Cybersecurity - Significance

With growing technological changes, organizations are currently grappling with

increasing security concerns. Any cybersecurity event could vandalize the hard-earned
reputation and loss of large asset values ($).  

A lot of data breaches and cyberattacks have had a great impact, and organizations are
working towards pruning security breaches.  

Conventional IT security leaders have scaled up becoming digital security leaders and
have widened their support to address risks for technology-savvy engineering and
physical environments.  

It's high time that everyone understands more about Cybersecurity and be cautious at

the same time.

Cybersecurity - Significance
With growing technological changes, organizations are currently grappling with
increasing security concerns. Any cybersecurity event could vandalize the hard-earned
reputation and loss of large asset values ($).  

A lot of data breaches and cyberattacks have had a great impact, and organizations are
working towards pruning security breaches.  

Conventional IT security leaders have scaled up becoming digital security leaders and
have widened their support to address risks for technology-savvy engineering and
physical environments.  

It's high time that everyone understands more about Cybersecurity and be cautious at

the same time.

What is Cybersecurity?
Cybersecurity by itself is an ocean, and it becomes necessary for everyone to know more
about the different aspects to protect both personal/organization information.

If you had been wondering,

  Why is Cybersecurity required?
 What are Cybersecurity threats and malicious programs?
 What are the consequences of cyber attacks?
 Preventive measures and techniques?

Let's embark on the course to start exploring cybersecurity, which would give you an
overall view and understanding of the above questions.

Gartner predicts Worldwide Security spending to

shoot up to $96 Billion in 2018, an increase of 8%
from 2017.
Why is Cybersecurity Required?
Cyberattacks are happening all the time with latest digital trends emerging and
becoming more prevalent.

What is a cyberattack?

An attempt made by hackers to intrude or destroy a computer network or system.

Cybersecurity:

 protects the data and integrity of computing assets within an organization’s

network.
 defend those assets against all threat factors throughout the entire life-cycle of
a cyberattack.

Keeping pace with cybersecurity strategies and operations can be a challenge,

as cyberspaceexpands with technologies like cloud and mobile computing.

Believed to be one of the most important historic

violation, Office of Personnel Management in US was
hacked on April 2015, resulting in the theft of
approximately 21.5 million personnel records.
The data breach compromised on Personally
Identifiable Information (PII) like Social Security
Numbers, name, and address.

Focus of Cybersecurity
The focus of cybersecurity is on

 preventing
 mitigating
 detecting
 investigating and
 responding to cyber attacks.

The complexity of cyberspace implies that there are potentially endless lists of attack
scenarios and malicious programs.

You will learn about the different malicious programs in the next section!

Malicious programs or Malware are specifically designed to delete, block, modify, or

disrupt the performance of computers and computer networks.

Malwares include

 Viruses
 Worms
 Trojans
  Spyware
 Adware
 Ransomware
 Scareware

Viruses and Worms are two of the most familiar malicious programs.

Virus

 Virus is a type of malicious software that can self-replicate and spread to other systems
or hosts, eventually corrupting the systems.
 requires an active operating system /active host program or an already-infected system
to run and cause damage.
 Virus spreads easily to other hosts through some means, one of the frequent means
being email attachment.

Worm

 Unlike virus, worm is a standalone software that does not need human help/host
program to spread.
 Worms can advance and self-replicate within a system using up resources such as
processing and memory.
 Enters the system through a vulnerability and attacks information-transport
features/file-transport of the system.

Spyware
Spyware is designed to extract data from its host computer, for marketing purposes and
then transmits that data to a remote system without the user's knowledge.

Adware
Adware is similar to spyware, but it has been designed for advertising. Such as in a pop-
up screen.
Adware and Spyware are commonly known
asPotentially Unwanted Program -  PUP.
A potentially unwanted program (PUP) is a software
that can be considered as nonessential, whose
implementation can compromise privacy or weaken
the computer's security.

Ransomware and Scareware

Ransomware

 Ransomware contains a computer system captive while charging a ransom.

 Ransomware restricts access to the computer either by encrypting files on the hard drive or
by displaying messages that are meant to force the user to pay the malware creator, to
eliminate the restrictions and retrieve access to their system.

