Ex 2

Question 1

What does salt hashing do when hashing a password?

Answer 1

Salt makes every password unique and therefore making it harder to break

Question 2

What is dynamic biometric authentication?

Answer 2

It is patterns that a person makes that are unique for that individual, such as speaking or writing patterns.

Question 3

What is static biometric authentication?

Answer 3

It is something unique connected to someone’s body, such as a fingerprint or iris.

Question 4

What is token authentication?

Answer 4

It’s something that you posses, which means like microsoft authentication or an access card

Question 5

What is Authentication?

Answer 5

Authentication is how you prove that you are someone you say you are, as an password to an account

Question 6

What is Identification?

Answer 6

Thats is when you says who you are by providing an email or a username

Question 7

What is Multi-factor authentication?

Answer 7

MFA is when you are needed to provide more then one authentication to prove that you are you, as for instance you type in a password and then gets a code to your phone that you need to type in.

Question 8

What is reactive password checking?

Answer 8

Reactive password checking is when you look through DB with passwords to find bad ones, and then prompt the affected users to update their password.

Question 9

What is proactive password checking?

Answer 9

Proactive password checking is when you force users to have a certain level of security when creating their password, for instance needing to have at least 8 characters, at least two numbers and a special character.

Question 10

What is exhausted search? (Attack)

Answer 10

Exhausted search is another word for brute force attacks, which is when a script is trying to break a password by testing certain combinations

Question 11

What is intelligent search? (Attack)

Answer 11

Intelligent search is when the hacker tries to narrow the search filead of the credentials they trie to get, such as if a hacker tries to get a Swedish users password, they would not try a Daish dictionary attack, they would use Swedish words.

Question 12

What does S in STRIDE stand for?

Answer 12

Spoofing, which is when a hacker or a program successfully identifies them selfs as someone or something else to get private information from a user

Question 13

What does T in STRIDE stand for?

Answer 13

Tampering, which is when a hacker or a program gain access to a file, db, hardrive or something similar and change or modifies it to cause damage or gain further access.

Question 14

What does R in STRIDE stand for?

Answer 14

Repudiation, stands for when a hacker or program carries out an attack and then denies their involvement and leaving little to no digital evidence making it hard to prove their participation.

Question 15

What does I in STRIDE stand for?

Answer 15

Information disclosure, is when private information is being leaked, this can occur because of poor error management or input handling.

Question 16

What does D in STRIDE stand for?

Answer 16

Denial of service, is when a hacker or program is targeting a service by making it unavailable for their users, a common user attack is DDoS when multiple requests is sent to a service trying to overload it.

Question 17

What does E in STRIDE stand for?

Answer 17

Elevation of privilege, is when a hacker is trying to grant them self a higher privilege to gain more control of the system, this can be by trying to get admin access on a regular account.

Question 18

What is a social engineering attack?

Answer 18

Is when a hacker tries to trick a person to either give up information by social skills, so they can carry out some attack.

Question 19

What is the name of establishing confidents in a users identity while trying to access a system?

Answer 19

Authentication

Question 20

What is False match rate?

Answer 20

FMR is the number of times an authentication system wrongfully gives access to a user that was not supposed to gain access.

Question 21

What is FMR?

Answer 21

False match rate

Question 22

What is FNMR?

Answer 22

False non match rate

Question 23

What is False non match rate?

Answer 23

FNMR is the number of times an authentication system wrongfully does not give access to a person who was supposed to gain access.

Question 24

What is attack surface?

Answer 24

Attack surface is all the reachable parts of a system where a hacker can try to gain access to the system.

Question 25

What is WannaCry? (Virus)

Answer 25

WannaCry is a malware that encrypts data and demands a ransom to give it back to the owner.

Question 26

What is Melissa? (Virus)

Answer 26

Melissa is a Macro virus that spreads over email, it prompted users to open a file, and then sent out 50 emails to other users, this spread really fast and even overloaded email servers which caused them to crash.

