25-30

Question 1

Cyberattack

Answer 1

Cyberattacks are malicious acts in which a computer system comes under attack by unauthorised persons (hackers).

Question 2

What is malware?

Answer 2

Malware is any software that is hostile, malicious or intrusive.

Types of malware
Ransomware Adware Spyware
Keyloggers Bots Worms Virus Trojans

Question 3

anti malware

Answer 3

• This is software designed to detect, quarantine and destroy potentially dangerous programs.
• When a file enters the system, anti- malware software will scan the file for known malicious code.
• If it finds a problem, the malicious program is quarantined so that it cannot affect the system.
• The user is then notified and can decide where to let it in or delete it.

Question 4

ransomware

Answer 4

• Form of malware that encrypts a victims files.
• The attacker demands money to restore access to the data.
• Users are shown instructions on how to pay a fee to get the decryption key.

Question 5

Explain why it is important to keep anti-malware up to date.

Answer 5

-New antimalware is being created all the time, so it must be kept up to date to recognise the malicious code.

Question 6

Describe how anti-malware works with signature databases.

Answer 6

• Any file coming into the computer is scanned.
• The file contents are compared to a database of virus signatures.
• If any of the signature patterns are found in the file, it’s identified as a virus.

Question 7

Static heuristic analysis

Answer 7

This involves reverse engineering (decompiling) the code and inspecting the source code.

• This is compared to the code of known viruses.
• If enough of the code matches, it’s identified as a virus.

Question 8

Dynamic heuristic analysis

Answer 8

• The program is run in an isolated, controlled environment known as ‘SANDBOX’.
• The analysis looks at each command that the program runs.
• It it identified as suspicious behaviour common to viruses, then the program is identified as a virus.

Question 9

Explain why heuristic analysis is so valuable for the identification of viruses

Answer 9

Heuristic analysis can catch very new viruses because it does not rely on updating a signature database.

Question 10

Heuristic analysis may not be 100% reliable

May identify a false positive or may not identify a threat at all.

Answer 10

In static heuristic analysis:

• A valid program may contain binary code that just happens to match part of the virus.
• The valid program will be identified as a virus.

In dynamic heuristic analysis

• A virus may delay actioning its malicious intent.
• It may therefore be let out of the sandbox before it has executed the part of its code that infects the machine.

Question 11

hacker

Answer 11

A hacker is a person who attempts to gain or gains unauthorized access to a computer system.

Question 12

Patches

Answer 12

Patches are security fixes for existing software. The vulnerabilities that are fixed are often common knowledge or easily discovered.

Question 13

firewalls

Answer 13

Firewalls are software.
They are designed to monitor and block incoming and outgoing connections to a network.
Firewalls protect a system from hackers.
If a hacker is already inside the system, they may be prevented from doing extra damage by the firewall blocking outgoing traffic

Question 14

ethical hacking and penetration testing

Answer 14

Ethical hacking
Hacking in order to help organisations protect themselves from malicious hackers.

Penetration testing
Ethical hackers may be employed to break into systems in order to identify security weaknesses..

Question 15

social engineering

Answer 15

Social engineering is practised on people, not computers.

Hackers (social engineers) exploit human behaviour, fallibility and goodwill to gain confidential information.

Question 16

AUPs

Answer 16

AUP - Acceptable Use Policy
An AUP is a collection of rules and procedures that employees are required to follow in order to protect their organisation’s system and networks.
Common AUPs
limits on access to the internet
preventing user downloading files or installing software
preventing user plugging in external devices (USB sticks )
training users to recognise phishing emails
multi-factor authentication
training users not to give out confidential information over the phone
preventing user from removing files from the premises.

Question 17

Phishing

Answer 17

Phishing uses an email and fake website to trick users into giving away personal data. A phishing email pretends to be a real message from a known business or organisation.
It entices the recipient to visit a fake website. Once on the website, they’ll be asked to enter their personal details.

Question 18

pretexting

Answer 18

The attacker invents a pretext for contacting an employee over the phone, pretending to be from a known organisation.
They will engage the employee in conversation in order to find out personal information about them or sensitive information about a customer.
They later use this information to gain something or sell it on to other criminals. These types of attack may be targeted using research done through social networking sites.

Question 19

baiting

Answer 19

Baiting attacks exploit people’s natural curiosity to gain information.
They may offer something free or exclusive to manipulate the user.
Often, the attack results in the user
downloading malware that is then run on their machine.

Question 20

Quid pro quo

Answer 20

A quid pro quo attack exploits a person’s belief that they can get something of value for free.
Malware is presented as a freebie, a giveaway, or as some other kind of reward.

Question 21

Encryption

Answer 21

Encryption is the process of converting data into an illegible, scramble format so that it cannot be understood by unauthorised parties.