Scareware

 Scareware tricks users by making them believe that their computer has been infected
with a virus and then suggests to download and pay for fake antivirus software.
 Usually, the virus is fictional, and the software is non-functional or malware itself.

Did you know - The number of scareware packages in circulation rose from 2,850 to 9,287
in the second half of 2008 alone to bring more awareness to users.

Source:  Anti-Phishing Working Group

Trojan
Trojan is named after the wooden horse that the Greeks used to infiltrate Troy.

Upon activation, a Trojan attacks a host by

  irritating the user by
o popping up windows
o changing desktops
 damaging the host by
o deleting files
o stealing data or
o activating and spreading other malware, such as viruses.
 replicates through user interaction like
o opening an e-mail attachment
o downloading and running a file from the Internet.

Trojan is commonly known for providing backdoor access to the system for malicious users.

Notable Worms and Viruses

 Zeus(trojan) - targeted Microsoft Windows to
collect banking data by keystroke logging.
 Nimda(worm) - caused about 530,000,000
damages within one week. It was propagated by
locating email addresses and then appending
JavaScript.
 CryptoLocker(trojan) - encrypts files in user's hard
drive, and demands a ransom to the user in order
to receive the decryption key.
Botnets
Botnet is derived from the words Robot and Network.

 The objective of creating a botnet is to infect as many connected devices as

possible.
 Bot is a device infected by malware, which becomes part of a network of infected
devices administered by a single attacker or attack group.
 Looks for vulnerable devices throughout the internet, instead of targeting
particular individuals, industries or companies.
Malnets

Malnets differ from botnets

 While Botnets are largely used to distribute spam and malware to other users, Malnet is
used to draw users in and infect them.
 Botnets are often controlled by a single or small number of command servers, whereas
Malnets use fast-changing infrastructures.

The malnet infrastructures allow cybercriminals to open dynamic attacks that can remain
unnoticed for days or months, by conventional anti-virus vendors.

Malvertising
New concept for spreading malware is even harder to combat because it can work its
way into a webpage and spread through a system unknowingly.

 Malvertising is injecting malicious or malware-laden advertisements into genuine

online advertising networks and webpages.
 It is easy for attackers to spread across a large number of websites without
directly compromising them.
 The interesting stuff about the spread of infections through malvertising is that
it does not require any user actions such as clicking or downloading.
 In 2017, "WannaCry" ransomware had impacted
over 200,000 organizations across 150 countries,
by using the flaw in Microsoft's software.
 Many companies like Telefonica, FedEx, Renault,
and NHS had big impact due to WannaCry"
ransomware.

Infection - Signs and Symptoms

Some signs that could indicate your system is infected:

 Reduction in performance due to slow-running processes

 System instabilities
 Internet homepages changed in your browser
 Pop-up ads frequently occur than usual.
 Browser redirection
 Disabled functions
 Unable to connect to the Internet or access higher-level system control functions.

Antivirus software

 Antivirus software tracks all files coming into the system from various sources such
as USB, mail, or websites, and checks if they match any of its virus or PUP signatures.
 If they match, it typically removes or quarantines them.
 Approximately 95% effective in detecting viruses and PUP's, since new viruses and PUP's
are being created frequently.
 Antivirus software needs to be updated regularly so that new signatures can be added.

Myths!
There are some common myths related to computer viruses:

 Any error message on the system, indicates virus infection - False, can indicate
hardware/software issues.
 Viruses and Worms always require user interaction - False, malicious code is run.
 Email attachments from known senders are safe - False, they can be used to spread
infection.
 Antivirus programs will stop all threats - there is no such protection as 100%.
 Viruses can inflict physical damage on your computer - such damages are not simply
possible.
1. Unsolicited commercial email is known as – Spam
2. ________ monitors user activity on internet and transmit that
information in the background to someone else. – spyware
3. Which of these are Personally Identifiable Information – all
 4. What is PUP – Potentailly unwanted program
5. A ________ is like a Virus, having the ability to spread without any
medium. – Torjan
6. Internet can impose a number of Risks and hence Cybersecurity is
required. – true
7. Which of these is an anti-virus program -all
8. Which of these are cyber threats? – all

Fundamental and core principles of providing a secure system is that of ensuring

 Confidentiality

 Integrity

 Availability.

