Cyber Security Test - Week
1 to 5 Exam Questions
with Complete Solutions
Denning [Date] [Course title]
,What does cyber security refer to? - Correct Answers Cybersecurity relates to the security of any device
which is connected to some form of network such as the internet.
What does information security refer to? - Correct Answers Information security is wider than computer
security because it relates to the security of any information, whether that be physical or held within a
digital device.
What does computer security refer to? - Correct Answers Computer security relates to the security of
any computing device.
What are the three stages within cyber security? - Correct Answers Prevent: try to prevent any attacks
Detect: try to detect any attack which are happening or have happened
Respond: try to respond to those attacks by incorporating more mechanisms or including things such as
security training or policies which can also impact the security of a system
What are the three properties that make up the CIA triad? - Correct Answers Confidentiality: where
information should be kept confidential from unauthorised parties. For example, if you visit your GP and
have some medical issues, documented, the doctor's surgery is required to ensure that that is kept
confidential from unauthorised parties.
Integrity: where you want your data to be correct. You don't want someone to go and amend that in an
incorrect fashion. If we go back to the example of the GP surgery, again, you wouldn't want somebody
going and changing your medication to something that it shouldn't be. So again, we're coming back to
the idea of unauthorised parties changing information or accessing information that they shouldn't have
access to.
Availability: The data should be available to legitimate users at a time which is expected to have access
to. One example of this could be a bank unexpectedly being hit by a denial of service attack, in which
case the end user would not be able to access their funds, which could cause some distress as well as,
obviously impact the bank's reputation, which is undesirable.
,What is a Bad/threat actor or malicious actor/hacker/attacker refer to? - Correct Answers Bad/threat
actor or malicious actor/hacker/attacker: an insider or outsider so that is someone who is legitimately
part of the system or someone who's external to that who's trying to impose some form of harm on the
system-- so to gain unauthorised access to a system that it shouldn't have access to.
What does Malicious mean? - Correct Answers Malicious: where someone sets out with the intent of
causing harm.
What does non malicious mean? - Correct Answers Non-malicious: where someone unintentionally
compromises the security of the system-- for example, writing down a password and storing it
somewhere that can be easily found by someone who shouldn't have access to that.
What is a vulnerability? - Correct Answers Vulnerability: a limitation of a system which opens it up to
exploitation.
What is a threat? - Correct Answers Threat: something or someone which is constantly posing potential
harm to an asset, such as a data set.
What is an attack? - Correct Answers Attack: an attempted exploitation of a particular vulnerability of a
system.
What is an attack surface? - Correct Answers Attack surface: a collection of all the different points of
entry an unauthorised attacker could try to exploit.
What is an attack vector? - Correct Answers Attack vector: typically referred to after an attack has taken
place and is the particular path that the attacker has taken in order to gain unauthorised access.
Give three examples of cybersecurity laws and regulations - Correct Answers Computer Misuse Act, the
Serious Crime Act Amendment which revised Computer Misuse Act to reflect more modern landscapes,
and the Data Protection Act 2018, which is the UK implementation of GDPR.
Give four examples of cyber security events in history that changed the industry - Correct Answers The
morris worm, phreaking 60s, first computer password, the 414s real life war games, target 2013
, What are cyber security frameworks? - Correct Answers Cyber security frameworks are pre-defined
guides to developing security policies and procedures.
What is the purpose of cyber security frameworks? - Correct Answers The aim is to reduce the risk of
common cyber security threats which organisations face on a daily basis.
Give three examples of cyber security frameworks - Correct Answers Such frameworks are generally
defined by leading cyber security organisations like
NIST (National Institute of Standards and Technology)
ISO (International Standards Organisation)
NCSC (National Cyber Security Centre)
What are the stages within the NIST cyber security framework? - Correct Answers Identify, Protect,
Detect, Respond and Recover model
What is the common body of knowledge cyber security framework? - Correct Answers The Common
Body of Knowledge (CBK) provides a knowledge base of information security subjects, referred to as
domains, a security professional should understand.
