Essential Security Principles

Question 1

Vulnerabilities

Answer 1

Weaknesses or flaws in a system’s design, implementation, or configuration that can be exploited to compromise its security.

Question 2

Threats

Answer 2

Potential dangers or harmful events that can exploit vulnerabilities and cause harm to a system or organization’s assets, operations, or reputation

Question 3

Exploits

Answer 3

Techniques or methods used to take advantage of vulnerabilities in a system or software to gain unauthorized access, disrupt operations, or extract sensitive information.

Question 4

Risks

Answer 4

The likelihood and potential impact of a threat exploiting a vulnerability, resulting in harm or damage to an organization. Risk management involves identifying, assessing, and mitigating risks to protect assets effectively.

Question 5

Attack Vectors

Answer 5

Paths or means through which an attacker can gain access to a system or exploit vulnerabilities. Attack vectors can include email attachments, malicious websites, network vulnerabilities, social engineering, and more.

Question 6

Hardening

Answer 6

The process of securing a system by reducing vulnerabilities, removing unnecessary services, implementing security controls, and following best practices to minimize the attack surface.

Question 7

Defense-in-Depth

Answer 7

An approach that involves deploying multiple layers of security controls and measures to protect systems and data. If one layer is compromised, other layers can still provide protection

Question 8

CIA

Answer 8

Confidentiality: Ensuring that sensitive information is only accessible to authorized individuals or entities.

Integrity: Maintaining the accuracy, consistency, and trustworthiness of data and system resources.

Availability: Ensuring that authorized users have timely and uninterrupted access to information and system resources.

Question 9

Types of Attackers

Answer 9

Script Kiddies: Individuals with limited technical skills who use pre-existing tools and scripts to launch attacks for fun or curiosity.

Hacktivists: Individuals or groups who carry out cyber attacks to promote a political or social agenda.

Cybercriminals: Individuals or organized groups who engage in illegal activities for financial gain, such as stealing sensitive data or conducting ransomware attacks.

Nation-state Actors: State-sponsored attackers who conduct cyber espionage, sabotage, or disruption on behalf of a nation-state.

Insider Threats: Employees, contractors, or trusted individuals who misuse their access privileges to cause harm or breach security.

Question 10

Reasons for Attacks

Answer 10

Financial Gain: Stealing sensitive information or carrying out ransomware attacks to extort money.

Espionage: Gathering classified or valuable information for political, economic, or military advantage.

Sabotage: Disrupting or disabling critical infrastructure, systems, or services.

Ideological or Political Beliefs: Carrying out attacks to promote a specific ideology or political agenda.

Personal Vendettas: Seeking revenge or causing harm to specific individuals or organizations.

Question 11

Code of Ethics

Answer 11

A set of principles and guidelines that professionals in the cybersecurity field follow to ensure ethical conduct, respect for privacy, and responsible use of their skills. It promotes integrity, professionalism, and adherence to legal and ethical standards.

Question 12

Malware

Answer 12

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. This includes viruses, worms, Trojans, and spyware

Question 13

Ransomware

Answer 13

A type of malware that encrypts a victim’s files or locks their system, demanding a ransom payment in exchange for restoring access.

Question 14

Denial of Service (DoS)

Answer 14

Attacks aimed at rendering a network, system, or service unavailable by overwhelming it with a flood of illegitimate requests or excessive traffic

Question 15

Botnets

Answer 15

Networks of compromised computers controlled by a central attacker, typically used for launching coordinated attacks, distributing spam, or conducting DDoS attacks.

Question 16

Social Engineering Attacks

Answer 16

Tailgating: Unauthorized individuals gaining physical access to restricted areas by following an authorized person.

Spear Phishing: Targeted email attacks that deceive victims into revealing sensitive information or downloading malware.

Phishing: Deceptive emails, websites, or messages designed to trick recipients into providing personal information or login credentials.

Vishing: Social engineering attacks carried out through voice calls to manipulate individuals into divulging sensitive information

Smishing: Similar to phishing, but carried out through text messages (SMS) or messaging apps.

Question 17

Physical Attacks

Answer 17

Physical tampering or unauthorized access to hardware, systems, or infrastructure, such as stealing devices, tapping into network cables, or infiltrating data centers.

Question 18

Man-in-the-Middle (MitM)

Answer 18

Attacks where an attacker intercepts and alters communication between two parties without their knowledge. This allows the attacker to eavesdrop, modify, or steal information.

Question 19

IoT Vulnerabilities

Answer 19

Internet of Things devices often lack robust security measures, making them susceptible to attacks. Vulnerabilities in IoT devices can lead to unauthorized access, data breaches, or control manipulation.

