Asked by .
Question 1
Explain how US-CERT works to improve the cybersecurity of the United States. Your answers should include at least three types of tasks or processes used by US-CERT.
Question 2
In your own words, explain the basic concepts of the CIA information security triad.
Question 3
List four examples of personally identifiable information (PII) that a typical social media site such as Facebook or Instagram has for the average user who provides information without thinking much about cybersecurity. If necessary, explain how the site gathered that information.
Question 4
Briefly describe your ideal working situation (e.g., self-started business with a few employees, head of a major company, etc.). For that company, which type of access control would make the most sense, and why?
Question 5
Imagine that a cyberattacker infiltrates a network and tries to get a user to download a virus. The attacker is attempting to detect when two users are sharing a file because the attacker’s objective is to replace the true file with malware. How would hashing help prevent this sort of attack?
All Answers 1
Answered by
GPT-5 mini
AI
1) How US-CERT improves U.S. cybersecurity (with examples of tasks/processes)
- Threat monitoring and analysis: continuously collects and analyzes threat data (malware samples, intrusion indicators, network telemetry) to identify emerging threats and trends.
- Incident response coordination and assistance: helps federal, state, local, and private-sector organizations respond to cyber incidents (triage, containment, remediation), and coordinates information and resources during major events.
- Alerts, advisories and vulnerability disclosure: issues timely products (alerts, bulletins, technical advisories) that describe vulnerabilities, Indicators of Compromise (IOCs), attack techniques, and recommended mitigations; coordinates vulnerability disclosure and patch information.
- Information sharing and collaboration: exchanges threat intelligence with government agencies, private sector partners, and international CERTs to improve situational awareness and collective defense.
- Malware and technical analysis / tooling and guidance: performs malware analysis and provides detection signatures, hardening guides, best-practice checklists, and incident-handling playbooks.
- Training, exercises and outreach: runs exercises, webinars, and training to build capacity and promote cyber hygiene across sectors.
2) CIA information security triad (basic concepts)
- Confidentiality: ensuring information is accessible only to authorized parties. Controls include access control, authentication, encryption, and data classification to prevent unauthorized disclosure.
- Integrity: ensuring information is accurate and complete and has not been altered in an unauthorized way. Controls include cryptographic hashes, digital signatures, checksums, versioning, and strict change controls.
- Availability: ensuring authorized users can access information and systems when needed. Controls include redundancy, backups, capacity planning, DDoS protection, and disaster recovery.
3) Four examples of PII a social site typically has and how it was gathered
- Full name — provided when signing up or filling the profile.
- Date of birth — entered for account creation, age verification, or birthday features.
- Location data (city, GPS/geotag in photos) — added in profile, tagged manually, or captured from photo EXIF/location services and device permissions.
- Phone number and/or email address — supplied for account creation, two-factor authentication, or contact sync (sometimes imported from the user’s device contacts).
(Other PII could include profile photos, friend lists, employer/education info, and IP address; many are collected either directly from user input, device permissions, or automated telemetry.)
4) Ideal working situation and recommended access control
- Situation: small self-started software company with a handful of employees (developers, ops, product, and sales).
- Recommended access control: Role-Based Access Control (RBAC) combined with Principle of Least Privilege and multi-factor authentication.
- Why: RBAC maps easily to job functions (developer, admin, sales), simplifies administration as employees join/change roles, and enforces least privilege. For sensitive operations (deployment, payroll), add stricter controls (just-in-time elevation, separation of duties, and privileged access management). RBAC scales better than manual discretionary controls for a growing startup and is simpler than fine-grained ABAC unless you need complex attribute rules.
5) How hashing prevents the attacker’s file-replacement attack
- Integrity check: Before sharing, compute a cryptographic hash (e.g., SHA-256) of the legitimate file and distribute that hash via a trusted channel. Recipients compute the hash of the downloaded file and compare it to the expected hash. If the attacker replaced the file with malware, the hashes will not match, detecting the tamper.
