Cyber Security 1 - Exam 1 Study Guide

A cyber attack simply requires that the target is an electronic information system. Nation state involvement, substantial loss and large groups are common but NOT necessary characteristics.

DoS means malicious traffic makes a service unable to operate. Option 2 is too broad. Option 1 is too specific. Option 4 describes admin action not an attack.

Distributed means the attack traffic originates FROM many sources simultaneously. Option 1 confuses many hackers with many computers attacking simultaneously.

Attack vector is the method or path used in an attack. Not the attack itself, not the attacker's view of defenses, not a list of vulnerabilities.

All three CIA goals work together. Confidentiality alone is insufficient. The other options make false absolute claims about relative importance.

Script kiddies use the same ready-made tools so attacks are recognizable and blockable. Option 4 wrong - automated scripts can still cause serious damage.

Script kiddies use attack tools written by more skilled hackers without understanding how they work.

Identity theft is the malicious use of someone else's identifying data. Option 3 wrong - it can happen without financial loss. Option 4 wrong - it requires malicious intent.

Ransomware is a direct computing risk. Spam, hoax, meme virus, Nigerian letter and troll are NOT direct computing risks - but spam is borderline. The course counts 4 as NOT direct risks.

Social engineering is the broad concept of manipulating people psychologically. Options 1 (phishing), 2 (dumpster diving) and 3 (shoulder surfing) are specific techniques, not the full concept.

Impersonation means fooling someone into thinking they deal with a trusted party when actually dealing with the attacker.

An eavesdropper listens to communications without being a legitimate party. Honest but curious refers to a legitimate party who tries to learn more than they should.

A dictionary attack tries common words and phrases instead of random combinations. Option 3 describes rainbow tables.

A backdoor bypasses normal security controls. Can be built by developers or installed by attackers. Option 2 describes Trojan horse payload.

Ransomware encrypts your files and demands payment for the decryption key. Data is locked not destroyed.

A passive attack only observes or intercepts data without modifying anything. Eavesdropping is the classic example. Option 4 is completely wrong.

A Trojan horse disguises itself as legitimate software but performs malicious actions. Key: does NOT replicate unlike virus or worm.

All malware runs in the same environment as legitimate software and can do anything that environment allows.

Macro viruses run inside host programs like Word or Excel. Cross-platform ability is the key characteristic.

Exposure is the security term for a vulnerability that reveals something hidden. Disclosure means revealing information intentionally.

Buffer overflow occurs when a program writes more data than a buffer can hold, spilling into adjacent memory.

A zero-day vulnerability is unknown to the software vendor - they have had zero days to fix it.

A botnet is built from compromised machines whose owners do NOT know. If users agreed it would be a legitimate distributed network not a botnet.

In MITM the attacker positions between two parties, intercepts and can modify messages. Option 1 describes a rootkit.

A botnet is compromised computers controlled by an attacker without owners' knowledge.

Assurance is the confidence or evidence that security measures actually work. Not a synonym for authentication or accountability.

Authentication verifies that someone is who they claim to be. Option 1 describes identification. Option 2 describes authorization.

Fire, flood and unauthorized transaction are excluded - 3 items. Fire and flood are physical disasters. Unauthorized transaction is an integrity issue not availability.

Risk = Threat x Vulnerability. Without a vulnerability a threat cannot succeed. Without a threat a vulnerability does not matter.

Access control is the enforcement mechanism. Option 2 describes policy. Option 4 is too broad.

Accountability requires authenticity combined with integrity (I) of audit records. Without integrity of logs, accountability is meaningless.

Mechanism=yes, model=NO, policy=NO, service=yes, protection=yes, countermeasure=yes, safeguard=yes. That gives 5.

Defence-in-depth uses multiple layers of security so if one fails others still protect. The other options are not standard security terms.

Non-repudiation means a party cannot deny having sent or received a message. The evidence is so strong that denial is impossible.

Non-repudiation is a security goal ensuring parties cannot deny their actions. It sits alongside the CIA triad as a separate special goal.

2FA requires two DIFFERENT factor types: something you know (PIN) + something you have (hard token). Options 1, 2 and 3 mix factors of the same type.

Credentials are the data used to prove identity. Attributes are characteristics. Certificates are a specific type.

The data owner knows the sensitivity and value of their data best. This is the principle behind discretionary access control.

A shared secret is a value known only to communicating parties, established through key exchange protocols like IKE.

CA tasks include issuing, signing and managing certificate revocation through CRL or OCSP. CAs do NOT maintain private keys.

Challenge-response sends an unpredictable challenge only the legitimate party can answer. Option 1 describes proof-of-work. Option 2 describes CAPTCHA.

A digital signature hashes the message then encrypts with private key. Recipient decrypts with public key and compares hashes.

The later in the development lifecycle you find and fix security problems the more expensive it is. Among these options implementation is the latest stage.

A firewall inspects and filters network packets. Ports, IP addresses and protocols are rule attributes but packets are what actually get blocked.

Separation of duties requires critical tasks be divided among different people so no single person can commit fraud alone.

