






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An overview of key cybersecurity concepts, including volatile and non-volatile memory, information systems, information assurance principles (confidentiality, integrity, availability, non-repudiation, authentication), the cyber domain and its aspects, network protocols, security vulnerabilities, and common cyber attacks. It covers topics such as operating systems, the client-server model, the domain name system (dns), malware types, and the phases of a cyber attack. The document aims to equip readers with a foundational understanding of the technological and operational aspects of cybersecurity, which is crucial for navigating the complex and evolving digital landscape.
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!







The Device that conducts 4 actions in accordance with a series of stored operating instructions Computer What four actions does computer conduct?
What are some examples of Volatile Memory RAM What are some examples of Non- Volatile Memory? CD, Thumb drive, hard drive, external hard drive If RAM (Random access Memory) is so sensitive, why bother with volatile memory? Because non-volatile memory (storage devices) are MUCH slower than memory. *Accessing the same data on a hard drive multiple time would slow down overall performance What are some examples of Peripherals? Mouse, Keyboard, headphones, printers, wifi router How to define Cyber?
•What is the primary way that users interface with a computer to manipulate data for whatever task they intend to complete? Utilize an Operating System •What is the basic function that the Internet provides to it's users? Move computerized information (data) from one place to another •A unique numerical identifier that corresponds to each host is known as what? IP Address •What is the method utilized to encode and decode information that is transmitted on a network? Encryption What are Protocols? Procedures through communication networks Host Computer Connected to a network Packets Chunks of information Protocol Layering
Injection attacks Tricks a web application to run incorrect code, (Software vulnerability) Cross-site scripting (XSS) Trick users into providing site access, Creates fake website (Software vulnerability) Brute force Attackers gain administrator access, try all password combos (Access Control) •Explain how an e-mail containing html with embedded scripts is a risk to security Since Emails are able to be embedded with HTML code, this gives hackers a possible entry point into a system •Describe vulnerabilities associate with cookies Third Party Software tracks keystrokes and history, can contain malware URL Uniform Resource Locator Protocol (ex HTTPS) - > Server of domain (www.) - > File system path on server Define Cyberspace Operations Primary Reference for all Cyber Operations (UNCLAS) Their purpose is to achieve objective in or through cyberspace using Offensive, Defensive, and DoDIN (department of defense information network) Describe the effects of malware on military readiness MA condition of the armed forces and their constituent units and formations, warships, aircraft, weapon systems or other military technology and equipment to perform during military operations or functions consistent with the purpose for which they are organized or designed, or the managing of resources and personnel training in preparation for military action •What is a global domain consisting of the interdependent networks of information technology infrastructures and resident data? Cyberspace •Programs that violate security safeguards that generally are not an unintentional program bug are know as what? Malicious software (Malware) •What is Malware that restricts user access to the computer, either by encrypting files on the hard drive or locking down the system, and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer? Ransomware US Cyber Command Ensures U.S Allied Freedom of action in cyberspace and deny the same to our adverseries
Offensive Cyber Operations Projects power through the application of force and requires authorization Defensive Cyber Operations Defense of DoD or ally cyberspace through passive and active defense ops DODIN Operations Design, build, configure. secure, operate, maintain, and sustain DoD communications systems and networks across the entire DODIN Virus CANNOT replicate unless executed, infects a computer without user knowledge, attaches itself usually to executable file ex. Cross scripting. Worm Self replicating, Self propagating programs ex. Suxnet Trojens appears as useful, advertised anti- virus Adware Automatically delivers ADVERTISEMENTS Rootkit Remotely accesses computer, maintains access without detection Bots Software program, Third party controlled, Automatically perform specific operations Ransomware Restricts user access to the computer, holds files for ransom Spyware Spies on computer activity unbeknownst to user How Does Malware Attack Exploits Kits (searches for software vulnerabilities and injects malware through the vulnerability) Drive-by Download (Malicious website hosts an exploit kit) Malware Tactics
Botmaster Individual in control of the botnet Command and Control Server Computer or server being used by the botmaster to coordinate the attack True/False. The allowance of all authorized use and the denial of all unauthorized usage are the two main goals of cyber defense? True •The practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information is known as what? Information security •True/False. The vast majority of attacks deriving from an insider threat are coordinated by a deliberate and malicious outsider False •Summarize the need for cyber defense Main goals are all authorized use is allowed and unauthorized use is denied the realistic goes would be to minimize risk within a network and requires robust defense tools DoD Security Programs Communication Security (COMMSEC): Information Security (INFOSEC) Operational Security •Identify ways to bolster cyber defense Confidentiality (prevent unauthorized disclosure) Integrity (Prevent unauthorized disclosure Availability (prevent disruption of service and productivity) •Identify an insider threat Most associate an insider threat with a malicious employee but, Negligent employees and practices are also a threat •Differentiate between symmetric and asymmetric encryption Symmetric is one key to encrypt and decrypt info but is can be easily cracked and both parties need the key Asymmetric has 2 keys Public and Private (hands of owner) •Restate the characteristics of a strong password
•Length of Password •Use of case (upper and lower) •Use of numerical digits (1, 4, 7, etc.) •Use of special characters (%, *, ", >, @, etc.) •Discuss the principles of defense in depth Essentially utilizing all known cybersecurity tactics (employ least privilege, have multiple firewalls, require IDs for access, encrypt all emails, have strong passwords •What is the process of encoding a message or information in such a way that only an authorized entity can access it while unauthorized parties cannot? Data encryption •The practice of using an algorithm to map data of any size to a fixed length, ensuring it is authentic is known as what? Hashing •A cyber defense principle that gives users and programs the privileges they need, and no more is know as what? Least privilege •The network of physical objects (devices, vehicles, and buildings) embedded with processors, software, sensors, and network connectivity that enables the collection and exchange of data is known as? Internet of Things (IoT) •What is the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission? Command and Control (C2) •When in a defensive role, what is the primary goal for the military when dealing with cyber warfare? (1) Reduce risk (2) Mitigate impact