Chapter 1: Cyber Security Introduction

Interactive Exam with Instant Feedback

Course: CYS401 - Fundamentals of Cyber Security
Total Questions: 32
Total Marks: 100

📋 Instructions

Section A: Multiple Choice Questions (30 marks)

Choose the best answer for each question. Each question is worth 2 marks.

Q1 Past Exam 2 marks

What is layer 4 of the OSI model?

Correct Answer: d) Transport
The OSI model has 7 layers: Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), and Application (7). Layer 4 (Transport) handles end-to-end communication, flow control, and error recovery. Common protocols at this layer include TCP and UDP.
Q2 Past Exam 2 marks

What is a TCP wrapper?

Correct Answer: b) An application that can serve as a basic firewall by restricting access based on user IDs or system IDs
TCP wrappers provide access control for network services. They act as a host-based access control system that can allow or deny connections to services based on the client's IP address or hostname. This makes them function like a basic firewall at the application level.
Q3 Past Exam 2 marks

Which of the following is NOT true regarding firewalls?

Correct Answer: b) They are able to block viruses
Firewalls primarily control network traffic based on rules about ports, protocols, and IP addresses. They are NOT designed to detect or block viruses - that's the job of antivirus software. Firewalls can log traffic, issue alarms, but they cannot inspect the content of files for viruses. They also cannot prevent internal attacks that don't cross the firewall.
Q4 Past Exam 2 marks

What is encapsulation?

Correct Answer: b) Adding a header and footer to data as it moves down the OSI stack
Encapsulation is the process where each layer of the OSI model adds its own header (and sometimes footer) information to the data as it passes down through the layers. This creates a layered "envelope" of information that can be properly processed at each layer on the receiving end.
Q5 2 marks

Which component of an Information System is considered the weakest link?

Correct Answer: d) People
People are consistently identified as the weakest link in information security. This is because humans can be subject to social engineering, make mistakes, ignore security policies, use weak passwords, and fall for phishing attacks. Technical controls can be bypassed through human manipulation.
Q6 2 marks

In the CIA triad, what does 'I' stand for?

Correct Answer: b) Integrity
The CIA triad consists of Confidentiality, Integrity, and Availability. Integrity ensures that data is accurate, complete, and has not been modified by unauthorized parties. It maintains the consistency and trustworthiness of data.
Q7 2 marks

Which of the following is NOT a dimension in the McCumber Cube?

Correct Answer: d) Security Threats
The McCumber Cube has three dimensions: (1) Security Goals (CIA), (2) Information States (Storage, Transmission, Processing), and (3) Security Controls (Policy/Education/Technology). Security Threats is NOT one of the dimensions.
Q8 2 marks

Data at Rest (DAR) refers to:

Correct Answer: b) Data stored in memory or on disk
Data at Rest (DAR) refers to data that is stored in persistent storage like hard drives, SSDs, or databases. It's not actively moving through networks or being processed. This contrasts with Data in Transit (DIT) which is being transmitted.
Q9 2 marks

Which security characteristic ensures that information is genuine and original?

Correct Answer: b) Authenticity
Authenticity is the quality of being genuine or original, rather than a reproduction or fabrication. It ensures that the information is the same as it was originally created, placed, stored, or transferred.
Q10 2 marks

The main difference between SDLC and SecSDLC is:

Correct Answer: b) SecSDLC identifies threats and creates controls at every phase
SecSDLC (Security System Development Life Cycle) follows the same phases as SDLC but integrates security considerations at every phase. It identifies specific threats and implements specific controls throughout the entire development process, not just as an afterthought.

Section B: True/False Questions (20 marks)

Indicate whether each statement is True or False. Each question is worth 2 marks.

Q11 Past Exam 2 marks

Defense in depth is used to provide a protective multilayer barrier against various forms of attack.