Question 27

What is Elk cloner? (Virus)

Answer 27

Elk cloner is a Macro virus which was spread by floppy discs between apple II computers

Question 28

What is a Macro virus?

Answer 28

Macro virus is a Virus embedded in a program, file etc to hide the existens of it, and when the file or program is started it does what it is intended to do.

Question 29

What is Creeper? (Virus)

Answer 29

Creeper was the first computer worm, it was not malicious, but it still self copied and spread by it self and when infecting a computer let users know it had been infected.

Question 30

What is a plain text attack?

Answer 30

It is when the attacker has access to both plain text which is the unencrypted text and the cipher text version, which means the attacker knows the encryption algorithm.

Question 31

What is IPSec?

Answer 31

IPSec is a protocol that encrypts data between two computers over internet, it is commonly used for VPNs.

Question 32

What is SSL/TLS?

Answer 32

SSL/TLS is a protocol that provides security over a network and is most commonly used for HTTPS

Question 33

What is S/MIME?

Answer 33

S/MIME is an encryption standard used for E-Mail and is similar to the SSL protocol.

Question 34

What is HTTPS?

Answer 34

HTTPS or Hypertext Transfer protocol secure, is a encrypted version of HTTP which now is outdated and HTTPS is what is being used for the internet.

Question 35

What is a Digital envelope?

Answer 35

Digital envelope is used for sending data without it being tampered with along the way. It works as the system encrypts the data that will be sent, then they ask the reciver for their public key and then encrypt the key for the data. Then they pass the message along and in theory only the receiver should be able to decrypt the key and then the message.

Question 36

What does "ones" value mean in a UNIX system file permission 111222333 ?

Answer 36

It is the owners permission

Question 37

What does "twos" value mean in a UNIX system file permission 111222333 ?

Answer 37

It is the group permission

Question 38

What does "threes" value mean in a UNIX system file permission 111222333 ?

Answer 38

It is the others premission

Question 39

What is a tangible asset?

Answer 39

It is an asset that is easy for a threat agent to target, such as a laptop or a storage device.

Question 40

What are the different threat agents?

Answer 40

Nation states, Competitors and organized crime, Terrorists, Hacktivists, Thieves and people hacking for fun

Question 41

What is a challenge response mechanism? (CRM)

Answer 41

It is the most common authentication process, it is when a user tries entering a system, then gets prompted with a challenge such as answaring a question, providing password or authentication with an app or email.

Question 42

What is CAPTCHA?

Answer 42

Is an automatic test to tell people apart from computers?

Question 43

What is a template in biometric authentication system?

Answer 43

Features extracted from a biometric trait is stored in a data baser to be abled to authenticate users

Question 44

What numbers are connected to the different Linux permissions?

Answer 44

R = 4, W = 2, X = 1

Question 45

What is a Polymorphic virus?

Answer 45

It is a virus that keeps it core function but every time it is executed it changes, it attaches it self to other files.

Question 46

How to rename a file with a UNIX command?

Answer 46

mv filename.txt newfilename.txt

Question 47

How to move a file with UNIX command?

Answer 47

mv filename.txt /home/user..

Question 48

How do you print the current file path with a UNIX command?

Answer 48

pwd

Question 49

How to make a directory with UNIX command?

Answer 49

mkdir lib

Question 50

How to remove a directory with UNIX command?

Answer 50

rmdir lib

Question 51

how to remove a file with UNIX command?

Answer 51

rm fil.txt

Question 52

How to copy a file with UNIX command?

Answer 52

cp filename.txt copiedfile.txt

Question 53

How do you show the content of a file with UNIX command?

Answer 53

cat filename.txt

Question 54

How do you change permissions to a file using UNIX command?

Answer 54

chmod 765 filename.py (RWX RW WX)

Question 55

How to change the owner of a file using UNIX command?

