Core Computing Flashcards
What does HTML stand for?
HyperText Markup Language
What does CSS stand for ?
Cascading Style Sheets
What does svg stand for?
Scalable Vector Graphics
What does URL stand for?
Uniform resource locator
What is a selector?
This is used to refer to an element that you will modify in your CSS.
What format do we use when selecting an id in CSS ?
idname{
css goes here }
What format do we use when selecting class in CSS?
if its just a class then .classname{css}
if its a element with a class e.g. <p class = lol> then
p.lol {css}
Can we style in html?
Yes
How do we style in HTML?
We use style element. Then you type the CSS inside of it.
Why do we use CSS instead of just styling in HTML?
CSS provides better efficiency and saves memory.
What parts must a url always have?
. scheme/protocol
. host/domain name
. path (the /// part)
What does the port look like in the URL?
:123
How do we create hyperlinks in HTML?
we use the a element and its attribute href.
E.g.
<a>An Example Website</a>
How do we link CSS file or JavaScript file to html?
We make use of the script tag and the src attribute.
E.g.
<script> </script>
How do we use images in HTML ?
We use the img element and its attributes src for the name of the image file.
We must also include the alt attribute
E.g.
<img></img>
Why do we need the alt attribute when using the img element ?
Its a standard and the alt attribute helps people with screen reader know what the image is
Why is better to download the image?
It prevents hotlinking. This is when instead of putting a file in src you put a link to an image. This is bad because if the image from the link is changed or deleted so will yours
Why is svg good for images?
It offers higher resolution images
Name some markup languages ?
xml,html,svg
What is svg?
It is a mark up language for images
What do you need at the start of every html doc ?
<!DOCTYPE html>
Who created HTML ?
Tim Berners-Lee
What kinda markup do we prefer in HTML?
Descriptive not procedural
What is the difference between client and server?
Server operations are remote, whereas client operations are performed locally by a web browser.
What is information security ?
Information security is the preservation of confidentiality, integrity and availability of information
Define confidentiality.
preventing the disclosure of information to anyone or anything that is not authorised to view or otherwise access that information
Define integrity
Preserving the integrity of information is the safeguarding of its accuracy and completeness
Define availability ?
if the information can be accessed by authorised entities on demand whenever they need it for legitimate purpose
Explain the trade that happens when trying to improve information security
- Often in an attempt to improve confidentiality a trade-off is made in which integrity or availability is decreased/threatened and the same goes for the other 2
- An example of this may be repeating credit card details during a phone purchase repeating the details in short integrity by authorised individuals may over here this information which threatens confidentiality
Define an asset
An asset is anything of value to an organisation
Define a threat
A threat is a potential cause of an incident that may result in harm to system organisation
Define vulnerability
vulnerabilities are weaknesses In an information asset or information system itself that can be exploited
Define impact
The result of an information security incident caused by threats which affects the assets
Define risk
The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation
Must all information be protected ?
Yes
Define business critical information
Info about the business without this information the business will not be able to function
Define personal information
Info on employees and customers by law this needs to be protected
Define strategic information
Info that provides organisations with a competitive advantage and directs their activities
Define high cost information
info whose gathering storage processing and transmission require a long time and involve a high cost
Define business processes.
- Business processes are the steps taken to Accomplish certain task that really should be considered In their own right
- These can be processes protected as trade secrets or processes That ensure effective delivery Of business goals as well as the mission Of the organisation
- Or they can be processes that ensure legal requirements
What is network security?
Network security is the steps to both manage the network perimeter and protect the internal network
How do we protect the network perimeter?
by filtering and inspecting all traffic to the network perimeter. This can be done by :
Firewall - monitors and controls incoming and outgoing network traffic based on predetermined security rules
. Malware - prevents malicious content
How do we protect internal network ?
○ Segregate networks - This is done by identifying grouping and fascinating critical business systems and appropriate networks
. Secure WAPs
○ Enable secure administration
○ Configure the exception handling process
○ Monitor network
Assurance processes
What should an organisation do to prevent its personnel from falling victim to social engineering?
. Security policy
. Induction process
. Make personnel aware of risks
. Have security training and see if it works
. promote incident reporting e.g. tfl see it say it sort it
What must security policies have to remain viable?
○ Individual responsible for the policy
○ A schedule reviews
○ Method for making recommendation for reviews
Specific policy insurance and revision date
Define policy
A principle or rule to guide decisions and achieve rational outcomes
Define standards
A standard is a agreed way of doing something to a specific or measurable level of quality. It is an created by a recognised body and it is officially documented .
Define a guideline
A set of recommended actions to assist in complying with the policy
Define procedure
A list of steps/instructions for performing some action or accomplishing the task
What is authentication ?
Checking that only authorised individuals can view or modify protected information assets
What are the 3 authentication mechanisms and give examples?
○ Something a supplicant knows e.g. password, pin or security questions
○ Something a supplicant has e.g. smart cards, bank card
. Something a supplicant is e.g. fingerprint, eye scan, voice, palmprint,boimetric
Give some pros and cons on passwords?
Pro -They are simple for designers and users and can provide good protection if used correctly
Cons - Protection is often compromised by the user This is because users make them too short or personal so they’re easy to remember or They are also never changed and the same password is used for multiple systems making passwords weaker.
. People also forget passwords
What is a way to protect passwords
. dont give them out
. To protect against password guessing we can lock people after three failed attempts
. However this enables a form of denial of service because attackers deliberately locked try lock out users which has an affect on availability
What is the acronym for the requirements for biometrics and define the words for each acroynm?
CAPCUPD
Collectability - It should be easy and harmless to collect
Acceptability - The trait should be accepted by the public
Performance - It should be fast and accurate regardless of the resources or environment
Circumvention - Using fraudulent methods should be difficult
Universality - Everyone should have this trait
Persistence - The trait shouldn’t change too much over time
Distinctiveness - The ability of the trait to change between 2 people
How is the effectiveness of biometrics evaluated ?
False reject rate (FRR) -the percentage of how many users that should have access are denied
False acceptance rate(FAR) - the percentage of how many users that shouldnt have access are accepted
Crossover error rate (CER) - Level at which the number of false rejections equals to false acceptances
Define identity?
The properties of an individual resource that can be used to identify uniquely one individual or resource
What is accounting ?
Ensures that user activities can be tracked back to them
Define audit ?
Formal or informal review of actions processes, policies and procedures
What are the 4 access control policies ?
DAC) Discretionary Access Control - Controls access based upon identity. Straight forward to implement and flexible
MAC) Mandatory Access Control - controls access based upon security labels
Used when stronger security guarantees that is required, Centralised control of information
(RBAC) Role Based Access Control - controls access based upon roles
(ABAC) Attribute Based Access Control - controls access based upon attributes
What is strong authentication?
The use of two or more authentication mechanisms from at least two different authentication factors. Sometimes called MFA or 2FA
What is the difference between factor and mechanisms ?
factors are what we know,posses or is whereas the mechanisms are pins and etc