Chapter 22: Network Security

Question 1

What is a NAS and how can you minimize security risks when using it?

Answer 1

A device used for storing and accessing data over a network. To minimize security risks, use complex passwords, remove default passwords, and apply all software updates.

Question 2

What are the advantages and disadvantages of USB flash drives?

Answer 2

Advantages: Easy to transport, affordable, and convenient. Disadvantages: Can be easily lost, leading to potential data breaches meaning data can be stolen

Question 3

How can encrypted USB flash drives enhance security?

Answer 3

Encrypted USB flash drives require a password or code to access data, making them unreadable without authorization.

Question 4

What is a cyber attack?

Answer 4

Any kind of malicious attack on a network - connected device

Question 5

What are the two main categories of cyber attacks?

Answer 5

Cyber attacks exploit either human behavior (social engineering) or technical weaknesses.

Question 6

What is social engineering?

Answer 6

Social engineering is manipulating people into revealing confidential information or providing access to secure systems.

Question 7

What are three common types of social engineering?

Answer 7

Phishing, shoulder surfing, and pharming.

Question 8

What is phishing?

Answer 8

Phishing is an attempt to obtain sensitive information from a user by pretending to be a trustworthy source, often through email or fake websites.

Question 9

How does phishing typically work?

Answer 9

A user receives an email asking them to update security details. Clicking a link leads to a fake website that looks legitimate, where they enter credentials that are stolen by attackers.

Question 10

What is shoulder surfing?

Answer 10

Observing someone enter sensitive information, such as a PIN or password, to gain unauthorized access.

Question 11

What is pharming?

Answer 11

Redirecting users from a legitimate website to a fake one in order to obtain personal information.

Question 12

How can you prevent pharming?

Answer 12

Check website URLs, ensure HTTPS is used, verify security certificates, install updates, and use antivirus software.

Question 13

What is unpatched software and why is it a security risk?

Answer 13

Software that hasn’t had the latest security updates applied to it, making it vulnerable to attack

Question 14

Network Security

Answer 14

Activities designed to protect a network & its data from threaths such as viruses, hacker attacks, denial of service attacks, data interception & theft, & equipment failure

Question 15

How can USB devices be a security threat?

Answer 15

USB devices can contain malware that infects systems or allows unauthorized data transfers.

Question 16

USB definition

Answer 16

Socket found on most modern computer systems

Question 17

Hacking

Answer 17

The act of gaining unauthorised access to a computer system & the data it contains

Question 18

Throughput

Answer 18

Allow more data to pass through them

Question 19

Malware

Answer 19

Any kind of software that is designed to disrupt the use of a computer system

Question 20

What is an eavesdropping attack?

Answer 20

Eavesdropping is theft of data sent between devices without the user’s knowledge.

Question 21

How can security be incorporated in software design?

Answer 21

By considering authentication, user access levels, encryption, threat protection, and secure coding practices.

Question 22

What is penetration testing?

Answer 22

Penetration testing is a legal and authorized attempt to hack into a system to identify security vulnerabilities.

Question 23

What are commercial analysis tools used for?

Answer 23

They scan systems for known vulnerabilities but must be kept updated to remain effective.

Question 24

What is an audit trail?

Answer 24

A record of activities that have taken place on a computer system, including what has happened & who made the change

Question 25

How do secure operating systems improve cybersecurity?

Answer 25

Secure OS designs minimize vulnerabilities and provide enhanced security features to prevent attacks.

Question 26

What does effective network security involve?

Answer 26

It involves monitoring, software patching, policy enforcement, and user training to prevent attacks.

Question 27

What is ethical hacking?

Answer 27

Ethical hacking is testing a system’s security by legally attempting to break into it to identify weaknesses.

Question 28

What are network and user policies?

Answer 28

Policies that define who can access systems, password requirements, security maintenance, and compliance rules.

Question 29

What are the three key aspects of network security?

Answer 29

Confidentiality, Correctness (Integrity), and Availability.

Question 30

Why is confidentiality important in network security?

Answer 30

It prevents unauthorized access, interception, or theft of data by criminals.

Question 31

How can data confidentiality be protected?

Answer 31

By restricting access to authorized users, preventing misuse, and encrypting data.

Question 32

What is the significance of data correctness?

Answer 32

Ensures data remains accurate and unchanged unless authorized, preventing serious errors in records and systems.

Question 33

Why is network availability crucial?

Answer 33

Ensures data and systems remain accessible and operational when needed.

Question 34

What are some threats to network availability?

Answer 34

Virus attacks, Denial of Service (DoS) attacks, data deletion, data theft, and data modification.

Question 35

What are the consequences of data loss in an organization?

Answer 35

Loss of customer trust, financial loss, operational failure, and possible bankruptcy.

Question 36

What is authentication in network security?

Answer 36

The process of verifying a user’s identity using credentials like usernames, passwords, PINs, or biometrics.

Question 37

What are three key methods for securing a network besides authentication?

Answer 37

Access control, firewalls, and physical security.

Question 38

What is access control?

Answer 38

A method of restricting access to files and data based on user permissions.

Question 39

What are the two main types of access control?

Answer 39

Read-only access and read-and-write access (modify access).

Question 40

What is a firewall?

Answer 40

A network security system that monitors and controls data transfer between networks based on a set of security rules.

Question 41

What are some functions of a firewall?

Answer 41

Blocking unauthorized access, preventing data theft, stopping hacking attempts, and restricting specific protocols or network addresses.

Question 42

What are the two main types of firewalls?

Answer 42

Software-based firewalls (for individual computers) and hardware-based firewalls (for business networks).

Question 43

What is physical security in network security?

Answer 43

Controlling access to critical parts of a network using physical methods rather than software

Question 44

What are some physical security measures?

Answer 44

Using electronic locks, burglar alarms & security tags.

Question 45

Why is cloud storage beneficial for network security?

Answer 45

Ensures data availability, provides off-site backup, allows scalable storage, and automates data backups.

Question 46

What are some security risks of cloud storage?

Answer 46

Dependency on third-party providers, risk of data breaches & reliance on Internet access.

Question 47

How can cloud storage security risks be mitigated?

Answer 47

Using encryption, storing data in multiple locations, and choosing providers with strong security policies.

Question 48

What is Network-Attached Storage (NAS)?

Answer 48

A hardware device connected to a network that provides file storage accessible to network devices.

Question 49

What are common security risks with NAS devices?

Answer 49

Use of default passwords, lack of software updates, and remote hacking vulnerabilities.

Question 50

How can NAS security be improved?

Answer 50

Using complex passwords, changing default passwords & regularly updating software

Question 51

Denial of service

Answer 51

Attack on a network that attempts to prevent legitimate users from accessing its services

Question 52

Code vulnerability

Answer 52

Weaknesses in a computer program that attackers can exploit, potentially gaining access to the computer system or the data within it

Question 53

Modular testing

Answer 53

Testing each block of code as it is completed to ensure the code works as expected