All relevance

Question 1

• What is symmetric encryption?

Answer 1

A type of encryption where the same key is used to encrypt and decrypt data.

Question 2

• What is asymmetric encryption?

Answer 2

Encryption that uses a pair of public and private keys; public key encrypts, private key decrypts.

Question 3

• What is a digital signature?

Answer 3

A cryptographic technique for validating the authenticity and integrity of a message using asymmetric encryption.

Question 4

• What is a cryptographic hash function?

Answer 4

A function that maps input to a fixed-size string with properties like pre-image resistance and collision resistance.

Question 5

What are examples of hash functions?

Answer 5

MD5 (weak), SHA-1 (deprecated), SHA-2, SHA-3 (secure alternatives).

Question 6

What is key exchange?

Answer 6

The secure process of sharing cryptographic keys between parties.

Question 7

What is Diffie-Hellman key exchange?

Answer 7

A method of securely exchanging cryptographic keys over a public channel.

Question 8

What is forward secrecy?

Answer 8

A property ensuring that session keys are not compromised even if the long-term key is.

Question 9

What is the purpose of initialization vectors (IVs)?

Answer 9

IVs add randomness to encryption to ensure the same plaintext results in different ciphertexts.

Question 10

What is hybrid encryption?

Answer 10

Combines asymmetric encryption for key exchange with symmetric encryption for data transfer.

Question 11

• What is Discretionary Access Control (DAC)?

Answer 11

An access policy determined by the owner of the resource.

Question 12

• What is Mandatory Access Control (MAC)?

Answer 12

A model where access is enforced by a central authority based on classification levels.

Question 13

• What is Role-Based Access Control (RBAC)?

Answer 13

Access rights are based on the roles that users have within an organization.

Question 14

What is Attribute-Based Access Control (ABAC)?

Answer 14

Access is granted based on attributes of users, resources, and the environment.

Question 15

What is the principle of least privilege?

Answer 15

Users are given the minimum access necessary to perform their job.

Question 16

• What is TLS and what does it secure?

Answer 16

TLS secures communications over a network by encrypting traffic and authenticating endpoints.

Question 17

What is HTTPS?

Answer 17

HTTPS is HTTP secured by TLS encryption to protect data exchanged with websites.

Question 18

What is a VPN?

Answer 18

A Virtual Private Network that encrypts a user’s internet traffic and masks their IP address.

Question 19

What is Kerberos?

Answer 19

A network authentication protocol using tickets issued by a trusted third party.

Question 20

What is a security handshake?

Answer 20

A negotiation between two parties to agree on encryption algorithms and keys.

Question 21

• What is the CIA Triad?

Answer 21

Confidentiality, Integrity, and Availability — core pillars of security.

Question 22

• What is the Bell-LaPadula model?

Answer 22

A model for maintaining data confidentiality in systems with hierarchical access.

Question 23

What is the Biba model?

Answer 23

A model focusing on maintaining data integrity by preventing improper modifications.

Question 24

What is the Clark-Wilson model?

Answer 24

A model that enforces data integrity through well-formed transactions and separation of duties.

Question 25

What is defense in depth?

Answer 25

A security strategy using multiple layers of defense to protect information assets.

Question 26

* What is a buffer overflow attack?

Answer 26

An attack where excess data overflows into adjacent memory, allowing potential code execution.

Question 27

* What is a SQL injection?

Answer 27

An attack where malicious SQL commands are injected into an input field.

Question 28

* What is a Cross-site Scripting (XSS) attack?

Answer 28

An attack that injects malicious scripts into trusted websites.

Question 29

What is a Denial of Service (DoS) attack?

Answer 29

An attack that aims to make a system or network unavailable to users.

Question 30

What is a side-channel attack?

Answer 30

An attack that exploits physical implementation details like timing or power consumption.

Question 31

What is phishing?

Answer 31

A social engineering attack to steal sensitive information via deceptive emails or messages.

Question 32

What is a firewall?

Answer 32

A network security device that monitors and controls incoming and outgoing traffic.

Question 33

What is an Intrusion Detection System (IDS)?

Answer 33

A system that monitors for signs of unauthorized access or attacks.

Question 34

What is sandboxing?

Answer 34

A security mechanism to run untrusted code in a restricted environment.

Question 35

What is ASLR?

Answer 35

Address Space Layout Randomization randomizes memory addresses to prevent exploits.

Question 36

What is input validation?

Answer 36

A technique to ensure user inputs are clean and conform to expectations to prevent attacks.

Question 37

What is noninterference in security?

Answer 37

A formal property stating that actions at higher security levels do not affect lower levels.

Question 38

What is model checking?

Answer 38

An automated technique for verifying finite-state systems against formal specifications.

Question 39

What is protocol verification?

Answer 39

The process of proving that a security protocol meets its desired properties.

Question 40

What is social engineering?

Answer 40

Manipulating people into revealing confidential information.

Question 41

What is GDPR?

Answer 41

The General Data Protection Regulation — EU law on data protection and privacy.

Question 42

What is risk assessment?

Answer 42

A systematic process of evaluating potential risks to assets.

Question 43

* How do digital signatures use hashing and public-key encryption?

Answer 43

The sender hashes the message, encrypts the hash with their private key; the receiver decrypts and verifies with the public key.

Question 44

How does TLS use both symmetric and asymmetric encryption?

Answer 44

Asymmetric encryption is used for secure key exchange; symmetric encryption is used for the session.

Question 45

How are authentication and access control related?

Answer 45

Authentication verifies identity; access control defines what an authenticated user can access.

Question 46

How does the principle of least privilege relate to RBAC?

Answer 46

RBAC enforces least privilege by assigning roles with minimum necessary permissions.

Question 47

What is the relationship between confidentiality and encryption?

Answer 47

Encryption enforces confidentiality by ensuring only authorized parties can read data.