Cybersecurity Fundamentals
Define cybersecurity and explain why it has become increasingly important in enterprise networks.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks aimed at accessing, altering, or destroying information. Its importance has grown because enterprises face sophisticated threats from a growing number of connected devices and attackers exploiting complex network environments
Describe the concept of “defense-in-depth” and explain how it protects an organization from multi-layered attacks.
Defense-in-depth uses multiple layers of protection (e.g., firewalls, antivirus, encryption) so that if one layer fails, others prevent further intrusion. Each layer increases the attacker’s effort and exposure risk
Explain the relationship between the TCP/IP model and the OSI model. How do they differ conceptually?
The OSI model is a theoretical seven-layer framework standardizing communication, while TCP/IP is a practical four-layer implementation suite used on the Internet. OSI separates layers conceptually; TCP/IP merges similar functions for efficiency
Distinguish between a threat, vulnerability, and risk in information security. Provide one example of each.
Threat – any potential event that can cause harm, e.g., a phishing attack.
Vulnerability – a weakness exploited by threats, e.g., outdated software.
Risk – the potential impact arising from a threat exploiting a vulnerability, e.g., data loss after a ransomware attack
List and briefly explain the five major protection layers in enterprise network defense.
Physical security (guards, cameras)
Perimeter security (firewalls, IDS)
Internal network security (segmentation, VLANs)
Host security (antivirus, patching)
Data security (encryption, access control)
Identify and describe the four layers of the TCP/IP model and their main functions.
Answer:
Datalink Layer: handles physical transmission (Ethernet, NICs).
Internet Layer: manages routing and addressing (IP).
Transport Layer: ensures reliable delivery (TCP, UDP).
Application Layer: supports user interaction and services (HTTP, DNS)
Describe four types of vulnerabilities and state which one is most common in modern organizations.
Network, operating system, process, and human vulnerabilities. Human vulnerabilities—such as weak passwords and phishing susceptibility - are the most common because they rely on human error.
Explain the role of reconnaissance in the Cyber Kill Chain and how security teams can counter it.
Reconnaissance involves attackers gathering target information before an attack. It can be countered through monitoring, limiting public data exposure, and early detection tools like intrusion detection systems
Describe the seven layers of the OSI model and group them under software, heart, and hardware categories.
Software Layers: Application (7), Presentation (6), Session (5)
Heart of OSI: Transport (4)
Hardware Layers: Network (3), Data Link (2), Physical (1)
Explain how the CIA Triad ensures data protection and provide an example for each principle.
Confidentiality ensures only authorised access (e.g., password-protected files).
Integrity maintains data accuracy (e.g., hash checks to prevent tampering).
Availability ensures timely access (e.g., backup systems for recovery)
Differentiate between social engineering tactics such as phishing, tailgating, and baiting. Provide one preventive measure for each.
Phishing: deceptive emails — prevent with user education.
Tailgating: unauthorized physical entry — prevent with access badges.
Baiting: tempting offers leading to malware — prevent with strict device policies
Compare the roles of TCP and UDP in the Transport Layer. Under what circumstances would each be used?
TCP provides reliable, connection-oriented communication (e.g., email, web browsing), while UDP offers faster, connectionless transmission for real-time applications (e.g., video streaming, DNS queries)
Discuss how the AAA framework (Authentication, Authorization, and Accounting) supports secure network access.
AAA enforces who can access the network (authentication), what they can do (authorization), and logs all actions (accounting), enabling traceability and compliance with organizational policies
Discuss the role of user education and Multi-Factor Authentication (MFA) in preventing social engineering attacks.
User education reduces susceptibility to deception, while MFA adds a verification layer beyond passwords, minimizing the success of compromised credentials
Discuss the practical significance of understanding both OSI and TCP/IP models for enterprise network management.
Knowledge of both models allows IT professionals to design, troubleshoot, and secure networks effectively, mapping conceptual understanding (OSI) to real-world implementation (TCP/IP) across devices and protocols