Prelim

Question 1

What is E-commerce?

Answer 1

Any transaction online, including online banking, software services, remote service providers, or online course platforms.

Question 2

What are the key specifications of Real-world Security?

Answer 2

• Specifications/policy : What is the system supposed to do
• Implementation mechanism : How does it do it?
• Correctness/assurance : Does it really work?
• Human Nature : Can the system survive “clever users”?

Question 3

What you might want in a software?

Answer 3

*Privacy
*Protection against phishing, vishing
*Integrity
*Authentication
*Authorization
*Confidentiality
*Non-repudiation
*Availability

Question 4

It is the protection against unauthorized modification or destruction of information.

Answer 4

Integrity

Question 5

Ensures that information is not disclosed to unauthorized persons.

Answer 5

Confidentiality

Question 6

The process of verifying the identity of a user, message, or originator.

Answer 6

Authentication

Question 7

Provides proof of data delivery and sender identity, so that neither party can later deny having processed the information.

Answer 7

Non-repudiation

Question 8

It is the guarantee of timely, reliable access to data and information services for authorized users.

Answer 8

Availability

Question 9

What does Availability refer to in information security?

Answer 9

Timely, reliable access to data and information services for authorized users.

Question 10

Define Integrity in the context of information security.

Answer 10

Protection against unauthorized modification or destruction of information.

Question 11

What is Confidentiality in information security?

Answer 11

Assurance that information is not disclosed to unauthorized persons.

Question 12

What is Authentication?

Answer 12

Security measures to establish the validity of a transmission, message, or originator.

Question 13

What does Non-repudiation mean?

Answer 13

Assurance that the sender has proof of data delivery and the recipient has proof of the sender’s identity.

Question 14

What are the types of assets in information security?

Answer 14

• Physical assets: Devices, computers, people
• Logical assets: Information, data, intellectual property
• System Assets: Software, hardware, data, personnel resources

Question 15

What is an attack in the context of information security?

Answer 15

An attempt to gain access, cause damage to, or otherwise compromise information and/or systems.

Question 16

What is a Passive attack?

Answer 16

An attack in which the attacker observes interaction with the system but does not directly interact with the system.

Question 17

Define an Active attack.

Answer 17

An attack in which the attacker directly interacts with the system.

Question 18

What is an Unintentional attack?

Answer 18

An attack where there is no deliberate goal of misuse.

Question 19

What is Exposure in information security?

Answer 19

An instance when the system is vulnerable to attack.

Question 20

Characteristics of information to be useful

Answer 20

Accurate
Timely
Complete
Verifiable
Consistent
Available

Question 21

Aspects of Information Needing protection

Answer 21

Availability
Confidentiality
Authentication
Non-repudiation

Question 22

is the resource being protected

Answer 22

Assets

Question 23

Physical assets

Answer 23

devices, computers, people

Question 24

Logical assets

Answer 24

information, data (in transmission, storage, or processing), and intellectual property

Question 25

System assets

Answer 25

any software, hardware, data, administrative, physical, communications, or personnel resource within an information system

Question 26

What does Compromise refer to?

Answer 26

A situation in which the attack has succeeded.

Question 27

What is a consequence of an attack?

Answer 27

The outcome of an attack, which may include disruption, corruption, or exploitation.

Question 28

What is meant by Disruption in the context of consequences?

Answer 28

Targets availability.

Question 29

What is meant by Corruption in the context of consequences?

Answer 29

Targets integrity.

Question 30

What is meant by Exploitation in the context of consequences?

Answer 30

Targets confidentiality.

Question 31

is a type of consequence, involving accidental exposure of information to an agent not authorized access.

Answer 31

Inadvertent disclosure

Question 32

Taxonomy of attacks with relation to security goals

Answer 32

Threat to Confidentiality Threat to integrity Threat to availability

Question 33

# Taxonomy of attacks with relation to security goals Threat to Confidentiality

Answer 33

Snooping Traffic analysis

Question 34

# Taxonomy of attacks with relation to security goals Threat to integrity

Answer 34

Modification Masquerading Replaying Repudiation

Question 35

# Taxonomy of attacks with relation to security goals Threat to availability

Answer 35

Denial of service

Question 36

What is the definition of Authentication?

Answer 36

The process of recognizing a user’s identity.

Question 37

What is Authorization?

Answer 37

The process that determines what a user is able to do and see on a website.

Question 38

What is Malware?

Answer 38

Malicious software designed to disrupt, damage, or gain unauthorized access to systems.

Question 39

Malware Prevention Methods

Answer 39

Regular Software Updates Antivirus Software Network Segmentation Educate Users

Question 40

Malware Prevention Tools and Strategies

Answer 40

Patch Management Systems Endpoint Detection and Response (EDR) Regular Backups Network Segmentation

Question 41

List examples of Malware.

Answer 41

* Viruses * Worms * Ransomware * Trojans * Spyware * Adware

Question 42

What is Phishing?

Answer 42

Tricking individuals into providing sensitive information by pretending to be a trusted entity.

Question 43

What are common forms of Phishing?

