Chapter 2: Cyber Security Foundations

Interactive Exam with Instant Feedback

Course: CYS401
Total Questions: 35
Total Marks: 100

📋 Instructions

Section A: Multiple Choice Questions (30 marks)

Choose the best answer for each question. Each question is worth 2 marks.

Q1 2 marks

Which of the following are the three key pillars of cybersecurity?

Correct Answer: b) People, Policies, Technology
These are the three key pillars required to achieve security. People must understand security principles, Policies provide the framework for handling attacks, and Technology provides the tools. The CIA triad (option d) refers to security goals, not pillars.
Q2 2 marks

What is a vulnerability?

Correct Answer: c) A weakness in the security system
A vulnerability is a weakness in procedures, design, or implementation that might be exploited. Option a describes a threat, option b describes a control, and option d describes an attacker.
Q3 2 marks

Which type of attack primarily violates confidentiality?

Correct Answer: d) Interception
Interception is when an unauthorized party gains access to an asset, violating confidentiality. Interruption affects availability, Modification affects integrity, and Fabrication affects authenticity.
Q4 2 marks

What type of malware encrypts files and demands payment?

Correct Answer: a) Ransomware
Ransomware encrypts victim's files and demands payment (usually cryptocurrency) for decryption. Examples include WannaCry, Petya, and Locky. Spyware monitors activity, Adware displays ads, and Trojans disguise as legitimate software.
Q5 2 marks

Which social engineering attack targets specific individuals or organizations?

Correct Answer: b) Spear phishing
Spear phishing targets specific individuals, groups, or organizations with personalized attacks. Regular phishing is generic, Vishing uses voice calls, and Smishing uses SMS messages.
Q6 2 marks

What does the 'I' in CIA triad stand for?

Correct Answer: c) Integrity
The CIA triad consists of Confidentiality, Integrity, and Availability. Integrity ensures data accuracy and prevents unauthorized modification.
Q7 2 marks

How many elements does AAA services actually have?

Correct Answer: d) 5
AAA services has 5 elements: Identification, Authentication, Authorization, Auditing, and Accounting/Accountability. Many people incorrectly think it only has 3.
Q8 2 marks

What is a Zero-Day attack?

Correct Answer: a) An attack on an unknown vulnerability with no prior knowledge
A Zero-Day attack exploits a vulnerability that is unknown to the parties responsible for patching it. There is NO PRIOR KNOWLEDGE of the vulnerability, making it particularly dangerous.
Q9 2 marks

Which attack involves following an authorized person into a secure area?

Correct Answer: b) Tailgating
Tailgating (or piggybacking) is when an unauthorized person follows an authorized person through a door into a secure area. Shoulder surfing is observing someone entering sensitive information.
Q10 2 marks

What is the relationship formula for risk?

Correct Answer: c) Risk = Threat + Vulnerability - Control
Risk increases with threats and vulnerabilities but decreases with controls. Controls reduce risk by mitigating vulnerabilities and threats.
Q11 2 marks

Which of these is NOT a symptom of malware infection?

Correct Answer: d) Faster internet connection
Malware typically slows down systems and networks, not speeds them up. Common symptoms include high CPU usage, slow performance, and modified files.
Q12 2 marks

What does "Defense in Depth" refer to?

Correct Answer: a) Using multiple layers of security controls
Defense in Depth uses multiple security controls in series, like layers of an onion. If one layer fails, others continue to provide protection.
Q13 2 marks

Which element ensures data hasn't been modified by unauthorized parties?

Correct Answer: b) Integrity
Integrity ensures data accuracy, completeness, and that it hasn't been modified by unauthorized parties. Confidentiality prevents unauthorized access, Availability ensures access when needed.
Q14 2 marks

What is Doxing?

Correct Answer: c) Publishing private information online with intent to harm
Doxing is the act of researching and publishing private or identifying information about an individual online with malicious intent.
Q15 2 marks

In AAA services, what comes immediately after Identification?

Correct Answer: a) Authentication
The AAA sequence is: Identification (claiming identity) → Authentication (proving identity) → Authorization (permissions) → Auditing (logging) → Accounting (reviewing logs).

Section B: True/False Questions (20 marks)

Indicate whether each statement is True or False. Each question is worth 2 marks.

Q16 Past Exam 2 marks

Defense in depth is used to provide a protective multilayer barrier against various forms of attack.

