Security

Question 1

the same shared key was used to both encrypt and decrypt the message; faster but we have the key distribution problem - how do 2 parties agree on and share a key if they have never interacted before

Answer 1

symmetric encryption

Question 2

two mathematically related keys are used; one is a public key that can be shared with everyone and another is a private key that is always kept secret; is slower, but can help with the key distribution problem

Answer 2

public-key encryption

Question 3

function that maps input of any size to an output of fixed size

Answer 3

hash function

Question 4

a hash function combined with someone’s private key can used to create a _________________

Answer 4

digital signature

Question 5

issued by a certificate authority (CA) - there are only a few trusted organizations around the world; can be used to prove that your public key actually belongs to you

Answer 5

digital certificate

Question 6

when hackers use psychology to trick people into divulging confidential information

Answer 6

social engineering

Question 7

4 types of malware

Answer 7

virus, worm, trojan horse, ransomware

Question 8

can insert itself into the code of other computer programs and copy itself throughout the computer and the network when the infected programs run

Answer 8

virus

Question 9

is similar to a virus, but it does not need to be attached to another program, and can copy itself without any human help

Answer 9

worm

Question 10

software that appears to be harmless, but actually does something unexpected and malicious behind the scenes. The user has to launce it, and cannot replicate on its own

Answer 10

trojan horse

Question 11

software that will either threaten to publish or prevent the victim from accessing their files unless a ransom is paid. Usually this will be some cryptocurrency so it cannot be traced to the person they paid

Answer 11

ransomware

Question 12

5 other techniques than malware

Answer 12

phishing, spam, botnet, denial of service attack, sniffing

Question 13

use deceptive emails or text messages to social engineer users into revealing sensitive information. Often they will pretend to come form a trusted authority and will ask for confidential information

Answer 13

phishing

Question 14

unsolicited junk mail

Answer 14

spam

Question 15

collection of computers (usually infected ones) that are used together for a common purpose

Answer 15

botnet

Question 16

involves many computers overwhelming a website by requesting a service in an attempt to block others from accessing the website

Answer 16

denial of service attack

Question 17

eavesdropping on network communication to obtain sensitive information like passwords, emails, company files, etc.

Answer 17

sniffing

Question 18

the ____, ____, and ____ that are used to prevent unauthorized access, alteration, theft, interruption, or physical damage of information systems

Answer 18

policies, procedures, technical measures

Question 19

are rules and expectations

Answer 19

policies

Question 20

are the step-by-step guides in place

Answer 20

procedures

Question 21

are controls to enforce such policies/procedures and to further safeguard information systems

Answer 21

technical measures

Question 22

6 types of security services

Answer 22

authentication, access control, data confidentiality, data integrity, availability, non-repudiation

Question 23

assurance that the other party is who they say they are

Answer 23

authentication

Question 24

prevention of unauthorized use of a resource

Answer 24

access control

Question 25

protection of data from unauthorized disclosure

Answer 25

data confidentiality

Question 26

assurance that services are available when needed

Answer 26

availability

Question 27

protection against denial by one of the parties in a communication

Answer 27

non-repudiation

Question 28

wireless security authentication methods

Answer 28

WPS, PSK, EAP

Question 29

very simple measures in place, like pushing the button on your router to join the network

Answer 29

WPS (wifi protected setup)

Question 30

you enter a passphrase to join the network

Answer 30

PSK (pre-shared key)

Question 31

may need to login with a username and password

Answer 31

EAP (Extensible Authentication Protocol) method

Question 32

wireless security protocols

Answer 32

WEP, WPA, WPA2, WPA3

Question 33

can be easily cracked

Answer 33

WEP (Wired Equivalent Privacy)

Question 34

temporarily replacement for WEP

Answer 34

WPA (WIreless Protected Access)

Question 35

very secure, used be eduroam

Answer 35

WPA2

Question 36

newest, introduced in 2018. Even more secure, expected to become more common as it’s adopted

Answer 36

WPA3

Question 37

determing points of vulnerability, level of risk, and potential damage if it were to happen

Answer 37

risk assessment

Question 38

identifies main security risks, acceptable security goals, and mechanisms to achieve these goals

Answer 38

security policy

Question 39

states acceptable uses and users of information and computers; establishes things like privacy, user responsibility, personal use of devices, access rules for different employees

Answer 39

acceptable use policy

Question 40

focused on getting the IT systems up and running after a disruption, like restoring backup files, maintaining backup systems, reconfiguring servers etc.

Answer 40

disaster recovery planning

Question 41

focused on getting the business up and running after a disruption. Not just focused in machines, but people too, like coming up with measures to operate after closures due to the pandemic, returning to the office after an evacuation, etc.

Answer 41

business continuity planning

Question 42

investigates if the current security and control framework is adequate; involves a comprehensive assessment of a company’s computer security polices, procedures, and technical measures, personnel, training, and documentation

Answer 42

security audit