Steganography hides a secret message within ordinary-looking data. Still actively used. Digital watermarking is a related but different concept.

Flash drives are valid backup media. Option 1 wrong - printing IS valid for some data. Option 4 wrong - incremental copies only copy changes since last backup.

Off-site backup protects against physical disasters that destroy both primary data and any on-site backups simultaneously.

Redundancy is the most concrete concept - having extra copies or checksums allows detection and restoration of corrupted data.

Under GDPR, fines up to 20 million euros or 4% of global annual turnover. The company can still be held responsible even if the attacker is not caught.

Data protection is about protecting personal information that individuals share with organizations.

GDPR defines: data subject, data controller, data processor. Data object is a technical database term not a GDPR legal concept.

GDPR primarily places obligations on organizations. Option 1 wrong - not just cross-border. Option 3 wrong - not about encryption standards.

PCI-DSS was created by major card brands (Visa, Mastercard etc.) not by a government. Industry standard not a law.

Anonymity depends on WHAT should be hidden AND TO WHOM. Note: TO WHOM not BY WHOM - this is a common exam trap.

Privacy is distinct from secrecy, anonymity and privilege. Privacy is the right to control your own personal information.

A pseudonym is a false name used instead of a real name. Not a filesystem term. Not inherently part of an attack.

Copyright belongs to the creator by default. Publishers may acquire rights through contracts but do not own copyright originally.

DRM controls how digital content can be accessed and distributed. Option 2 describes anti-circumvention laws.

Privacy regulations like GDPR protect personal data not intellectual property. DRM, patents and licensing are all genuine IP protection mechanisms.

Your social media may contain posts or connections that create a negative impression. Option 1 wrong - following public links is not a privacy offense.

Social media spreads content quickly but is very slow to correct misinformation after it spreads.

Corrections to previously shared false information are almost never propagated. Original posts remain unchanged.

If you share false information that causes harm you bear responsibility whether you created it or reshared it.

Ethics in information security covers privacy, IPR, responsible disclosure and fair use. Options 3 and 4 greatly understate its role.

This is a matter of quality and courtesy but not a genuine ethical dilemma. Options 1, 2 and 4 all involve real ethical questions.

TOR is a legitimate and legal tool for anonymous browsing. Option 3 wrong - private mode only prevents local browser history. Option 4 wrong - TOR and VPNs are legal in Finland.

A persistent login cookie is stored on your computer and sent automatically when you revisit. Browsers do not send passwords automatically.

You chose the 10-digit code. Attacker tries all 10-digit combinations: 10^10. Option 2 wrong - attacker only tries the length you chose. Option 3 wrong - attacker attacks the passcode not the AES key.

On a personal computer a firewall is a software process. Not hardware. Not tied to the browser.

A simple water pump only needs power and has no data capability. Option 1 has document malware risk. Option 2 risks juice jacking.

Risk analysis should only include controls relevant to the threats being analyzed.

What competitors spend on security is irrelevant to your own risk analysis. Options 2, 3 and 4 are all relevant.

Risk = Threat x Vulnerability x Asset Value. If an asset is genuinely worth less the real risk is lower. Option 1 just underestimates.

Risk mitigation means taking active steps to reduce risk by implementing controls.

An NDA binds a person to keep organizational information confidential. Option 1 describes GDPR. Option 3 describes a classification policy.

PKI's fundamental purpose is to create a trusted link between a public key and the identity of its owner. Options 3 and 4 describe structural features not the basic goal.

A certificate is created when a CA uses its OWN private key to sign a binding between public key K and the identity of B.

From an authentication perspective the answer must be unpredictable - high entropy means hard to guess. Memorability is usability not security.

If someone else can access your browser they see all your saved passwords. This is the critical security condition.

You must NEVER tell your password (ii). But you CAN save it (iii) in a trusted password manager.

Password reuse is most dangerous - one breach compromises ALL accounts sharing that password.

A toothbrush represents: (iii) personal use only and (iv) change it often enough. Does NOT represent entropy or usability. Exactly two features.

A cookie cannot directly access or modify files on your computer. It cannot break the confidentiality or integrity of your local files.

The web server creates the cookie, sends it to the browser, the browser stores it, and sends it back unchanged with subsequent requests.

The cookie sends back the same information the server originally sent - this is how the server maintains session state.

CAPTCHA proves you are human without knowing WHO you are - no identification involved. Option 1 wrong - CAPTCHAs can be attacked by human farms and AI.

This is email address obfuscation. Spambots scan for email patterns. Adding POISTA MINUT breaks the pattern so bots cannot harvest it.

Primitives are the basic building blocks of cryptographic systems treated as indivisible black boxes - like hash functions, block ciphers, stream ciphers.

A cryptographic protocol involves multiple parties exchanging messages. Key agreement (Diffie-Hellman) requires communication between parties.

Hash functions are cryptographic algorithms but use no key. The statement is false because it omits keyless algorithms.

Challenge-response is a PROTOCOL not an algorithm - it involves multiple steps and parties exchanging messages.

Cryptography is the practice/science. A cryptosystem is a complete implementation.