Commonly known as CIA triad, which is widely acknowledged in information assurance

models.

In this section, you will understand more about each one of these in detail now!

Confidentiality
Confidentiality is the guarantee of data privacy and protection against
unauthorized disclosure.

Personal Identifiable Information (PIIs):

 Social Security
 Credit card information
 Account numbers
 Business information such as:
 o Financial data
o Employee records and Trade secrets

All these above are categorized as Confidential information.

Integrity
Protecting data from unauthorized modification is called Integrity.

 Integrity gets compromised when information or data has been modified or

destroyed, either maliciously or accidentally.
 Example for violation of Integrity: A student going into the grades and modifying his
or her Maths grade from C to A.

Measures to protect against violations of integrity :

 Auditing network for uncommon or suspicious activity.

 Software intrusion detection systems like Tripwire, can be used to analyze
checksums for any unauthorized changes.

Availability
Availability is ensuring that data and services are available to authorized users
whenever required.

 A denial of service attack is an attack against availability. This attack sends

numerous requests to a system to interrupt services to genuine users.

 A distributed denial of service(DDoS) attack is more effective as it uses botnets to

launch an attack.

Protecting Information
Data leakage is not always noticeable.
Protecting information

 Encryption is one of the key measures for protecting against loss of

confidentiality.
 Encryption converts data into a non-decodable format, which can't be retrieved
without the use of a key.
 Individuals and businesses should allow only authorized individuals, processes, or
devices to access the data.

Protection Mechanisms
 CIA compliant system provides protection mechanisms that offer layered
protection to the data.
 Use of layered approach and proper checks to improve confidentiality, integrity,
and availability.
Model

 Multiple Layers - Different controls guard the system against various threats coming at
different levels.
 Abstraction - Used for efficiency.
 Data Hiding - Data hiding entails keeping data undiscoverable by unauthorized
personnel.
 Encryption - A technique used for masking the original data so that it can’t be
interpreted right away.

Details of Encryption will be covered in the next section.

Check your understanding!

If a person gained unofficial access to the company's
payroll information and read payroll information of all.
What type of violation would it be - Integrity,
Confidentiality or Availability?
Cryptography - World of Encryption
  The word cryptography was framed by combining two Greek words,

o ‘Krypto’ meaning hidden and

o ‘graphene’ meaning writing.
 Believed to be adopted by Egyptians (1900 B.C), cryptography ensures secure
communication amidst the presence of malicious third-parties (adversaries).

 Encryption leverages an algorithm and a key to reconstruct an input (plaintext)

into an encrypted output. (ciphertext)

In this section, you will understand more about Cryptography.

Two categories of the encryption algorithm include:

Symmetric
 Both encryption and decryption use same key.
 Used for encrypting large amounts of data (like an entire disk partition or database) as it
is very fast.
 Primarily used for privacy and confidentiality.

Asymmetric
 Uses two different set of keys for encryption and decryption. (public and private key)
 Although the public key may be freely distributed, the private key is kept in a secret
manner,
 Very slow and used to encrypt data smaller than key size (2048 bits or smaller)
 Leveraged to encrypt symmetric encryption keys, which are then used to encrypt much
larger blocks of data.
 Primarily used for authentication, non-repudiation, and key exchange.

Plaintext

Any language that is communicated and understood is a plain text or cleartext. It is

readable to human.

Ciphertext

Ciphertext is a text language or a written document in which the plaintext has changed
its form, a form which cannot be read or we cannot communicate and understand it. It is
also known as encrypted test.
How it works?

 Plaintext is encrypted before sending over the medium.

 The encrypted message (ciphertext), which is received at the other end of the
medium and decrypted to get back the original plaintext message.
 • Integrity check — Uses hash function, to ensure data has not been modified,
erased or lost in an accidental, or unauthorized manner.
 • Authentication — Positively identifying and validating an entity in a system,
such as signing an electronic contract. Uses digital signature/Method
Authentication Code.

