Professional Documents
Culture Documents
CSE 401 Cybersecurity Midterms Reviewer
CSE 401 Cybersecurity Midterms Reviewer
Exam Type
Identification (10 points)
Matching Type (10 points)
Modified True or False: (10 points)
Application (Essay) (20 points)
Uncategorized TermzZz
** haha ang saya kaunting kembot na lang!!! **
Personal Data
- information that can be used to identify an individual, including but not limited to
name, address, phone number, email address, and online identifiers
- can exist in both digital and physical forms
Passwords
- one of the most commonly used forms of authentication in computer systems
Access Control
- practice of limiting access to resources or systems to authorized users
Data Deletion
- process of removing data from a storage medium
- example: emptying the recycle bin
Physical Security
- measures taken to protect physical assets such as buildings, equipment and data
centers from unauthorized access, damage, or theft
- securing physical access to target equipment
Password Security
- practice of creating and using secure passwords to protect accounts and systems
from unauthorized access
- doesn’t recommend dictionary words for passwords due to vulnerability to dictionary
attacks
Software Updates
- updates released software vendors to fix bugs, add new features, and patch security
vulnerabilities
- crucial for maintaining security and protecting against exploits
Hardware Vulnerabilities
- weaknesses in the physical components of a system (CPU, motherboard, others)
Software Vulnerabilities
- weaknesses in the software components of a system (OS, apps, others)
Stuxnet
- sophisticated computer worm discovered in 2010 that targeted Iran’s nuclear
facilities
- believed to have been developed for cyber warfare purposes
- built jointly by US and Israel
- “Operation Olympic Games”
Processing
- data that is being used to perform an operation such as updating a database record
(data in process)
- example: An employee updates a customer’s address in a database record
Transmission
- data traveling between information systems (data in transit)
- example: sending an email containing sensitive information from one computer to
another over a network
Storage
- data stored in memory or on a permanent storage device (hard drive, solid-state
drive, or USB drive - data at rest)
-
1. Confidentiality
- protection of sensitive information from unauthorized access and disclosure
- only authorized individuals have access to sensitive information
- example practices: restricted access, implementing data encryption and
regularly reviewing access logs and auditing access permissions
2. Integrity
- accuracy and consistency of data over its lifecycle
- data cannot be altered or deleted by unauthorized individuals and that data is
consistent and accurate
- example practices: version control of systems, digital signatures, checksums,
hash functions
3. Availability
- ability of authorized individuals to access the data and resources they need
when they need them
- example practices: load balancing and clustering, setting up of redundant
network connections and power supplies to prevent downtime due to
infrastructure failures, using cloud services or offsite backups, implementing
disaster recovery plan to quickly restore services in the event of a major
disruption
Awareness, Training, and Education
- measures put in place by an organization to ensure that users are knowledgeable
about potential security threats and the actions they can take to protect information
systems
- example: conducting regular security awareness sessions
Technology
- software and hardware-based solutions designed to protect information systems
- example: firewall - continuously monitoring and filtering network traffic in search of
possible malicious incidents
Types of Malware
1. Keylogger
- designed to track and spy on online activity by logging every key pressed on
the keyboard
2. Adware
- designed to automatically deliver advertisements to user most oftenly on a
web browser
3. Backdoor 🚪
Types of Cyberattack
1. Social Engineering
- attack focused on manipulating people into performing actions or divulging
confidential information
- can be both technical and non-technical in nature
2. Phishing
- attackers attempt to trick individuals into providing sensitive information
- typically done through fraudulent emails, messages, or websites that appear to
be from a legitimate source
3. Spear Phishing
- targeted on specific individual/group version of phishing usually by researching
their social media profiles or other public information
- customized email/message to make it appear more legitimate, increasing of
the victim falling for the scam
4. Baiting
- tactic involving enticing the victim with an offer (free download or a gift card)
- appears legitimate but when the victim downloads the file or enters their
information, they unknowingly install malware or give away sensitive
information
5. Pretexting
- impersonating someone else to gain victim’s trust to extract sensitive
information from the victim
- example: pretending to be company executive
6. Quid Pro Quo (Something for Something)
- offering a service in exchange for sensitive information
- example: offering to victim’s computer but asks for login credentials and then
disappears
7. Denial-of-Service (DoS)
- network attack that results in some sort of interruption of network service to
users, devices, or applications, often by overwhelming the target with a flood
of traffic
8. SEO Poisoning
- manipulating search engine results in order to redirect users to malicious
websites or to steal personal information
- often used in conjunction with other tactics such as phishing or malware
- effective because it targets users when they are actively searching for
information online
9. Password Attacks
- various techniques that cybercriminals use to gain unauthorized access to
systems or networks by guessing or cracking passwords
10. Advanced Persistent Threats (APT)
- targeted attacks typically carried out by well-funded and highly skilled
attackers