1.8.1 Forms of Attack

Question 1

Passive attack

Answer 1

When a hacker eavesdrops on a network by ‘sniffing’ the data packets.

Question 2

Active attack

Answer 2

When someone uses malware or other technical methods to compromise a network’s security.

Question 3

Social engineering

Answer 3

When a person is exploited into giving away critical information that gives access to the network or accounts.

Insider attack

Question 4

Insider attack

Answer 4

When someone in an organisation gives away access details or sensitive information.

Question 5

Penetration testing

Answer 5

Penetration testing identifies vulnerabilities in a network’s security by attempting a controlled attack on the network.
This usually involves carrying out multiple types of attack to see which is most successful.
Penetration testing is done by the organisation itself, or an external organisation or contractor they have hired.

Question 6

Good penetration testing

Answer 6

A good penetration test will check:
Technical vulnerabilities.
Likelihood of social engineering.
A test of damage recovery.

Question 7

Motivation for penetration tests

Answer 7

Organisations choose to perform penetration testing to try to find vulnerabilities before criminals do.
If an organisation can find and fix a bug before it is exploited, it can save time and money.