Data Security
Vocabulary
Encryption
Application of Encryption
Scams and Attacks
Potpourri
Privacy
100
Describe at least two good practices for using passwords.
Use a strong password (e.g., at least 8+ characters, includes uppercase, lowercase, numbers, symbols).
Don't reuse passwords (everyone does)
Change passwords often (no one does)
100
This term describes information that has not been encrypted and can be read by anyone
Plain text
100
A technique for encryption that shifts the alphabet by some number of characters.
Ceasar Cipher
100
This type of cypher shifts the letters in the alphabet by a fixed amount (e.g., the letter "a" becomes "b", "b" becomes "c", etc.)
A Ceasar cipher
100
This common scam tries to trick you into giving away passwords or credit card numbers through fake emails or websites
Phishing
100
Information that identifies an individual
Personally identifiable information (PII)
100
The United States has strong laws protecting privacy that are based on the Constitution. True or false.
False
200
This is the best thing you can do to keep your applications from being hacked using known exploits.
Install updates
200
This is the unreadable version of data after it has been encrypted
Cipher text
200
What is symmetric encryption?
An encryption system that uses the same key to encrypt or decrypt information.
200
The security of modern encryption depends on how difficult it is to factor this type of large numbers.
Prime numbers
200
This type of malicious software encrypts your files and demands payment to decrypt them
Ransomware
200
This is the most common result for a company involved in a data breach.
Usually nothing. Sometimes they they get sued, and sometimes there is a relatively small fine.
200
What does it mean when your Internet browser says the "Connection is secure"?
Data sent to the site is encrypted.
300
Using both a password and a code sent to your phone is called this.
Two-factor authentication
300
Software that can damage or steal information from a computer
Malware
300
What is asymmetric encryption?
Encryption that uses one key to encrypt data and a separate key to unencrypt the data.
300
What is the relationship (in super simplified terms) between a public key and a corresponding private key? Hint: it's a math word.
They are inverses of each other.
300
This type of attack involves tricking someone into revealing confidential information instead of hacking computers directly
Social engineering
300
What is a bug bounty program?
When a company pays individuals to tell them about "bugs" that could be used to hack a device.
300
What are some competing concerns when it comes to a company's right to collect and use personal information and an individual's right to privacy?
Private data powers a lot of computing innovations in ways we like (e.g., improved recommendations) and helps businesses reach customers (e.g., targeted advertising).
400
This type of password attack tries every possible combination.
What is a brute-force attack?
400
This type of authentication avoids some of the problems with passwords by using a device (e.g., a phone) to authenticate a user.
Passkey
400
What is the advantage of asymmetric encryption over symmetric encryption?
Asymmetric encryption has a public key and a private key, which allows strangers to exchange information on the Internet without pre-arranging for a shared key.
400
This mathematical process ensures that data has not been altered and is often represented as a “digital fingerprint.”
Hashing
400
When hackers flood a website with traffic to make it crash
Denial of Service (DoS) Attack
400
In what form should sensitive information (passwords, credit card numbers, PINs, etc.) be used?
Bonus: Why?
As hashed values.
Because hashed values cannot be reversed to discover what created them (e.g., a password hash cannot be turned back into the password).
400
This amendment to the Constitution protects against unreasonable searches and seizures.
4th Amendment
500
What are the three factors of authentication?
Something you know (password, pin)
Something you possess (phone, key)
Something you are (fingerprint, face)
500
This type of authentication uses a physical feature, like a fingerprint or face scan.
Biometric
500
What is the key distribution problem?
Symmetric encryption relies on both the sender and receiver having a shared key. Think of the Enigma machine in WWII, which required the Germans to distribute code books.
Distributing the key makes it vulnerable to being intercepted, which compromises later communications. For example, if the Allies in WWII stole a copy of the code book, they could read the messages.
500
What is frequency analysis, what are "cribs," and what do they have to do with encryption?
Frequency analysis is a technique used decrypt messages based on letters and patterns in a language appearing with predictable frequency (e.g., in English, the most common letters are E, T, A, O, I, N, S, H, R)
Cribs are a known or guessed piece of plaintext. For example, the word "the" is common, so it will likely appear often.
500
Describe the first (known) use of a cyber-weapon. Which country used it, and against which country was it used?
The United States and Israel were widely reported (although both deny it) to have developed Stuxnet, which targeted centrifuges used by Iran to enrich Uranium. Stuxnet made the centrifuges destroy themselves by spinning too fast.
500
What are two big signs that something is a scam?
You must act immediately.
You must provide information.
500
This document is posted on websites that tells you what data the company will collect and how it will be used
Privacy policy.