6 - Cyber security Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What is cyber security?

A

the protection of networks, computers, or data from attack, damage or unauthorised access with certain testing routines and technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name 7 cyber security threats:

A

-social engineering techniques
-malware
-pharming
-weak/default passwords
-outdated/unpatched software
-removable media
-misconfigured access rights

(SMP, WORM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is social engineering?

A

the art of manipulating people (a system’s greatest vulnerability) to make them give up confidential information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some common techniques used in social engineering? Describe them:

A

blagging - lying about something to gain info, that the victim wouldn’t usually do under ordinary circumstances.

phishing - fraudulently obtaining confidential info using emails/SMS

shouldering - observing a person’s private info without consent at places like ATMs

Blagging is also known as pretexting, and shouldering is known as shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How could phishing be prevented?

A

-educate users to not click on fraudulent emails that ask you for personal info or to click on links
-prevent users from downloading files on emails
-use a firewall and keep it updated so it can’t be exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is malware?

A

malicious software referring to a variety of forms of hostile or intrusive software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe 3 types of malware:

A

virus - hidden program within another program that can self-replicate into other programs, spread by removable media

trojan - malicious software disguised to be legitimate or run another program

spyware - gathers info about a user without them knowing (eg keyloggers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is pharming?

A

a cyber attack intended to redirect a website’s traffic to a disguised fake website hosted on a malicious server, where details may be stolen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why are weak/default passwords a cyber security threat?

A

-can easily guess passwords by brute force, and default passwords are usually posted online
-system is vulnerable to unauthorised access
-can allow the attacker to gain access to admin accounts

Default passwords are the ones where a website makes it for you, but then prompts you to change it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why is having misconfigured access rights a cyber security threat?

A

-access rights block users from doing certain things, eg downloading software or accessing confidential info

-access rights must be assigned correctly, so confidential info is only accessible to those who need it to prevent insider attacks of reconfiguring the network or giving themselves admin

An insider attack is where someone attempts to gain unauthorised access when they have only some access rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is removable media a cyber security threat?

A

-data theft, intentional and unintentional (where unencrypted data is stored on it and falls into the wrong hands)

-could introduce malware into the network/computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is using unpatched/outdated software a cyber security threat? How can it be protected against?

A

-older software is more likely to be hacked, as it usually contains known weaknesses that can be exploited and used to introduce malware

-use automatic software updates to install updates/patches as soon as they are available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is penetration testing?

A

the process of identifying vulnerabilities in a system’s security, by attempting to gain access to resources on it without knowledge of credentials and other means of access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the purpose of a white box penetration test?

A

simulates a malicious insider who has basic credentials and knowledge of the target system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of a black box penetration test?

A

simulates an external hacking/cyber warfare attack where the attacker has no knowledge of the target system or credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain why both types of penetration tests are done:

A

-white box can be used to target specific vulnerabilities, which is easier as you should know what to test for all scenarios

-black box can be used to exploit weak spots in the system with lots of brute force and investigating the system, but it might not test the whole system as you don’t know its full functionality

17
Q

What does anti-malware software do?

A

-detects and removes malware by:

-periodically scanning the computer system and incoming network traffic for malware
-if malware is detected, it can be quarantined, so it can’t run, and can later be removed

18
Q

State 4 methods of protecting against cyber security threats:

A

-authentication (using credentials/biometrics)
-CAPTCHA
-email confirmations
-automatic software updates

19
Q

What is CAPTCHA?

A

Completely Automated Public Turing test to tell Computers and Humans Apart

-a form of challenge-response test, where the user has to identify the contents of some distorted text/images

20
Q

Where might using a CAPTCHA system be appropriate? Give 4 examples:

A

-account registration/access
-online voting systems
-ticket purchasing
-on websites where comments/reviews can be posted

21
Q

What does an email confirmation mean for the user? How do they help to protect against cyber security threats?

A

-a user can’t register a new account without clicking a confirmation link sent to their email

-proves that their email address is valid and proves the identity of the user, so they are given corresponding access rights
-also alerts user of fraudulent login attempts (eg failed passwords multiple times)

22
Q

Why do automatic software updates provide better security than manual ones?

A

-automatic means the computer is protected more quickly, since the user might forget to update manually
-manual updates might be from an infected source, automatic ones are from more trusted sources