Scribd
Upload
42 views5 pages

Cyber QA

The document provides a comprehensive overview of cybersecurity, including its definition, importance, and the CIA Triad principles of confidentiality, integrity, and availability. It outlines various types of cyber attacks, threats, vulnerabilities, and the seven layers of cybersecurity, emphasizing the role of human factors and motivations behind cybercriminal activities. Additionally, it discusses security policies, compliance frameworks like GDPR, and the digital forensics lifecycle.

Uploaded by

tdg1lawxv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views5 pages

Cyber QA

The document provides a comprehensive overview of cybersecurity, including its definition, importance, and the CIA Triad principles of confidentiality, integrity, and availability. It outlines various types of cyber attacks, threats, vulnerabilities, and the seven layers of cybersecurity, emphasizing the role of human factors and motivations behind cybercriminal activities. Additionally, it discusses security policies, compliance frameworks like GDPR, and the digital forensics lifecycle.

Uploaded by

tdg1lawxv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Cybersecurity Q&A

Cybersecurity Basics

Q1: What is cyber security?


Cybersecurity is the practice of protecting internet-connected systems (hardware, software,
data) from digital attacks, damage, or unauthorized access through coordinated people,
processes, and technologies.

Q2: What three elements does cybersecurity encompass?


Threat reduction; vulnerability management; incident response; deterrence; resiliency &
recovery; international engagement; information assurance; law-enforcement cooperation;
and computer network operations.

Q3: Why is cybersecurity important?


It prevents financial losses; protects reputation; defends against sophisticated threats;
ensures regulatory compliance (e.g., GDPR); and supports business continuity through
proper response planning.

The CIA Triad (Fundamentals)

Q4: What are the three principles of the CIA Triad?


Confidentiality, Integrity, and Availability.

Q5: Define confidentiality.


Ensuring information is accessible only to authorized users, typically via encryption, access
controls, and authentication.

Q6: Define integrity.


Ensuring data remains accurate and unaltered except by authorized actions, typically via
checksums, digital signatures, and permissions.

Q7: Define availability.


Ensuring authorized users can access systems and data when needed, typically via backups,
redundancy, and fault-tolerant design.

Q8: List 5 methods to enforce confidentiality.


Data encryption; access control lists; two-factor authentication; security tokens/smart
cards; biometric verification.

Q9: List 5 methods to enforce integrity.


Cryptographic hash functions; digital signatures; checksums; file permissions; regular
backups.
Q10: List 5 methods to enforce availability.
Data backups; redundant systems/failover; uninterruptible power supplies; firewalls/IPS;
patch management.

Cyber Attacks

Q11: What is a cyber attack?


A deliberate exploitation of computer systems or networks using malicious code to alter
code, logic, or data, leading to crimes like identity theft.

Q12: What are the two main categories of cyber attacks?


Web-based attacks and system-based attacks.

Web-Based Attacks

Q13: List 7 examples of web-based attacks.


1. SQL Injection
2. DNS Spoofing
3. Session Hijacking
4. Phishing
5. Brute-Force
6. Denial-of-Service (DoS)
7. Man-in-the-Middle

System-Based Attacks

Q14: List 7 examples of system-based attacks.


1. Virus
2. Worm
3. Trojan Horse
4. Backdoor
5. Bot
6. Logic Bomb
7. Rootkit

Threats, Vulnerabilities & Risk

Q15: What is a cyber threat?


Any potential incident, event, or action—intentional or accidental—that can harm an asset
by compromising confidentiality, integrity, or availability.

Q16: What is a vulnerability?


A weakness or flaw in a system that can be exploited to compromise confidentiality,
integrity, or availability.
Q17: What is risk?
The potential for loss when a threat exploits a vulnerability; often conceptualized as Risk =
Threat × Vulnerability × Impact.

Q18: Distinguish threats vs. vulnerabilities.


A threat is the potential danger (e.g., hacker, tornado); a vulnerability is the condition that
allows it (e.g., unpatched software, weak password).

Q19: What are the three categories of vulnerabilities?


Corrupted (loss of integrity); Leaky (loss of confidentiality); Unavailable/Slow (loss of
availability).

The 7 Layers of Cybersecurity

Q20: What are the 7 layers?


1. Mission Critical Assets
2. Data Security
3. Application Security
4. Endpoint Security
5. Network Security
6. Perimeter Security
7. Human Layer

Q21: Explain “Mission Critical Assets.”


The core data or systems (e.g., customer database, source code) an organization must
protect above all else.

Q22: Give an example of Application Security.


Input validation to prevent SQL injection; use of a Web Application Firewall (WAF).

Q23: What is Endpoint Security?


Protection of devices (laptops, phones) via antivirus, encryption, mobile device
management, and port control.

Q24: Why is the Human Layer vital?


Humans are the weakest link; training, phishing simulations, and strong access policies
mitigate human error or insider threats.

Cyber Criminals & Motivations

Q25: Why are computer criminals dangerous?


They exploit vast hardware, software, and data resources to cripple
businesses/governments, steal info, and disrupt services.
Q26: Name three motivations of deliberate attackers.
Political (espionage, sabotage); Economic (theft, fraud); Socio-cultural (publicity, curiosity,
ideology).

Security Policies & Compliance

Q27: What is GDPR?


The EU’s General Data Protection Regulation governing personal data collection, processing,
and storage with strict user rights and penalties.

Q28: Name two other frameworks like GDPR.


NIST Cybersecurity Framework (CSF) and ISO/IEC 27001 Information Security
Management.

Q29: Why have security policies?


They enforce rules, increase accountability, educate employees, ensure compliance, and can
make or break business deals.

Digital Forensics

Q30: What is digital forensics?


The science of preserving, identifying, extracting, and documenting electronic evidence for
legal use.

Q31: Outline the Digital Forensics Lifecycle.


1. Collection
2. Examination
3. Analysis
4. Reporting

Q32: Name two email-forensics techniques.


Header Analysis; Bait Tactics (tracking via embedded image links).

Q33: Give an example of a digital forensics tool.


MiTec Mail Viewer for inspecting email databases; eMailTrackerPro for IP tracing via
headers.

Mobile & Wireless Security

Q34: Why protect mobile devices?


They store sensitive data and access corporate networks; loss/theft or malware can expose
critical info.

Q35: List two common mobile threats.


Smishing (SMS phishing) and malware hidden in apps.
Q36: Name one security control for mobile devices.
Mobile Application Management (MAM) to control app data and permissions.

You might also like