Cybersecurity Quiz. How Much Do You Know?

are you up for a challenge want to see how much you know about cyber security well I've got a quiz for you seven questions and we're going to go through each one of these and I want you to pick the best answer so if you're ready then get out your number two pencil close your books we're ready to start keep score okay not all of these questions are going to be rocket science so don't be prepared for uh a Mena test but let's have some fun with these okay the first one cyber security involves preve

ntion detection and response protection obfuscation and Reporting encryption encryption and more encryption firewalls antivirus and hope well I I do hope that you understand hope is not a strategy so that would be a really bad idea although firewalls and antiv virus are certainly important Technologies not nearly enough lots and lots and lots of encryption nah that's not going to do it either we need to encrypt but that's not nearly sufficient protection obfuscation and Reporting well protection

and repor reping are certainly big parts of this obfuscation which is basically trying to hide uh the the details of the system that is not the way to get a system more secure so if you got a you got it right it's prevention detection and response everything we do in cyber security is about doing those three things question two with phyto pass keys if you lose your device there is no way to recover your account all right either that's true or false hopefully you're aware unless there's some sor

t of superposition of States in some sort of odd Schroder's cat situation it's not neither and it can't be both so we'll eliminate those right off the bat now is it true or is it false the reason I put this one is when I did a phto video on pass Keys the number one question people asked was about what happens if I lose my device so I want everyone to understand that in fact there is a way to recover in fact you can recover a number of different ways one is if you've got different devices out her

e uh they can all sync up to some sort of cloud service so that if I lose this one then I can just recover my pass key on another device or I can do regular account recovery just like you do when you lose your password and you click the forgot my password question number three these aren't too hard right zero trust can be summarized as a trust everything verify nothing b trust nothing verify everything thing C the bare minimum d a paranoid delusion well uh a lot of people say that I'm suffering

from one of these but no it's not that uh we we really do want to do zero trust it can help our organization if we do it the bare minimum for most organizations zero trust is not the minimum standard that they would follow it would be the maximum standard that they would follow but it's a good aspirational goal to get to so we're down to these two trust everything verify nothing trust nothing verify everything think about it this way we've got on opposite ends of a spectrum we've got implicit tr

ust and we have zero trust and think about it this way trust everything and verify nothing that's this guy trust nothing verify everything that's zero trust so here's your correct answer question four we're about halfway through are you holding up okay let's see which of these should you do first if you're finding an IT security program Define policy encrypt everything analyze risk or get a good breakfast well as much as I believe in getting a good breakfast I don't know that that's exactly what

we're looking for here so not in the best answer category of possibilities I'll tell you A lot of people think it's here you start with defining a policy and that's the way they go about doing things is they do their policy then from there they do an architecture from there they do an implementation of whatever it is that they've architected then they audit what they are doing in their systems but you know what they didn't do they didn't analyze risk this is actually not the right answer it's a

nalyze risk clearly you want to encrypt the things that are important to you but that's not the way that you build an IT security program just encrypt everything you'll probably do that somewhere along in this phase so I'm going to suggest to you you start at analyzing risk and risk is what informs your policy and then the rest of the cycle works okay for question five we're going to make it a little more difficult this has been really easy so far I know so let's do a little bit of a challenge w

hat happens to the strength of a symmetric key when you make it one bit longer well does it double does it stay the same in terms of strength does it get slightly stronger or does it create a rip in the SpaceTime Continuum I hope to goodness that this is not the case because then we'd all be in trouble so then now we look at this you know it's not going to be the same because the longer the key the more possibilities that someone would have to try in order to break it and it turns out that the c

orrect answer is not a slight Improvement in fact it's a doubling so you make a symmetric key even just a little bit longer and it makes a huge difference let me show you why so a symmetric key remember that's like this where you have the key that you encrypt with is also the same key that you decrypt with that's why we call it symmetric it's the same on both sides now how do we know what the strength of a symmetric key is here's the simple mathematical formula for that it's two to the N where n

is the number of bits in the key so the longer the larger the number of n the more strength you have the more different possibilities and if you know how to do exponents then you know two for instance 2 to the 2 will give you four possibilities so you'd have to try four different things worst case until you got the right one if You' make this one bit more it' be 2 to the 3 so that would be eight and you also can tell I'm sure that eight is twice as much as four so just by increasing by one bit

we double the strength and of course in the real world we use uh strings that are much longer than this we're going to use more things like 128 uh 256 and things like that so it's a lot stronger by just a simple addition of one bit okay number six coming down the home stretch how are you doing hold out for just a little bit longer hardening is an example of which security principle defense in depth separation of Duties the principle of lease privilege or what happens when you leave bread out too

long okay this is definitely true that that this is what happens but it's not really related to our question how about defense in depth that's the idea where I don't rely on any single security mechanism it's kind of belt and suspenders so that way the pants always stay on no that's not really what hardening is about separation of Duties no that's separating so that one person can't make a transaction and approve that for instance so we would require collusion in order for someone to subvert th

e system that's not it so by process of elimination it's the principle of Le privilege now if you're not quite sure why let's take a look at what hardening means This this term in general what it means is if I take a system maybe I install a web server install an application a database or what have you uh it may come with a default user ID and password with default access controls built into it and it may install some services that I don't actually need so what I want to do to harden this system

is I want to change all of these things and eliminate any of the IDS that I don't need any of the access controls that are not absolutely necessary and any services that aren't required in order for the system to operate congratulations you made it to the final question question seven absolute security a is ultimately achievable B requires good firewalls C is worth any cost D is a pipe tream remember pick the best answer okay so absolute security is ultimately achievable uh not really because t

here's always going to be some level of risk if a computer is operational it can be hacked just remember that no matter how good a job we do requires good firewalls well yeah good firewalls will certainly help but it's not nearly sufficient it's not going to give you absolute security by any means so that would be a necessary but not sufficient condition in this case is worth any cost well not really because we don't want to spend more to secure a system than what the thing is actually worth so

we're not going to spend infinite amounts of money in order to secure something unless that thing was worth infinite amounts of money and then D this is the trick part you notice in all the other questions the last one was always kind of a ridiculous answer and this one sounds ridiculous is a pipe dream that means it's something that's not going to be true it turns out that is the case so I gave you a little bit of a a trick question in this one absolute security is a pipe dream we're never goin

g to get a system that has no risk involved D with it but that doesn't mean we quit we still keep fighting the good fight we still keep doing the things that we need to do to make the system as secure as our risk tolerance would dictate okay you finished the quiz let's see how you did if you got seven out of seven correct you're a super cyber geek if you got six out of seven correct I'm going to say you're a cyber Warrior if you're got four or five then you're a serious student keep learning if

you're two to three okay you're a Padawan and there's a lot more to learn but keep it up if you got one you're beginning the journey that's fine if you got zero you're just really unlucky I would say but in all of these cases what I've done is in the description below there's a link to video where you can find out more details about every single one of these questions by looking at other videos that we've done on the channel so so I hope this helps you in your understanding of cyber security I h

ope more than anything you had a little fun with this this wasn't meant to be super hard and hopefully it wasn't and hopefully you now know areas where you can improve and you can focus on cyber security and beat the bad guys thanks for watching if you found this video interesting and would like to learn more about cyber security please remember to hit like And subscribe to this channel