Week 2 Questions PDF
Document Details
Uploaded by StatuesqueDidactic3375
The University of Nottingham
Tags
Summary
This document contains practice questions about cybersecurity and networking, covering topics such as the OSI model, firewalls, encryption, and IP addressing. The questions are suitable for those studying computer science or information security.
Full Transcript
Questions: What is the primary goal of cybersecurity? A. Protecting physical devices B. Safeguarding data and systems C. Preventing hardware failures D. Enhancing software speed What does the OSI model stand for? A. Online Security Interface B. Open Systems Interconnection C. Operation...
Questions: What is the primary goal of cybersecurity? A. Protecting physical devices B. Safeguarding data and systems C. Preventing hardware failures D. Enhancing software speed What does the OSI model stand for? A. Online Security Interface B. Open Systems Interconnection C. Operational Security Integration D. Overhead Systems Infrastructure Which layer of the OSI model handles data encryption? A. Physical B. Transport C. Presentation D. Network What is the purpose of a firewall in cybersecurity? A. Encrypting data before transmission B. Monitoring and controlling network traffic C. Detecting viruses in system files D. Speeding up network performance Define "network security." What was the original purpose of ARPANET? A. E-commerce platform B. Secure communication during the Cold War C. Public internet D. File sharing network What is a vulnerability in software? Name one tool used to identify vulnerabilities in software. What is the primary focus of data security? A. Encrypting physical devices B. Ensuring authorized access and preventing breaches C. Building secure hardware D. Improving internet speed Which of these is an example of vulnerable software exploitation? A. Stack overflow B. Certificate revocation C. IP spoofing D. Block cipher attack Which layer of the OSI model deals with IP addressing? What is "packet switching"? What is the role of a Domain Name Server (DNS)? What is a common IP address format in IPv4? Define the term "port" in computer networking. Why is port 80 commonly used in web communication? What is the local loopback IP address? What does the acronym ARP stand for? What is the main function of the transport layer in networking? Give an example of a reserved TCP port number. Define the term "packet capture" in network security. What is the purpose of tools like NMAP? What is an application layer protocol? Provide one example. How does data security differ from network security? What is the main risk of unencrypted communication over networks? What is encryption? Name one use case of encryption. Which is the most secure symmetric encryption algorithm in common use today? A. DES B. AES C. RC4 D. RSA What is plaintext? What is ciphertext? What are the two primary types of encryption? What is the primary weakness of the DES algorithm? What is the difference between symmetric and asymmetric encryption? Define the term "encryption key." Why are longer encryption keys more secure? What is brute force in cryptography? What is the purpose of modular arithmetic in encryption? Why is RC4 no longer considered secure? What is the main benefit of AES over DES? In symmetric encryption, how are keys shared between sender and receiver? What is the primary use of asymmetric encryption? Define "public key" and "private key." What is the role of cryptanalysis? What is the ECB mode in encryption, and why is it insecure for some applications? What is an initialization vector (IV), and why is it used? In Cipher Block Chaining (CBC), what is XORed with the plaintext before encryption? What is the purpose of hashing in encryption? Why is it impractical to brute-force AES with a 256-bit key? What does the term "entropy" refer to in cryptography? Explain the term "key exchange" in encryption. Answers: B. Safeguarding data and systems B. Open Systems Interconnection C. Presentation B. Monitoring and controlling network traffic The practice of protecting networks, devices, and data from unauthorized access or cyberattacks. B. Secure communication during the Cold War A weakness or flaw in software that can be exploited to compromise security. Examples include vulnerability scanners, such as Nessus or OpenVAS. B. Ensuring authorized access and preventing breaches A. Stack overflow Network Layer A method of breaking data into smaller packets that are transmitted independently and reassembled at the destination. Translates human-readable domain names (e.g., google.com) into IP addresses. A typical IPv4 address format is four decimal numbers separated by dots, e.g., 192.168.1.1. A port is a virtual communication endpoint used to identify specific processes or services on a network. It is the default port for HTTP, the protocol used for web communication. 127.0.0.1 Address Resolution Protocol To ensure data delivery between devices, handling tasks like segmentation and error checking. Examples include port 80 (HTTP), 443 (HTTPS), or 21 (FTP). Capturing and logging data packets that pass through a network for analysis. To scan networks and identify open ports and services. An application layer protocol defines communication rules for applications. Example: HTTP. Data security focuses on protecting the integrity and privacy of data, while network security protects the infrastructure and transmission channels. Data can be intercepted and read by unauthorized parties. Answers from 2. Encryption The process of converting plaintext into ciphertext to prevent unauthorized access. Use cases include securing communications, protecting sensitive data, or enabling safe online transactions. B. AES Plaintext is the original, readable form of data before encryption. Ciphertext is the scrambled, unreadable form of data after encryption. Symmetric encryption and asymmetric encryption. Its short key length (56 bits), which makes it vulnerable to brute-force attacks. Symmetric encryption uses the same key for encryption and decryption, whereas asymmetric encryption uses a key pair (public and private). A secret value used in the encryption and decryption process. Longer keys have more possible combinations, making brute-force attacks computationally infeasible. A method of attempting all possible keys until the correct one is found. It is used to perform encryption and decryption operations, ensuring data is within a defined numeric range. Its keystream generation has predictable patterns, making it vulnerable to attacks. AES has longer key lengths, faster performance, and better resistance to cryptanalysis. Keys are shared through secure channels, such as using Diffie-Hellman or pre-shared methods. Key exchange and digital signatures. Public key: Used for encryption and shared openly. Private key: Used for decryption and kept secret. The study of analyzing and breaking cryptographic systems. ECB encrypts blocks independently, so identical plaintext blocks produce identical ciphertext blocks, revealing patterns. An IV is a random value used to ensure that ciphertext for identical plaintexts is different. The ciphertext of the previous block is XORed with the plaintext. Hashing is used to verify data integrity and create unique digital fingerprints of data. There are 2^256 possible keys, making brute-force attacks impractical with current technology. The measure of randomness or unpredictability in a cryptographic system. Key exchange refers to securely sharing encryption keys between parties.
