135 Questions
What is the primary goal of confidentiality in information security?
To protect sensitive information from unauthorized access or viewing
What type of threat involves authorized personnel misusing access privileges?
Insider Threats
Which security control involves policies, procedures, and guidelines governing information security?
Administrative Controls
What is the primary goal of availability in information security?
To ensure data is accessible and usable when needed
Which security measure involves verifying the identity of users, devices, or systems?
Authentication
What type of threat involves overwhelming a system with traffic to make it unavailable?
Denial of Service (DoS)
What type of security control involves the use of locks, fences, and surveillance cameras?
Physical Controls
What is the primary goal of integrity in information security?
To ensure data is accurate, complete, and not modified without authorization
Which security measure involves controlling access to resources based on user identity and permissions?
Authorization
What type of threat involves malicious software, such as viruses, worms, and Trojan horses?
Malware
What is the primary objective of information security?
To protect information and information systems from unauthorized access
Which of the following is NOT a type of threat to information security?
Natural Disasters
What is the primary goal of risk assessment in risk management?
To identify and evaluate potential risks to information security
Which type of control is used to prevent unauthorized physical access to information systems?
Physical Controls
What is the primary goal of incident response in risk management?
To respond to and manage security incidents
Which type of threat involves the unintentional exposure of sensitive information?
Accidental Data Breaches
What is the primary goal of technical controls in information security?
To implement technical measures such as firewalls and encryption
Which of the following is a type of security control?
Administrative Controls
What is the primary goal of risk mitigation in risk management?
To implement controls to reduce or eliminate identified risks
Which of the following is NOT a key concept of information security?
Authenticity
What is an example of a physical threat to computer and network systems?
Natural disasters
Which type of threat involves unauthorized access to data or systems?
Logical Threats
What is an example of a human threat to computer and network systems?
Social engineering
Which category of threats includes malicious acts by individuals or groups?
Intentional Threats
What is an example of a partner threat to computer and network systems?
Vendors with access to systems or data
What is a type of malware that encrypts data and demands payment for decryption?
Ransomware
What is an example of a physical threat to computer and network systems?
Theft or vandalism of equipment
Which type of threat involves accidental data breaches or leaks?
Unintentional Threats
What is a type of attack that exploits vulnerabilities in database systems?
SQL Injection
What is the primary purpose of cryptography?
To secure communication in the presence of third-party adversaries
Which type of cryptography uses a pair of keys?
Asymmetric Cryptography
What is the purpose of digital signatures?
To verify the authenticity and integrity of a message
What is the goal of confidentiality in cryptography?
To protect data from unauthorized access
What is a brute force attack?
Trying all possible keys to decrypt the data
What is the purpose of digital certificates?
To verify the identity of a user or device
What is the goal of integrity in cryptography?
To ensure data is not modified or tampered with
What is the type of cryptography that uses the same key for encryption and decryption?
Symmetric Cryptography
What is the purpose of encryption in cryptography?
To convert plaintext to unreadable ciphertext
What is the goal of non-repudiation in cryptography?
To ensure that a sender cannot deny sending a message
What is the primary purpose of SSL?
To provide secure communication between a web browser and a web server
What is the purpose of a digital signature?
To authenticate the sender of a message
What type of encryption does SSL use?
Asymmetric encryption
What is the role of a Certificate Authority (CA)?
To verify the identity of entities requesting digital certificates
What is the purpose of a digital certificate?
To contain the public key and identity information of an entity
What is the purpose of a Root CA?
To be trusted by default by most browsers and operating systems
What is the purpose of TCP port 443?
To provide secure communication between a web browser and a web server
What is the benefit of using digital signatures?
To ensure integrity and authenticity of data
What type of CA issues certificates on behalf of a root CA?
Intermediate CA
What is the primary function of SSL in securing communication between a web browser and a web server?
Encrypting the data transmitted between the browser and server
What is the purpose of a digital signature in a digital certificate?
To authenticate the identity of the sender of a message
What is the role of a Certificate Authority (CA) in issuing digital certificates?
To act as a trusted third-party that verifies the identity of the entity requesting a certificate
What is the purpose of port 443 in SSL communication?
To facilitate secure communication between the browser and server
What is the benefit of using digital signatures in digital certificates?
To prevent tampering and ensure non-repudiation
What is the relationship between SSL and TLS?
TLS replaced SSL in 2015
What is the primary function of a digital certificate issued by a CA?
To verify the identity of the website or organization
What is the purpose of a pair of keys in digital signatures?
To sign and verify the authenticity of the message or document
Which layer of the OSI model does SSL operate at?
Presentation layer
What is the purpose of a digital signature?
To authenticate the sender and ensure data integrity
What type of cryptography is used in digital signatures?
