Unit 1: Cybersecurity Principles

Question 1

“RAM”?

Answer 1

Random Access Memory

Question 2

“ROM”?

Answer 2

Read Only Memory

Question 3

Difference in RAM and Storage (as human equivalent)

Answer 3

RAM=short-term memory

Storage=long-term memory

Question 4

Purpose of IEEE

Answer 4

Creating standards for electronics manufacturing

Question 5

Complexity principle (re: compromise)

Answer 5

More complicated = less likely

Question 6

Principle of ‘security’

Answer 6

Security exists only so far as the ability to prevent threats.

Question 7

Outline Log4j attacks.

Answer 7

Hackers exploiting vulnerability in Java in the back end to access a user’s command line.

Question 8

What is Catfishing?

Answer 8

-Attacker poses as attractive person online
-Defrauds victim who is now in love with them

Question 9

Define ‘Advanced Persistent Threat’ (3)

Answer 9

1. Sophisticated, sustained cyber attack; 2. Intruder establishes undetected presence;
2. To steal data over a long time.

Question 10

Difference between LAN and WAN.

Answer 10

LAN = Router looks inside to groups of devices;

WAN = LANs connected by Internet Service Providers.

Question 11

Define ‘Source Code’.

Answer 11

A text listing of commands to be compiled or assembled into an executable program.

Question 12

Language used to write (most) operating systems.

Answer 12

C

Question 13

Outline ‘Supply Chain Attack’ (3)

Answer 13

1. Attacker infects software upstream in the supply chain; 2. Malware spreads to other area in the network; 3. Allows access to sensitive data in downstream organisations.

Question 14

What is a Boolean Operator? (2)

Answer 14

1. A word or phrase connecting search terms; 2. To create a logical phrase understandable to database.

Question 15

Examples of Boolean Operators (3) and their functions (3).

Answer 15

1. AND: requires both search terms to be present.
2. OR: one or the other term must be present in result.
3. NOT: excludes search results that contain the search term.

Question 16

Search for scissors on Italian websites using Google Dorking.

Answer 16

“scissors” site:.it

Question 17

Search for A-Level Mathematics Results on the UCAS website only.

Answer 17

“A-level mathematics results” site:ucas.com

Question 18

Search for cybersecurity, but only for results related to hacking.

Answer 18

“cybersecurity” AND “hacking”

Question 19

What is a Hazard?

Answer 19

Potential issue that may lead to vulnerability.

Question 20

What is a Vulnerability?

Answer 20

Actual weaknesses open to exploit.

Question 21

What is a Risk?

Answer 21

Potential exposure to breach and the impacts of breach.

Question 22

Give examples of Cybersecurity hazards (3)

Answer 22

1. Using online database.
2. Located in a particular country.
3. Dealing with certain types of clients/industries.

Question 23

Give examples of Cybersecurity (3)

Answer 23

1. Physical/Social: real-world, people.
2. Logical: software, network.
3. External: 3rd-party dependence.

Question 24

Give examples of things breaches can impact (5)

Answer 24

1. Uptime.
2. Operations.
3. Damaged services.
4. Costs to Reputation.
5. Penalty costs.

Question 25

The three protection goals in information security.

Answer 25

Confidentiality, integrity, availability.

Question 26

Define “confidentiality”

Answer 26

Preventing unauthorised gain of information.

Question 27

Define “integrity“

Answer 27

Prevention or detection of unauthorised data modification

Question 28

Define “integrity“

Answer 28

Prevention or detection of unauthorised data modification

Question 29

Define “availability”

Answer 29

Prevention of unauthorised deletion or disruption

Question 30

Define “availability”

Answer 30

Prevention of unauthorised deletion or disruption

Question 31

The two types of data that protection goals apply to

Answer 31

1. Data at rest 2. Data in transit.

Question 32

Define “data at rest”

Answer 32

Data stored on a computer or on paper

Question 33

Define “data in transit”

Answer 33

Data being sent over a network

Question 34

Define “ authorised actor”

Answer 34

Person authorised to access a store of data

Question 35

Give an example of accessibility in relation to data stored on a smart phone

Answer 35

Back ups to the cloud in case of machine failure

Question 36

Define “authenticity” as a protection goal

Answer 36

Preventing actors from impersonating someone else

Question 37

Define “non-repudiation” as a protection goal

Answer 37

Preventing actors from denying that they carried out a particular act

Question 38

Why are non-repudiation and authenticity necessary protection goals?