Risks, Threats and Vulnerabilities

For developing security strategies, you need to understand about Assets, Risks, Threats,
and Vulnerabilities.

1. Assets

 Assets can be tangible and intangible items that can be assigned a value.

 Example for tangible assets are printers or computers.
 Intangible assets consist of trade secrets, databases, and company records.

2. Threat

The probable danger that in general are difficult to control. Threats can include unhappy
employee, terrorists, or nature.

3. Vulnerability

Security flaw or a weakness in a system. Assets can be exploited by threats if it is

vulnerable. A system connected to the Internet can represent a vulnerability if it is
unpatched.
4. Risks

The risk is something that can happen unexpectedly and is a combination of threats and
vulnerabilities.

threat times and vulnerabilities. Hence, to understand the risk to assets, the possible
threats and vulnerabilities must be analyzed.

Risk = Threat * Vulnerability

 Risk is a behavior of a threat exploiting a vulnerability.

 Risks could cause

o Business disruption,
o Financial loss, or
o Even loss of life.

Scenario - Determining Risk

You have to understand this short story of The Three Little Pigs and wolf, to do Risk
Analysis of the scenarios.

There were three little pigs.

 The first little pig built a house of straw, but the wolf blows it down and eats the
pig.
 The second little pig built a house of sticks, but the wolf also blows it down and
eats the pig.
 The third little pig built a house of bricks, which the wolf cannot blow it down.

So now, how would you be performing the Risk analysis?

Threat

As you observe in all three scenarios, The threat is 100% as the wolf tries to blow the
house down.
Vulnerability

But as for vulnerability, is where the change takes place.

 Straw house - 90% vulnerable that it's going to be blown down.

 Stick house - 40% vulnerable as wolf has less chance compared to straw house.
 Brick house - 0% vulnerable that wolf can't break it down.

Inference

The vulnerability can be fixed, so you should check and address vulnerabilities regularly.

There exists scenarios where threats may exist, but if

there is no vulnerability, there will be no risk.
Similarly, if there is a vulnerability but no threat, then
again there won't be a risk.
What is an Attack?
Attack can compromise the security of data.

There are two main types of attacks - passive and active.

Passive attack

 Tracking transmissions with the intention of capturing information without the

knowledge of the user.
 This is non-invasive.
 Example: capturing passwords or data files.

Active attack
  Here, intruder tries to break into secured systems for stealing or modifying
information or to generate malicious code.
 Example: Injecting systems with Malicious programs such as Worms, Viruses or
Trojans.

Attack Types
 Phishing - one of the most dangerous cyber threats of all time. The sole purpose
of phishing is to distract/fool the victim and to get all the confidential information
such as address, bank account, password, card number, etc. Phishing spreads
through email or even phone calls.
 Password Attack- Hackers don’t need any emails, code or forged links to make
this attack. They can do it by cracking your password. Hackers may use any
password cracking tool to trigger this attack.
 Drive-by Download - This could get triggered just by visiting a website. An
unusual download might start automatically even without action by the users,
causing Malware to be installed on the device.

Now you will understand about Attack Surfaces!

What is an Attack Surface?

An attack surface represents any known, unknown or probable vulnerabilities across
areas of exposure such as

 Software
 Hardware
 Network,
 User.

To reduce risk, the attack surface needs to be decreased.

Attack Surfaces - Software and Hardware

Software attack surface
  Comprises applications, services, configurations, executables, dll's, web pages
available to authorized users.
 Designed to point to vulnerabilities, that can cause anything from a minor
annoyance to a system crash.

Software vulnerabilities include Buffer overflows, code injection etc.

Hardware attack surface

 Hardware can also create an avenue for attack, but physical access to the device
is required.
 Hardware attacks can be accomplished through a network communication
connectionas well.

Hardware vulnerabilities includes items that users install such as software or plug-in flash
drives.

Network attack surface

 includes exposure to channels, protocols, devices, applications, ports and

interfaces.

 Network attack surface could be reduced by:

o ensuring only required features are enabled
o closure of unnecessary ports
o implementation of intrusion prevention systems
o firewalls.