Asymmetric cryptography
What is the role of a Certificate Authority (CA)?
To issue digital certificates
What is the primary purpose of SSL?
To provide end-to-end communication security over a network
What is the primary role of a Certificate Authority (CA)?
To issue digital certificates containing the public key and identity information
What is the main purpose of a digital signature?
To ensure the sender's identity and message integrity
What type of CA is at the top of the trust hierarchy?
Root CA
What is the primary purpose of SSL?
To secure communication between a web browser and a web server
What is the benefit of using digital signatures?
Ensures integrity and non-repudiation
Which type of CA issues certificates on behalf of a root CA?
Intermediate CA
What is the primary purpose of the Transport Layer Security (TLS) protocol?
To provide a secure communication between a web browser and a web server
What is the main benefit of using digital signatures in secure communication?
To provide a means of authentication and integrity
What is the role of a Certificate Authority (CA) in public-key infrastructure?
To issue digital certificates to verify the identity of entities
What is the primary function of the encryption component in SSL/TLS?
To protect data from eavesdropping and tampering
What is the purpose of the hash function in the digital signature process?
To create a unique digest of the message
What is the relationship between a Certificate Authority (CA) and a Root CA?
A Root CA is a trusted entity that issues certificates to a CA
What is the benefit of using SSL/TLS in website communication?
To protect data from eavesdropping and tampering
What is the purpose of the digital certificate in SSL/TLS?
To verify the identity of the entity and provide a public key
What is the primary goal of the integrity component in SSL/TLS?
To ensure the data is not modified during transmission
What is the primary purpose of the Digital Security Act, 2018 in Bangladesh?
To prevent and combat cybercrimes, including malware attacks
What does Section 17 of the Digital Security Act, 2018 prohibit?
Unauthorized access to computer systems, networks, or data
What is the penalty for intentionally spreading malware or viruses according to the Digital Security Act, 2018?
Imprisonment and fines
What is required of banks and other organizations according to Section 21 of the Digital Security Act, 2018?
To implement robust security measures to prevent cyber-attacks
What is one of the measures to prevent malware attacks in banks according to the Digital Security Act, 2018?
All of the above
What is one of the best practices for banks to comply with the Digital Security Act, 2018?
Implement a defense-in-depth approach to security
Why is encryption recommended in the Digital Security Act, 2018?
To prevent unauthorized access to sensitive data
What is the purpose of conducting regular security testing and vulnerability assessments according to the Digital Security Act, 2018?
To identify vulnerabilities and implement measures to address them
What is the purpose of limiting access to sensitive data and systems in the Digital Security Act, 2018?
To prevent unauthorized access to sensitive data and systems
What is one of the measures to prevent malware attacks in banks according to the Digital Security Act, 2018?
All of the above
What is the primary focus of the Digital Security Act, 2018?
Enhancing the digital security posture of banks and financial institutions
What is one of the key provisions of the Digital Security Act, 2018?
Establishing a cybersecurity governance framework
What is the purpose of the incident response plan in the Digital Security Act, 2018?
To respond promptly and effectively in the event of a malware attack or other cyber incident
Why is it important for banks to assess and manage the cybersecurity risks associated with third-party service providers?
To mitigate the risk of cyber threats from third-party service providers
What is the purpose of regular cybersecurity awareness programs for employees?
To educate employees on the risks and consequences of malware attacks
What is the benefit of information sharing between banks and financial institutions?
To enhance the overall cybersecurity posture of the sector
What is a key aspect of risk management in the Digital Security Act, 2018?
Identifying, assessing, and mitigating cyber threats
What is the purpose of a robust risk management framework in the Digital Security Act, 2018?
To identify, assess, and mitigate cyber threats
What is an important aspect of cybersecurity governance in the Digital Security Act, 2018?
Establishing a cybersecurity governance framework
Why is cybersecurity awareness important in the Digital Security Act, 2018?
To educate employees on the risks and consequences of malware attacks
What does multi-factor authentication (MFA) aim to ensure in e-banking systems?
Only authorized users access e-banking systems
What is the primary purpose of encryption in e-banking?
To encrypt data in transit
What type of attack involves fraudulent emails, texts, or messages to trick users into revealing sensitive information?
Phishing
What is the purpose of data loss prevention (DLP) techniques in e-banking?
To prevent unauthorized data exfiltration
What is the primary goal of incident response plans in e-banking?
To quickly respond to security breaches
What is the purpose of user education and awareness programs in preventing social engineering attacks?
To educate users about social engineering attacks and prevent them
What is the primary goal of disaster recovery plans in e-banking?
To ensure business continuity in the event of a disaster
What is the purpose of secure communication protocols in e-banking?
To protect data in transit
What is the purpose of intrusion detection and prevention systems (IDPS) in e-banking?