Plaintext means unencrypted data - does not need to be human-readable or ASCII. It is the data BEFORE encryption.

Block ciphers process fixed-size blocks. Stream ciphers process data bit by bit. Options 1, 3 and 4 use non-standard terminology.

This describes password-based encryption using key derivation functions. Option 3 wrong - sending the key with the message defeats encryption.

If original key is n bits, brute force tries 2^n = T. Doubling to 2n bits means 2^(2n) = T squared. Doubling key LENGTH squares the brute force effort.

The two classes of symmetric cryptographic methods are stream ciphers and block ciphers. The other options are separate categories.

AES replaced DES and is now the most widely used symmetric encryption algorithm. DES is obsolete. RSA is asymmetric. TLS is a protocol.

DES was the standard symmetric encryption algorithm for keeping communications confidential. Eventually broken due to its short 56-bit key length.

A one-time pad is theoretically unbreakable - truly random key, at least as long as the message, used only ONCE. Provides perfect secrecy.

AES is a symmetric block cipher processing data in 128-bit blocks using keys of 128, 192 or 256 bits.

Anyone can use the public key to lock (encrypt) data, but only the private key holder can unlock (decrypt) it.

In digital signatures anyone can verify using the public key what the sender locked with their private key.

FALSE. RSA uses square-and-multiply fast exponentiation requiring approximately log(d) multiplications, NOT d-1.

FALSE. RSA signing only requires private exponent d and modulus n - NOT the prime factors p and q.

A checksum must cover all characters to detect errors anywhere in the input.

This describes collision resistance. Option 3 is opposite of truth - avalanche effect means LARGE hash changes from small message changes.

Any change to the message produces a completely different hash, revealing tampering. This is integrity protection.

CRCs are non-cryptographic error detection checksums - completely different from keyed cryptographic hashes (MACs).

There are 2^100 possible 100-bit strings. Probability = 1/2^40. Expected count = 2^100 / 2^40 = 2^60 (written as 260).

Only 2^40 possible 40-bit strings. Probability = 1/2^100. Expected count = 2^40 / 2^100 = essentially zero. Input space is far too small.

IPsec provides both authentication and encryption at the IP layer. Works with both IPv4 and IPv6.

Key exchange means two parties agreeing on a shared symmetric key without it ever being transmitted directly.

SSH (Secure Shell) is the standard protocol for securely connecting to a remote computer's command line.

TLS stands for Transport Layer Security. It replaced SSL (Secure Sockets Layer).

Lithium-ion batteries in mobile devices are a genuine fire risk. IT systems have special fire suppression requirements (gas not water).

Smart cards have a secure processor - operations happen inside the tamper-resistant chip and bits never leave the card in a usable form.

A DMZ sits between two firewalls - one facing the internet and one facing the internal network. It hosts public-facing servers.

Routers operate at Layer 3 and can perform packet filtering based on IP addresses and port numbers.

A packet filter inspects only packet headers. It cannot inspect content for viruses, read attachments, or encrypt/decrypt traffic.

A packet filter rejects packets if either port number is invalid per its rules. Option 1 wrong - packet filters definitely use port numbers.

Packet filters CAN log traffic. They CANNOT perform user authentication, anti-virus scanning or spam filtering.

IPsec Authentication Header adds an HMAC - a hash from packet contents using a shared symmetric key. Provides integrity and authentication.

IPsec operates at Layer 3 (Network layer). TLS operates between Layer 4 and Application layer. Layer 3 is lower.

If the user connects to a fake server and enters credentials, the attacker captures them - compromising all services using those credentials.

TLS encrypts whatever the application sends without knowing whether it is HTTP, email, FTP or any other type.

Encryption is the fundamental security requirement - protecting data as it travels over the public internet.

GSM uses challenge-response with a shared symmetric key stored on the SIM card. No public key system involved.

Mobile networks apply a cryptographic hash/HMAC to a shared secret combined with a random challenge. The shared secret is NEVER transmitted.

WiFi is the protocol. WLAN is the network type. WPA is the security protocol. VLAN is a separate network segmentation concept.

WPA protects WiFi/WLAN only. NFC, ZigBee and Bluetooth have their own separate security mechanisms.

Log in, sign in and log on are all standard terms. Pass in is not used for this purpose.

Login must handle authentication requests from anyone - it cannot pre-screen. Failed logins can trigger lockouts.

The operating system is the foundation of all security - controls hardware access, manages memory isolation, enforces permissions.

Sandboxing isolates untrusted code in a restricted environment where it cannot affect the rest of the system.

SSO allows a user to authenticate once and access multiple systems. Session is time-limited for security.

With SSO users only need one strong password rather than reusing the same password across multiple services.

Employee databases contain structured sensitive personal data with complex dependencies. A folder of papers is not a database.

Overwriting multiple times is secure deletion. Magnetic storage retains traces even after deletion - multiple overwrites make recovery extremely difficult.

A salt is a random value added before hashing, stored in plaintext alongside the hash. It ensures two users with the same password have different hashes, defeating rainbow table attacks.