User attack surface

 Weakest channel among all is Users.

 can be tracked and prevented, by logging and auditing.

1. Risk represents ________ threats, time, venerability

2. In Symmetric-key cryptography, the key used by the sender and
the receiver is –shared
3. Cryptography, a word with Greek origins, means -- Corrupting
Data is not the answer – Seceret writing, closed Writing, open
wriitng
 4. In symmetric-key cryptography, the same key is used by – both
5. The sole purpose of ________ attack, is to fool the victim and to
get all the confidential information –Phishing
6. If there is a vulnerability but no threat, then there won't be a risk –
true
7. ________ is the guarantee of data privacy and protection against
unauthorized disclosure – Confidentiality
8. Cryptography, a word with Greek origins, means – secret writing
9. The Cryptography can provide – All

Cybersecurity Threat is a scenario which will try to exploit possible vulnerabilities to

breach security thus impacting ongoing business.

It is very critical, due to increasing

 Exposure to Internet
 Growth of wireless technology
 Evolution of various smart devices (Internet of Things)

Classification of Threats
Malicious: A Hacker or disgruntled employee who is interested in specific Asset or
information only.

Non-Malicious: Attack that happens due to neglected factors like compromising with
security.

 This could impact a person or Business to:

o Compromise of information: Information theft, retrieval of discarded

materials.

o Compromise of functions: Error in its function and abusing rights.

Intrusion Phases
Hacker works towards his objectives by planning/performing a set of activities. Example:
exfiltration. Network intrusion happens in a phased manner.

1. Reconnaissance- Continuous search for identification of possible targets.

2. Weaponize- Malware Pairing with a deliverable. Example: MS-office.

3. Delivery- Transmit the weapon to identified target. Example: e-mail, websites.

4. Exploitation- Exploiting vulnerable system apps. Example: Triggering a weapon code.

5. Installation- Backdoor Installation for persistent access.

6. Command and control - Hands-on keyboard access required for weapon

communication.

Advanced Preventive Threats (APT)

 Kind of a network attack, where an unauthorized person gains access to a
network and remains there undetected for a long duration.
 The intention purely is to steal data rather damage network or organization.

Few Characteristics of APT:

 Tend to be highly customizedto a specific target.

 Deployment is semi-automated and operates in a low and slow manner to remain
unnoticed.
 Have specific objectives depending upon the source of the attack, which may
change over time.
 Infiltrate to hide and then continue its operation.
 Take command and control to provide customized malware updates.
 Most of the Cyberattacks are being automated or semi-automated by a specific or
group of Botmasters.
 Cyberattack usually starts with a known URL address then by scanning around
their LAN or internet space it can exploit all its associated vulnerable systems
also.

Threat Modelling
Threat Modelling is a process of securing web/mobile applications or any assets by
determining the effective security controls and measurements.

Considerations

 Identify Security Objectives - Is an application required to be available as per agreed

Service Level Agreement (SLA).
 Survey the Application - analyze and identify components, data flow and trust
boundaries (UML component diagram).
 Decompose it - identify the features and modules with a security impact (how a module
validate and processes the data before storing it).
 Identify Threats and Vulnerabilities - Attacker who understands your internal process is
a huge threat.

Assessment and Management

Static analysis: Static or Code Analysis is performed by dissecting the different resources
of the binary file without executing it and studying each component. Example: Analysis
using Machine or Assembly code.

Dynamic analysis: Dynamic or Behavioral analysis is done by observing the behavior of

the malware and is often performed in a sandbox-virtual environment to prevent the
malware from actually infecting production systems.

Threat Management is the best practice for managing cyber threats that enables early
identification of vulnerabilities using data-driven situational analysis.

 Threat analytics manual and automated intelligence data collection.

 Behavioral modeling Real-time monitoring.
 Advanced analytics to provide situational Awareness.
 In June 2007, US officials disclosed that
hackers broke into the Pentagon through
a directed attack on elements of the email
system and called it the most successful
cyberattack at that time on the US Defense
Department.

Reduce risks by preventing cyber-attacks using various security related tools, policies,

best practices and guidelines available with latest technologies.