Question 20

Insider Threats

Answer 20

Attacks or security breaches caused by individuals within an organization who have authorized access but misuse it for personal gain, sabotage, or negligence

Question 21

Advanced Persistent Threat (APT)

Answer 21

Sophisticated, long-term cyber attacks carried out by skilled adversaries who stealthily penetrate a target’s network to extract sensitive information or maintain persistent access

Question 22

Access Management Principles:

Answer 22

Authentication: The process of verifying the identity of a user or entity requesting access to a system or resource. Authentication ensures that only authorized individuals or entities gain access.

Common authentication methods include passwords, PINs, biometrics (fingerprint, facial recognition), smart cards, and certificates.

Strong authentication practices involve using multiple factors (multifactor authentication) to enhance security.

Authorization: The process of granting or denying specific privileges, permissions, or access rights to authenticated users based on their role, responsibilities, or attributes.

Authorization mechanisms ensure that authenticated users have appropriate access privileges and restrictions.

Access control lists (ACLs), role-based access control (RBAC), and attribute-based access control (ABAC) are common authorization techniques.

Accounting (or Auditing): The process of tracking and monitoring user activities, including logins, access attempts, system actions, and resource usage.

Accounting helps in identifying security incidents, monitoring compliance, and generating audit trails for forensic investigations.

Question 23

AAA (Authentication, Authorization, and Accounting)

Answer 23

Authentication verifies the user’s identity.

Authorization determines what the authenticated user is allowed to do.

Accounting tracks and logs the user’s activities for auditing purposes.

Question 24

RADIUS (Remote Authentication Dial-In User Service)

Answer 24

A protocol commonly used for centralized authentication, authorization, and accounting for remote access services.

RADIUS servers authenticate and authorize users attempting to access network resources, such as virtual private networks (VPNs) or wireless networks.

Question 25

Multifactor Authentication (MFA)

Answer 25

An authentication method that requires users to provide multiple pieces of evidence to prove their identity. It adds an extra layer of security beyond just a password. MFA typically combines something the user knows (password), something the user has (smart card, token), and something the user is (biometric).

Question 26

Password Policies

Answer 26

Password policies may include requirements for password length, complexity, expiration, and restrictions on password reuse. Enforcing strong password policies helps protect against unauthorized access through password cracking or guessing

Question 27

Types of Encryption:

Answer 27

Symmetric Encryption: Uses a single key for both encryption and decryption. The same key is shared between the sender and the receiver. Examples include AES (Advanced Encryption Standard) and DES (Data Encryption Standard). Asymmetric Encryption: Also known as public-key encryption, it uses a pair of keys: a public key for encryption and a private key for decryption. The public key is freely distributed, while the private key remains confidential. Examples include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography). Hashing: Hash functions convert data of any size into a fixed-size hash value or digest. Hashing is one-way, meaning it is computationally infeasible to derive the original data from the hash. Hashes are commonly used for data integrity verification, password storage, and digital signatures. Popular hash algorithms include MD5, SHA-1, and SHA-256. Certificates: Digital certificates are used to authenticate the identity of individuals, organizations, or devices in a secure manner. Certificates are issued by Certificate Authorities (CAs) and contain the entity's public key, identity information, and the CA's digital signature. They are widely used in SSL/TLS for secure communication over the internet. Public Key Infrastructure (PKI): A framework that manages the creation, distribution, and revocation of digital certificates. PKI enables secure authentication, encryption, and digital signatures across various applications and services.

Question 28

Strong vs. Weak Encryption Algorithms

Answer 28

Strong encryption algorithms use long key lengths, complex mathematical operations, and are resistant to brute-force attacks. Weak encryption algorithms have vulnerabilities and can be relatively easily compromised. It is crucial to use strong, well-vetted encryption algorithms to ensure security.

Question 29

States of Data and Appropriate Encryption

Answer 29

a. Data in Transit: Encryption is applied to protect data while it is being transmitted over networks, such as HTTPS (HTTP over SSL/TLS) for secure web browsing or VPN (Virtual Private Network) connections. b. Data at Rest: Encryption is used to protect data stored on storage devices, such as full-disk encryption or encryption of specific files and folders. c. Data in Use: Encryption techniques are applied to protect data while it is being processed or used by applications or services. Secure enclaves or hardware-based encryption can be used to safeguard data in use.

Question 30

Protocols that Use Encryption

Answer 30

SSL/TLS: Used to secure web browsing (HTTPS), email (SMTPS, POP3S, IMAPS), and other network communications. IPsec: Provides secure communication between network devices or VPNs. S/MIME: Encrypts and digitally signs email messages. PGP/GPG: Encrypts email, files, and data using public-key encryption.