Cybersecurity Fundamentals

1. What is cybersecurity?
   • Answer: Cybersecurity involves protecting systems, networks, and data from digital attacks, unauthorized access, and damage to ensure confidentiality, integrity, and availability.
2. Differentiate between confidentiality, integrity, and availability (CIA) in cybersecurity.
   • Answer:
     • Confidentiality: Ensures that data is accessible only to authorized individuals or systems.
     • Integrity: Ensures that data remains accurate, trustworthy, and unaltered.
     • Availability: Ensures that data and systems are accessible and operational when needed.
3. Explain the CIA triad in the context of cybersecurity.
   • Answer: The CIA triad forms the foundation of cybersecurity strategies, aiming to protect information assets against threats by maintaining their confidentiality, integrity, and availability.

Types of Cyber Attacks

1. What are common types of cyber attacks?
   • Answer: Examples include:
     • Malware: Software designed to disrupt, damage, or gain unauthorized access.
     • Phishing: Social engineering tactic to trick users into revealing sensitive information.
     • Denial-of-Service (DoS): Overloading systems to disrupt services.
     • Man-in-the-Middle (MitM): Intercepting communication between parties.
     • SQL Injection: Exploiting vulnerabilities in web applications to execute malicious SQL commands.
2. Describe ransomware and how it works.
   • Answer: Ransomware encrypts files or locks systems, demanding ransom for decryption or restoration of access, typically spread through phishing emails or compromised websites.
3. What is a Distributed Denial-of-Service (DDoS) attack?
   • Answer: A DDoS attack overwhelms a target system or network with a flood of traffic from multiple sources, causing service disruption or downtime.

Cybersecurity Protocols and Standards

1. What is HTTPS, and why is it important for secure communication?
   • Answer: HTTPS (Hypertext Transfer Protocol Secure) encrypts data exchanged between clients and servers, ensuring confidentiality and protecting against eavesdropping and data tampering.
2. Explain the role of firewalls in network security.
   • Answer: Firewalls monitor and control incoming and outgoing network traffic based on predefined security rules, preventing unauthorized access and filtering malicious traffic.
3. What is the purpose of encryption in cybersecurity?
   • Answer: Encryption converts plaintext data into ciphertext using algorithms and keys, ensuring data confidentiality and preventing unauthorized access during transmission and storage.

Cybersecurity Tools and Technologies

1. Name some antivirus software and their functionalities.
   • Answer: Examples include Norton Antivirus, McAfee, and Bitdefender, which detect, quarantine, and remove malware and suspicious files from systems.
2. Describe the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
   • Answer: IDS monitors network traffic for suspicious activity and alerts administrators, while IPS actively blocks or mitigates identified threats to prevent network compromise.
3. What is a Virtual Private Network (VPN), and how does it enhance security?
   • Answer: VPN creates a secure, encrypted connection over a public network (e.g., the internet), masking users' IP addresses and data transmissions, enhancing privacy and security.

Incident Response and Cybersecurity Management

1. Outline the steps in incident response.
   • Answer: Steps include preparation (planning and training), identification (detecting and analyzing incidents), containment (limiting damage), eradication (removing threats), and recovery (restoring operations).
2. What is a Security Information and Event Management (SIEM) system?
   • Answer: SIEM collects, analyzes, and correlates security event data from network devices, servers, and applications to detect and respond to potential security incidents in real-time.