Cybersecurity Fundamentals, Exams of Computer Networks

An overview of key cybersecurity concepts, including volatile and non-volatile memory, information systems, information assurance principles (confidentiality, integrity, availability, non-repudiation, authentication), the cyber domain and its aspects, network protocols, security vulnerabilities, and common cyber attacks. It covers topics such as operating systems, the client-server model, the domain name system (dns), malware types, and the phases of a cyber attack. The document aims to equip readers with a foundational understanding of the technological and operational aspects of cybersecurity, which is crucial for navigating the complex and evolving digital landscape.

Typology: Exams

2023/2024

Available from 08/06/2024

TheHub
TheHub 🇺🇸

3.9

(35)

11K documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
OCS Cyber Exam
Complete Verified Study
Guide 2024
The Device that conducts 4 actions in accordance with a series of stored operating instructions
Computer
What four actions does computer conduct?
- Accepts Input
- Processes Data
- Stores Data
- Produces Outputs
What re the main computer components?
- Monitor
- Motherboard
- CPU
- RAM (Main memory)
- Expansion Cards
- Power supply unit
and the accessories
What does the CPU do?
- Fetch (Retrieves a sequence of bytes - instructions)
- Decode (Determine what action the bytes specifies)
- Execute (Carry out the encoded instruction)
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Cybersecurity Fundamentals and more Exams Computer Networks in PDF only on Docsity!

OCS Cyber Exam

Complete Verified Study

Guide 2024

The Device that conducts 4 actions in accordance with a series of stored operating instructions Computer What four actions does computer conduct?

  • Accepts Input
  • Processes Data
  • Stores Data
  • Produces Outputs What re the main computer components?
  • Monitor
  • Motherboard
  • CPU
  • RAM (Main memory)
  • Expansion Cards
  • Power supply unit and the accessories What does the CPU do?
  • Fetch (Retrieves a sequence of bytes - instructions)
  • Decode (Determine what action the bytes specifies)
  • Execute (Carry out the encoded instruction)

What are some examples of Volatile Memory RAM What are some examples of Non- Volatile Memory? CD, Thumb drive, hard drive, external hard drive If RAM (Random access Memory) is so sensitive, why bother with volatile memory? Because non-volatile memory (storage devices) are MUCH slower than memory. *Accessing the same data on a hard drive multiple time would slow down overall performance What are some examples of Peripherals? Mouse, Keyboard, headphones, printers, wifi router How to define Cyber?

  • Electronic means used to formulate a global computer network utilized to facilitate online communication
  • Interactive virtual environment used for many things/people What is Cyberspace? Has interdependent networks of information technology infrastructures and resident data but dependent on the physical domains of air, land, maritime, and space What is a bit? Binary digit represents one or zero What is a byte? Indicates eight bits in a row and can be any number from 0- 255 Since all data stored on a computer is a series of binary numbers, how do we get letters? The American Standard Code for Information Interchange (ASCII) What is a modern computer system here at OTC that may require more than 255 binary values provided by an 8-bit system? The COVE What are Information Systems? Systems that store, process, and transmit data What is Information Assurance? Set of measures intended to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Pillars of IA (Information insurance) Confidentiality Integrity Availability Non- Repudiation Authentication
  • Logic (Used by devices and software like binary)
  • Circuits (Provide paths for logic to flow like ethernet cable)
  • Geographic (Location of circuits, physical systems, and users) Paul Is Losing Crossing Guard Techniques to Mitigate Risks
  • Detection (Identify threats and action in progress)
  • Counter (Front-end security measures)
  • Minimize Vulnerabilities (Limit Accessibility) Don't Call Mom Operating Systems Allow users access to manipulate data IT vs OT IT is older term, all about the data EX DoD secure intranet OT Newer term, all about the critical Assets EX Nuclear Power Plants Operating Systems Contain what?
  • Login requirements
  • Digital Certificate Security
  • Wireless, Network Security Firewalls, Pop-up Blockers, - What type of technology focuses on the data and it's storage and recallability? Information Technology (IT) - What Aspect of the Cyber Domain describes the paths that data flow across between systems or systems that store data? The Circuit Aspect - What Aspect of the Cyber Domain describes the information stored within the various systems throughout the domain? The Logic Aspect

•What is the primary way that users interface with a computer to manipulate data for whatever task they intend to complete? Utilize an Operating System •What is the basic function that the Internet provides to it's users? Move computerized information (data) from one place to another •A unique numerical identifier that corresponds to each host is known as what? IP Address •What is the method utilized to encode and decode information that is transmitted on a network? Encryption What are Protocols? Procedures through communication networks Host Computer Connected to a network Packets Chunks of information Protocol Layering

  • Complex communications
  • Each protocol solves a distinct class of problems Internet Protocol Stack (Send/Receive Data)
  • HTTP (application layer, deals with different hosts to communicate, how to get requests formatted)
  • TCP (Transport Layer, breaks data into packets to facilitate byte transfer between hosts)
  • Network (IP, Routes packets via internet from source to destination makes sure valid address used)
  • Ethernet (Link Layer)
  • Physical (wires) HTTP Hypertext Transfer Protocol, Primary internet protocol, communicates between browsers and servers SSL Secure Socket Layer, Networking protocol that is utilized for securing connections between browsers and servers over an insecure network like the internet HTTPS Hypertext Transfer Protocol Secure, encrypts and decrypts user page requests and returns WEP (Wired Equivalent Privacy) Oldest encryption scheme, uses a 40-bit key, Weak (by today's standards)

