3.6 Detection and Prevention

Question 1

What is the purpose of penetration testing?

Answer 1

This is used to find any security weaknesses in a system by trying to gain access without knowledge of user names, passwords or encryption keys.

Question 2

There are two main types of penetration testing - explain these.

Answer 2

The first simulates an external attack where the tester has little knowledge of the system with the objective of finding out if they can get into the system, how far they can get and what they can do to the system.
The second simulates a malicious insider with the objective of finding out what damage they could cause to the system.

Question 3

Name 2 types of biometric measures used by mobile devices.

Answer 3

Facial recognition, finger prints

Question 4

Give an advantage of biometric security measures.

Answer 4

Because they are based on unique biometric measurements it is not possible steal or forget.

Question 5

State 3 characteristics of a strong password.

Answer 5

Upper and lower case letters, numbers, symbols

Question 6

What is the purpose of CAPTCHA?

Answer 6

A CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass, but current computer programs cannot.

Question 7

How does email confirmation protect a system?

Answer 7

Sending an email to a user asking them to confirm password changes, prevents hackers from changing passwords un-noticed.

Question 8

Describe one issue with out-of-date software.

Answer 8

If software is out-of-date it may not be supported so any bugs will be unpatched, leaving the system open to malware.

Question 9

What are the advantages of automatically updating software?

Answer 9

You do not have to remember to update. Any bugs can be fixed quickly.

Question 10

What is a firewall?

Answer 10

A firewall is a network security system that monitors incoming and outgoing traffic and can be set to allow or block certain connections.