Data may still be accessed and read by the hacker, but will be understandable.

Question 22

backup and recovery

Answer 22

Backing up involves taking a copy of the data and storing it in a different location.
Recovery is the process of using a back-up copy of data to restore a database or system to the correct state when a failure occurs.

Question 23

Describe how backup and recovery procedures protect against data loss

Answer 23

• Backup is effective only if completed regularly.
• Incremental and full backups can be used to create copies of data that can be restored later if the original is lost or damaged.

Question 24

Encryption
Scrambling or changing the original data so that only the
intended recipient can decode and read it.

Question 25

Decryption

Answer 25

Unscrambling encrypted data so that it is readable and understandable.

Question 26

Key

Answer 26

The secret password for unlocking an encrypted message.

Question 27

Symmetric encryption

Answer 27

Both the sender and the receiver share the same key to | encrypt and decrypt the data.

Question 28

Asymmetric encryption

Answer 28

A public key, which can be given to anybody, is used to encrypt the data. A private key, which only the recipient knows, is used to decrypt the encrypted message.

Question 29

Backup

Answer 29

This is a copy of data or files. Backups are stored on drives or servers far from the original.

Question 30

Full backup

Answer 30

This type of backup makes a copy of everything on the system, regardless of when it was created or if it has changed since the last backup.

Question 31

Incremental backup

Answer 31

This type of backup only makes a copy of new files and files that have changed since the last incremental or full backup was made.

Question 32

Recovery

Answer 32

Recovery is the process of copying backed-up data onto | the live system.

Question 33

Access control

Answer 33

Determines the facilities that each user can engage with or access. A network manager restricts each user’s access so they are only allowed to see what they need to see.

Question 34

Physical security

Answer 34

This involves actually restricting physical access to parts of the computer network. Servers are usually kept in locked rooms. These rooms sometimes have key cards or biometric access systems.

Question 35

Vulnerabilities

Answer 35

Vulnerabilities are flows in code that introduce security issues into software. Hackers use these vulnerabilities to break into computer systems

Question 36

Bad practises

Answer 36

``` Poorly planned design Quick fixes for problems Not using industry coding standards Poorly structured code Insufficient testing ```

Question 37

Fixing bad practises

Answer 37

Code reviews can reduce some of these vulnerabilities. Automated reviews can be used to ensure programmers adhere to consistent standards. Programmers can review each other's code to make sure it doesn't have any flows. Audit trails improve accountability by keeping track of who made what changes during the development process.

Question 38

robust software

Answer 38

Software that is designed to handle untoward occurrences without crashing or producing unexpected output.

Question 39

Explain how hackers exploit a codes vulnerability -Vulnerabilities introduce security flows. -Hackers are able to use these flows to break into computer systems. They can insert their own code to do this.

Question 40

Explain how code reviews and audit trails help to identify vulnerabilities.

Answer 40

- Allow flaws to be monitored and tracked back to where they were introduced. - Reviewing code can catch vulnerabilities before a program goes live.

Question 41

Give a definition of a code review.

Answer 41

When a developer has finished working on a piece of software, a different developer looks at the code to identify potential vulnerabilities or poor programming practices. The reviewer asks a series of questions to ensure that the code is of a good quality.

Question 42

Give four questions that might be asked in a code review.

Answer 42

Are there obvious errors in the code? Are all the requirements fully implemented? Are existing (automated) tests enough for this new code or should new ones be written? Does the code conform to the existing style guidelines?

Question 43

Give a definition of an automated code review.

Answer 43

Automated software checks source code to make sure it meets a predefined set of rules for best practice. It can detect bugs and security issues. The review generates a list of warnings and may suggest ways to fix them.

Question 44

State one reason why automated code reviews are used in preference to code reviews by another developer.

Answer 44

They can be done faster and more efficiently. They can be done by one developer, thereby saving time and cost. They can be used as a first pass check, which can then be followed by a review by another developer.

Question 45

Give a definition of an audit trail.

Answer 45

A record of what has been done, who did it, and when it was done.

Question 46

Give an example of an item that might appear in the audit log for development of a software program.

Answer 46

Who created the file and on what date.

Question 47

Explain the purpose of version control software.

Answer 47

Helps teams manage changes to documents, programs, websites, and other resources. It keeps track of changes and the order in which they were done.

Question 48

Give one reason why version control software is important to software developers.

Answer 48

It allows them to keep the code for different releases of the software isolated. This allows developers to regenerate an old version if bugs are reported in the new version.

Question 49

Describe two approaches to version control.

Answer 49

One approach is to only allow a single developer to work on a file at any one time. Another allows multiple users to make simultaneous edits.