9. Security and Data management

Question 1

Methods of identifying vulnerabilities (3)

Answer 1

🔎footprinting
🔎ethical hacking
🔎penetration testing

Question 2

Footprinting definition and purpose

Answer 2

Gathering all available information about the network/system
Enables a tester to see how much information a hacker could find and allows company to remove it

Question 3

Ethical hacking definition

Answer 3

Hacking carried out with systems permission (to search for weak points)

Question 4

Penetration testing definition

Answer 4

A subset of ethical hacking
Testing system to find vulnerabilities done by software or manually

Question 5

Penetration testing types

Answer 5

Targeted testing
External testing
Internal testing
Blind testing

Question 6

Targeted testing definition (done by who)

Answer 6

Done by IT and pen testing team together

Question 7

External testing definition/purpose

Answer 7

See how far in an attacker can get

Question 8

Blind testing definition/purpose

Answer 8

Limit information available to tester to simulate a real hacker’s actions

Question 9

Different forms of attack based on technical weakness (3)

Answer 9

DoS attack, password attack, IP address spoofing

Question 10

Different forms of attack based on user behaviour (2)

Answer 10

Social engineering, phishing

Question 11

DoS attack definition

Answer 11

Computer system becomes unavailable to intended users. Sometimes caused by bombarding System with emails/requests

Question 12

Brute force password attack definition

Answer 12

Hacking algorithm tries all combinations until one fits

Question 13

Dictionary password attack definition

Answer 13

Systematically trying every word in dictionary until it finds a password

Question 14

IP address spoofing definition

Answer 14

A false IP address is put into a data packet to hide the senders real identity

Question 15

Social engineering definition

Answer 15

Manipulation of someone to divulge confidential information e.g. password

Question 16

Phishing definition

Answer 16

Attempting to gain confidential/personal information by pretending to be an official site

Question 17

Malicious software/malware definition

Answer 17

Any software that could be used to disrupt a computer’ operation/compromise a user

Question 18

Virus definition

Answer 18

Computer programs that copy themselves onto other programs, often with malicious intent (e.g. damage data, fill the hard drive, shut down the computer unexpectedly)

Question 19

Worm definition

Answer 19

Like viruses but replicate in order to spread to other computers in a network

Question 20

Key loggers definition

Answer 20

Capture user’s keystrokes and sends to a 3rd party

Question 21

Trojan definition

Answer 21

Appears to perform a useful function but provides a ‘backdoor’ for data to be stolen & sent to third party

Question 22

Methods of protection against dangers that arise from use of networks (other than firewalls, antivirus programs) (3)

Answer 22

• Keeping software updated regularly
• Using security tools (e.g. password strength checkers)
• Training personnel to take sensible precautions (e.g. not inserting flash memory given by a stranger)

Question 23

Disaster recovery policy purpose

Answer 23

So everyone knows how to cope in the event of a disaster where all work is potentially lost (e.g. fire)

Question 24

Disaster recovery policy aims (4)

Answer 24

• Minimise interruptions to normal operations
• Limit extent of disruption and damage
• Establish alternative means of working so staff know how to proceed
• Provide for smooth and rapid restoration of service

Question 25

Acceptable use policy purpose

Answer 25

To set out guidelines for how the system should be used

Question 26

Acceptable use policy contents (4)

Answer 26

List of unacceptable uses such as:
- visiting obscene websites
- up/downloading obscene images
- handling offensive material
- sending unsolicited emails (spam)

Question 27

Internet cookie definition

Answer 27

Little bit of data generated by website and stored on your browser
Can remember your information and how you used the site

Question 28

Why are internet cookies used

Answer 28

To provide customised web pages

Question 29

Why could internet cookies be a security issue

Answer 29

Hold personal information

Question 30

What are formal codes

Answer 30

Set of rules enforced by threat of disciplinary action

Question 31

What is an informal code

Answer 31

Expectations, customs, habits

Question 32

How does lossless compression work & results in…

Answer 32

Uses algorithms to replace common strings with tokens; can be decompressed later. Results in no loss of data quality

Question 33

Compression advantages (2) and disadvantages (2)

Answer 33

AD:
- Smaller file size - files take us less storage space
- Faster upload, download and transfer times
DISAD:
- Precision can be lost
- Not always possible to restore to original state (decompress)

Question 34

Dangers that can arise from the use of networks (8)

Answer 34

• hacking
• virus installation
• malware
• spyware
• trojans
• worms
• technical breakdown
• interception of data as it’s transferred
  DEFINITIONS

Question 35

Security tools to keep networks secure (and what they do) (5)

Answer 35

• Regularly updated anti-virus software
• Firewalls - monitor data in and out, prevent hackers from accessing system
• 2-factor authentication - adds item of specific personal info. (e.g. code texted to phone)
• different access levels
• passwords to restrict access

Question 36

Why are backups and archiving files done?

Answer 36

As a precaution against permanent loss of data (by accident or hacking)

Question 37

File backups definition

Answer 37

Making copy of data regularly and storing it off site or in a secure location on a detachable medium (e.g. flash disc)

Question 38

Explain generations of files

Answer 38

Most recent copy of data = son file
If son file’s data is lost, father file can be used (and so on)
Order of backing up: Grandfather becomes son, father become grandfather, son becomes father

Question 39

Why should backups be made regularly

Answer 39

The older the file becomes the less likely it is to match current data

Question 40

Compression ratio equation

Answer 40

Compression ratio = original file size/compressed file size

Question 41

How does compression free up memory space

Answer 41

Makes file size smaller

Question 42

Lossy compression results in…

Answer 42

Reduction in data quality

Question 43

Dangers that can arise from using computers to store personal data (5)

Answer 43

• Hacking (data deliberately changed/stolen/deleted - unauthorised)
• Computer virus
• Hard drive crash
• Interception of data during transfer (e.g. email)
• data stolen from thrown away hard drives

Question 44

Different access levels (3)

Answer 44

• No access
• Read and Write access
• Read only access

Question 45

Suitable password requirements (4)

Answer 45

• Strong (mixture of upper and lower case, digits, special symbols)
• changed regularly
• never revealed
• not containing personal info (DOB, pet name)

Question 46

Encryption definition and example

Answer 46

Scrambling data to prevent it being understood if intercepted (a key de-crypts it)
XOR

Question 47

Archiving files - what and why

Answer 47

Storing data that’s no longer in current/frequent use but is stored for legal, historical or security reasons