Answer 38

In order to hold actors accountable

Question 39

What is the goal of computer security?

Answer 39

To protect valuable assets

Question 40

What are assets in relation to computer security? (3)

Answer 40

Hardware, software and data

Question 41

Define “threat”

Answer 41

Any occurrence that may result in asset loss or damage

Question 42

Define “information security”

Answer 42

Protection of data and any information derived from its interpretation

Question 43

Define “system security” (2)

Answer 43

1. Ensuring computer systems work as intended 2. by protecting them from attack.

Question 44

What is authentication?

Answer 44

Requiring users to enter a password

Question 45

What are access controls?

Answer 45

Rules that govern the information a user can access

Question 46

Examples of how to achieve confidentiality in system security (2)

Answer 46

1. Data encryption. 2. combination of authentication and access controls.

Question 47

What are “ cyber–physical systems”?

Answer 47

Systems affecting the real world

Question 48

List five examples of cyber-physical systems (5)

Answer 48

1. Traffic lights. 2. Hospital respirators. 3. Power plant control systems. 4. Auto pilot. 5. Industrial robots.

Question 49

What is critical infrastructure?

Answer 49

Systems which have a significant impact on society if they fail

Question 50

Difference between safety and security

Answer 50

Safety: protects against non-malicious threats Security: protects against malicious threats

Question 51

What are benign threats?

Answer 51

Threats due to human errors

Question 52

What are malicious threats?

Answer 52

Threat due to bad intentions

Question 53

What are random attacks?

Answer 53

Attacks where victim is not important so long as there is gain

Question 54

What is a targeted attack?

Answer 54

Strategic attack directed at a particular victim

Question 55

Define “vulnerability“ (2)

Answer 55

1. A flaw or weakness in the systems design implementation or operation and management 2. that could be exploited to violate the systems security policy.

Question 56

How to decide the severity of a risk

Answer 56

1. Impact of possible attack. 2. Likelihood of attack taking place.

Question 57

What are the four ways of handling risks? (4)

Answer 57

1. Avoidance. 2. Mitigation. 3. Transfer. 4. Acceptance.

Question 58

How to avoid risk

Answer 58

Refrain from implementing a feature

Question 59

How to avoid risk

Answer 59

Refrain from implementing a feature

Question 60

How to mitigate risks

Answer 60

Implement counter measures to decrease impact and/or likelihood

Question 61

How to transfer risks

Answer 61

Buy insurance or levy impact onto another party

Question 62

How to transfer risks

Answer 62

Buy insurance or levy impact onto another party

Question 63

What is risk acceptance?

Answer 63

Deciding to cover the cost of an attack

Question 64

What is a “negative externality “in relation to risk?

Answer 64

System designers transfer risk to the users of system

Question 65

What is “negative externality“ in relation to risk?

Answer 65

Designers of system transfer threat impact to the users

Question 66

Problem created by negative externality

Answer 66

Lower incentive for designers to create highly secure systems

Question 67

Problem created by negative externality

Answer 67

Lower incentive for designers to create highly secure systems

Question 68

Define “sensitive data” (6)

Answer 68

Data revealing: ethnic origin, political opinions, beliefs, trade union membership or concerning health or sex life

Question 69

Define “personally identifiable information“ (3)

Answer 69

Information that (1) identifies, (2) describes or (3) is unique to an individual.