Theory Answers

Thought for a couple of seconds

Below is a concise Q&A for every page’s questions, formatted in Markdown. Each question is
immediately followed by its short answer (“5-point GPA” style).

Page 1: Cyber Security Basics & Definitions

1. Q: Define cyber security and its growing importance.

A: Protection of digital systems and data from unauthorized access or damage; vital as threats
multiply and data underpins business value.

2. Q: Describe the three components of cyber security.

A: People (training, awareness), Processes (policies, incident response), Technologies (firewalls,
encryption).

3. Q: Business and reputational impacts of a data breach.

A: Direct costs (fines, remediation), lost customer trust, brand damage, potential stock decline.

4. Q: GDPR’s role in shaping practices.

A: Mandates strict personal-data handling, breach notification, and hefty penalties—driving stronger
controls.

5. Q: Steps to develop an effective incident response plan.

A: Preparation (policies, tools), Detection (monitoring), Containment, Eradication, Recovery, Post-
incident review.

Page 2: CIA Triad – Confidentiality, Integrity, Availability

1. Q: Define CIA and give two measures each.

A:

Confidentiality: Prevent data leaks (encryption, 2FA)

Integrity: Prevent unauthorized changes (checksums, permissions)

Availability: Ensure access (redundancy, backups)

2. Q: How do 2FA & tokens enforce confidentiality?

A: Add extra identity check, reducing account-takeover risk.

3. Q: How do checksums & permissions maintain integrity?

A: Detect tampering via hash comparison; restrict file modifications.

4. Q: Why are redundancy & backup power vital for availability?

A: Prevent downtime from hardware failure or power loss.
5. Q: Scenario: failure of one CIA pillar.
A: Ransomware encrypts files (integrity lost), halting operations and data trust.

Page 3: Types of Cyber Attacks

1. Q: Four web-based attacks (explain).

A:

SQL Injection: Malicious DB queries

DNS Spoofing: Fake DNS responses

Session Hijacking: Steal session tokens

Phishing: Deceptive credential harvesting

2. Q: Volume- vs protocol- vs app-layer DoS.

A:

Volume: Flood bandwidth (e.g. UDP flood)

Protocol: Exhaust server resources (e.g. SYN flood)
App: Crash service via valid requests (e.g. HTTP GET flood)

3. Q: Compare viruses, worms, trojans.

A:

Virus: Requires host file, replicates on execution

Worm: Self-replicates across networks

Trojan: Disguised benign program, no self-replication

4. Q: Define man-in-the-middle and mitigation.

A: Intercept communications; mitigate with end-to-end encryption (TLS).

5. Q: Explain file inclusion attacks.

A: Exploit include functions to load unauthorized or malicious files on server.

Page 4: 7 Layers of Cybersecurity Defense

1. Q: Purpose of each of the 7 layers.

A:
1. Assets: Identify critical data
2. Data Security: Protect data at rest/in transit

3. App Security: Harden applications

4. Endpoint Security: Secure user devices

5. Network Security: Control network access

6. Perimeter Security: Guard overall boundary
7. Human Layer: Train and test users
2. Q: Why Human Layer is weakest and controls?
A: Humans err; strengthen via phishing tests and awareness training.

3. Q: Endpoint vs perimeter security.

A: Endpoint secures individual devices; perimeter secures network edge.
4. Q: Example of a data security control.
A: AES encryption of databases.
5. Q: Defense-in-depth strategy.
A: Multiple overlapping controls reduce single-point failures.

Page 5: Threats, Vulnerabilities & Risk

1. Q: Define asset, threat, vulnerability, and risk.

A:

Asset: Valuable resource

Threat: Potential harm

Vulnerability: Weakness exploited

Risk: Threat × vulnerability × impact

2. Q: Two passive vs two active attack examples.

A:

Passive: Eavesdropping, traffic analysis

Active: SQL Injection, DoS flood

3. Q: Insider vs outsider attack example.

A: Insider: Employee leaks data; Outsider: Hacker exploits open port.

4. Q: Threat probability and potential loss in risk.

A: Higher likelihood or impact increases overall risk value.

5. Q: Continuous monitoring & remediation.

A: Use vulnerability scanners, patch management, and SIEM alerts.

Page 6: Cybercriminals & Motivations

1. Q: Political, economic, socio-cultural motivations with examples.

A:

Political: State-sponsored espionage

Economic: Ransomware for profit

Socio-cultural: Hacktivism for a cause

2. Q: APT vs random brute-force.

A: APT: targeted, stealthy, long-term; Brute-force: automated, opportunistic.
3. Q: Inadvertent, deliberate, inaction attacker actions.
A:

Inadvertent: Accidental data leak

Deliberate: Malware injection

Inaction: Failure to patch vulnerability

4. Q: How motivations inform security strategy.

A: Tailor defenses: political threats need advanced threat intel; economic need financial controls.

5. Q: Profile potential insider threats.

A: Monitor user behavior and access anomalies.

Page 7: Security Policies & Frameworks

1. Q: What is a security policy and why a living document?

A: Rule set guiding security; must evolve with threats and tech.

2. Q: Compare virus & spyware, firewall, intrusion prevention policies.

A:

Virus: Defines AV usage

Firewall: Network traffic rules

IPS: Blocks detected attacks in real time

3. Q: Purpose of application and device control policies.

A: Restrict unauthorized apps/devices on endpoints.
4. Q: How NIST CSF complements ISO/IEC 27001.
A: NIST provides a practical function-based framework; ISO defines formal certification standards.

