SENG 411 Cyber Security Quiz

Questions and Answers

What are the primary focuses of defense in cybersecurity?

Prevention and threat detection (correct)

Increasing attack surfaces and exploiting vulnerabilities

Alerting stakeholders about potential vulnerabilities

Hacking systems to test their resilience

What distinguishes a threat from a vulnerability in cybersecurity?

Threats only arise if vulnerabilities are exploited.

A vulnerability refers to a threat that is likely to occur.

A vulnerability is an actual attack while a threat can be merely a suggestion.

A threat is an actual attack whereas a vulnerability is a potential weakness. (correct)

Which of the following is NOT a basic component of cybersecurity?

Encryption (correct)

Threat

Vulnerability

Countermeasure

In the context of cybersecurity, what does a countermeasure aim to do?

Prevent a vulnerability from being exploited

How was cyber warfare recognized as a significant threat in 2011?

The Pentagon classified it as the fifth domain of battle.

What does the principle of confidentiality in information security ensure?

Information is accessible only to authorized users.

Why is integrity important in information security?

It prevents unauthorized modifications to data.

Which of the following is closely related to the availability principle in information security?

Disaster recovery plans.

What does non-repudiation guarantee in the context of information security?

That the sender cannot deny sending a message.

In the context of info assurance, what additional elements are combined with the CIA triad?

Authenticity and non-repudiation.

Which method is primarily used to ensure data integrity?

Hash functions.

To verify the identity of a user, which type of authentication is NOT commonly used?

Something you interact with (mouse).

How is authenticity typically ensured in communications?

By checking identities and using digital signatures.

What is the primary aim of information security?

To ensure the confidentiality, integrity, and availability of information

Which of the following is NOT a component of the hacking methodology discussed?

Distributing malware

What does the term 'APT' refer to in the context of malware threats?

Advanced Persistent Threat

Which type of encryption involves a single key for both encryption and decryption?

Symmetric encryption

Which session hijacking technique involves intercepting communication between the user and the server?

Man-in-the-Middle Attack

What is one of the main purposes of digital forensics in security operations?

To analyze and preserve digital evidence

What is a primary focus of risk management in security governance?

Identifying, assessing, and prioritizing risks

Which of these topics is covered under mobile and cloud security?

Threats and countermeasures

What is the primary focus of ethical hacking?

Test and improve security systems

Which concept is closely associated with the analysis and prevention of social engineering threats?

User training and awareness

What is considered a passive attack?

Intercepting and monitoring network traffic

Which motive is related to disrupting the operational capabilities of a business?

Disrupting business continuity

Which of the following is an active attack?

DNS and ARP poisoning

What characterizes insider attacks?

Trusted individuals exploit privileged access.

Which type of attack involves an attacker being in physical proximity to the target?

Close-in attack

What is the main goal of distribution attacks?

To tamper with hardware or software prior to installation

Which method is typically associated with footprinting?

Gaining information about a target's IP address range

Which technique is commonly used in active attacks?

Spoofing attacks

Which motive involves seeking revenge on an individual or organization?

Taking revenge

What type of attack includes methods like dumpster diving and shoulder surfing?

Close-in attack

What is the primary role of the blue team in cybersecurity?

Defend against attackers and red teams

What is a disadvantage of conducting black box penetration testing?

It can leave parts of the infrastructure untested

What is the purpose of penetration testing tools?

Simulate real-world attack scenarios

What is a significant pro of white box penetration testing?

Maximizes the testing time available

What must be established before beginning a penetration test?

Rules of Engagement including IP addresses

Which of the following best describes 'defense in depth'?

Multiple protection layers across the infrastructure

What is the definition of cyber resilience?

Maintaining functionality despite adverse cyber events

What is a key limitation of black box testing compared to white box testing?

It has a narrower testing scope

What is the primary purpose of vulnerability analysis?

To examine the effectiveness of security controls

Which phase is NOT part of system hacking methodology?

Threat Modeling

What do Tactics, Techniques, and Procedures (TTPs) help identify?

Behavior of threat actors during attacks

Which of the following is NOT a category of Indicators of Compromise (IoCs)?

Environmental Indicators

What best describes the role of the Cyber Kill Chain methodology?

To enhance intrusion detection and response

Which of the following is a technique used in the social engineering stage of an attack?

Sending spoof emails to collect information

Which type of actions does the procedures within TTPs describe?

The sequence of actions performed by attackers

What type of data is NOT considered as an indicator of compromise?

Standard firewall configurations

What is a key aspect of the MITRE ATT&CK Framework?

A globally accessible knowledge base of adversary tactics and techniques

What is NOT one of the four categories of IoCs?

File Indicators

Which of the following describes 'Tactics' in the context of TTPs?

Guidelines that outline how attackers approach their attacks

Which of the following is a common sign of a potential intruder within a network?

Increased database read volume

Which of these is NOT part of the phases that attackers follow according to the Cyber Kill Chain?

