Information assurance and security

Question 1

What is E-commerce?

Answer 1

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

Question 2

What are the key specifications of Real-world Security?

Answer 2

• Specifications/policy : What is the system supposed to do
• Implementation mechanism : How does it do it?
• Correctness/assurance : Does it really work?
• Human Nature : Can the system survive “clever users”?

Question 3

What you might want in a software?

Answer 3

*Privacy
*Protection against phishing, vishing
*Integrity
*Authentication
*Authorization
*Confidentiality
*Non-repudiation
*Availability

Question 4

It is the protection against unauthorized modification or destruction of information.

Answer 4

Integrity

Question 5

Ensures that information is not disclosed to unauthorized persons.

Answer 5

Confidentiality

Question 6

The process of verifying the identity of a user, message, or originator.

Answer 6

Authentication

Question 7

Provides proof of data delivery and sender identity, so that neither party can later deny having processed the information.

Answer 7

Non-repudiation

Question 8

It is the guarantee of timely, reliable access to data and information services for authorized users.

Answer 8

Availability

Question 9

What does Availability refer to in information security?

Answer 9

Timely, reliable access to data and information services for authorized users.

Question 10

Define Integrity in the context of information security.

Answer 10

Protection against unauthorized modification or destruction of information.

Question 11

What is Confidentiality in information security?

Answer 11

Assurance that information is not disclosed to unauthorized persons.

Question 12

What is Authentication?

Answer 12

Security measures to establish the validity of a transmission, message, or originator.

Question 13

What does Non-repudiation mean?

Answer 13

Assurance that the sender has proof of data delivery and the recipient has proof of the sender’s identity.

Question 14

What are the types of assets in information security?

Answer 14

• Physical assets: Devices, computers, people
• Logical assets: Information, data, intellectual property
• System Assets: Software, hardware, data, personnel resources

Question 15

What is an attack in the context of information security?

Answer 15

An attempt to gain access, cause damage to, or otherwise compromise information and/or systems.

Question 16

What is a Passive attack?

Answer 16

An attack in which the attacker does not directly interact with the system.

Question 17

Define an Active attack.

Answer 17

An attack in which the attacker directly interacts with the system.

Question 18

What is an Unintentional attack?

Answer 18

An attack where there is no deliberate goal of misuse.

Question 19

What is Exposure in information security?

Answer 19

An instance when the system is vulnerable to attack.

Question 20

What does Compromise refer to?

Answer 20

A situation in which the attack has succeeded.

Question 21

What is a consequence of an attack?

Answer 21

The outcome of an attack, which may include disruption, corruption, or exploitation.

Question 22

What is meant by Disruption in the context of consequences?

Answer 22

Targets availability.

Question 23

What is meant by Corruption in the context of consequences?

Answer 23

Targets integrity.

Question 24

What is meant by Exploitation in the context of consequences?

Answer 24

Targets confidentiality.

Question 25

What is the definition of Authentication?

Answer 25

The process of recognizing a user’s identity.

Question 26

What is Authorization?

Answer 26

The process that determines what a user is able to do and see on a website.

Question 27

What is Malware?

Answer 27

Malicious software designed to disrupt, damage, or gain unauthorized access to systems.

Question 28

List examples of Malware.

Answer 28

* Viruses * Worms * Ransomware * Trojans * Spyware * Adware

Question 29

What is Phishing?

Answer 29

Tricking individuals into providing sensitive information by pretending to be a trusted entity.

Question 30

What are common forms of Phishing?

Answer 30

* Emails * Fake websites * SMS ('smishing') * Voice calls ('vishing')

Question 31

What is Social Engineering?

Answer 31

Exploiting human psychology to manipulate individuals into divulging confidential information.

Question 32

What are examples of Social Engineering?

Answer 32

* Pretexting * Baiting * Tailgating * Quid pro quo attacks

Question 33

What are Denial of Services (DoS) Attacks?

Answer 33

Overloading systems or networks to make them unavailable to legitimate users.

Question 34

What are Man in the Middle (MITM) Attacks?

Answer 34

Intercepting communication between two parties to eavesdrop or alter data.

Question 35

What are Password Attacks?

Answer 35

Cracking or stealing passwords through brute force, dictionary attacks, or keylogging.

Question 36

What are Zero Day Exploits?

Answer 36

Exploiting software vulnerabilities before the vendor releases a patch.

Question 37

Define Cryptology.

Answer 37

The process of making and using codes to secure the transmission of information.

Question 38

Where did the word Cryptology came from?

Answer 38

Greek words Kryptos and Grahein “Kryptos” means hidden “Grahein” means to write

Question 39

Code Breaking

Answer 39

Cryptanalysis

Question 40

Code designing

Answer 40

Cryptography

Question 41

What does Cryptanalysis refer to?

Answer 41

The process of obtaining the original message from the encrypted message.

Question 42

What is cryptography?

Answer 42

The practice and study of encryption to prevent unauthorized reading of information.

Question 43

What does a cryptographic system typically include?

Answer 43

* Private key cipher * Message integrity techniques * Secure identification/authentication techniques

Question 44

What is a Private Key cipher?

Answer 44

A cipher where the secret key is shared between two parties.

Question 45

What is a Public Key cipher?

Answer 45

A cipher where the secret key is not shared, allowing communication using public keys.

Question 46

What is the operation principle of the Caesar Cipher?

Answer 46

Each letter is translated into the letter a fixed number of positions after it in the alphabet.

Question 47

What is a Block Cipher?

Answer 47

Encrypts one fixed length group of bits at a time.

Question 48

What is the Electronic Codebook (ECB) mode?

Answer 48

The simplest encryption mode where each block is encrypted with the same key.

Question 49

What is Cipher Block Chaining (CBC)?

Answer 49

Each plaintext block is XORed with the previous ciphertext block, adding randomization.

Question 50

What is the Counter (CTR) mode?

Answer 50

Acts like a stream cipher, encrypting using the value of a counter.

Question 51

What is a Stream Cipher?

Answer 51

Encryption performed 1 bit or 1 byte at a time with a pseudo-random sequence.