cyber-security.md

KYT/CAT - Cyber Security

Q.1 The integrity threat can be examplified by which of the following scenarios:

• Customer records were hidden, but might have been slightly garbled
• Every customer record is exposed by nation states
• The entire company database was posted to the Internet.
• Every customer record is stolen by hackers

Q.2 Let's talk about adversary types: we can say that Hacktivists are?:

• Motivated by greed, well funded and being tracked in increasingly efficient ways
• Motivated by curiosity and predictable
• Motivated by anger and unpredictable and well organized
• Motivated by dominance and being supported by world class means

Q.3 The art and science of breaking code is called:

• Cryptography
• Cryptanalysis
• Encryption
• Decryption

Q.4 The art and science of creating code is called:

• Cryptography
• Cryptanalysis
• Encryption
• Decryption

Q.5 Distribution, amplification, spoofing and reflection are fundamental notions of what ?:

• Integrity threats
• Adversary types
• A vailability threats
• Confidentiality threats

Q.6 Let's talk about adversary types: we can say that vandals are?:

• Motivated by curiosity and predictable
• Motivated by greed, well funded and being tracked in increasingly efficient ways
• Motivated by anger and unpredictable and well organized
• Motivated by dominance and being supported by world class means

Q.7 In the words of Ritchie and Thompson, what is a Shell ?:

• The command interpreter that looks after the communication between the user and the system
• The OS that manages the control of the machine and supervises the scheduling of the programs
• None of these answers
• The utility tasks

Q.8 Embedding a trap door into a login program results in which of the following:

• An improved version of the login program with enhanced secret access
• A trojan horse
• A login program that requires encryption support
• A compliant version of the code with respect to some process frameworks

Q.9 What's the equivalent of the Nobel Prize of computing:

• Carnegie Mellon Prize
• Japan Prize
• Bletchley Award
• Turing award

Q.10 Brute force attacks are good for which of the following scenarios ?:

• Lots of attack choices, Hoping the size of encryption is not too big
• Fewer attack choices, and most will not work
• Large attack domain size that can be enumerated and traversed with automation
• Small number of attacks, where each is complex

Q.11 What would be the best way to pick up a Trojan Horse trap door:

• Code review
• None of these answers
• Process compliance
• Testing the software

Q.12 Which of the following is true:

• Pen testing is useful and covers all the possibilities
• Pen testing is useful but not enough
• Pen testing could be useful but is generally not used properly
• Pen testing is totally useless whatever the situation

Q.13 Which of the following are vulnerability types?:

• Human actions and organizational irresponsibility
• Missing security components
• All theses answers
• Bugs and system flaws

Q.14 Encryption hard wired between, for example, 2 buildings is called?:

• End-to-end encryption
• None of these answers
• Secrecy technique
• Link encryption

Q.15 In the words of Ritchie and Thompson, what is a Kernel ?:

• The command interpreter that looks after the communication between the user and the system
• The OS that manages the control of the machine and supervises the scheduling of the programs
• None of these answers
• The utility tasks

Q.16 Confidentiality issues can be solved by?:

• Linking communicators together
• Increasing the quality of telecommunications
• Eliminating secrecy
• Using encryption mechanisms

Q.17 The couple "Active entity/Asset" is seen through the Reference Monitor as ?:

• Security system parameters
• Security enabler
• Subject/Object model
• Object/subject program

Q.18 What is the "Morris Worm" ?:

• A malicious program that was set up to clog all the important networks used by the US administration
• A malicious program unleashed with no armful intention that lead to the infection of more than 10% of the world's computers.
• An error in programming that spred out to the internet by mistake.
• A ransom malware that stole millions of dollars from utilities whithin a few hours.

Q.19 A typical integrity threat may concern:

• Buffer overflow
• None of these answers
• Encryption
• Communication integrity

Q.20 Heuristic attacks can be countered with:

• Time
• Size
• Intelligence
• Complexity

Q.21 A typical availability threat is ?:

• Buffer overflow
• A virus
• A denial of service attack
• A malware

Q.22 A malicious worm program is characterized by the following fundamental attribute:

• Auto-propagation without human intervention
• Multi-stage provisioning based on simple tools
• Local installation with expert system administration
• More complex design than a Trojan horse program

Q.23 Pre-attack indicators are like post-attack indicators in which of the following ways:

• Both will always prevent attacks
• Both are really a waste of time for mosts tools
• Neither can possibly prevent an attack.
• Both are more effective in the presence of external threat intelligence

Q.24 Where were Thompson and Ritchie working when they created UNIX:

• At Bell Labs
• At MIT
• In their garage
• At Berkeley

Q.25 Brute force attacks can be countered with:

• Size
• Complexity
• Firewalls
• None of these answers

Q.26 Who is famous for insisting on the fact that proving the existence of one problem does not demonstrate the absence of others:

• Ken Thompson
• James Anderson
• E. Dijkstra
• Alan Turing

Q.27 Let's talk about adversary types: we can say that Nation-state actors are ?:

• Motivated by greed, well funded and being tracked in increasingly efficient ways
• Motivated by dominance, and being supported by world class means
• Motivated by anger and unpredictable and well organized
• Motivated by curiosity and predictable

Q.28 What is the CIA model of cyber security ?:

• Compile, insert and add
• Confidentiality integrity and availability
• Components, installation and attribution
• Control, invest and adapt

Q.29 Cyber adversary motivations include which of the following:

• Money
• All theses answers
• Politics
• Curiosity

Q.30 In what kind of threat do we use behavioral analysis ?:

• Availability threat
• Confidentiality threat
• Integrity threat
• Fraud threat

Q.31 Let's talk about adversary types: we can say that Criminals are?:

• Motivated by curiosity and predictable
• Motivated by greed, well funded and being tracked in increasingly efficient ways
• Motivated by anger and unpredictable and well organized
• Motivated by dominance and being supported by world class means2

Q.32 What does Thompson think about breaking into a computer system?:

• The press is responsible for putting people who do this in a bad light
• It is not that serious since kids can do it
• It should not be considered a game and must be legally punished
• We should trust programmers not to do it

Q.33 What could be the best way to recude the risk of finding a Trojan Horse in a compiler?:

• Make it legal and impose contracts
• Multiple vendors
• None of these answers
• Program testing2

Q.34 In general, integrity threats involve?:

• Need for buget
• Lack of trust
• Problems in memory
• Malicious computing assets

Q.35 The difference between a hurricane knocking out a data center and a malicious hacker knocking out the same data center is following:

• There is no appreciable difference. Both result in a lost center.
• One is an attack the other is not.
• One involves multiple vulnerabilities and other is a weakness.
• Both involve a single vulnerability

Q.36 Which of the following is an advantage of more reactive cyber defense (versus proactive defense)?:

• More vendor options
• Less false positives
• Less false negatives
• Fewer vendor options

Q.37 Who said "You can't trust code that you dit not totally create yourself" ?:

• Ken Thompson
• Bill Gates
• James Anderson
• Denis Ritchier