5. Q: Steps to implement a new security policy.

A: Draft, review, train staff, deploy tools, audit compliance.

Page 8: Cyberspace & International Law

1. Q: Define cyberspace and its evolving complexity.

A: Global networked environment of systems and users; complexity grows with IoT and cross-
border flows.

2. Q: Key legal areas governments regulate in cyberspace.

A: Encryption export, data privacy, anti-spam, intellectual property.

3. Q: Why international cooperation is essential.

A: Cybercrime transcends borders; joint efforts close jurisdiction gaps.
4. Q: One challenge of cross-border investigations.
A: Differing legal standards and evidence admissibility rules.
5. Q: How evolving cyber laws affect corporate compliance.
A: Force continuous policy updates, training, and audit procedures.

Page 9: Introduction to Cyber Forensics

1. Q: Define computer forensics and its goals.

A: Scientific recovery and analysis of digital evidence for legal use.

2. Q: Four digital media forensic examiners analyze.

A: Hard drives, mobile phones, servers, removable media (USB, tapes).
3. Q: Why maintain evidence integrity.
A: Ensures admissibility and prevents tampering in court.

4. Q: Real-world pivotal digital forensics case.

A: BTK killer caught via metadata on a floppy disk.

5. Q: Qualifications for a forensic examiner.

A: Technical expertise, legal knowledge, attention to detail, certifications (e.g., EnCE).

Page 10: Digital Forensics Lifecycle

1. Q: Four phases with tool/method examples.

A:

Collection: Disk imaging (e.g., FTK Imager)

Examination: Hash verification (md5sum)

Analysis: Timeline reconstruction (Plaso)

Reporting: Formal documentation (EnCase report)

2. Q: How chain of custody is preserved.

A: Use sealed evidence bags, logs for every handoff.
3. Q: Why bypass encryption/compression in Examination.
A: To access hidden or scrambled evidence for analysis.

4. Q: Importance of alternative explanations and audience in Reporting.

A: Ensures balanced conclusions and clear communication to legal stakeholders.

5. Q: How Analysis differs for cloud evidence.

A: Requires API for data export, handles dynamic multi-tenant environments.

Page 11: Challenges in Digital Forensics

1. Q: Three technical challenges & mitigations.

A:

Anti-forensics: Use robust hashing and carve unallocated space

Steganography: Deploy pattern-recognition tools
 Cloud volatility: Snapshots and rapid collection

2. Q: Two legal challenges in evidence presentation.

A: Privacy compliance, chain-of-custody disputes.
3. Q: Resource challenges in high-volume analysis & automation.
A: Data overload; use AI-driven triage and indexers.
4. Q: Explain covert channel and implications.
A: Hidden communication path; hard to detect and may carry exfiltrated data.

5. Q: Impact of rapid tech evolution on tools.

A: Frequent tool updates needed; legacy formats may lose support.

Page 12: Mobile & Wireless Security

1. Q: Why mobile devices pose unique risks.

A: Always-on, portable, connect over untrusted networks, host sensitive apps/data.

2. Q: Define smishing, vishing, mishing with examples.

A:

Smishing: SMS phishing link to fake bank site

Vishing: Voice call pretending helpdesk

Mishing: MMS with malicious attachment

3. Q: How unsecured Wi-Fi and spoofing threaten users.

A: Eavesdrop credentials; connect victims to rogue APs.
4. Q: Trends shaping future mobile security.
A: 5G low-latency threats, AR data leaks, AI-powered malware.

5. Q: Three controls to protect mobile devices.

A: MDM policies, enforce device encryption, VPN for public Wi-Fi.

Page 13: Mobile Device Policies & Guidelines

1. Q: Seven steps for mobile security implementation.

A: Assess needs, select tools, standardize devices, configure security, deploy MDM, train users,
monitor compliance.

2. Q: Umbrella vs hybrid vs device-specific policies.

A: Umbrella: single broad policy; Hybrid: general+specific; Device-specific: tailored rules per device
type.

3. Q: Why standardize hardware & tools.

A: Simplifies management, reduces configuration errors.

4. Q: Role of patch management & inventory tracking.

A: Ensures timely updates and visibility of all devices.
 5. Q: Training topics for mobile security awareness.
A: Phishing recognition, secure Wi-Fi use, device loss procedures.

Page 14: Concept of Laptops & Physical Security

1. Q: Main threats to laptops as endpoints.

A: Theft, data theft, malware via removable media.
2. Q: Compare cable locks, safes, motion sensors.
A:

Cable lock: Affordable, portable

Safe: High protection, bulky

Motion sensor: Alerts on movement, may trigger false alarms

3. Q: Advantages & limitations of warning labels.

A: Deter casual thieves; won’t stop determined criminals.

4. Q: Four logical access controls.

A: Strong passwords, MFA, endpoint firewalls, disk encryption.

5. Q: Balancing usability and security.

A: Use adaptive authentication and clear user guidelines.

Page 15: Summary & Framework Integration

1. Q: How fundamentals, attack knowledge, layers, and forensics form a strategy.

A: Align CIA principles, understand threats, deploy layered defenses, and prepare for investigation
to close the security lifecycle.

2. Q: Align NIST CSF, ISO/IEC 27001, and internal policies.

A: Map NIST functions to ISO controls, embed in policies, audit for continuous improvement.

3. Q: Propose a multi-year security roadmap.

A: Year 1: baseline assessment & quick wins; Year 2: deploy advanced controls & training; Year 3+:
integrate forensics, threat intelligence, and regular maturity reviews.

End of concise Q&A.