Correct Answer: TRUE
Defense in depth is a security strategy that uses multiple layers of security controls. If one layer fails, other layers continue to provide protection. It includes physical, perimeter, network, host, application, and data layers.
Q12 Past Exam 2 marks

Wired Equivalent Privacy (WEP) uses a predefined shared secret key.

Correct Answer: TRUE
WEP uses a pre-shared key that must be configured on both the access point and all clients. This shared secret key is used for both authentication and encryption. However, WEP is now considered insecure and has been replaced by WPA/WPA2/WPA3.
Q13 2 marks

A breach of confidentiality always results in a breach of ownership/possession.

Correct Answer: TRUE
When confidentiality is breached (someone unauthorized reads the data), they now possess that information. Therefore, a breach of confidentiality always results in a breach of possession/ownership since the unauthorized party now has the information.
Q14 2 marks

A breach of ownership always results in a breach of confidentiality.

Correct Answer: FALSE
Someone can steal encrypted data (breach of ownership) but may not be able to read it (no breach of confidentiality). The thief possesses the data but cannot access its contents without the decryption key.
Q15 2 marks

Software is the easiest component of an Information System to secure.

Correct Answer: FALSE
Software is actually the MOST difficult component to secure due to bugs, vulnerabilities, and the complexity of modern applications. Software often has many lines of code where vulnerabilities can hide, and patches must be constantly applied.

Section C: Short Answer Questions (25 marks)

Answer each question briefly. Sample answers are provided after checking.

Q16 5 marks

List and briefly explain the three goals of the CIA triad.

Sample Answer:

1. Confidentiality: Prevents unauthorized disclosure of information. Only authorized individuals should be able to access sensitive data. Examples: encryption, access controls, authentication.

2. Integrity: Ensures data accuracy and completeness. Data should not be modified by unauthorized parties or corrupted. Examples: checksums, digital signatures, hashing.

3. Availability: Ensures authorized users can access information when needed. Systems should be operational and data accessible. Examples: redundancy, backups, disaster recovery.

Q17 5 marks

What are the five components of an Information System? Which one is considered the weakest and why?

Sample Answer:

The five components are:

1. Software: Applications, operating systems, utilities

2. Hardware: Physical computing devices and infrastructure

3. Data: Information stored and processed by the system

4. People: Users, administrators, and other human elements

5. Procedures: Policies, guidelines, and operational instructions

Weakest Component: People are considered the weakest link because they can be manipulated through social engineering, make errors, fall for phishing, use weak passwords, and may not follow security policies. Technical controls can often be bypassed by exploiting human weaknesses.

Q18 5 marks

Explain the three dimensions of the McCumber Cube.

Sample Answer:

1. Security Goals (CIA):

- Confidentiality, Integrity, Availability - the fundamental objectives of security

2. Information States:

- Storage (Data at Rest): Data stored on disks or in memory

- Transmission (Data in Transit): Data being transmitted across networks

- Processing: Data being actively processed or computed

3. Security Controls:

- Policy & Practices: Administrative controls and procedures

- Education & Training: Security awareness and skill development

- Technology: Hardware and software security solutions

Q19 5 marks

List four additional security characteristics beyond the CIA triad and briefly explain each.

Sample Answer:

1. Accuracy: Information is free from errors and meets user expectations. If data contains incorrect values, it loses its usefulness.

2. Authenticity: Information is genuine and original, not a forgery or reproduction. Ensures data hasn't been fabricated.

3. Utility: Information has value and usefulness for its intended purpose. Data must be in a usable format to have utility.

4. Possession: Having ownership or control over information. Someone can possess data without being able to read it (like encrypted data).

Q20 5 marks

What is the main difference between SDLC and SecSDLC? Provide examples.

Sample Answer:

Main Difference: SecSDLC integrates security at every phase of development, while traditional SDLC often treats security as an afterthought.