To detect and block malicious activity
What is the primary purpose of encryption in e-banking?
To protect data in transit and at rest
What is the primary goal of using two-factor authentication in e-banking?
To add an extra layer of security
What is the primary goal of keeping software and systems up-to-date in e-banking?
To prevent exploitation of known vulnerabilities
What is the primary goal of being cautious of suspicious emails, messages, or calls in e-banking?
To reduce the risk of phishing attacks
What is the primary goal of using strong passwords and keeping them confidential in e-banking?
To reduce the risk of unauthorized access
What is the primary purpose of Two-Factor Authentication (2FA) in e-banking?
To provide an additional layer of security beyond passwords
What is the most common form of social engineering attack used in e-banking?
Phishing
What is the main difference between phishing and vishing?
The method of delivery
What is the primary goal of IT security measures in e-banking?
To reduce the risk of cyber attacks
What is the purpose of smishing in social engineering?
To trick customers into revealing sensitive information through SMS or text messages
What is the purpose of two-factor authentication (2FA) in e-banking?
To provide an additional layer of security beyond username and password
Which of the following is a type of social engineering attack?
Phishing
What is the primary goal of a Security Operations Centre (SOC) in social engineering defense?
To monitor for social engineering attempts and respond to incidents
Which of the following IT security measures is used to protect sensitive data?
Encryption
What is the purpose of regular security audits and testing in e-banking?
To detect vulnerabilities and identify risks
Which of the following is a defense against social engineering attacks?
User awareness and education
What is the purpose of role-based access control (RBAC) in e-banking?
To restrict access to authorized personnel
Which of the following is an example of a social engineering attack?
Phishing attack
What is the primary goal of incident response in e-banking?
To respond swiftly to security breaches
Which of the following is a type of IT security measure used in e-banking?
Secure Sockets Layer (SSL)
What is the primary function of a Security Operations Centre (SOC)?
To monitor, detect, and respond to cybersecurity threats in real-time
Which of the following is a key function of a Security Operations Centre (SOC)?
Managing incident response
What is the role of a Security Analyst in a Security Operations Centre (SOC)?
To monitor systems, analyze logs, and respond to security incidents
What is the purpose of a Security Information and Event Management (SIEM) System in a Security Operations Centre (SOC)?
To collect, monitor, and analyze log data from various sources
Who is responsible for overseeing SOC operations and managing resources in a Security Operations Centre (SOC)?
SOC Managers
What is the role of a Threat Hunter in a Security Operations Centre (SOC)?
To proactively search for unknown threats and vulnerabilities
What is the primary goal of incident response in a Security Operations Centre (SOC)?
To contain and mitigate security incidents
What is the purpose of Security Orchestration, Automation, and Response (SOAR) Tools in a Security Operations Centre (SOC)?
To automate and streamline incident response processes
What is the primary responsibility of an Incident Responder in a Security Operations Centre (SOC)?
To handle incident response, containment, and eradication activities
What is the purpose of Intrusion Detection Systems (IDS) in a Security Operations Centre (SOC)?
To identify potential security threats in real-time
Study Notes
Information Security
Definition
- Information security refers to the practices and technologies designed to protect digital information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Goals
- Confidentiality: Protecting sensitive information from unauthorized access or viewing.
- Integrity: Ensuring that data is accurate, complete, and not modified without authorization.
- Availability: Ensuring that data is accessible and usable when needed.
Threats
- Unauthorized Access: Unauthorized access to sensitive information or systems.
- Malware: Malicious software, such as viruses, worms, and Trojan horses, designed to harm or exploit systems.
- Denial of Service (DoS): Overwhelming a system with traffic to make it unavailable.
- Insider Threats: Authorized personnel misusing access privileges.
- Physical Threats: Unauthorized physical access to systems or facilities.
Security Controls
- Administrative Controls: Policies, procedures, and guidelines governing information security.
- Technical Controls: Firewalls, intrusion detection systems, encryption, and access controls.
- Physical Controls: Locks, fences, surveillance cameras, and alarms.
Security Measures
- Authentication: Verifying the identity of users, devices, or systems.
- Authorization: Controlling access to resources based on user identity and permissions.
- Encryption: Protecting data in transit or at rest using encryption algorithms.
- Firewalls: Network devices controlling incoming and outgoing network traffic.
- Intrusion Detection and Prevention Systems (IDPS): Monitoring and blocking malicious traffic.
Risk Management
- Risk Assessment: Identifying and evaluating potential security risks.
- Risk Mitigation: Implementing controls to reduce or eliminate risks.
- Incident Response: Responding to security incidents, such as breaches or attacks.
Learn about the definition, goals, threats, security controls, security measures, and risk management in information security. Understand the concepts of confidentiality, integrity, and availability, and how to protect digital information from unauthorized access.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free