CyberSecurity answers.docx

Full Transcript

CyberSecurity

Q1: type of malware that downloads onto a computer disguised as a
legitimate program is called:

-Trojan

Q2: Type of attack consisting of an attacker submitting many passwords
or passphrases with the hope of eventually guessing correctly is called:

-brute-force attack

Q3: Website developer added security controls to prevent users from
modifying their own grades. Which principle of CIA triad is developer
trying to enforce?

-integrity

Q4: Logic bomb is:

-A malicious piece of code that is waiting for certain conditions to be
met before activating

Q5: Hash functions can be used to check integrity of the file:

-true

Q6: What is the second step of Cyber Kill chain?

-Weaponization

Q7: What's the difference between HTTP and HTTPS?

-HTTPS provides encryption and security features, while HTTP does not.
(the answer is from ChatGPT).

Q8: Which of the following is not a necessary condition of a good Hash
function:

-Hash function should be reversible

Q9: Which of the following authorization methods uses security levels
and compartments?

-MAC

Q10: BIBA security model allows read downs:

-False

Q11: Office laptop was infected by ransomware. Which principle of CIA
Triad was violated?

-Availiability

Q12: Splitting critical tasks between two or more people is called?

-Separation of duties

Q13: Robert is responsible for securing systems used to process credit
card information. What security control framework should guide his
actions?

-PCI DSS

Q14: Chris' organization recently suffered an attack that rendered their
website inaccessible to paying customers for several hours. Which
information security goal was most directly impacted?

-Availability

Q15: George is writing a document that will provide configuration
information regarding the minimum level of security that every system in
the organization must meet. What type of document is he writing?

-Baseline

Q16: Frank discovers a keylogger hidden on the laptop of his company's
chief executive officer. What information security principle is the
keylogger most likely designed to disrupt?

-Confidentiality

Q17: Why would you limit access to Top Secret data for a person with
Secret clearance?

-To maintain the principle of least privilege. (the answer from ChatGPT)

Q18: EU law defining personal privacy protection requirements:

\- GDPR (General Data Protection Regulation)

Q19: Information maintained about an individual that can be used to
distinguish or trace their identity is known as what type of
information?

-Personally identifiable information (PII)

Q20: Data stored in RAM is best characterized as what type of data?

-Data in use

Q21: What term is used to describe information like prescriptions and
X-rays?

-PHI (**P**rotected **H**ealth **I**nformation)

Q22: Bell-LaPadula security model is implemented in organization to
enforce:

-Confidentiality

Q23: You are designing a cryptographic system for 1,000 employees, and
you plan to use an asymmetric encryption system. How many total keys
will you need?

-2,000

Q24: Purpose of Chinese Wall model is preventing:

-Conflicts of interest

Q25: Voice pattern recognition is what type of authentication factor?

-Something you are

Q26: If Susan's organization requires her to log in with her username, a
PIN, a password, and a retina scan, how many distinct authentication
factor types has she used?

-Two

Q27: What type of access control allows the owner of a file to grant
other users access to it using an access control list?

\- Discretionary Access Control (DAC)

Q28: Which type of SOC Engagements looks at security controls
implemented for financial data?

**- SOC 1** Type 2

Q29: When you input a password, which step of AAA are you performing?

-Authentication

Q30: Symmetric cryptosystem uses:

-one key for encryption and decryption

Q31: Which of the following documents gives a general description of
assets that needs securing and states security goals of an organization:

-policy

Q32: Which of the following documents provide practical guidance and
list of best practices on how an organization can protect their systems
and data from cyber threats:

\- **Security** frameworks such as NIST Cybersecurity Framework or ISO
27001 / **[Security Guideline]**

Q33: If User A wants to send user B a message that is encrypted for
confidentiality, using asymmetric encryption what key does she use to
encrypt the message?

-B's public key

Q34: When User B receives the encrypted message from User A, what key
does User B use to decrypt the message's plaintext content?

-B\'s private key

Q35: To which one of the following keys would User B not have access to
in this scenario?

-A's private key

Q36: User A would also like to prove the message was sent from him. What
key should he use to accomplish this?

-A's private key

Q37: The organization's main data center is in an area that is prone to
tornados. You recently undertook a risk analysis and determined that
rebuilding the data center would cost \$10 million. You have consulted
with tornado experts. Together, you determined that a typical tornado
would cause approximately \$5 million of damage to the facility and that
you are likely to experience a tornado once every 200 years. 1. Based
upon the information, what is the exposure factor for the effect of a
tornado on data center? A. 10 percent B. 25 percent C. 50 percent D. 75
percent. 2. Based upon the information, what is the annualized rate of
occurrence for a tornado at data center? A. 0.0025 B. 0.005 C. 0.01 D.
0.01593. 3. Based upon the information in this scenario, what is the
annualized loss expectancy for a tornado at data center? A. \$25,000 B.
\$50,000 C. \$250,000 D. \$500,000

1: A (50 percent)

2: B (0.005)

3: A (\$25,000)

Explanation:

1. **Exposure Factor (EF):**

- EF = (Damage caused by tornado / Total cost of rebuilding) \*
100%

- EF = (\$5 million / \$10 million) \* 100%

- EF = 50%

2. **Annualized Rate of Occurrence (ARO):**

- ARO = 1 / Number of years

- ARO = 1 / 200

- ARO = 0.005 per year

3. **Annualized Loss Expectancy (ALE):**

- ALE = ARO \* Loss per occurrence

- ALE = 0.005 \* \$5 million

- ALE = \$25,000 per year

Top of Form