CYBER SECURITY FINAL EXAM QUESTIONS AND ANSWERS #1
Vulnerability - correct answer a weakness that could be exploited to cause harm
Threat - correct answer a set of circumstances that could cause harm.
Asset - correct answer Things of value you want to protect. such as hardware, software,
and data
Control - correct answer an action, device, procedure, or technique that removes or
reduces a vulnerability
Countermeasure - correct answer a means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - correct answer confidentiality, integrity, availability.
Interception - correct answer someone intercepts your data. sees it. breach of
confidentiality
Modification - correct answer someone or something modifies data. failure in integrity
fabrication - correct answer someone or something fabricates data. Failure in integrity
interruption - correct answer someone or something interrupts a flow of data or access
to a computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - correct answer Interception, Modification, fabrication, interruption
Targeted - correct answer directed attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - correct answer attacker wants to harm any computer or user; such an attack
is analogous to accosting the next pedestrian who walks down the street. An example of
a random attack is malicious code posted on a website that could be visited by
anybody.
malicious - correct answer human caused. person actually wants to cause harm, and so
we often use the term attack for a malicious computer security event.
, non-malicious - correct answer human caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - correct answer come from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - correct answer The negative consequence of an actualized threat. The results of
bad stuff.
Risk Management - correct answer choosing which threats to control and what
resources to devote to protection. weighing the seriousness of a threat against our
ability to protect because resources are limited.
Method - correct answer the how of the attack. the skills, knowledge, tools, and other
things with which to perpetrate the attack.
Opportunity - correct answer the when. is the time and access to execute an attack.
Like a person using an unsecured wifi connection
Motive, Method, Opportunity - correct answer All necessary for an attack to succeed.
Motive - correct answer the why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - correct answer more than one control or more
than one class of control to achieve protection.
Physical Controls - correct answer stop or block an attack by using something tangible
too, such as walls and fences
Procedural (administrative) controls - correct answer controls that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Technical controls - correct answer counter threats with technology (hardware or
software), including passwords, encryption, etc.
Access control - correct answer limiting who can access what in what ways, a
mechanical process
least privilege - correct answer a subject should have access to the smallest number of
objects necessary to perform some task. part of effective policy implementation
granularity - correct answer the fineness or specificity of access control. whether you
are controlling access to the bit or to the entire computer. specificity of access control.
smaller the granularity the more decisions to be made
Vulnerability - correct answer a weakness that could be exploited to cause harm
Threat - correct answer a set of circumstances that could cause harm.
Asset - correct answer Things of value you want to protect. such as hardware, software,
and data
Control - correct answer an action, device, procedure, or technique that removes or
reduces a vulnerability
Countermeasure - correct answer a means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - correct answer confidentiality, integrity, availability.
Interception - correct answer someone intercepts your data. sees it. breach of
confidentiality
Modification - correct answer someone or something modifies data. failure in integrity
fabrication - correct answer someone or something fabricates data. Failure in integrity
interruption - correct answer someone or something interrupts a flow of data or access
to a computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - correct answer Interception, Modification, fabrication, interruption
Targeted - correct answer directed attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - correct answer attacker wants to harm any computer or user; such an attack
is analogous to accosting the next pedestrian who walks down the street. An example of
a random attack is malicious code posted on a website that could be visited by
anybody.
malicious - correct answer human caused. person actually wants to cause harm, and so
we often use the term attack for a malicious computer security event.
, non-malicious - correct answer human caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - correct answer come from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - correct answer The negative consequence of an actualized threat. The results of
bad stuff.
Risk Management - correct answer choosing which threats to control and what
resources to devote to protection. weighing the seriousness of a threat against our
ability to protect because resources are limited.
Method - correct answer the how of the attack. the skills, knowledge, tools, and other
things with which to perpetrate the attack.
Opportunity - correct answer the when. is the time and access to execute an attack.
Like a person using an unsecured wifi connection
Motive, Method, Opportunity - correct answer All necessary for an attack to succeed.
Motive - correct answer the why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - correct answer more than one control or more
than one class of control to achieve protection.
Physical Controls - correct answer stop or block an attack by using something tangible
too, such as walls and fences
Procedural (administrative) controls - correct answer controls that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Technical controls - correct answer counter threats with technology (hardware or
software), including passwords, encryption, etc.
Access control - correct answer limiting who can access what in what ways, a
mechanical process
least privilege - correct answer a subject should have access to the smallest number of
objects necessary to perform some task. part of effective policy implementation
granularity - correct answer the fineness or specificity of access control. whether you
are controlling access to the bit or to the entire computer. specificity of access control.
smaller the granularity the more decisions to be made
