-What was considered an early instance of encipherment?

Egyptian hieroglyphics

-Who invented one-time pad encryption for Telex Traffic?

Gilbert S.Vernam

-When was the Enigma cipher broken? Who broke it?

In1939 -1942/The Allies

-Which of the followings is one of the first block ciphers?

Lucifer cipher

-Who broke Japan’s Purple’s ciphers?

William Friedman

1:security
is “the quality or state of being secure to be free from
danger.”

2: Information security,
to protect the confidentiality, integrity and availability of
information assets, whether in storage, processing, or
transmission

3:CIA :
confidentiality, integrity, and availability
4:UDP ,CNSS , ARPANET, MIT, MULTICS, LAN ,
WAN , MAN, ARPA
-UDP : User Datagram Protocol
-TCP : Transmission Control Protocol
-CNSS : Committee on National Security Systems
-ARPANET : Advanced Research Projects Agency
Network
-MIT : Massachusetts Institute of Technology
-MULTICS: MULTiplexed Information and Computing
Service
-LAN : Local Area Network
-WAN : Wide Area Network
-MAN : Metropolitan Area Network
-ARPA : Advanced Research Projects Agency
-USB : Universal Serial Bus ( biết thôi ko thi từ này)
-OTP : One Time Password
-ATM: Automated teller machine
-DNS : Domain Name System
-SMTP : Simple Mail Transfer Protocol
-MITM: Man-in-the-Middle
-DoS : Denial-of-Service
-DDoS : Distributed Denial-of-Service
-IDS : intrusion detection system
-ICMP : Internet Control Message Protocol
-IPS : intrusion prevention system
-SIEM : Security information and event management
-IDPS :intrusion detection and prevention system
-NIDS : Network intrusion detection systems
-HIDS : host-based intrusion detection system
5: How many fundamental characteristics does information
have? What are they?
- Information has 7 fundamental characteristics:
confidentiality, accuracy, authenticity,
utility, possession, integrity and availability

6: What is attack? What types of attack are mentioned in

the passages?
- An attack is an act that takes advantage of a vulnerability
to compromise a controlled system
- Attacks can be active or passive, intentional or
unintentional, and direct or indirect.
-Type of attack : Malicious Code, Hoaxes , Back Doors ,
Password Crack , Brute Force , Dictionary attack , Virus ,
Trojan Horses, DoS, DDoS , Worms.

7: What is vulnerability? Give some examples of

vulnerabilities.
- Vulnerability: A weaknesses or fault in a system or
protection mechanism that opens it to attack or damage.
-Some examples of vulnerabilities are a flaw in a software
package, an unprotected system port, and an unlocked door.

8:Components of information systems :

-software, hardware, data, people, procedures, and
networks

9 What is the most common error causing method ?

-One of the most common methods of virus transmission is
via e-mail attachment files

10 Who is considered an expert hacker?

-The expert hacker is usually a master of several
programming languages, networking protocols, and
operating systems and also exhibits a mastery of the
technical environment of the chosen targeted system

11 Who are hackers? Which skill levels are divided among

hackers?
-Hackers are “people who use and create computer
software to gain access to information illegally.”
- There are generally two skill levels among hackers. The
first is the expert hacker, or elite hacker

12 Why do employees’ mistakes represent a serious threat

to the confidentiality, integrity, and availability of data?
- Because employees use data in everyday activities to
conduct the organization’s business

13 Can human error or failure be prevented? How can it be

protected?
-Yes. It can be prevented with training and on going
awareness activities, but also with controls, ranging from
simple procedures, such as requiring the user to type a
critical command twice, to more complex procedures, such
as the verification of command by a second party
14 the difference DoS and DDoS ?
- (DoS) :the attacker sends a large number of connection or
information requests to a target but (DDoS) an attack in
which a coordinated stream of requests is launched against
a target from many locations at the same time

15 describe Man-in-the-Middle ?
- an attacker monitors packets from the network, modifies
them, and inserts them back into the network.

16 What is a firewall in computing? List of generations of

firewalls
- In computing ,a firewall is a network security system that
monitors and controls incoming and outgoing network
traffic based on predetermined security rules

-Three generations: packet filters, stateful filters,

application layer

17 What are the functions of stateful filters?

- the functions of stateful filters :maintain knowledge of
specific conversations between endpoints by remembering
which port number the two IP addresses are using at layer 4
of the OSI model for their conversation, allowing
examination of the overall exchange between the nodes
18 How can firewalls be categorized?
-Firewalls can be categorized by processing mode,
development era, or structure
- The malicious code attack includes the execution of
viruses, worms, Trojan horses, and active Web scripts with
the intent to destroy or steal information
- Hoaxes :A more devious attack on computer systems is
the transmission of a virus hoax with a real virus attached
-Back door :

-Password crack : Attempting to reverse-calculate a

password
-Brute force : The application of computing and network
resources to try every possible password combination
-Dictionary attack : is a variation of the brute force attack
which narrows the field by selecting specific target
accounts and using a list of commonly used passwords
instead of random combinations
-Virus : A computer virus consists of segments of code that
perform malicious actions
-Trojan horses : are software programs that hide their true
nature and reveal their designed behavior only when
activated
-Worms : is a malicious program that replicates itself
constantly, without requiring another program environment
- Spam : is unsolicited commercial e-mail

- Mail Bombing : an attacker routes large quantities of e-

mail to the target
 - Sniffers : is a program or device that can monitor data
traveling over a network

- Social Engineering : is the process of using social skills to

convince people to reveal access credentials or other
valuable information to the attacker

- Phishing : an attempt to gain personal or financial

information from an individual, usually by posing as a
legitimate entity

- Pharming : is the redirection of legitimate Web traffic to

an
illegitimate site for the purpose of obtaining private
information
- Timing Attacks : explores the contents of a Web browser’s
cache and stores a malicious cookie on the client’s system
-What do simple firewall models examine?
Two aspects of the packet header : the destination and
source address

- What is the primary disadvantage of stateful inspection?

Is the additional processing required to manage and verify
packets against the state table

-What can you protect confidentiality ?

I can Information classification, Secure document storage,
Application of general security policies and Education of
information custodians and end user

- What is IPS? What can it do?

A current extension of IDS technology. It can detect an
intrusion and also prevent that intrusion from successfully
attacking the organization by means of an active response
- Who was known as the founder of the Internet? What did
he develop?
Larry Roberts, known as the founder of the Internet,
developed the project which was called ARPANET from its
inception

- What is the difference between MULTICS system and

UNIX system?
While the MULTICS system implemented multiple security
levels and passwords , the UNIX system did not