Injection attacks Tricks a web application to run incorrect code, (Software vulnerability) Cross-site scripting (XSS) Trick users into providing site access, Creates fake website (Software vulnerability) Brute force Attackers gain administrator access, try all password combos (Access Control) •Explain how an e-mail containing html with embedded scripts is a risk to security Since Emails are able to be embedded with HTML code, this gives hackers a possible entry point into a system •Describe vulnerabilities associate with cookies Third Party Software tracks keystrokes and history, can contain malware URL Uniform Resource Locator Protocol (ex HTTPS) - > Server of domain (www.) - > File system path on server Define Cyberspace Operations Primary Reference for all Cyber Operations (UNCLAS) Their purpose is to achieve objective in or through cyberspace using Offensive, Defensive, and DoDIN (department of defense information network) Describe the effects of malware on military readiness MA condition of the armed forces and their constituent units and formations, warships, aircraft, weapon systems or other military technology and equipment to perform during military operations or functions consistent with the purpose for which they are organized or designed, or the managing of resources and personnel training in preparation for military action •What is a global domain consisting of the interdependent networks of information technology infrastructures and resident data? Cyberspace •Programs that violate security safeguards that generally are not an unintentional program bug are know as what? Malicious software (Malware) •What is Malware that restricts user access to the computer, either by encrypting files on the hard drive or locking down the system, and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer? Ransomware US Cyber Command Ensures U.S Allied Freedom of action in cyberspace and deny the same to our adverseries

Offensive Cyber Operations Projects power through the application of force and requires authorization Defensive Cyber Operations Defense of DoD or ally cyberspace through passive and active defense ops DODIN Operations Design, build, configure. secure, operate, maintain, and sustain DoD communications systems and networks across the entire DODIN Virus CANNOT replicate unless executed, infects a computer without user knowledge, attaches itself usually to executable file ex. Cross scripting. Worm Self replicating, Self propagating programs ex. Suxnet Trojens appears as useful, advertised anti- virus Adware Automatically delivers ADVERTISEMENTS Rootkit Remotely accesses computer, maintains access without detection Bots Software program, Third party controlled, Automatically perform specific operations Ransomware Restricts user access to the computer, holds files for ransom Spyware Spies on computer activity unbeknownst to user How Does Malware Attack Exploits Kits (searches for software vulnerabilities and injects malware through the vulnerability) Drive-by Download (Malicious website hosts an exploit kit) Malware Tactics

  • Man in the middle (Poorly or unsecured WIFI router)
  • Man in the browser (Spying upon the user via the browser
  • Social engineering (Tricks the user into sending information, like fake charity)
  • Malvertising (Legitimate advertisement space on webpages are bought by hackers that lead to malicious sites What are the access vulnerabilities

Botmaster Individual in control of the botnet Command and Control Server Computer or server being used by the botmaster to coordinate the attack True/False. The allowance of all authorized use and the denial of all unauthorized usage are the two main goals of cyber defense? True •The practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information is known as what? Information security •True/False. The vast majority of attacks deriving from an insider threat are coordinated by a deliberate and malicious outsider False •Summarize the need for cyber defense Main goals are all authorized use is allowed and unauthorized use is denied the realistic goes would be to minimize risk within a network and requires robust defense tools DoD Security Programs Communication Security (COMMSEC): Information Security (INFOSEC) Operational Security •Identify ways to bolster cyber defense Confidentiality (prevent unauthorized disclosure) Integrity (Prevent unauthorized disclosure Availability (prevent disruption of service and productivity) •Identify an insider threat Most associate an insider threat with a malicious employee but, Negligent employees and practices are also a threat •Differentiate between symmetric and asymmetric encryption Symmetric is one key to encrypt and decrypt info but is can be easily cracked and both parties need the key Asymmetric has 2 keys Public and Private (hands of owner) •Restate the characteristics of a strong password

•Length of Password •Use of case (upper and lower) •Use of numerical digits (1, 4, 7, etc.) •Use of special characters (%, *, ", >, @, etc.) •Discuss the principles of defense in depth Essentially utilizing all known cybersecurity tactics (employ least privilege, have multiple firewalls, require IDs for access, encrypt all emails, have strong passwords •What is the process of encoding a message or information in such a way that only an authorized entity can access it while unauthorized parties cannot? Data encryption •The practice of using an algorithm to map data of any size to a fixed length, ensuring it is authentic is known as what? Hashing •A cyber defense principle that gives users and programs the privileges they need, and no more is know as what? Least privilege •The network of physical objects (devices, vehicles, and buildings) embedded with processors, software, sensors, and network connectivity that enables the collection and exchange of data is known as? Internet of Things (IoT) •What is the exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission? Command and Control (C2) •When in a defensive role, what is the primary goal for the military when dealing with cyber warfare? (1) Reduce risk (2) Mitigate impact