STRIDE - a threat classification model that helps to limit the potential false positives
threat. This model is used to help reason and find threats to a system.

 Spoofing - of valid user identity

 Tampering - Misusing the end user read/write access.
 Repudiation - False denial of origin or receipt.
 Information disclosure - data/information leak.
 Denial of Service - Resources unavailable to its intended users.
 Elevation of privilege - exploiting a bug to gain admin access.

Mitigation Steps
i) Classify Assets - Classify information assets with regard to their business significance.

ii) Stay Informed - IT and security teams need to stay updated on the latest threat
attacks.

iii) Effective Controls - It is critical so along with Continuous monitoring control is

required.
iv) Governance and Reporting - Inform senior management of cybersecurity policies and
control mechanisms.

Cyber Threat Hunting - Prediction

Cyber threat hunting is a proactive process to predict potential risks efficiently using:

 Big data analytics can be used to detect long and slow Advanced Persistent
Threats.
 Machine-learning and UEBA - User entity and Behavior Analytics.
 Intelligence feeds - Threat intelligence feeds, malware analysis and
vulnerability scans.

Threat Intelligence
Threat intelligence is required at:

1. Strategic level - Research analysis and reports. Example: Duqu 2.0 reportfrom

Kaspersky published as a result of malware analysis.

2. Tactical level - Information exchange between operating communities. Example: FS-

ISACis an intelligence-sharing community for the banking industry.

3. Operational level - Real-time feed protocols are used within a community.

Example: STIX TAXII protocol.

Cybersecurity Architecture
Cybersecurity architecture is all about understanding one's Business Scope,
requirements`and then design and develop a security architecture to implement and
support it.

To capture complete business security architecture picture you have to find answers for

 What
  Why
 How
 Who
 Where
 When

under required logical and operational components.

Architecture Risk and Controls

Risks

 Security Architecture should identify and protect against Risks, for effective
management, it should be a continuous operational activity.

Example: For maintaining minimum 98% agreed SLA, you can define the security control
parameter SLA at 98.5% for taking appropriate actions when needed to avoid penalty
risk.

Controls

 In Security Architecture Control definition, you are not advised to set one
parameter, so we have to define controls at the different stages to detect and
avoid possible threats.

Example: For better control, you can define five levels of SLA security controls each from
98.9 to 98.5 respectively along with action points.

SABSA Framework
 Sherwood Applied Business Security Architecture (SABSA) framework is an open
source framework used to create Enterprise Security Architecture.
 A risk-driven method based on the analysis of the business requirements
 The primary objective is to protect business with the required level of security.
 Commonly represented as 6X6 SABSA matrix.

 X6 SABSA matrix are divided into four 3X3 matrices for better representation.
In the Architecture framework part, a Business considers its

 Security policies
 Risk
 Process
 Control
 Attributes
 Information
 Strategies
  Before designing security architecture, you should identify and define role-based
privileges for associates working in different locations as per the required
timeline.

Incident Management
Incident is an event that may lead to business operational disruption.

Incident management is a set of activities performed to

 Prepare
 Identify
 Analyze
 Solve issues to prevent future incidents.

You will understand more about Incidents in this section.

Prepare, Detect, and Analyze

Preparation

 Involves training the incident response team after establishing required tools,

processes and resources.

Incidents must be prioritized based on the Business impact.

Detection and Analysis

 A continuous process that often requires as much intuition as intelligence for

detecting any Malware intrusion and their remote connections.

Many incidents require further investigations to find the source and reasons of attack
along with containment and eradication of affected and vulnerable systems for recovery
activities.

1. Preparation - Involve the team and define the required procedures for guidance.

2. Detection and Analysis - Work on incidents that require further investigations to find
the source and reasons of attack.
3. Containment, Eradication and Recovery - Take control of the incident before it gets
worse, then remove and recover the affected system securely.

4. Post-Incident activities - Document the learning outcome along with the required
measures and controls.

Crest UK has developed open source tool, Incident response maturity assessment,

which is a spreadsheet-based tool used to assess organization's readiness for its
response to cyber attack.

