Cyber Security Final Exam Questions With
Correct Answers
Targeted - ANSWER-directed attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - ANSWER-attacker wants to harm any computer or user; such an attack is
analogous to accosting the next pedestrian who walks down the street. An example of a
random attack is malicious code posted on a website that could be visited by anybody.
malicious - ANSWER-human caused. person actually wants to cause harm, and so we
often use the term attack for a malicious computer security event.
non-malicious - ANSWER-human caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - ANSWER-come from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - ANSWER-The negative consequence of an actualized threat. The results of bad
stuff.
Risk Management - ANSWER-choosing which threats to control and what resources to
devote to protection. weighing the seriousness of a threat against our ability to protect
because resources are limited.
Method - ANSWER-the how of the attack. the skills, knowledge, tools, and other things
with which to perpetrate the attack.
Opportunity - ANSWER-the when. is the time and access to execute an attack. Like a
person using an unsecured wifi connection
Motive, Method, Opportunity - ANSWER-All necessary for an attack to succeed.
Motive - ANSWER-the why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - ANSWER-more than one control or more than
one class of control to achieve protection.
, Physical Controls - ANSWER-stop or block an attack by using something tangible too,
such as walls and fences
Procedural (administrative) controls - ANSWER-controls that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Vulnerability - ANSWER-a weakness that could be exploited to cause harm
Threat - ANSWER-a set of circumstances that could cause harm.
Asset - ANSWER-Things of value you want to protect. such as hardware, software, and
data
Control - ANSWER-an action, device, procedure, or technique that removes or reduces
a vulnerability
Countermeasure - ANSWER-a means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - ANSWER-confidentiality, integrity, availability.
Interception - ANSWER-someone intercepts your data. sees it. breach of confidentiality
Modification - ANSWER-someone or something modifies data. failure in integrity
fabrication - ANSWER-someone or something fabricates data. Failure in integrity
interruption - ANSWER-someone or something interrupts a flow of data or access to a
computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - ANSWER-Interception, Modification, fabrication, interruption
Technical controls - ANSWER-counter threats with technology (hardware or software),
including passwords, encryption, etc.
Access control - ANSWER-limiting who can access what in what ways, a mechanical
process
least privilege - ANSWER-a subject should have access to the smallest number of
objects necessary to perform some task. part of effective policy implementation
Correct Answers
Targeted - ANSWER-directed attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - ANSWER-attacker wants to harm any computer or user; such an attack is
analogous to accosting the next pedestrian who walks down the street. An example of a
random attack is malicious code posted on a website that could be visited by anybody.
malicious - ANSWER-human caused. person actually wants to cause harm, and so we
often use the term attack for a malicious computer security event.
non-malicious - ANSWER-human caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - ANSWER-come from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - ANSWER-The negative consequence of an actualized threat. The results of bad
stuff.
Risk Management - ANSWER-choosing which threats to control and what resources to
devote to protection. weighing the seriousness of a threat against our ability to protect
because resources are limited.
Method - ANSWER-the how of the attack. the skills, knowledge, tools, and other things
with which to perpetrate the attack.
Opportunity - ANSWER-the when. is the time and access to execute an attack. Like a
person using an unsecured wifi connection
Motive, Method, Opportunity - ANSWER-All necessary for an attack to succeed.
Motive - ANSWER-the why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - ANSWER-more than one control or more than
one class of control to achieve protection.
, Physical Controls - ANSWER-stop or block an attack by using something tangible too,
such as walls and fences
Procedural (administrative) controls - ANSWER-controls that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Vulnerability - ANSWER-a weakness that could be exploited to cause harm
Threat - ANSWER-a set of circumstances that could cause harm.
Asset - ANSWER-Things of value you want to protect. such as hardware, software, and
data
Control - ANSWER-an action, device, procedure, or technique that removes or reduces
a vulnerability
Countermeasure - ANSWER-a means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - ANSWER-confidentiality, integrity, availability.
Interception - ANSWER-someone intercepts your data. sees it. breach of confidentiality
Modification - ANSWER-someone or something modifies data. failure in integrity
fabrication - ANSWER-someone or something fabricates data. Failure in integrity
interruption - ANSWER-someone or something interrupts a flow of data or access to a
computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - ANSWER-Interception, Modification, fabrication, interruption
Technical controls - ANSWER-counter threats with technology (hardware or software),
including passwords, encryption, etc.
Access control - ANSWER-limiting who can access what in what ways, a mechanical
process
least privilege - ANSWER-a subject should have access to the smallest number of
objects necessary to perform some task. part of effective policy implementation
