Confidentialityprotects data from unauthorized access, includingpassive attackslike eavesdropping, wiretapping, and packet sniffing. Encryption, access controls, and secure authentication mechanisms help enforce confidentiality.

Availabilityensures uptime and system accessibility.

Integrityensures data accuracy but does not prevent interception.

Adaptationis not part of the CIA triad.

This scenario describes adata exportattack, where an attacker steals sensitive information (e.g., personal data, trade secrets, or financial records) and transfers it to another entity, often for malicious purposes.

Launch pointrefers to using a compromised system for further attacks.

Denial of availabilitydisrupts access to resources.

Data modificationinvolves unauthorized changes rather than theft.

TheNetwork layer(Layer 3 of the OSI model) includes theInternet Control Message Protocol (ICMP), which is used for network diagnostics (e.g.,pingcommand). ICMP helps in error reporting and network troubleshooting.

Transport layerhandles reliable data delivery (e.g., TCP, UDP).

Session layermanages communication sessions.

Application layerprovides end-user services.

Theipconfigcommand in Windows provides details about a computer's network adapters, including IP addresses, subnet masks, default gateways, and DNS settings. It is particularly useful for troubleshooting connectivity issues.

traceroute(or tracert in Windows) is used to trace the path packets take to a destination.

nslookupis used for querying DNS records.

netstatprovides details about active network connections and listening ports, but not adapter configurations.

Alaunch point attackoccurs when an attacker compromises a system and uses it as a foothold to spread malware, conduct reconnaissance, or launch further attacks against other systems. Botnets and command-and-control (C2) servers operate this way.

Denial of availabilitydisrupts service, but does not spread attacks.

Data exportsteals data instead of launching further attacks.

Data modificationchanges existing information but does not involve propagating threats.

Aman-in-the-middle (MITM) attackoccurs when an attacker secretly intercepts and relays communication between two parties. This allows the attacker to steal data, modify messages, or inject malicious content without the victims' knowledge.

Credential stuffingreuses stolen login credentials but does not involve interception.

Social engineeringmanipulates users rather than intercepting messages.

Pharmingredirects users to fraudulent websites, but it does not intercept communication.

AType 1 hypervisor(bare-metal hypervisor) runs directly on the hardware, providing better security and efficiency compared to Type 2 hypervisors. It reduces attack surfaces and optimizes resource utilization. Examples include VMware ESXi and Microsoft Hyper-V.

Type 2 hypervisorsrely on a host OS, making them less secure and efficient.

Open-source and proprietarydescribe licensing models, not hypervisor types.

Infrastructure as a Service (IaaS)provides virtualized computing resources over the cloud, including virtual machines where users can install and configure their own operating systems and applications. It offers flexibility and scalability without requiring hardware investment. Examples include AWS EC2 and Microsoft Azure Virtual Machines.

FaaSexecutes small code functions without infrastructure management.

PaaSprovides a managed platform but not full OS control.

SaaSoffers ready-to-use applications without infrastructure control.

Integrityin theCIA (Confidentiality, Integrity, Availability) triadensures that data is not altered in an unauthorized manner. In networking, integrity mechanisms such as checksums, message authentication codes (MACs), and digital signatures verify that transmitted data has not been tampered with. If an IP packet has an invalid checksum, the system detects corruption and requests retransmission, ensuring data integrity.

Confidentialityprotects against unauthorized access but does not ensure data consistency.

Availabilityensures that resources are accessible but does not verify data correctness.

Consistencyis not a formal component of the CIA triad.

Enhancing physical resource securityensures that servers, networking devices, and data storage facilities are protected from unauthorized physical access, theft, or tampering. This includes measures like biometric authentication, surveillance, and restricted access zones.

Using a variable network topologydoes not directly protect data.

Increasing wireless access point rangemay improve connectivity but does not enhance security.

WEPis weak and should not be used for data protection.

Credential stuffingis a cyberattack where attackers use stolen username-password combinations from one breach to try logging into other services, exploiting users who reuse passwords. Automated tools test multiple credentials against multiple sites, leading to unauthorized access.

Brute-force attacksystematically tries all possible passwords but does not use breached data.

Session hijackingintercepts active user sessions but does not use stolen credentials.

Social engineeringmanipulates users into revealing credentials, rather than using breached data.

Anaccess point (AP)is a network device that extends the coverage of a wireless network by acting as a bridge between wired and wireless devices. It allows users to connect to a network without needing a direct wired connection. APs are particularly useful in large office spaces where Wi-Fi signals may not reach all areas.

Routersprimarily manage network traffic but do not directly extend network range unless they include built-in AP functionality.

Serversare used for hosting applications and storing data but do not extend network connectivity.

Switchesconnect wired devices within a local network but do not extend wireless network range.

Phishingis a cyberattack where attackers impersonate legitimate entities (e.g., banks, companies) and send fraudulent emails or messages designed to trick recipients into revealing sensitive information, such as usernames, passwords, or financial details. The fake link in the email directs victims to a malicious site that captures their credentials.

IP address spoofingdisguises a system’s identity but does not involve email deception.

Session hijackingtakes over an active session but does not involve email scams.

Man-in-the-middle attackintercepts communication rather than tricking users via emails.

AType 2 hypervisor(hosted hypervisor) runs on top of an existing operating system and allows for the creation of virtual machines. Examples include VMware Workstation and Oracle VirtualBox.

Type 1 hypervisorsrun directly on hardware without an OS (e.g., VMware ESXi, Microsoft Hyper-V).

Open-source and proprietarydescribe licensing models, not hypervisor types.

Infrastructure as a Service (IaaS)provides virtualized computing resources, including virtual machines, storage, and networking, while allowing users full control over operating systems and applications. Examples include AWS EC2 and Google Compute Engine.

SaaSprovides ready-to-use applications (e.g., Google Docs).

FaaSruns code in response to events (e.g., AWS Lambda).

PaaSprovides development environments but not full infrastructure control.