It follows three phases such as

 Prepare
 Response and
 Follow-up

Incident Response
Preparation
 Conduct a critical assessment of your organization.
 Carry-out a security threat analysis from practical incidents.
 Consider the implication of people, process, technology and information.
 Create appropriate control framework
 Review your state of readiness.

Response
 Identify cybersecurity incident.
 Define Objectives and investigate the situation.
 Take appropriate pre-approved or required actions.
 Recover systems data and connectivity.

Post-Incident Activities
The below are the recommended Incident response activities:
Follow-up
 Investigate incidents more thoroughly.
 Report Incident to relevant stakeholders.
 Carry out a Post-Incident review.
 Update key information, controls and processes.
 Perform trend analysis.
 Communicate and share the lessons learned.

Incident Category
Incident Category can be defined according to business priorities ranging from their
testing incidents to any unauthorized attack.

Precursor shows us the incident may occur. Example: Flight cabin crew alarm would be a
precursor to any Airline Incident.

Indicator shows us the incident may have occurred. Example: Indication for breaching

minimum required SLA%.

Critical Decision Point

The responsive challenge is that maintaining the optimum balance between

 under responsive(being vulnerable) and

 over responsive(risk of false alarm).

 Deep packet inspection can be used to give more context to the precursor or

indicator.

 If an indicator has turned into an incident, prioritization is perhaps the

most critical decision point in the incident handling process.

 WireShark is an interactive network protocol analyzer and capture utility.

  Used to examine the details of traffic at a variety of levels ranging from
connection-level information to the bits that make up a single packet.


 Tcpdump is an open source command-line tool for monitoring network

traffic.
 Captures and displays packet headers matching them against a set of criteria.

Network Monitoring Tools

 Syslog stands for System Logging Protocol and is a standard protocol used
to send system log or event messages to a specific server, called a syslog
server.

It is primarily used to collect various device logs from several different machines in a
central location for monitoring and review. The protocol is enabled on most network
equipment such as routers, switches, firewalls, and even some printers and
scanners.

a. Risk represents ________ threats, time, venerability

b. In Symmetric-key cryptography, the key used by the sender and the
receiver is –shared
c. Cryptography, a word with Greek origins, means – Seceret writing,
closed Writing, open wriitng
d. In symmetric-key cryptography, the same key is used by – both
e. The sole purpose of ________ attack, is to fool the victim and to get all
the confidential information –Phishing
f. If there is a vulnerability but no threat, then there won't be a risk – true
g. ________ is the guarantee of data privacy and protection against
unauthorized disclosure – Confidentiality
h. Cryptography, a word with Greek origins, means – closed writing
i. The Cryptography can provide – All

j. Deep packet inspection can be used to give more context to indicator

only – false
k. Which is a part of a response phase activities  - Investigate
l. UML component diagram is used to identify how a module validate
&processes the data before storing it. – false
m. Which is not part of an Incident Response Preparation phase –
Defining Objectives
n. Incident Category can be defined according to business functional
priorities. – true
o. Which is an open source data loss prevention solution – MyDLP
p. Which is a part of a response phase activities –take preapporved
q. Incidents should be handled on a first come- first serve basis and
must be prioritized based on the Business impact – fasle
r. Which is not part of a response follow-up activities –, take pre-
approved

Which is not part of a Incident Response Preparation phase

Defining Objectives

s. Which is not a set of activity performed to prevent future incidents in

Incident management  - Solve Issues, Identity mitigate, analyze
t. Incident Category can be defined according to business functional
priorities – true
u. Detection and Analysis is a continuous process of a cyber-attack for
detecting Malware intrusion and their remote connections – true

v. How do we define RADIUS?- Remote Authentication Dial-In User

Service
w. Phishing emails include fake notifications from banks and e-payment
systems. – true
x. A ________ is a credit card sized card with an embedded chip,
containing information about the use – Smart card
y. As an email client, we should not use caution when opening emails
and can download any attachments – false
z. Which of these is true with respect to passwords – none is not the
answer
aa. Which of these are Threats related to Email Security – All the options
bb. Which of these are examples biometrics – all
a. Unsolicited commercial email is known as – Spam
b. ________ monitors user activity on internet and transmit that
information in the background to someone else. – spyware
c. Which of these are Personally Identifiable Information – all
d. What is PUP – Potentailly unwanted program
e. A ________ is like a Virus, having the ability to spread without any
medium. – Torjan
f. Internet can impose a number of Risks and hence Cybersecurity is
required. – true
g. Which of these is an anti-virus program -all
h. Which of these are cyber threats? – all

