Cybersecurity Examples in CS Thinking

Start with the recap, study the fully worked examples, then use the practice problems to check your understanding of Cybersecurity.

This page combines explanation, solved examples, and follow-up practice so you can move from recognition to confident problem-solving in CS Thinking.

Concept Recap

The practice of protecting computing systems, networks, and data from unauthorized access, attacks, and damage. Cybersecurity encompasses three core goals: confidentiality (only authorized users can access data), integrity (data is not tampered with), and availability (systems remain operational).

Cybersecurity is like locking your doors and windows โ€” but for your digital life. It's about keeping the bad guys out of your systems and data.

Read the full concept explanation โ†’

How to Use These Examples

  • Read the first worked example with the solution open so the structure is clear.
  • Try the practice problems before revealing each solution.
  • Use the related concepts and background knowledge badges if you feel stuck.

What to Focus On

Core idea: Security involves three goals: confidentiality (only authorized access), integrity (data isn't tampered with), and availability (systems stay running).

Common stuck point: No system is 100% secure. Cybersecurity is about managing risk, not eliminating it completely.

Sense of Study hint: When thinking about cybersecurity, use the CIA triad: Confidentiality (who can see the data?), Integrity (has the data been changed?), and Availability (can authorized users access the system?). Every security measure addresses one or more of these three goals.

Worked Examples

Example 1

easy
Name three common cyber threats and describe how each works.

Answer

Malware (malicious software), Phishing (fake communications), Brute force (password guessing). Each exploits different vulnerabilities.

First step

1
Step 1: Malware โ€” malicious software (viruses, worms, ransomware) that damages systems or steals data. Often spreads through infected downloads or email attachments.

Full solution

  1. 2
    Step 2: Phishing โ€” fake emails or websites that trick users into revealing passwords or personal information by impersonating trusted organisations.
  2. 3
    Step 3: Brute force attack โ€” an attacker tries every possible password combination until finding the correct one. Strong, long passwords make this impractical.
Understanding threats is the first step in cybersecurity. Many attacks exploit human behaviour (phishing) rather than technical vulnerabilities, making user awareness essential.

Example 2

medium
Explain three methods of protecting against cyber attacks: encryption, authentication, and firewalls.

Example 3

medium
A website asks for a 4-digit PIN with no rate-limiting. Why is brute force a serious risk and what is the standard defense?

Example 4

medium
A worker plugs in a found USB drive 'just to see who lost it'. Malware installs. What attack family is this, and what is the safe rule?

Example 5

hard
A 6-char lowercase-letters-only password has 26626^6 possibilities. A 10-char mixed-case + digit password has 621062^{10}. By roughly what factor is the longer one harder?

Example 6

hard
An attacker tricks an employee into wiring money to a fake supplier. No software was hacked. Why is this still a cybersecurity incident, and which defense category applies?

Example 7

challenge
An attacker has the SHA-256 hashes of common 8-character lowercase passwords pre-computed. A site stores hashes unsalted. About how many distinct hashes does the attacker need? Why does adding a per-user 16-byte random salt break the attack?

Practice Problems

Try these problems on your own first, then open the solution to compare your method.

Example 1

medium
Explain what social engineering is and give two examples. Why is it effective even against systems with strong technical security?

Example 2

hard
A company suffers a data breach exposing customer emails and hashed passwords. Explain why hashing passwords (rather than storing them in plain text) limits the damage. What is the difference between hashing and encryption?

Example 3

easy
A message says 'Your account is locked! Click here to verify your password now.' with a misspelled bank link. What kind of attack is this?

Example 4

easy
Which of these is the strongest password: 'password1', 'abc123', or 'T7#qmL2!vXz'?

Example 5

easy
What does 2FA (two-factor authentication) add beyond a password?

Example 6

easy
Software that secretly records your keystrokes to steal passwords is an example of what?

Example 7

easy
A hacker changes the grades stored in a school database. Which security goal is violated?

Example 8

easy
A flood of fake traffic makes a website unreachable for real users. Which security goal is attacked?

Example 9

easy
True or false: keeping software updated helps protect against attacks.

Example 10

easy
Only authorized doctors can read a patient's medical record. Which security goal is this?

Example 11

medium
A login page sends your password over plain HTTP on public WiFi. Name the main risk and the single best fix.

Example 12

medium
An attacker tries every possible 4-digit PIN until one works. Name the attack and one effective defense.

Example 13

medium
Classify each as confidentiality, integrity, or availability: (a) ransomware encrypts files so you cannot open them, (b) a leaked database of emails.

Example 14

medium
Why does 2FA defend against a stolen password, while a longer password does not?

Example 15

medium
An email from '[email protected]' (digit 1, not letter l) asks you to confirm your card. What single clue most clearly reveals the scam, and what is it called?

Example 16

medium
A site stores passwords as plain text in its database. Why is this dangerous, and what is the standard fix?

Example 17

medium
A worker plugs in a found USB drive 'to see whose it is', and malware installs. What practice failed, and name the attack idea.

Example 18

medium
Which is more secure for a server: a single 8-character password, or a 16-character passphrase plus 2FA? Explain in one line.

Example 19

medium
A firewall blocks incoming connections except web traffic on port 443. In one phrase, what security role does a firewall play?

Example 20

challenge
A 6-character password uses only lowercase letters (26 options each). How many possible passwords are there, and roughly why does adding 2 more characters help so much?

Example 21

challenge
An attacker has a stolen password database of unsalted hashes and a precomputed table mapping common-password hashes to passwords. Name this attack and the one defense that breaks it.

Example 22

challenge
Design choice: a hospital must keep patient data secret yet always reachable by ER staff during outages. Which two C-I-A goals are in tension, and name one mechanism that serves both.

Example 23

easy
Name the three CIA goals of cybersecurity.

Example 24

easy
A DDoS attack floods a website with junk traffic. Which CIA goal is attacked?

Example 25

easy
What does 2FA stand for, and what kind of factors does it combine?

Example 26

easy
Encryption that anyone can decrypt is useless. What property must keys have?

Example 27

easy
A fake email pretends to be from your bank and asks you to click a link to 'verify your account'. Name the attack.

Example 28

medium
Why is storing user passwords as hashes (not plaintext) safer if the database leaks?

Example 29

medium
Salting hashed passwords defends against which specific attack?

Example 30

medium
A friend reuses the same password on 12 sites. One site is breached. Why does this endanger the other 11?

Example 31

medium
Why does keeping software up-to-date matter for cybersecurity?

Example 32

medium
Encryption versus hashing: which is reversible by design?

Example 33

medium
An email claims to be from your bank with the domain 'rnybank.com'. What clue reveals the scam?

Example 34

hard
Public-key cryptography uses two keys per user. What does each one do?

Example 35

hard
A team installs 2FA but uses SMS for the second factor. Why is SMS-based 2FA weaker than an authenticator app?

Example 36

hard
A backup strategy is described as '3-2-1'. Explain what it means and which CIA goal it serves.

Example 37

challenge
A hospital wants to keep patient data confidential AND reachable by ER staff during outages. Which two CIA goals are in tension, and name one mechanism serving both.

Background Knowledge

These ideas may be useful before you work through the harder examples.

networkprotocol