Unit 5 - AP Cybersecurity Review

Data

Access Controls

Encyrption

Application Attacks

Past topics

100

What does the C, I and A stand for in the CIA Triad?

Confidentiality

Integrity

Availability

100

What access control authorizes access to systems based on pre-determined roles?

Role-based access control

100

Asymmetric needs how many keys?

Two Keys - One private and One public

100

What are the three common application attacks?

Injection

Buffer Overflow

Forgery

100

What is the name of the adversary that are unskilled, little expertise and rely on tools created by others?

Script Kiddies

200

What are the 3 states of data?

Data at Rest

Data in Transit

Data in Use

200

What access control is based on pre-defined rules?

Rule based access control

200

What the name of the key that is a symmetric key but is encrypted by an asymmetric key?

A session key

200

What is an SQL injection attack?

malicious SQL (Structured Query Language) code into input fields or parameters of an application to manipulate the application's database queries and potentially gain unauthorized access to, modify, or delete data

200

Which firewall remembers past networks and traffic: Stateful or Stateless?

Stateful

300

What is the name of the cipher that offsets the alphabet either to the right (forward) or to the left (backward)?

Caesar (shift) Cipher

300

What command that makes modifications to access

chmod

300

What element makes encryption keys stronger compared to others?

Their key length.

300

What is an XSS attack?

Malicious scripts are injected into web applications, and these scripts are then executed by the victim's browser, allowing attackers to steal user data, hijack sessions, or perform other malicious actions

300

What does SIEM stand for?

Security Information and Event Management

400

Data Sovereignty means what

Data has to follow rules.

400

Write out chmod 715 in letter format

rwx--xr-x

400

What is the purpose of hashing a file

To check for file integrity in case someone messed up or changed the original file.

400

What is a buffer overflow attack?

an attacker sends more data than a program’s memory buffer can hold, causing the extra data to spill over into nearby memory and potentially overwrite important information

400

What does a Web Application Firewall (WAF) do?

Firewalls monitor and filter traffic that is sent and received by web applications, blocking malicious traffic and unauthorized data

500

What are the 4 classifications of data?

Confidential, Restricted, Internal, Public

500

What is the name of the model that says you can only read down and write up?

Bell-LaPadula Model

500

What does full-disk encryption require in order to be executed?

A trusted platform module (TPM)

500

What type of attack is shown above?

Cross-Site Script

500

What does IoC stand for in Cybersecurity and what are the three types of IoCs

Indicator of Compromise

Host-Based IoC

File-Based IoC

Behavior-Based IoC