Correct Answer: TRUE
Defense in depth uses multiple layers of security controls. If one layer is breached, other layers continue to provide protection.
Q17 2 marks

A threat is a weakness in the security system.

Correct Answer: FALSE
A VULNERABILITY is a weakness in the security system. A THREAT is a potential danger that might exploit a vulnerability.
Q18 2 marks

People are considered the weakest link in cybersecurity.

Correct Answer: TRUE
People are consistently identified as the weakest link because they can be manipulated through social engineering, make mistakes, and may not follow security policies.
Q19 2 marks

A breach of confidentiality always results in a breach of possession.

Correct Answer: TRUE
When someone unauthorized reads confidential data (breach of confidentiality), they now possess that information (breach of possession).
Q20 2 marks

A breach of possession always results in a breach of confidentiality.

Correct Answer: FALSE
Someone can possess encrypted data (breach of possession) but cannot read it without the decryption key (no breach of confidentiality).
Q21 2 marks

AAA services consists of only three elements.

Correct Answer: FALSE
AAA services actually has FIVE elements: Identification, Authentication, Authorization, Auditing, and Accounting/Accountability.
Q22 2 marks

Ransomware typically demands payment in cryptocurrency.

Correct Answer: TRUE
Ransomware attackers typically demand payment in cryptocurrency (like Bitcoin) because it's difficult to trace and provides anonymity.
Q23 2 marks

Spear phishing targets specific individuals or organizations.

Correct Answer: TRUE
Spear phishing is a targeted attack on specific individuals or organizations, unlike regular phishing which is sent to many random recipients.
Q24 2 marks

Interruption attacks primarily affect confidentiality.

Correct Answer: FALSE
Interruption attacks affect AVAILABILITY by making assets unavailable. Interception attacks affect confidentiality.
Q25 Past Exam 2 marks

Wired Equivalent Privacy (WEP) uses a predefined shared secret key.

Correct Answer: TRUE
WEP uses a pre-shared key that must be configured on both the access point and all clients. However, WEP is now considered insecure.

Section C: Short Answer Questions (25 marks)

Answer each question briefly. Sample answers are provided after checking.

Q26 5 marks

Explain the difference between a threat, vulnerability, and control. Provide an example of each.

Sample Answer:

Vulnerability: A weakness in the security system that could be exploited. Example: Unpatched software with known security flaws.

Threat: A potential danger that might exploit a vulnerability. Example: A hacker who could exploit the unpatched software.

Control: An action or device that removes or reduces a vulnerability. Example: Installing security patches and updates.

Relationship: Risk = Threat + Vulnerability - Control

Q27 5 marks

List and briefly explain the three pillars of cybersecurity.

Sample Answer:

1. People: Users must understand and comply with security principles like using strong passwords, being cautious with email attachments, and backing up data. Security awareness training is crucial.

2. Policies: Organizations need frameworks for handling attempted and successful cyber attacks, including incident response procedures and business continuity planning.

3. Technology: Essential tools and systems needed to protect against cyber attacks, including firewalls, antivirus software, encryption tools, and access control systems.

All three must work together - technology alone cannot protect if people don't follow policies.

Q28 5 marks

What are the five elements of AAA services? List them in order.

Sample Answer:

1. Identification: Claiming to be an identity (e.g., entering username)

2. Authentication: Proving that identity (e.g., entering password)

3. Authorization: Determining permissions for that identity (e.g., access control)

4. Auditing: Recording logs of events and activities

5. Accounting/Accountability: Reviewing logs to check compliance and hold subjects accountable

Q29 5 marks

Describe three types of social engineering attacks and one countermeasure for each.

Sample Answer:

1. Phishing: Fraudulent emails that appear from reputable sources to steal sensitive data.

Countermeasure: Email filtering and user training to recognize suspicious emails.

2. Tailgating: Following authorized person into secure area without proper credentials.

Countermeasure: Strict badge policies, security guards, and mantrap doors.

3. Pretexting: Creating fabricated scenarios to gain trust and extract information.

Countermeasure: Verification procedures and training staff to verify caller identities.

Q30 5 marks

Explain the concept of Defense in Depth and why it's important.

Sample Answer:

Definition: Defense in Depth is the use of multiple security controls in series, creating layers of protection like an onion.

How it works: If one security layer is breached, other layers continue to provide protection. Controls can be in serial (one after another) or parallel (multiple at same level) configuration.

