USNA SCY CYBER I 6 WEEK EXAM 2017-2018/ SEMESTER 2
What does "" mean? Is it the same as " "?
"" means empty string "" is not the same as " "; " " is a blank space character.
Define Concatenation:
"glues" together two strings in order to form one string
Kilo, Mega, Giga, Tera, Peta:
(2^10), (2^20), (2^30), (2^40), (2^50)
Define CPU:
(Central Processing Unit) performs the instruction cycle
0000
0
How many bytes in a hex?
0.5 (4 bits)
0001
1
How many bytes in an ASCII character?
1 byte (8 bits)
Which statements are correct about the command "cd"
1. It is an absolute path in UNIX 2. cd ~ takes you to your home directory
What type of access do you need to create a new user's home directory on a UNIX/windows system?
1. Root on UNIX 2. Admin on windows
Covert 0xa7bs to binary
1010 0111 1011 0010
Convert 2019 to binary then to hex.
11111100011 7E3
Convert 10101110 to decimal.
174
0010
2
How many bits are in a byte?
2^20
0011
3
0100
4
1 Hex = ___ bit pattern
4 bit
0101
5
0110
6
0111
7
1000
8
How many bits are in a MB?
8 x 2^20 = 223
1001
9
Define File Header:
A block of bytes at the beginning of a file that conveys information about the file format.
What is a host?
A computer on a network
Peripheral:
A device connected to a computer such as keyboard, mouse, monitor.
What is the difference between a switch and a hub? Which is more secure (confidentiality-wise)?
A hub broadcasts to all hosts on a network, whereas a switch allows for communication between specified hosts on a network so as to not interfere with communication between other hosts. A switch is more secure because information is not shared with everything on the network, unlike with a hub.
Define File system:
A path specifying a file
Define File:
A sequence of bytes on a computer.
What is Boolean?
A true or false value
Through what means can programs interface with the operating system?
API (Application Programming Interface)
In the right-side portion?
ASCII
Define Non-repudiation:
Ability to correlate, with high certainty, a recorded action with its originating individual or entity. (Reflects our ability to prove later, after the fact, that an action is associated with a specific individual or entity.)
Define Authentication:
Ability to verify the identity of an individual or entity.
Super-user account:
Account with unlimited system privileges.
Define Process:
Actual running instance
Define Data Link Layer:
Actually gets the packet between hosts within the same network.
What is an ARP table?
Address Resolution Protocol table
What function creates a pop-up dialogue box?
Alert()
Byte:
An 8 bit chunk
Bit:
An individual 0 or 1
List the TCP/IP Stack Layers, with a brief description of each:
Application Layer - User program interaction + protocol Transport Layer - Breaks files into packets (called "datagrams" at this layer), provides address/port info, and reconstitutes the information on the other end to present to application layer. Network/Internet Layer - Routes packets across the internet, from source host to destination host Data Link Layer - Provides means to transfer packets (called "frames" at this layer) between hosts on the same network. Physical Layer - The physical medium over which information travels.
Define API:
Application Programming Interface - Executing program asks the OS to do something on it's behalf.
Define Server:
Application that provides a service to a client across a network.
What are the TCP/IP stack layers?
Application, Transport, Network, Data Link, Physical
List the layers of the TCP/IP stack in descending order and briefly describe each layer.
Application: communication between programs on different hosts Transport: communication between processes Network: routing packets/communication between hosts on different networks Data Link: routing packets/communication between hosts on the same network Physical: transmitting/receiving data as bits on the physical network medium
Suppose you were able to log onto to someone else's laptop using their credentials, what pillar of cyber security did you violate?
Authentication
What does Javascript do with numbers and strings?
Automatically converts numbers to strings and strings to numbers when it deems it to be necessary.
Define II
B is true if either a or b is true
Define &&
B is true only if both a and b are true
Absolute pathname:
Begins at the root directory.
Relative pathname:
Begins at the working directory
How can the programmer enter a / or ' or " character into a string?
By adding a \ in front of it
What would UNIX 'cd . . path' display?
Change Current Directory
What would windows 'cd . . path' display?
Change current directory
cd:
Changes to the current working directory
Define RAM:
Computer hardware used for temporary data storage, also called 'main memory'.
List and describe in layman's terms the 5 pillars of cybersecurity.
Confidentiality - Protecting information so that people who do not need or should not have information do not have it (usually dealing with espionage) Integrity - Protecting information/services/data from being modified or destroyed Availability - Ability for users (or anyone with permission) to access data and use services that they need (think DDoS attacks) Non-repudiation - Ability to link an action to a particular user (usually only comes up during man-in-the-middle attacks) Authentication - Assurance that someone is who they claim to be (usernames and passwords in cyberspace, ID badges in physical space)
Five Pillars of Cyber Security:
Confidentiality, Integrity, Availability, Non-repudiation, Authentication (CIANA)
Define Encoding:
Converting data from one system of communication into another. ASCII is only one form.
What does the second line of code do?
Converts the input to a number
copy:
Copies the file named in the first argument, and gives the copy the name provided by the second argument
Convert 44 30 67 731 to ASCII.