Answer 43

* Emails * Fake websites * SMS ('smishing') * Voice calls ('vishing')

Question 44

Phishing Prevention Tools and Strategies

Answer 44

1 . Email Security Gateways 2 . Phishing Simulations 3 . Zero Trust Access 4 . Threat Intelligence Feeds

Question 45

Social Engineering Prevention Methods

Answer 45

Strict Access Control Verify Requests Awareness Programs Incident Reporting

Question 46

Software Vulnerabilities

Answer 46

Flaws or weaknesses in code that attackers can exploit to compromise systems, steal data, or gain unauthorized access

Question 47

Hardware Vulnerabilities

Answer 47

Weaknesses in network protocols, configurations, or infrastructure that can lead to unauthorized access or data interception

Question 48

Common Vulnerabilities

Answer 48

* Weak or Default Credentials * Man-in-the-Middle (MITM) Attacks * Unsecured Network Devices * Denial of Service (DoS) and Distributed Denial of Service (DDos Attacks: * Outdated or Insecure Protocols

Question 49

What is Social Engineering?

Answer 49

Exploiting human psychology to manipulate individuals into divulging confidential information.

Question 50

What are examples of Social Engineering?

Answer 50

* Pretexting * Baiting * Tailgating * Quid pro quo attacks

Question 51

What are Denial of Services (DoS) Attacks?

Answer 51

Overloading systems or networks to make them unavailable to legitimate users.

Question 52

What are Man in the Middle (MITM) Attacks?

Answer 52

Intercepting communication between two parties to eavesdrop or alter data.

Question 53

What are Password Attacks?

Answer 53

Cracking or stealing passwords through brute force, dictionary attacks, or keylogging.

Question 54

What are Zero Day Exploits?

Answer 54

Exploiting software vulnerabilities before the vendor releases a patch.

Question 55

Define Cryptology.

Answer 55

The process of making and using codes to secure the transmission of information.

Question 56

Where did the word Cryptology came from?

Answer 56

Greek words Kryptos and Grahein “Kryptos” means hidden “Grahein” means to write

Question 57

Code Breaking

Answer 57

Cryptanalysis

Question 58

Code designing

Answer 58

Cryptography

Question 59

What does Cryptanalysis refer to?

Answer 59

The process of obtaining the original message from the encrypted message.

Question 60

What is cryptography?

Answer 60

The practice and study of encryption to prevent unauthorized reading of information.

Question 61

What does a cryptographic system typically include?

Answer 61

* Private key cipher * Message integrity techniques * Secure identification/authentication techniques

Question 62

What is a Private Key cipher?

Answer 62

A cipher where the secret key is shared between two parties.

Question 63

What is a Public Key cipher?

Answer 63

A cipher where the secret key is not shared, allowing communication using public keys.

Question 64

What is the operation principle of the Caesar Cipher?

Answer 64

Each letter is translated into the letter a fixed number of positions after the letter in the alphabet.

Question 65

What is a Block Cipher?

Answer 65

* Are stronger but slower and often implemented in hardware * One or large block at a time * Substitution and transposition

Question 66

What is the Electronic Codebook (ECB) mode?

Answer 66

Each block is encrypted with the same key—identical plaintext block created identical cipher block | Simplest Encryption mode

Question 67

What is Cipher Block Chaining (CBC)?

Answer 67

Each plaintext block is XORed with the previous ciphertext block, adding randomization.

Question 68

What is the Counter (CTR) mode?

Answer 68

Encrypting using the value of a counter. Plaintext can be any size - XOR 8 bits at a time instead of 128 bit block | Acts like a stream cipher

Question 69

What is a Stream Cipher?

Answer 69

* Are fast and easy to implement in hardware * Encryption is performed 1 bit or 1 byte at a time * Mixes plaintext with key stream * Either using Symmetric Key or Public Key * The starting state should never be the same twice — uses initialization vector

Question 70

What is Symmetric cipher?

Answer 70

involves using a single key to encrypt and decrypt data

Question 71

What is Asymmetric Cipher?

Answer 71

encryption uses two keys - one public and one private - to encrypt and decrypt data

Question 72

What is an assumption in information security?

Answer 72

It can help find underlying vulnerabilities.

Question 73

Digest

Answer 73

can be used to check the integrity of a message: that the message has not been changed

Question 74

Substitution cipher

Answer 74

replaces one symbol with another

Question 75

Plaintext

Answer 75

* A message in its natural format readable by an attacker * Original message or data (also called cleartext

Question 76

Ciphertext

Answer 76

Message altered to be unreadable by anyone except the intended recipients

Question 77

Encryption

Answer 77

Transforming the plaintext under the control of the key

Question 78

Key

Answer 78

Sequence that controls the operation and behavior of the cryptographic algorithm

Question 79

Decryption

Answer 79

Transforming the ciphertext back to the original plaintext

Question 80

Types of Cryptography

Answer 80

Stream Ciphers Block Ciphers

Question 81

Confusion

Answer 81

Key to ciphertext relationship is very complicated Key cannot be determined on the ciphertext

Question 82

Diffusion

Answer 82

Output should be different from the input Change 1 bit of the input, at least 50% of the output should change

Question 83

Block Cipher Mode Operations

Answer 83

1. Electronic Codebook (ECB) 2. Cipher Block Chaining (CBC) 3. Counter (CTR)