Importance:

- No single point of failure

- Provides redundancy in security

- Creates time delays for attackers

- Multiple opportunities to detect intrusions

Example: Like airport security with multiple checkpoints: entrance screening, baggage check, metal detectors, etc.

Section D: Essay Questions (25 marks)

Answer in detail. Sample answers provided after checking.

Q31 12 marks

Explain the CIA triad in detail. For each element, describe what it protects against, common attacks, and protection methods.

Sample Answer:

The CIA Triad is a model designed to guide information security policies within an organization.

1. CONFIDENTIALITY - "Keeping secrets secret"

Definition: Preventing unauthorized disclosure of information.

Common Attacks:

- Password theft through keyloggers or public WiFi

- Port scanning to discover services

- Shoulder surfing at ATMs

- Eavesdropping and man-in-the-middle attacks

- Network sniffing to capture packets

- Privilege escalation

Protection Methods:

- Data encryption (at rest and in transit)

- Strong authentication (passwords, 2FA)

- Biometric verification

- Security tokens (hardware/software)

- Access control lists

2. INTEGRITY - "Maintaining accuracy and consistency"

Definition: Ensuring data hasn't been modified by unauthorized parties.

Common Attacks:

- Viruses and malware

- Logic bombs

- Unauthorized access

- Coding errors

- System backdoors

Protection Methods:

- File permissions and access controls

- Version control systems

- Checksums and hashing

- Digital signatures

- Regular backups for restoration

3. AVAILABILITY - "Accessible when needed"

Definition: Ensuring authorized users can access information when required.

Threats:

- Device failures

- Software errors

- Environmental issues (power loss, flooding)

- Denial-of-Service (DoS) attacks

- Network intrusions

Protection Methods:

- Redundancy and failover systems

- Geographic backup locations

- Disaster recovery plans

- Firewalls and proxy servers

- Web application firewalls (e.g., Cloudflare for DDoS protection)

Interconnection: The three elements work together. A comprehensive security strategy must address all three - protecting confidentiality without availability is useless, and having available data without integrity is dangerous.

Q32 13 marks

Discuss the various types of malware, their characteristics, symptoms of infection, and comprehensive countermeasures organizations should implement.

Sample Answer:

Malware Definition: Any file or program designed to harm computer users.

Types of Malware:

1. Virus: Self-replicating code that attaches to legitimate files. Spreads when infected files are shared. Can corrupt or delete data.

2. Worm: Self-propagating malware that spreads across networks without user interaction. Can consume bandwidth and overload systems.

3. Trojan Horse: Disguised as legitimate software but contains malicious code. Users voluntarily install it thinking it's safe.

4. Spyware: Secretly monitors user activity and collects information like passwords, credit card numbers, browsing habits.

5. Keylogger: Records every keystroke to capture passwords and sensitive information.

6. Ransomware: Encrypts files and demands payment for decryption. Examples: WannaCry, Petya, Locky. Process involves infection → download → encryption → ransom notice → payment demand.

7. Backdoor: Creates unauthorized access points into systems for future exploitation.

8. Adware: Displays unwanted advertisements, often bundled with free software.

Common Symptoms of Infection:

- Increased CPU usage (system running hot)

- Slow computer or browser speeds

- Network connectivity problems

- System freezing or crashing

- Files being modified or deleted

- Strange files or icons appearing

- Programs running or closing automatically

- Unusual computer behavior

- Emails sent without user knowledge

Comprehensive Countermeasures:

Technical Controls:

- Install and maintain quality antivirus software

- Regular virus definition updates

- Enable firewalls at network and host levels

- Implement intrusion detection systems

- Regular security patches and updates

- Email filtering and spam protection

- Web content filtering

Administrative Controls:

- Security awareness training for all users

- Clear acceptable use policies

- Incident response procedures

- Regular security audits

User Best Practices:

- Never open attachments from untrusted sources

- Caution when downloading files

- Avoid suspicious websites

- Verify software legitimacy before installation

Data Protection:

- Regular automated backups

- Offline backup copies (air-gapped)

- Test restore procedures

- System restore points

Conclusion: Effective malware protection requires a layered approach combining technology, policies, and user awareness. No single solution is sufficient - organizations must implement comprehensive strategies addressing prevention, detection, and recovery.

Created by Shoug Alomran | CYS401 Chapter 2 Interactive Exam