1. In cryptography, what is cipher – Algorithm to enchryp and

Dechryp
2. Exploring appropriate and ethical behaviors related to online
environments and digital media – Cyber Ethics
3. Which helps to determine the effective security controls and
measurement techniques – Threat Modelling
4. Cyber security architecture is all about understanding one's
Business Scope and requirements only. – false
5. The relationship between a character in the plaintext to a
character is – one – many
6. Network layer firewall works as a – packet filter
7. Attack which happens due to neglected factors like compromising
with security is a type of – source
8. are attempts by individuals to obtain confidential information from
you to falsifying their identity – Phishing  trips
9. Which helps to predict the cybersecurity potential risks effectively
– threat assessment
10. UEBA stands for - User entity and Behavior Analytics
11. A TCS business operations team required to meet 98% SLA in FY
2017'18 to avoid non-compliance penalty which must be a part of
– A. Req
12. A Botmaster can attack and take control of vulnerable one like- all
13. Which of the following is an independent malicious program that
does not need any host program – Worm
14. Which is not a characteristics of Advanced Persistent threats –
fully automated
15. Defining five levels of SLA security controls each from 98.9 to
98.5 respectively to control penalty risk must be a part of – A
Control
16. In asymmetric key cryptography, the private key is kept by – all
17. A Hacker or disgruntled employee who is interested in specific
Asset or information is a type of – specific threat
18. In cryptography, what is cipher? – Algorithm
19. At Operational level threat intelligence real time feed protocols
are being used – true
20. They Keys used in Cryptography are – round abouts
21. Which observes the behavior of the malware in a sandbox-virtual
environment to prevent the malware from actually infecting
production systems – Dynamic Analysis
22. A type of malware that demands a ransom if the victim wants his
or her files back is called  - Ramsomeware
23. Which is not part of a threat Modelling process – Compose
application
24. Which of the following would most likely not be a symptom of a
virus – old message
25. he altering of data so that it is not usable unless the changes are
undone is – Encryption
26. At Tactical level threat intelligence research analysis and reports
can be published after malware analysis - true
 27. Which one will not be considered in Cybersecurity threat Intrusion
Phases – alliance
28. Network layer firewall works as a – packet filter
29. WPA2 is used for security in – Wifi
30. It is a program or hardware device that filters the information
coming through an internet connection to a network or computer
system – Firewall
31. Which of these groups exploits cyber vulnerabilities – all
32. A ________ is an extension of an enterprise’s private intranet
across a public Network such as the Internet across a public
Network such as the Internet, creating a secure private connection
– VPN
33. Traffic in a VPN is not – not accessible
34. In Asymmetric-Key Cryptography, although RSA can be used to
encrypt and decrypt actual messages, it is very slow if the message
is  - long
35. At Strategic level threat intelligence information can be exchanged
within it's operating community – true
36. Which of the following is not an antivirus software – code red
37. Cybersecurity threat is a scenario which will try to exploit possible
vulnerabilities to enhance security – true
38. Defining the security control parameter SLA at 98.5% for taking
appropriate actions to avoid penalty risk if it goes below 98% must
be a part of – A Controls

https://resume.mcalglobal.com/socialresume/user/take-quiz.htm?catid=tech&nameid=sec_sit2

http://www.mcqslearn.com/cs/computer-networks/cryptography.php

https://www.amu.ac.in/newdata/depttmom/10625.pdf

https://www.yeahhub.com/40-cyber-security-mcq-answers-explanations/

https://www.yeahhub.com/cyber-security-mcq-35-questions-with-answers/

http://www.mcqslearn.com/cs/computer-networks/mcq/cryptography-mcqs-test.php?page=6