Scribd Logo
Upload

Welcome to Scribd!

  • Foundations of Cybersecurity Quiz #1 Explained

    Uploaded by

    Kimron Edwards
    17 views4 pages

    Original Title

    Foundations of Cybersecurity

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views4 pages

    Foundations of Cybersecurity Quiz #1 Explained

    Uploaded by

    Kimron Edwards

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Foundations of Cybersecurity

    Quiz #1
    Due date: Friday 21st January.

    1. Distinguish between vulnerability, threat, and control.


     A vulnerability is any weakness in a system that can be exploited and
    cause data loss or harm.
     A threat is any potential harm or attack that can exploit a
    vulnerability.
     A control is any measure that can be put in place to prevent or
    remove an attack or threat from exploiting a vulnerability.
    2. Give an example of each type of asset in a computer system.
    There are three types: hardware, software, and data
    Examples:
    Hardware: disk drives
    Software: Operating Systems
    Data: photos
    3. State three threats that exists in relation to a computer system.
    Three types of threats are interception, interruption, and modification.
    4. Differentiate between interception and modification.
    Interception is when an attacker can view the information or packets being
    communicated between a party but not to change its contents, whereas in
    modification the attacker not only view the data that is being transmitted but
    can change its state or modify its contents.
    5. State what is meant by the CIA triad and briefly describe each of these
    aspects as they relate to a computer system.
    The CIA triad stands for Confidentiality, Integrity, and Availability.

     Confidentiality means the only authorized persons should have


    access to this information.
     Integrity is ensuring that the contents of the information can only be
    changed by those who are authorized to.
     Availability means the information upon request is available to
    authorized persons when requested.
    6. It has been stated that weak encryption can actually be worse than no
    encryption at all. Explain why this statement may be true.
    This statement is false. Encryption is the process of making readable text
    undecipherable to unauthorized persons. Thus, a text can be plain- readable
    to anyone that views it texts such as “Hello” and encrypted known as cipher
    text which is only readable to whom it is intended to. Thus, if a text is
    transmitted in its plain form, it is susceptible to attacks because it has no
    encryption. Having encryption even if it is not as strong is better because it
    ups the difficulty of deciphering the information, hence weak encryption is
    in fact better than none.
    7. List two types of controls that are available and give an example of each
    type.
    Two types are hardware and software controls which can be a
    physical firewall and an antivirus such Norton Security.
    8. As it relates to computer security, define the term Authentication. List
    the three general methods of authentication.
    Authentication is the process of proving that a user is whom they claim to
    be, by presenting something they (user) know, have, and something they are.
    9. You are tasked with creating a policy for passwords to be used on the
    company’s network. Describe three points that you will focus on to
    minimize possible vulnerabilities.
    Three points are one the who as in which persons can access the information
    or is authorized to, what objects (devices) that can be used to access the
    network, and how being the method that the user will use to access the
    network for example the using the method of authentication.
    10.What are two goals of access policies?
    Two access policies are one is to check every access made and enforce least
    privilege so that not everyone will have the same level of access.
    11.Describe the key difference between symmetric and Asymmetric
    cryptography.
    Symmetric cryptograph is where one key is used to encrypt the message
    being sent to the other user, which is the public key, but anyone can use their
    public key to decipher the message. Whereas asymmetric key uses two keys
    to encrypt the message the public and private key which can only be used to
    decipher the message, thus unless you have the private key that is intended
    for the specific party you cannot decipher the message.
    12.How is cryptanalysis different from brute-force attack?
    Cryptoanalysis is the process of deciphering coded or hidden messages
    without the need to know the password of the victim to gain access to their
    information while brute force attacks rely on an array or numerous
    simultaneously entered guessed passwords, phrases, or dictionary words
    with the hope that one of them with grant access to the victim’s information.
    13.Do digital signatures provide confidentiality? Explain.
    Yes, digital signatures do provide confidentiality because they contain that
    only the user can make which is a method of authentication that
    confidentiality requires.
    14.What is a Trojan horse attack?
    A trojan attack that has undocumented, or never before recorded functions
    that makes it unexpected or untraced attack that has other additional
    unknown functions to perform.

    You might also like