IS1003 - Module 1 Quiz
14. Why is software testing important?
It assures the quality of the product and satisfies the customers as well as users. Also, it promises better business optimization (less maintenance cost), reliability, and superior user experience.
What are the two primary elements of "cyber"?
1. Information Networks 2. Communications Networks
16. Watch the encryption video the "Security by Design" lesson, slide 9. You will learn more about encryption in Network Security, but this video serves a good introduction. · What is a Caesar cipher? How can frequency analysis break a cipher easily? · The XOR operator is used in encryption (and in other computer bit operations). What is 1 XOR 1?
A Caesar cipher is a type of encryption where a full alphabet is placed against one or multiple full alphabets that are rotated 3 places or so. Frequency analysis can break a cipher easily by just finding out the most common letter or letters are and finding out what those letters mean. 1 XOR 1 is 0 or False.
Watch the "How Does the Internet Work?" video in the "What is Cyber?" lesson, slide 12. · Be able to identify a well-formed IP address. · What is better in terms of security—a static or a dynamic IP address? · What is the name of the Internet's protocol?
A dynamic IP address is better in terms of security because it changes every time you turn your motem on. Static IP addresses are easier to hack. Name is IP.
17. Identify the phases of the Systems Development Life Cycle and the function of each.
Analysis: analyze business requirements and gaps Planning: The major steps in creating an application start here. Design: document the inputs, processing, and outputs of each program within the application. Implementation: write and test the specific programs using specific tools. Maintenance: the system iterates through a mini-planning, analysis, design, and implementation. The programs that need modification are identified and revised/repaired.
Define each of the following terms and their functions. · BIOS · CPU · kernel
BIOS - A system setup program that the processor uses to boot up a system when powered on, and to manage data flow between the computer's OS and attached devices, such as a hard disk, keyboard, mouse, and printer. CPU - The brains of a computer, i.e., hardware that sits on the motherboard and handles all of your instructions. kernel - The core of the operating system (OS) that is protected in a separate area of memory to perform essential management tasks for the OS
Define the components of a "threat".
Capability - the adversary's resources, knowledge, and opportunity Intent - the adversary's intended consequences (and their impact) Targeting - the scope of an adversary's focus on a specific organization, mission, program, etc.
What is the difference between a client-server model and a cloud model?
Client-server model: A type of OS program that provides services to other computer programs, called clients. vs. Cloud model: Enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction
15. What is the function of a firewall and what are the major types of firewalls?
Firewall is meant to protect your hardware and the operating system from the "flames" of the Internet. The major types of firewalls are Packet-Filtering, Circuit-Level, Stateful Inspection, Proxy, Software, Hardware, Next-Generation: any of the above with IPS (intrusion prevention systems), and Cloud.
What are the three layers of a device and their purpose?
Hardware - The foundation of the device. Operating System (OS) - Manager of a computer system and middle man between hardware and applications. Applications - Sit on the top layer and are run by users.
What two elements does an operating system need to connect to the Internet?
IP Address and Port Number
18. What are the three basic elements of a program?
Inputs, processing, outputs
What are the interactive components of "cyberspace"?
People, Software, and Services
What are "protocols"? Describe the example of a protocol mentioned in the "What is Cyber?" lesson.
Protocols are a set of rules or procedures for transmitting data between electronic devices. The three examples mentioned were File Transfer Protocol (FTP) which sends data in plain text to be easily intercepted, Secure File Transfer Protocol (SFTP) which encrypts commands and data transfers over a network through Secure Shell (SSH), and The SSH cryptographic protocol which uses digital certificates to authenticate the client and server.
13. Describe these concepts: · Security-by-design · Defense-in-depth · Principle of least privilege
Security-by-design - an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. Defense-in-depth - an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack. This multi-layered approach with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. Principle of least privilege - any user, program, or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn't need admin rights, while a programmer whose main function is updating lines of legacy code doesn't need access to financial records.
What is NISTIR's definition of cybersecurity?
The prevention of damage to, unauthorized use of, exploitation of, and—if needed—the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems.
12. What are the components of a "risk"?
The probability of a threat due to a vulnerability and the associated potential loss/impact, or consequence.
What does the term "attribution" mean with regard to cybersecurity?
The process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.
19. Watch the final video in the "Security by Design" lesson, slide 34. The interviewee states that we can no longer "retrofit" security in our products. Why not? What do we need to do instead?
The world moves at too fast of a pace, instead we need to natively build cybersecurity into our processes.
What is a vulnerability?
Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.