Cyber Security: Theory and Practice (CSN6314) Final Test (30%)

PART 1: Short Answer Questions

1- Define the term 'cybersecurity' as per the NIST Computer Security Handbook and
explain its primary goals. (2 points)

2- Describe three different types of attacks on computer systems, giving an example for
each. (2 points)

3- What is the difference between passive and active attacks? Provide an example of each.
(2 points)

4- List and explain the three levels of impact (Low, Moderate, High) as defined in FIPS
199. (2 points)

5- Define a security plan and list its key components. (2 points)

6- List the types of security policies and their roles. (2 points)

7- Describe the differences between a cold site, warm site, and hot site for backups. (2
points)

8- Explain the concept of a security baseline and provide an example. (2 points)

9- What is the principle of least privilege? (2 points)

10- Define cryptology and its two main branches. (2 points)

11- Describe Kerckhoffs's Principle in cryptography. (2 points)

12- Describe the significance of the Diffie-Hellman key exchange. (2 points)

13- List and explain the different types of attacks on cryptographic systems. (2 points)

14- What is the main purpose of a Message Authentication Code (MAC)? (2 points)

15- Explain the difference between symmetric and asymmetric cryptography. (2 points)

16- Describe the process of creating a digital signature. (2 points)

17- What are the main steps involved in verifying a digital signature? (2 points)

18- Explain the concept of database integrity. (2 points)

19- What is SQL injection and how can it be prevented? (2 points)

20- Describe the concept of database auditing. (2 points)

PART 2: Multi Choices Questions

21- According to FIPS 199, a loss causing significant harm to individuals but not involving
loss of life or serious injuries is classified as: (1 point)
A) Low
B) Moderate
C) High
D) Severe

22- Which type of attack involves an attacker intercepting and potentially altering
communication between two parties without their knowledge? (1 point)
A) DDoS
B) SQL injection
C) Man-in-the-middle
D) Phishing

23- A security plan should include all the following EXCEPT: (1 point)
A) Current Security Status
B) Recommended Controls
C) Marketing Strategy
D) Accountability

24- What is the first step in risk analysis? (1 point)

A) Assess the likelihood
B) Identify the loss
C) Formulate risk control
D) Identify assets and determine vulnerabilities

25- Which of the following is a strategic policy? (1 point)

A) Detailed Procedures
B) Information Security Policy
C) Backup Schedules
D) Incident Response Guidelines

26- The Cyber Kill Chain does NOT include: (1 point)

A) Mitigation
B) Recovery
C) Marketing
D) Detection

27- Database integrity ensures that: (1 point)

A) Data is encrypted
B) Data is accurate and consistent
C) Data is available at all times
D) Data is backed up regularly

28- A common threat to database security is: (1 point)

A) Data mirroring
B) SQL injection
C) Data encryption
D) Data masking
29- SQL injection can be prevented by: (1 point)
A) Encrypting the database
B) Using strong passwords
C) Validating user inputs
D) Backing up the database

30- The primary purpose of encryption in database security is to: (1 point)

A) Improve performance
B) Protect data from unauthorized access
C) Simplify data management
D) Reduce storage requirements

31- Access controls in database security are used to: (1 point)

A) Encrypt data
B) Monitor database performance
C) Restrict who can access what data
D) Backup the database

32- Database auditing involves: (1 point)

A) Encrypting data
B) Monitoring and recording database activities
C) Restoring data from backups
D) Masking sensitive data

33- The purpose of database backup and recovery is to: (1 point)

A) Enhance database performance
B) Ensure data availability in case of failure
C) Encrypt sensitive data
D) Mask data from unauthorized users

34- Data masking is important because it: (1 point)

A) Increases database performance
B) Protects sensitive data from unauthorized access
C) Simplifies data management
D) Reduces data storage requirements

35- A best practice for securing a database is: (1 point)

A) Using default configurations
B) Regularly updating and patching the database software
C) Disabling encryption
D) Allowing all users full access

36- The primary purpose of a MAC is to: (1 point)

A) Encrypt data
B) Provide data integrity
C) Provide non-repudiation
D) Generate keys
 37- A certificate authority (CA) is responsible for: (1 point)
A) Encrypting messages
B) Decrypting messages
C) Issuing digital certificates
D) Generating keys

38- A hash collision occurs when: (1 point)

A) Two different inputs produce the same hash
B) The hash function is deterministic
C) The hash function is used for encryption
D) The hash function is used for decryption

39- Which key exchange method allows two parties to securely share a key over an insecure
channel? (1 point)
A) RSA
B) Diffie-Hellman
C) AES
D) MD5

40- Elliptic curve cryptography (ECC) is known for: (1 point)

A) Using large keys
B) Being less secure than RSA
C) Providing strong security with smaller keys
D) Being slower than other algorithms

Good Luck!
rd
3 of July, 20204
Morteza SaberiKamarposhti

Important Tips:

• I trust all of you, my dear students. So, you don’t need to sign any honest pledge.
• Don’t use generative AI for answering. You can use your slides to know the answers.
• Keep calm and do your best on the test.
• Just don’t forget, in any situations I am in your side.
• Just answer the questions in your own paper by handwriting and scan it and submit it.
• Submit the file by this format: STD_ID – Full Name
• You have 2 hours to answer the questions and 20 minutes for submitting.