1.6 System Security

Question 1

What is a Passive attack?

Answer 1

Network traffic is monitored and then data is intercepeted

Question 2

How can you prevent a passive attack?

Answer 2

Encryption can encrypt the intercepted data and the unauthorised user cannot access it

Question 3

What is an Active attack?

Answer 3

Someone deliberately attacks a network with malware

Question 4

How can you prevent an Active attack?

Answer 4

Use an firewall and an antivirus software

Question 5

What is an Insider attack?

Answer 5

Someone with network access abuses this to steal information

Question 6

How can you prevent an Insider attack?

Answer 6

User access levels to control how much data people can access

Question 7

What is a Brute force attack?

Answer 7

When an user cracks a password using trial and error

Question 8

How can you prevent a Brute Force attack?

Answer 8

Locking accounts after failed attempts after a certain number of times

Question 9

What is DDOS attack?

Answer 9

When a network is flooded with useless data so it crashes

Question 10

How can you prevent a DDOS attack?

Answer 10

A firewall can prevent it

Question 11

What is SQL injection?

Answer 11

SQL commands are typed on a website database

Question 12

How can you prevent a SQL injection?

Answer 12

Having strong validation on all input boxes?

Question 13

What is Phishing?

Answer 13

Emails with links that trick people

Question 14

How can you prevent Phishing?

Answer 14

Looking for signs that an email is not from a real company

Question 15

What is Social engineering?

Answer 15

When a person manipulates someone into handing information?

Question 16

How can you prevent social engineering?

Answer 16

Policies and rules for staff about handing over data

Question 17

What is Malware?

Answer 17

Malicious software intended to cause harm

Question 18

What is penetration testing?

Answer 18

Organizations employ professionals to try and hack their networks so that they can find areas of weakness

Question 19

What are User Access Levels?

Answer 19

Different employees have different levels of access to programs websites and data

Question 20

What is Encryption?

Answer 20

When data is scrambled and can only be decrypted with a specific key

Question 21

What is Network Forensics?

Answer 21

Data packets are captured as they enter the network and are analysed

Question 22

What are Network Policies?

Answer 22

Policies are used to reduce the risks on networks

Question 23

What is a virus?

Answer 23

Programs hidden within other programs, replicate themselves

Cause damage by deleting or modifying data

Question 24

What are worms?

Answer 24

Copy themselves without the user doing anything

They are usually spread through emails

Question 25

What are Trojans?

Answer 25

Programs which pretend to be legitimate but in reality are malware
Trojans cannot spread by themselves
Deceive a user into installing the program

Question 26

What is Ransomware?

Answer 26

Programs that attempt to blackmail a user into making a payment to a hacker or unauthorized group

Question 27

What is an external attack?

Answer 27

Where someone outside of an organization attempts to hack into a network?

Question 28

What is the cipher text?

Answer 28

Encrypted text

Question 29

What is plain text?

Answer 29

Data that has not been encrypted is called plain text

Question 30

What is Asymmetric encryption?

Answer 30

An algorithm that generates two keys - a public key and a private key

Question 31

What is the purpose of the public key?

Answer 31

To encrypt a message