6) Fundamentals of Cyber Security Flashcards

1
Q

What are the forms of attack on a network?

A

Active attack
Passive attack
Insider atatck
Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a passive attack?

A

When a hacker eavesdrops of a network by ‘sniffing’ data packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an active attack?

A

When someone uses malware or other technical methods to compromise a network’s security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is authentication?

A

Any methods which allow users to prove that an account is theirs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a dictionary attack?

A

Brute force attack from words in a pretermined lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are ways of protection against cracking?

A

Writing a network policy which enforces strong passwords
Using two-factor authentication
Restricting number of failed password attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does DoS stand for?

A

Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a DoS attack do?

A

Attempt to bring a server down by flooding it with useless requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are ways of protection against DoS attacks?

A

Firewalls blacklisting traffic from known IP addresses

Monitor and limit traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does DDoS stand for?

A

Distributed Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does DDoS attacks overcome?

A

Blacklisting of IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do DDoS attacks work?

A

Requests are sent from an army of machines

A botnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does penetration testing identify?

A

Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does a good penetration test check?

A

Technical vulnerabilities
Likelihood of social engineering
Test of damage recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the motivation for penetration tests?

A

Fixing bugs saves money

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is black box testing?

A

Outside organisation practices a real attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is white box testing?

A

Inside organisation tests vulnerabilities with knowledge of system and basic access rights, prevents insider attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is cold calling?

A

Pretending to be from a bank or utility company

Attempting to gain confidential details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What tactic do social engieers often use?

A

Fear

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How can we protect against social engineering?

A

Public awareness campaigns
Company security policies
Education and training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is pharming?

A

Setting a fake website and attempting to redirect people to it
Often done through DNS servers

22
Q

What is blagging?

A

Attacker pretends to be involved with an organisation to gain information

23
Q

What is shouldering?

A

Physically watching a user either in person or using screen capture software

24
Q

What is phishing?

A

Using fake emails and websites to trick people into giving away sensitive data

25
Q

How can you protect against phishing?

A

Don’t click email links
Check email sender address is correct
Look for clues email is not legitimate

26
Q

What are viruses?

A

Small pieces of code injected into other programs which spread from computer to computer

27
Q

What are worms?

A

Small pieces of code which spread across a network, smiliar to viruses but without a host program

28
Q

What are trojan horses?

A

Any form of malware which tricks the user into installing it by pretending to be a different program

29
Q

What is ransomware?

A

Encrypts files on an infected system and only decrypts files once a payment has been made to the hacker

30
Q

What is spyware?

A

Gathers information about a user by tracking their activity

31
Q

What are rootkits?

A

Malware which modifies the computer’s OS to avoid detection by antivirus software

32
Q

What are backdoors?

A

Malware which opens up an access channel to a computer that other malware can use to take over the machine

33
Q

How can malware spread?

A

Installations
Attachments
Replication

34
Q

What are macros?

A

Small programs that give permission to run on the computer

35
Q

What can macros install?

A

Malware

36
Q

What does anti-virus software provide?

A

Real time scans of files

Checks if file is infected when opened

37
Q

What does anti-malware software do?

A

Periodically scan system to detect malware and remove them from the computer

38
Q

What does quarantining a piece of software do?

A

Prevents it from running until user decides whether to destroy software or attempt to remove virus from it

39
Q

What do firewalls do?

A

Inspect and filter incoming and outgoing data packets

40
Q

What is packet filtering?

A

Inspecting each packet and dropping those that don’t meet a certain criteria

41
Q

What is IP address filtering?

A

Only allowing traffic from certain known sources

42
Q

What is port blocking?

A

Blocking access to certain ports

43
Q

What is a firewall?

A

A hardware device or piece of software which sits between a device and the internet

44
Q

What are common defences of cyber attacks?

A

Biometric authentication
Email verification
Automatic updates
CAPTCHA

45
Q

What are access rights?

A

Whether each user can:
Read files
Write files
Execute files

46
Q

What can we limit with user access levels?

A

Installing software
Creating new accouts
Accessing confidential information

47
Q

When are passwords effective?

A

When kept secret

When strong against brute force attacks

48
Q

What are principles of a strong password?

A

Long
Letters, numbers, symbols
Changed regularly
Never written down

49
Q

What is encryption?

A

Scrambling data according to a specific algorithm so it cannot be read by third parties
Only intended recpient can decode data

50
Q

How long are keys?

A

256 bits

1,024 bits

51
Q

What are keys?

A

Shared secrets

52
Q

Why is it especially important to encrypt wireless networks?

A

High chance of data interception