Key Distinctions:

- SecSDLC performs risk assessment during initial planning

- Security requirements are gathered alongside functional requirements

- Threat modeling occurs during design phase

- Security testing is integrated throughout, not just at the end

- Continuous security monitoring during operation

Example: In SDLC, you might design a login system and add security later. In SecSDLC, you'd identify authentication threats first, then design with multi-factor authentication, encryption, and session management from the start.

Section D: Essay Questions (25 marks)

Answer in detail. Sample answers provided after checking.

Q21 Similar to Past Exam 12 marks

Describe the Defense-in-Depth strategy in cyber security. Include all six layers and provide specific examples of security controls for each layer.

Sample Answer:

Defense-in-Depth is a comprehensive security strategy that implements multiple layers of security controls to protect information systems. If one layer is compromised, other layers continue to provide protection.

The Six Layers:

1. Physical Layer:

- Controls: Locks, security guards, CCTV cameras, biometric access controls, secure facilities

- Example: Badge readers at building entrances, locked server rooms, security cameras monitoring data centers

2. Perimeter Layer:

- Controls: Firewalls, border routers, DMZ, VPNs, intrusion prevention systems

- Example: Firewall rules blocking unauthorized ports, VPN encryption for remote access, DMZ isolating public-facing servers

3. Network Layer:

- Controls: Network segmentation, VLANs, NIDS (Network Intrusion Detection Systems), network monitoring

- Example: Separating guest WiFi from corporate network, monitoring unusual traffic patterns, isolating sensitive departments

4. Host/Computer Layer:

- Controls: OS hardening, antivirus software, host-based firewalls, patch management, authentication systems

- Example: Regular Windows updates, antivirus scanning, disabling unnecessary services, strong password policies

5. Application Layer:

- Controls: Application hardening, secure coding practices, input validation, application firewalls

- Example: SQL injection prevention, secure session management, regular security testing, code reviews

6. Data Layer:

- Controls: Encryption, access control lists (ACLs), backup strategies, data loss prevention (DLP)

- Example: AES encryption for sensitive files, role-based access control, regular backups, database activity monitoring

Benefits: No single point of failure, comprehensive protection, addresses different threat vectors, provides time to detect and respond to attacks.

Q22 13 marks

Compare and contrast Information Security, Computer Security, IT Security, and Cyber Security. Explain how they relate to each other and provide examples of what each encompasses.

Sample Answer:

Information Security:

- Broadest term: Protects information in all forms (digital, physical, verbal)

- Encompasses: Paper documents, verbal communications, digital data

- Examples: Locked filing cabinets, NDAs, clean desk policies, shredding documents

- Focus: CIA triad applies to all information regardless of format

Computer Security:

- Protects: Individual computer systems and their components

- Encompasses: Desktop computers, laptops, servers, mainframes

- Examples: BIOS passwords, disk encryption, secure boot, system hardening

- Focus: Securing standalone computing devices

IT Security:

- Protects: Entire IT infrastructure of an organization

- Encompasses: Networks, servers, databases, applications, IT services

- Examples: Network security, server hardening, database security, IT governance

- Focus: Protecting technology infrastructure and services

Cyber Security:

- Protects: Internet-connected systems and online presence

- Encompasses: Web applications, cloud services, IoT devices, online data

- Examples: DDoS protection, web application firewalls, secure APIs, cloud security

- Focus: Threats from cyberspace and internet-based attacks

Relationships:

- Information Security is the umbrella term containing all others

- Computer Security is a subset focusing on individual systems

- IT Security covers the technology infrastructure

- Cyber Security specifically addresses internet-connected threats

- All share the common goal of protecting the CIA triad

- They overlap significantly in modern environments where most systems are interconnected

Modern Context:

In today's interconnected world, these distinctions are becoming less clear as most computer systems are networked, most IT infrastructure is internet-connected, and most information is digitized. Organizations typically need comprehensive strategies addressing all these domains.

Created by Shoug Alomran | CYS401 Chapter 1 Interactive Exam