1.4.2 Identifying and Preventing Vulnerabilities

Question 1

What is Penetration Testing?

Answer 1

• Carried out as part of ethical hacking
• Purpose to find weaknesses and fix them
• Used to help prevent SQL injections

Question 2

What are the 4 types of Penetration Testing?

Answer 2

• Internal Test
• External Test
• Blind Tests
• Targeted Test

Question 3

What is an Internal Test?

Answer 3

• To see how much damage can be done by someone in the company with a registered account

Question 4

What is an External Test?

Answer 4

• Completed by white hat hackers to try and infiltrate from the outside of a company

Question 5

What are Blind Tests?

Answer 5

• Are done with no inside information to try and simulate what a real attacker has to do to infiltrate.

Question 6

What is a Targeted Test?

Answer 6

• Conducted by IT and penetration team to find faults in the system

Question 7

What is Anti-Malware Software?

Answer 7

• Used to locate and delete malicious software on a computer.
• Scans files and compares to a database of known software.
• If malware found it quarantines the file and user can delete it.
• Anti-malware must be kept updated so any new malware can be added to database.

Question 8

What is Firewall?

Answer 8

• Manages incoming and outgoing network traffic
• Each data packet is checked if it should be given access to the network by examining the source and destination address
• Unexpected packets can be filtered out and not accepted to the network.

Question 9

What are some examples of Firewalls?

Answer 9

• Blocking access to insecure/malicious websites
• Blocking unexpected/unauthorised downloads
• Blocking certain programs from accessing the internet
• Preventing specific users on a network from accessing certain files.

Question 10

What should a Secure Password have?

Answer 10

• At least 10 characters
• Made up of uppercase and lowercase letters, numbers and punctuation
• Regularly changed
• Don’t use the same password for multiple accounts
• Never share passwords or write them down

Question 11

What are User Access Levels?

Answer 11

• Usually set by Admin or IT manager
• Only allow certain users to access/edit particular files or folders.
• Read - only, a user can only view a file and is not allowed to change data in the file
• Read and Write, a user can read and edit the data in the file
• Important that access levels are set to reduce the files becoming compromised.
• Some users will have no access to the file

Question 12

What is Encryption?

Answer 12

• Process of scrambling data into an unreadable format so that attackers can’t understand the data if it is intercepted.
• Original data is converted using an encryption key and only at the correct destination will the encryption key unscramble the data.

Question 13

What is an example of Encryption?

Answer 13

• Caesar Cypher

Question 14

What is Physical Security?

Answer 14

• Locks
• Biometric devices
• Keycards
• Security staff
• CCTV cameras
• Alarms