attack?

    <p>To gather as much information as possible about a target</p> Signup and view all the answers

    What is the term for the ability of someone or something to influence the behavior of a group of people?

    <p>Social engineering</p> Signup and view all the answers

    What type of attack involves someone from the inside, such as a disgruntled employee, attacking the network?

    <p>Insider attack</p> Signup and view all the answers

    What is the term for a fake web page that looks exactly like a popular website, used to persuade users to enter sensitive information?

    <p>Phishing attack</p> Signup and view all the answers

    What is the term for a hacker taking over a session between two individuals and disconnecting the other individual from the communication?

    <p>Hijacking attack</p> Signup and view all the answers

    What is the primary goal of a scanning attack?

    <p>To scan the network with specific information gathered during reconnaissance</p> Signup and view all the answers

    What is the term for activities undertaken by a hacker to extend their misuse of the system without being detected?

    <p>Covering tracks</p> Signup and view all the answers

    Study Notes

    Information Security Goals

    • Confidentiality: ensuring that information is not revealed to unauthorized persons
    • Integrity: ensuring consistency of data and detecting any modifications
    • Availability: ensuring that legitimate users have access to information and resources
    • Security is a shared responsibility that each person must accept when connecting to a network

    Risks and Threats

    • Risk = Threat x Vulnerability
    • Vulnerability: degree of weakness found in every network and device
    • Threat: a person, thing, event, or idea that poses danger to an asset's confidentiality, integrity, availability, or legitimate use
    • It's impossible to totally eliminate risk, and there is no simple solution to securing information

    Attack and Attack Types

    • Attack: any attempt to destroy, expose, alter, disable, steal, or gain unauthorized access to an asset
    • Passive Attack: difficult to detect, involves capturing and attempting to decrypt packets from a network
    • Active Attack: easier to detect, involves actively sending traffic to access information or modify data
    • Malicious Hacker Methods:
      • Reconnaissance: gathering information about a target system
      • Scanning: scanning a network with gathered information
      • Gaining Access: exploiting a system
      • Maintaining Access: retaining ownership of a system
      • Covering Tracks: undertaking activities to remain undetected

    Social Engineering

    • Phishing Attack: creating a fake website to persuade users to enter sensitive information
    • Hijack Attack: taking over a session between two parties and disconnecting one party
    • Insider Attack: an attack from within, such as a disgruntled employee attacking the network

    Security Defenses

    • Firewalls: static and dynamic
    • IDS/IPS
    • VPN
    • Proxy
    • Next-generation Firewalls
    • Encryption:
      • Symmetric Key Cryptography
      • Asymmetric Key Cryptography
    • Digital Signatures/Digital Certificates

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the basics of information security, including confidentiality, integrity, availability, risks and threats, and security defenses. It also explores topics such as firewalls, intrusion detection systems, VPNs, and cryptography.

    More Like This

    Information Security Fundamentals
    6 questions
    REG SEC CYBER: DOS PRINCÍPIOS E DIRETRIZES
    8 questions
    Cyber Security Term 2 Quiz
    19 questions
    Cyber Security Fundamentals
    10 questions
    Use Quizgecko on...
    Browser
    Browser