D0gs
Define Executable:
Data that is meant to be run on a CPU
del:
Deletes the file
What would UNIX 'pwd' display?
Display current directory
What would windows 'cd' display?
Display current directory
Name two reasons why USB sticks are not allowed on DoD computers.
Easy to lose Can be used to take large amounts of data off a system Can introduce viruses to a system
What can entities do in the Cyber Domain?
Entities that are associated with one aspect can have many simultaneous interactions with adjacent aspects. They can also skip layers and interact with non-adjacent aspects.
Describe the fetch-decode-execute cycle.
Fetch the next instruction (a block of bytes) from RAM Decode the block of bytes Execute the instruction
Define Program:
File that contains the instructions
Consider this code fragment: var word="Ravens"; var total = 0; while ( total < 6 ) { Alert(word[total]); total = total + 1; } Annotate it to let a user input a word instead of the fixed word Ravens. The output of the program should be an alert box with the user entered word.
First line should read: var word=Prompt("Please enter a word"); Third line should read: while(total<word.length) {
Through what means can the user interface with the operating system?
GUI (graphical user interface), shell
Define Concatenation:
Glues together two strings to form a single new string.
Define GUI:
Graphical User Interface - Stuff you click on (used by users)
Suppose you are writing a term paper in MS Word and save it every 10 minutes. 5 minutes after your last save, your computer loses power and reboots. When you start up your computer again, from where does your computer retrieve your saved document? Will it have the 5 minutes of work you performed since your last save?
Hard Drive
What is the difference between the hard drive, CPU, and RAM?
Hard drive - Long-term memory storage; not accessed as often as RAM; relatively large memory capacity; modified less often than RAM CPU - (Central Processing Unit) performs the fetch-decode-execute cycle; NOT a type of memory RAM - (Random Access Memory) constantly accessed; talks to the CPU during the "fetch" portion of the instruction cycle
What type of characters does frhed show in the main portion?
Hex
Define Shell:
Interface for giving commands to an OS where the user types commands as text. Also allows commands for the OS to be entered as plain text strings. (Users and programs)
Define Application Layer:
Is about programs running on different hosts that want to communicate. (Communications between the Chrome web browser on your laptop and Facebook).
Define Protocol:
Language the browser and server should use to communicate.
With which two layers is the ARP table associated?
Link and Network Layers
What would UNIX 'ls' display?
List contents of current directory
What would Windows 'dir' display?
List contents of current directory
Define Hard Drive:
Long term memory of a computer.
What permissions do you need to look at a file and what permissions do you need to copy a file? (read/write/execute)
Look: red Copy: write
What is c8:60:00:6d:f4:80? (Do not convert it to anything.)
MAC address
mkdir:
Makes a new directory
Define Client:
Makes use of a service provided by a server, typically across a network.
Define Operating System:
Manages the physical computer and the programs that run on it.
Defines Processes:
Managing when programs execute on the CPU.
Example of function:
Math.sqrt( )
Are files and folders uniquely defined by their name?
No, rather they are unique by the distinct path that defines it.
After you logged onto their laptop, suppose you modified their computer logs to show that they were logged onto their computer at a certain time, when they really were not logged on. What pillar of cyber security did this violate?
Non-Repudiation (could also accept integrity)
List the 5 aspects of the cyber domain and describe them briefly.
Persona Aspects: users that play a role in the cyber domain; one user can have multiple personas Interface: the hardware and software users interact with Logic: information stored in information systems Circuit: the paths that data flows across and the systems that store it Geographic: physical location of the user, system, or data paths
5 Aspects of the cyber domain:
Persona, Interface, Logic, Circuit, Geographic
Type:
Prints the bytes of the file
What function allows the user to enter input?
Prompt ()
Define Confidentiality:
Protection of information from disclosure to unauthorized individuals, systems, or entities.
Define Integrity:
Protection of information, systems, and services from unauthorized modification or destruction. (data oriented)
Suppose someone else wanted to look at the file page.html from my /home/debels directory, what permissions (read, write, execute, delete) would they need to do this. If they wanted to move the file, what permissions would they need?
Read - to look at page.html Write - to move page.html (and maybe read as well)
Define File Operations:
Read data from a DVD
Four types of permissions:
Read, Write, Execute, Delete
Define Interface Aspects:
Represent hardware devices and software that users interact with to provide input into other components in the cyber domain. (Keyboards, mouse, touch screens, microphones)
Strings are used to:
Represent sequences of characters.
Define Logic Aspects:
Represent the information that is stored within the information systems. (Meaning of raw data that is flowing between or stored in systems)
Define Circuit Aspects:
Represent the paths that data flow across between systems or systems that store raw data.
Geographic Aspects:
Represent the physical location of the user, system, or data paths. Include natural boundaries and geopolitical boundaries (borders).
Define Persona Aspects:
Represents users that have a role in the cyber domain. At different times a single person may have multiple personas.
Define Shell Command:
Request to have a program executed.
Define Network Layer:
Responsible for routing packets across the internet from the source host to the destination host through the various networks which make up the internet.
