






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This comprehensive study guide covers key cybersecurity concepts, including countermeasures, vulnerabilities, attacks (e.g., the maroochy shire case, yahoo breach, dark overlord case), and relevant privacy laws (federal privacy act of 1974, california's sb 1386, pci dss, eu data protection directive). it features numerous questions and answers to test understanding of topics such as authentication, authorization, access control, cryptography, network security, web security, and operating system hardening. Ideal for students preparing for a cybersecurity final exam.
Typology: Exams
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Cyber security countermeasures are: - the tools and techniques we use to reduce risk One vulnerability in air traffic control system case was - unauthenticated messages What does non-repudiation mean? - sufficient evidence exists such taht a user cannot deny an action What is the Parkerian hexad compared to the CIA triad - Parkenian has 6 elements including the 3 from the CIA but is not as widely known Why does access control based on the Media Access Control (MAC) address of the systems on our networek not represent storng security - MAC addresses can be easily spoofed or changed What is the difference between authentication and accountability - Authentication proves who you are and accountability records what you did In the Maroochy Shire case, the actual threat was: - A disgruntled former employee What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) - In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determine access In the Yahoo breach, attackers stole: - User information The Dark Overlord case discussed by our guest speaker involved: - physical threats and a financial demand What is the difference between vulnerability assessment and penetration testing? - Penetration testing is more in depth than vulnerability assessment A simple vulnerability assessment probe: - exhaustively exploits all possible vulnerabilites What was stolen in the OPM breach? - Fingerprint, personal information, security clearance application data The cuckoo's egg story had to do with - A cyber attack If a Unix file has permissions 654 who can read and execute - Group Computer log entries: - May contain user and remote system information
the file /etc/shadow on a Unix system contains - user names and hashed passwords What do we call the rate at which we fail to authenticate legitimate users in a biometric system? - False Rejection Rate (FRR) The traceroute command tells you: - The network path between two systems What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to modern cryptographic algorithms)? - it is OK if the enemy knows the cryptographic system The Mirai bot net case: - Used IoT devices for DDoS attack What is the difference between authorization and access control - Authorization specifies what a user can do, and access control enforces what a user can do The primary vulnerability in the Lodz tram hack was: - Unauthenticated infrared signals How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if a length of 8 is used (^ is the exponent operator) - 36^ Salting a password - Makes it harder to guess by brute force What does the concept of defense in depth mean? - Protect your data and systems with tools and techniques from different layers What do we call the process in which the client authenticated top the server and the server authenticates to the client - Mutual authentication What type of cipher is a Caesar cipher - Subsitution In the fake finger video from class what was the printed circuit board used for? - To etch the finger print One counter measure for the Polycom HDX case was: - Check and control network traffic What is the difference between verification and authentication of an identity? - verification is a weaker confirmation of identity then authentication What are the main difference between symmetric and asymmetric key cryptography? - Symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption How do we know at what point we can consider our environment to be secure? - Never; perfect security does not exist
Making alterations to common accounts Making use of logging and auditing functions Applying the principle of least privilege Applying software updates in a timely manner Changing the main network firewall ruleset Removing or turning off unessential services Removing unnecessary software - Changing the main network firewall ruleset Why might we want a (software) firewall (FW) on our host if one already exists on the network? - host FWs know more about the local system What does executable space protection do for us and how? - prevents buffer overflow attacks from working by blocking code execution on the memory stack Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool? - you should verify nmap results with another tool or data source What does applying a vendor OS update (patch) usually do? - fixes vulnerabilities in the OS code Exploit frameworks make it... - easier for amateurs to launch cyber attacks If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this? - signature What is the difference between a port scanner and a vulnerability assessment tool? - port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports Name the two main categories of Web security. - Client-side attacks and server-side attacks How does an XSRF attack works? - a link or script on one web page is executed in the context of another open web page or web application What does the tool Nikto do? - Scans a web server for common vulnerabilities
Which of the following is an example of a race condition? - Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) Does an SQL injection attack compromise content in the database or content in the Web application? - database How can we prevent buffer overflows in our applications? - implement proper bounds checking Why is it important from a security perspective to remove extraneous files from a Web server? - They may provide information or vulnerabilities useful to an attacker Why is input validation important from a security perspective? - to prevent certain types of attacks What does a fuzzing tool do? - Provide multiple data and inputs to discover vulnerabilities How might we use a sniffer to increase the security of our applications? - to watch the network traffic being exchanged with a particular application or protocol Does an organization's location or the national origin or location of data they are transmitting or storing affect the organization's use of encryption or how they treat employee information? - yes Which of the following is not a provision of the Federal Privacy Act of 1974? it places restrictions on how agencies can share an individual s data with other people and agencies it requires agencies to follow certain principles, called fair information practices, when gathering and handling personal data it lets individuals sue the government for violating its provisions it requires government agencies to show an individual any records kept on him or her it provides individuals the "right to be removed from the Internet" - it provides individuals the "right to be removed from the Internet" At a high level, what does the Federal Privacy Act of 1974 do? - Safeguards privacy through creating four rights in personal data
What is the quantitative formula for risk presented in class? - RISK = P(E|V,T) * Impact Why is it important to identify our critical information? - so we can focus on protecting those assets first The term operations security and the acronym OPSEC were coined by what Vietnam War-era study? - Purple Dragon Did the formal OPSEC methodology emerge from the government/military or commercial/industrial sectors? - government/military What is pretexting? - Using a fake identity and creating a believable scenario for malicious purposes Is it OK to use the same password for all of our accounts? - no because a compromise of one account leads to a compromise of all accounts using the same password Why is it important to use strong passwords? - Strong passwords are harder (take longer) to brute force Why might using the wireless network in a hotel with a corporate laptop be dangerous?
Which of the following is not something we can do to more effectively reach users in our security awareness and training efforts? randomly fire employees regardless of their actions gamification make the training more interesting and produce positive results posters offer repeated and varied avenues for communication - randomly fire employees regardless of their actions How does a spear phishing attack differ from a general phishing attack? - number of targets and custom messages In a security context, tailgating is... - the act of following someone through an access control point What is one of the best steps we can take to protect people? - remove them from the dangerous situation Which of the following would not be a type of physical access control might we put in place in order to block access to a vehicle? cameras security landscaping concrete barriers fences - cameras Which category of physical control listed would not include a lock? deterrent preventive detective mimicry - preventive
Why might we want to use RAID? - to ensure that we do not lose data from hardware failures in individual disks What is the foremost concern as related to physical security? - protect people Name the three major priorities for physical security, in order of importance. - people, data, equipment What is residual data and why is it a concern when protecting the security of our data? - Residual data is data that remains after it has been used; not erasing or destroying it may be exposing data that we would not normally want made public