Answer 55

chown johnny:johnny2 filename.py (Johnny = Owner, Johny2 = group)

Question 56

What is Dataveillance?

Answer 56

Dataveillance is when a threat agent uses a person data to surveillance them, as for instance they look at a targets pictures on instagram to try and find there location, what time they are online to se their timezone etc.

Question 57

-rwxr-xr-x 1 root root 2957 Nov 9 2022 keychainjohnny2.py. What is the Owners permission?

Answer 57

RWX

Question 58

-rwxr-xr-x 1 root root 2957 Nov 9 2022 keychainjohnny2.py What is the Groups permission?

Answer 58

r-x

Question 59

-rwxr-xr-x 1 root root 2957 Nov 9 2022 keychainjohnny2.py What is the others permission?

Answer 59

r-x

Question 60

-rwxr-xr-x 1 root root 2957 Nov 9 2022 keychainjohnny2.py What is owner and group owner?

Answer 60

Rooot - Root

Question 61

What is Block cipher?

Answer 61

This is when encryption is done in pre-decided blocks and there by both the sender and receiver knows the block size and can therefore encrypt and decrypt.

Question 62

What is a stream cipher?

Answer 62

It is a real time communication tool where a combination of receiver and senders keys ar combined to generate "random numbers" which are the used to encrypt a message and at the same time putting the numbers in the encryption by using XOR and can there by also be decrypted with XOR. It can be encrypt one bit at a time or one byte.

Question 63

What is verifications vs identification in biometric system?

Answer 63

Verification is when the ratio is (1:1), which means that a user has provided some type of identification so that the biometric data works as a password to verify. Identification is when the ratio is (1:N), which means that a biometric is used to find if the database stores this persons data.

Question 64

Mention an application that needs low FMR?

Answer 64

An application that needs low FMR is a highly secure application, the applications is handling data that could be dangerous if the wrong person got access to it, thats why its better if the right user is denied insted of a wrong person being approved.

Question 65

Mention an application that needs low FNMR?

Answer 65

An application that needs low FNMR is where security is not that high and usability is prioritized higher, this could for instance be an iPhone where facial id sometimes works for twins etc.

Question 66

What security property is violated by S in STRIDE?

Answer 66

Spoofing violates authentication

Question 67

What security property is violated by T in STRIDE?

Answer 67

Tampering violates integrity

Question 68

What security property is violated by I in STRIDE?

Answer 68

Information disclosure violates Confidentiality

Question 69

What security property is violated by D in STRIDE?

Answer 69

Denial of service violates the availability

Question 70

What security property is violated by E in STRIDE?

Answer 70

Elevation of privilege violates authorization

Question 71

What is DREAD?

Answer 71

D = Damage R = Reproducibility E = Exploitability A = Affected user D = Discoverability

Question 72

What is Cryptography?

Answer 72

Cryptography is the art of securing messages between a sender and receiver.

Question 73

What is Attribute-Bases access control (ABAC)?

Answer 73

Access is granted based on attributes, such as subject (Who wants access?), Objects (What they want to access?) Environment (Where they want to access from). Example when you are a MAU employ and try to access the Intranet, you need to be an employ, you need to have access to to the part you are trying to reach and you need to either be at school or use a VPN configuration

Question 74

What is Discretionary access control (DAC)?

Answer 74

Access is controlled by the owner of the resource.

Question 75

What is Role-Based Access Control (RBAC)?

Answer 75

Access is given based on roles, it is a system where roles are what gives certain access to data, for instance a guest, user and admin have different privileges

Question 76

What is Mandatory Access Control?

Answer 76

Access is being controlled by a central unit which is what military use to make papers classified so only certain people can get access, which is being controlled buy the central unit.

Question 77

What is IDS?

Answer 77

IDS is intrusion detection system, which is a system that flags when a system is being attacked but does not stop it by default

Question 78

What is IPS?

Answer 78

IPS is intrusion prevention system, which block the attacker as soon as the attack is being discovered.