Data Collection

Study Notes

Course Information

• Course name: SENG 411 Cyber Security
• Instructor: Dr. Emin Emrah Özsavaş
• Email: [email protected]

Course Aims & Scope

• Describe the elements of cyber security
• Explain cyber threats and attacks
• Describe hacking methodologies
• Understand security controls and countermeasures
• Understand security governance

Textbooks & Material

• Ethical Hacking and Countermeasures Ver. 12, EC-Council 2022
• Praise for CISSP All-in-One Exam Guide, Fernando Maymi, Shon Harris, McGraw Hill 2022
• Practical Information Security Management: A Complete Guide to Planning and Implementation, Tony Campbell, Apress 2016

Syllabus

• Week 1: Introduction and Basics - Language of security, overview, Identity and Access Management, System Architectures - Identification, authentication, authorization, access control, system architecture concepts
• Week 2: Identity and Access Management, Systems Architectures - Access control, architecture concepts, identity and access management
• Week 3: Cryptography - Symmetric and asymmetric encryption, hash functions, digital signatures
• Week 4: Network Security - Network attacks, security architectures, countermeasures
• Week 5: Hacking Methodology - Footprinting and reconnaissance, scanning networks, enumeration, vulnerability analysis
• Week 6: Hacking Methodology and Sniffing - System hacking (gaining access, escalating privileges, maintaining access, clearing logs) sniffing concepts and techniques
• Week 7: Malware Threats - Malware concepts, APT, trojan, virus, worm, analysis, countermeasures
• Week 8: Social Engineering and Session Hijacking - Concepts, threats, countermeasures
• Week 9: Web Server and Web Application Security - Concepts, threats, countermeasures
• Week 10: Mobile and Cloud Security - Concepts, threats, countermeasures
• Week 11: Wireless, IoT, and OT Security - Concepts, threats, countermeasures
• Week 12: Security Operations, Role of AI/ML - Threat intelligence, digital evidence and incident response, digital forensics, AI/ML in security posture
• Week 13: Security Governance - Risk management, organizational security, security implementation, secure system development
• Week 14: General Review

Grading

• Assignments & quizzes
• Midterm exam
• Final exam

InfoSec Concepts

• Information Security: Protection of information from unauthorized access, use, disclosure, disruption, modification, or destruction. Confidentiality, integrity, and availability are key aspects.
• Information Technology Security (IT Security): Protection of information technologies.
• Cybersecurity: Protecting cyberspace from cyberattacks. Includes information and non-information assets.

CIA Triad

• Confidentiality: Access is limited to authorized users.
• Integrity: Data and resources are trustworthy and free of unauthorized changes.
• Availability: Resources are accessible when needed by authorized users.

InfoSec Details

• Vulnerability: Weakness in a system that can be exploited.
• Threat: An action that exploits a vulnerability.
• Attack: Intentional exploitation of a vulnerability.
• Countermeasure: Measures to resolve vulnerabilities and mitigate threats.
• Risk: Potential for loss, damage, or destruction of an asset, resulting from a threat exploiting a vulnerability.

Cyber Security

• Motive: Goal behind cyberattacks,
• Attacks: Motive + Method + Vulnerability
• Cyberwarfare: Cyberattacks related to conflict (fifth domain of battle).
• Cyber Resilience: Delivering the intended outcome despite adverse cyber events.

Hacking Methodology (CEH)

• Footprinting: Gathering information about the target.
• Scanning: Identifying active hosts and open ports.
• Enumeration: Actively probing the target system.
• Vulnerability Analysis: Identifying weaknesses.
• System Hacking: Gaining access, escalating privileges, maintaining access, and clearing logs.
• Cyber Kill Chain: Methodology for understanding and preventing attacks (reconnaissance, weaponization, delivery, exploitation, installation, and actions on objectives).
• Tactics, Techniques, and Procedures (TTPs): Activities, methods, and procedures employed by attackers (tactics are high-level, techniques are specific actions, and procedures are the sequence).
• Indicators of Compromise (IOCs): Clues or artifacts indicating a possible intrusion.
• MITRE ATT&CK: Framework for understanding and responding to cyberattacks.

Penetration Testing (PenTesting)

• Methods: Black-box (no prior knowledge), White-box (complete knowledge), Gray-box (limited knowledge)
• Goals: Assessing security before an attack.
• Tools: Software that simulates real-world attacks.
• Rules of Engagement (RoE): Clear permission before starting with appropriate constraints.

Teams

• Blue Team: Defensive security team
• Red Team: Attack team, simulates malicious activity

Types of Attackers

• Amateur: Uses readily available tools
• Hacker (Cracker): Knows hacking techniques (intentional)
• State-Funded Spy: Government-supported
• Terrorist: Actively harmful agendas

Ethical Hackers' Attributes

• Professional and ethical values.
• No hidden agenda.
• Obtain permission.
• Proper reporting.
• No damage to systems tested.
• Technical expertise (OS, networking, attacks)
• Organizational security policies and standards.

Description

Test your knowledge on the fundamentals of cyber security covered in SENG 411. This quiz will assess your understanding of threats, attacks, and security controls based on the course syllabus and textbooks. Review concepts from identity management to system architectures.