What are the ten security domains within the common body of knowledge? - Correct Answers Access
Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Cryptography
Computer Operations Security
Physical Security
1 to 5 Exam Questions
with Complete Solutions
Denning [Date] [Course title]
,What does cyber security refer to? - Correct Answers Cybersecurity relates to the security of any device
which is connected to some form of network such as the internet.
What does information security refer to? - Correct Answers Information security is wider than computer
security because it relates to the security of any information, whether that be physical or held within a
digital device.
What does computer security refer to? - Correct Answers Computer security relates to the security of
any computing device.
What are the three stages within cyber security? - Correct Answers Prevent: try to prevent any attacks
Detect: try to detect any attack which are happening or have happened
Respond: try to respond to those attacks by incorporating more mechanisms or including things such as
security training or policies which can also impact the security of a system
What are the three properties that make up the CIA triad? - Correct Answers Confidentiality: where
information should be kept confidential from unauthorised parties. For example, if you visit your GP and
have some medical issues, documented, the doctor's surgery is required to ensure that that is kept
confidential from unauthorised parties.
Integrity: where you want your data to be correct. You don't want someone to go and amend that in an
incorrect fashion. If we go back to the example of the GP surgery, again, you wouldn't want somebody
going and changing your medication to something that it shouldn't be. So again, we're coming back to
the idea of unauthorised parties changing information or accessing information that they shouldn't have
access to.
Availability: The data should be available to legitimate users at a time which is expected to have access
to. One example of this could be a bank unexpectedly being hit by a denial of service attack, in which
case the end user would not be able to access their funds, which could cause some distress as well as,
obviously impact the bank's reputation, which is undesirable.
,What is a Bad/threat actor or malicious actor/hacker/attacker refer to? - Correct Answers Bad/threat
actor or malicious actor/hacker/attacker: an insider or outsider so that is someone who is legitimately
part of the system or someone who's external to that who's trying to impose some form of harm on the
system-- so to gain unauthorised access to a system that it shouldn't have access to.
What does Malicious mean? - Correct Answers Malicious: where someone sets out with the intent of
causing harm.
What does non malicious mean? - Correct Answers Non-malicious: where someone unintentionally
compromises the security of the system-- for example, writing down a password and storing it
somewhere that can be easily found by someone who shouldn't have access to that.
What is a vulnerability? - Correct Answers Vulnerability: a limitation of a system which opens it up to
exploitation.
What is a threat? - Correct Answers Threat: something or someone which is constantly posing potential
harm to an asset, such as a data set.
What is an attack? - Correct Answers Attack: an attempted exploitation of a particular vulnerability of a
system.
What is an attack surface? - Correct Answers Attack surface: a collection of all the different points of
entry an unauthorised attacker could try to exploit.
What is an attack vector? - Correct Answers Attack vector: typically referred to after an attack has taken
place and is the particular path that the attacker has taken in order to gain unauthorised access.
Give three examples of cybersecurity laws and regulations - Correct Answers Computer Misuse Act, the
Serious Crime Act Amendment which revised Computer Misuse Act to reflect more modern landscapes,
and the Data Protection Act 2018, which is the UK implementation of GDPR.
Give four examples of cyber security events in history that changed the industry - Correct Answers The
morris worm, phreaking 60s, first computer password, the 414s real life war games, target 2013
, What are cyber security frameworks? - Correct Answers Cyber security frameworks are pre-defined
guides to developing security policies and procedures.
What is the purpose of cyber security frameworks? - Correct Answers The aim is to reduce the risk of
common cyber security threats which organisations face on a daily basis.
Give three examples of cyber security frameworks - Correct Answers Such frameworks are generally
defined by leading cyber security organisations like
NIST (National Institute of Standards and Technology)
ISO (International Standards Organisation)
NCSC (National Cyber Security Centre)
What are the stages within the NIST cyber security framework? - Correct Answers Identify, Protect,
Detect, Respond and Recover model
What is the common body of knowledge cyber security framework? - Correct Answers The Common
Body of Knowledge (CBK) provides a knowledge base of information security subjects, referred to as
domains, a security professional should understand.
What are the ten security domains within the common body of knowledge? - Correct Answers Access
Control Systems and Methodology
Telecommunications and Network Security
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Cryptography
Computer Operations Security
Physical Security