Define Network Connections:
Send and receive data via a WiFi connection
Match the operating system service to the definitions. OS Services: Processes C. Permissions D. File Operations A. Network Connections B.
Service Descriptions: A. Read data from a DVD B. Send and receive data via a WiFi connection C. Managing when Programs execute on the CPU D. Verify user login credentials
Define Transport Layer:
Splits the data into manageable chunks and adds port number information.
What does the ARP table do?
The ARP table acts like a phone book for hosts on the same network. It stores the IP address and associated MAC addresses of the different hosts.
Why does the Navy restrict the use of USB drives?
The Navy restricts the use of USB drives because their portability and lack of security features make them ideal for carrying malicious software.
Define Network Connections:
The OS can send or receive data to/from a computer's ethernet port or WiFi radio.
You open up Notepad and begin working on a simple text file, and you save it as document.txt. Without exiting Notepad, you use Frhed to open the file document.txt, and you change the values of many, even all of the bytes in the file document.txt and save it. No matter what changes you make, however, the running Notepad that you have is still there: you can switch back to it and keep editing text, it works just the same as ever. Why didn't all those changes to document.txt in Frhed cause any problems to the currently running document.txt in Notepad?
The changes did not cause problems because the version currently running in Notepad has not been affected by the changes made in Frehd. The version running in Notepad is an old version that was saved on the hard drive. The version edited in Frhed has overwritten the previous version, but has not been updated in the currently running Notepad.
Define File Format:
The encoding used to represent the info stored in a file.
When most operating systems open a file, such as Ravens.pdf, what does the operating system use to determine what type of file it is? Is this the best approach? If not, what is a more accurate way of assessing the type of a file?
The file extension No - using the file header is the more accurate way of assessing file type.
What happens if a host is not listed in the ARP table?
The host looking for the MAC address, called Host A, will send an ARP request to the broadcast MAC address asking for the other hosts' MAC address, called Host B. Since the request is sent to the broadcast MAC address, everyone on the network, including Host B, will receive the request. Host B will respond to the ARP request with its MAC address
Define File Type:
The kind of data stored in a file.
Define Physical Layer:
The lowest layer which consists of wires and radio waves.
How does the operating system know how to open a file? In other words, what part of the file does the OS look at to determine what program to use to open the file? How can an adversary spoof an OS into opening a file the file incorrectly?
The operating system knows how to open a file based on the file extension. An adversary can spoof an OS into opening the file incorrectly by modifying the file extension. Keep in mind: the type of file does not change; the file header stays the same.
What is encapsulation?
The process of putting together all of the information from the TCP/IP stack, beginning with the Application layer.
What is de-encapsulation?
The process of unpacking all of the information form the TCP/IP stack, beginning at the link layer
When a program is launched, what happens before the fetch-decode-execute cycle starts?
The program is loaded from the hard drive into RAM
Define File Name Extension:
The suffix portion of a file name.
What will ipconfig show?
The user's IP address (on the local network), subnet mask IP, gateway router IP
Define Availability:
Timely, reliable access to data and information services by authorized users.
Define Boolean values:
True or false statements used to make decisions in programs.
Define Boolean values:
True/false values
Define Strings:
Used to represent sequences of characters.
World Wide Web:
Vast global connection of servers and clients (aka browsers) communicating using HTTP protocol
Define Accounts, Permissions:
Verify user login credentials
Define Server:
Web server
Consider this fragment of code: var t = Prompt("enter a number"); var x = 0; If (t<0 || t>100) { Alert ("enter a number between 0 and 100"); } else{ if (isNaN(t)) { Alert("Please enter a number!"); } else { Alert("success"); } }
What happens when you enter the letter A? Please enter a number! What happens when you enter the number 150? enter a number between 0 and 100 What happens when you enter the number 100? success
1010
a
What does && mean?
and
1011
b
1100
c
Label the parts of the command line entries below as command, option, and argument: copy hello.txt world.txt nc -l -p 31337
copy - command hello.txt and world.txt - arguments nc - command -I -p - options 31337 - argumen
Assuming I was in the /Home directory, how would I copy the file page.html using the -v option to /Users/Docs directory (write the unix command with the proper arguments)?
cp -v /Home/debels/page.html /Users/Docs Note you must have the forward slash to start each absolute file path!
1101
d
rmdir:
deletes the directory
1110
e
1111
f
File system elements in UNIX are separated by:
forward slash (/) back slash(\) in windows
What does isNaN(n) mean?
is not a number
Command Options:
mkdir, del, rmdir, copy,. move, type
move:
moves the file named in the first argument
What does || mean?
or
How can you remotely access Rona (what is the command)?
ssh Rona
Change the following code to accept user input as "a" and print the letters of the word the user entered (consider how to find out the number of letters in "a") var a = "Cyber rulez!"; var count = 0; while(count < 12){ alert(a[count]); count = count + 1;
var a = "Cyber rulez!"; change to: var a = prompt("Enter a word.); var count = 0; while(count < 12){ change to: while(count < a.length + 1){ alert(a[count]); count = count + 1;