1.4

Question 1

What is a network attack?

Answer 1

An attempt to gain access to steal,modify or delete data on a network

Question 2

What is malware? Name the 5 types of malware

Answer 2

a malicious software designed to hack a system- virus ,trojan, spyware ,ransomware ,worm

Question 3

What is a virus?

Answer 3

Programs embedded in other files which replicate themselves to become part of other programs

Question 4

What is a worm?

Answer 4

Like viruses but not hidden within files- they’re often spread via emails

Question 5

What is spyware?

Answer 5

Programs that monitor user activity like webs visited or usernames and passwords- this information is then sent back to the hacker

Question 6

What is a trojan?

Answer 6

Programs that pretend to be legitimate but are actually malware- often pretend to be email attachments

Question 7

What is ransomware?

Answer 7

Programs that blackmail a user to make a payment to the hacker

Question 8

What is social engineering?

Answer 8

Manipulation of people in order to make them perform desired actions to gain information

Question 9

What is phishing?

Answer 9

A phisher sends emails that look legitimate asking for a verification but usually contain a fraudulent link which asks for personal information.

Question 10

What’s the name of a phishing attack over the phone?

Answer 10

vishing

Question 11

What is baiting?

Answer 11

In baiting- the victim is lured into a trick of the promise of an item (i.e music for free or downloads)

Question 12

What is Quid Pro Quo?

Answer 12

Promises an exchange for information that they do not have authorisation to but the information tends to be exchanged for a service NOT an item

Question 13

What is tailgating/piggybacking?

Answer 13

When somebody(without proper authorisation) follows someone without proper authorisation

Question 14

What is a Brute Force Attack? How can we make these attacks harder to carry out?

Answer 14

Using trial and error to guess a password (often using a program) by using all possible combinations until the correct one is obtained ——- using complex passwords with lots of character combinations

Question 15

What is hacking?

Answer 15

Gaining unauthorised access to data in a system

Question 16

What is Denial of Service? And distributed denial of service?

Answer 16

An attack where the aim is to prevent anyone using the resources e.g. lots of bots (computers) will form a botnet and will bombard a website with too many requests so that it crashes and prevents a server from carrying out its function

Question 17

What is Data Interception?

Answer 17

Data accessed en route i.e. by packet sniffing software

Question 18

What is SQL injection?

Answer 18

Fake database operations produced to change the way data is entered/ processed by database servers. Often SQL codes are entered as data inputs to cause errors

Question 19

What is Penetration Testing?

Answer 19

authorised users hack a network for weaknesses and try to exploit them—– basically tests how resilient a network is against an attack

Question 20

What are Firewalls?

Answer 20

These firewalls are often hardware (expensive) or software and monitor traffic going in/out of a network and either allows traffic to block or pass depending on the firewall policy. Packet filter firewalls decide whether packets should be dropped

Question 21

What is an acceptable use policy?

Answer 21

When network managers make sure there is a policy that users have long/complex passwords, levels of access ,backups, strict rules on authorised access, penetration testing, no physical access to servers

Question 22

What is anti malware software?

Answer 22

A software which scans files to detect and remove malware

Question 23

What are network policies?

Answer 23

Policies to determine what users can/cant do and rules of how data is safeguarded

Question 24

Give 2 ways we can prevent SQL injection taking place:

Answer 24

limit user access levels and use firewalls

Question 25

Give some basic methods to safeguard data

Answer 25

dual credentials, complex passwords, different passwords for different areas of functionality

Question 26

Give some security measure to safeguard data

Answer 26

physical security (biometrics, CCTV), WIFI access security, complex passwords, encrypt data

Question 27

Give some network policies to safeguard data

Answer 27

Data backups regularly, disaster recovery plan, anti malware software, firewalls, acceptable use policy ( i.e. dont give data to 3rd parties), user access levels

Question 28

What are Key loggers, adware , tracking cookies all examples of?

Answer 28

Spyware

Question 29

What is smishing?

Answer 29

– This method sends malicious text messages to trick users into clicking on
a malicious link or handing over personal information.

Question 30

What is pretexting?

Answer 30

This type of attack involves fraudsters creating a good pretext or a fabricated scenario that
they use to try and steal their victims’ personal information.

Question 31

What do levels of access allow us to do?

Answer 31

determine what a user can access and what
they can do, such as:
• Types of software
• Email
• Internet access
• Documents and data
• Ability to install and/or remove software

Question 32

What is the purpose of a router?

Answer 32

A client requests files and services from a server which responds to requests.

Question 33

How is encrypted data deciphered?

Answer 33

encryption key

Question 34

Name some prevention methods of malware

Answer 34

 Use anti-virus or anti malware software to identify and remove suspected malware
 Scan email attachments
 Keep software up to date and download security patches
 Use a firewall and keep it up to date
 Look out for common phishing language e.g. “verify your account”

Question 35

Name prevention methods of attacks like brute force or DOS or Data interception or SQL injection

Answer 35

 Use two-factor authentication (2FA), e.g. unique code
 Distribute data servers so that it is harder for attackers to attack
 Use anti-DDoS software to prevent attacks
 Use a Virtual Private Network (VPN) to encrypt data
Use secure SQL statements that anticipate attacks

Question 36

What are the effects of malware?

Answer 36

1. Computer may crash or slow down
2. When a worm infects a computer, the internet connection may become slow as the worm searches online for other computers to infect.
3. Files may be deleted, become corrupt or encrypted.

Question 37

How can you prevent malware?

Answer 37

1. Strong security software (firewall, anti-virus, anti-spyware, anti-spam).
2. Staff training: caution opening attachments.
3. Back up files regularly.

Question 38

What are the effects of phishing?

Answer 38

1) Accessing a victim’s account and withdraw money

2) Gaining access high-value corporate data.

Question 39

How can you prevent phishing?

Answer 39

1) Strong security software (firewall, anti-virus, anti-spam).
2) Staff training: awareness of spotting fake websites & emails.
3) Staff training: never disclose personal or financial information.

Question 40

What are the effects of SQL injection?

Answer 40

1) Contents of the database can be output, revealing data that otherwise would be hidden.
2) Data in the database can be amended and deleted.
3) New rogue records can be added.

Question 41

Whats the main difference between a worm and a virus?

Answer 41

worms dont need to attach to a program

Question 42

What does SQL injection result in access to…

Answer 42

databases which means attacker can manipulate data

Question 43

What is network forensics?

Answer 43

a close examination of data sent across networks i.e packet sniffing software