- Stronger guarantee: Sign the file’s hash with the sender’s private key (digital signature) so an attacker cannot simply replace both file and hash. Verifying the signature with the sender’s public key proves the file came from the legitimate source and hasn’t been altered.
- Note on limitations: Hashing only detects tampering if the expected hash is obtained securely. If the attacker controls the channel that distributes the expected hash or signature, additional protections (trusted key distribution, PKI, or out-of-band verification) are required.
- Threat monitoring and analysis: continuously collects and analyzes threat data (malware samples, intrusion indicators, network telemetry) to identify emerging threats and trends.
- Incident response coordination and assistance: helps federal, state, local, and private-sector organizations respond to cyber incidents (triage, containment, remediation), and coordinates information and resources during major events.
- Alerts, advisories and vulnerability disclosure: issues timely products (alerts, bulletins, technical advisories) that describe vulnerabilities, Indicators of Compromise (IOCs), attack techniques, and recommended mitigations; coordinates vulnerability disclosure and patch information.
- Information sharing and collaboration: exchanges threat intelligence with government agencies, private sector partners, and international CERTs to improve situational awareness and collective defense.
- Malware and technical analysis / tooling and guidance: performs malware analysis and provides detection signatures, hardening guides, best-practice checklists, and incident-handling playbooks.
- Training, exercises and outreach: runs exercises, webinars, and training to build capacity and promote cyber hygiene across sectors.
2) CIA information security triad (basic concepts)
- Confidentiality: ensuring information is accessible only to authorized parties. Controls include access control, authentication, encryption, and data classification to prevent unauthorized disclosure.
- Integrity: ensuring information is accurate and complete and has not been altered in an unauthorized way. Controls include cryptographic hashes, digital signatures, checksums, versioning, and strict change controls.
- Availability: ensuring authorized users can access information and systems when needed. Controls include redundancy, backups, capacity planning, DDoS protection, and disaster recovery.
3) Four examples of PII a social site typically has and how it was gathered
- Full name — provided when signing up or filling the profile.
- Date of birth — entered for account creation, age verification, or birthday features.
- Location data (city, GPS/geotag in photos) — added in profile, tagged manually, or captured from photo EXIF/location services and device permissions.
- Phone number and/or email address — supplied for account creation, two-factor authentication, or contact sync (sometimes imported from the user’s device contacts).
(Other PII could include profile photos, friend lists, employer/education info, and IP address; many are collected either directly from user input, device permissions, or automated telemetry.)
4) Ideal working situation and recommended access control
- Situation: small self-started software company with a handful of employees (developers, ops, product, and sales).
- Recommended access control: Role-Based Access Control (RBAC) combined with Principle of Least Privilege and multi-factor authentication.
- Why: RBAC maps easily to job functions (developer, admin, sales), simplifies administration as employees join/change roles, and enforces least privilege. For sensitive operations (deployment, payroll), add stricter controls (just-in-time elevation, separation of duties, and privileged access management). RBAC scales better than manual discretionary controls for a growing startup and is simpler than fine-grained ABAC unless you need complex attribute rules.
5) How hashing prevents the attacker’s file-replacement attack
- Integrity check: Before sharing, compute a cryptographic hash (e.g., SHA-256) of the legitimate file and distribute that hash via a trusted channel. Recipients compute the hash of the downloaded file and compare it to the expected hash. If the attacker replaced the file with malware, the hashes will not match, detecting the tamper.
- Stronger guarantee: Sign the file’s hash with the sender’s private key (digital signature) so an attacker cannot simply replace both file and hash. Verifying the signature with the sender’s public key proves the file came from the legitimate source and hasn’t been altered.
- Note on limitations: Hashing only detects tampering if the expected hash is obtained securely. If the attacker controls the channel that distributes the expected hash or signature, additional protections (trusted key distribution, PKI, or out-of-band verification) are required.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.