Cyber security

Question 1

Cyber security

Answer 1

The practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Question 2

Network security

Answer 2

The practise of protecting the usability and integrity of network and data. It includes both hardware and software technologies. Like firewalls and intrusion prevention systems. Effective network security manages access to a network. It targets a variety of threats and stops them from entering or spreading on a network.

Question 3

Individuals who will violate computer security for malicious or financial reasons; they may also be known as crackers. they may also do it with good intentions, such as ethical hackers and penetration testers.

Answer 3

Hackers

Question 4

Ethical hackers

Answer 4

Individuals whose activities are designed to test and enhance computer security; they may also be known as ethical hackers.

Question 5

Hacktivists

Answer 5

Individuals who use technology to announce a social, ideological, religious, or political message.

Question 6

Software designed to record and store every keystroke made on a computer. Criminals often attempt to install keylogging software onto a computer remotely. It can be used to record passwords and messages.

Answer 6

Key logging

Question 7

Pharming

Answer 7

Pharming redirects victims to a bogus site even if the victim has typed the correct web address. This type of scam is often applied to the websites of banks or e-commerce sites.

Question 8

Phishing

Answer 8

Phishing is the act of trying to obtain confidential records such as passwords. Emails that look as if they are from a legitimate, respected organisation are sent, but they contain links to fake websites that ‘phish’ data from unsuspecting victims.

Question 9

Pretexting

Answer 9

Attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. This type of attack commonly takes the form of a scammer who pretends that they need certain bits of information from their target in order to confirm their identity.

Question 10

Baiting

Answer 10

Similarly to phishing attacks, the scammer promises items or goods to entice their victims.

Question 11

Malware

Answer 11

Short for malicious software, this is programming or code that is used to disrupt computers by:
● Gathering sensitive information
● Gaining access to private computer systems
● Displaying unwanted advertising
● Distributing the performance of a computer or network
or holding data ransom

Question 12

Trojan

Answer 12

A malicious computer program that tricks users into willingly running it is called a ‘Trojan horse’ or simply a ‘Trojan’. They can be delivered via internet downloads, infected USBs, or email attachments.

Question 13

This type of attack can occur when an attacker systematically submits guessed passwords with the hope of eventually guessing correctly.

Answer 13

Brute force attack

Question 14

DDoS

Answer 14

In a distributed denial of service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This makes it impossible to stop the attack simply by blocking a single source.

Question 15

Virus

Answer 15

Malware that usually embeds itself into existing software on a device and then, once that software is run, spreads to other executable files.

Question 16

Worm

Answer 16

While also self-replicating, a worm does not need to infect an existing program. Worms are able to spread very rapidly, infecting large numbers of machines.

Question 17

Ransomware

Answer 17

This type of Trojan can modify data on a computer or device so that it doesn’t run correctly or so that users can no longer use specific data. The criminal will only restore the computer’s performance, or unblock data, after the victim has paid them the ransom money they demand.

Question 18

Ransomware

Answer 18

This type of Trojan can modify data on a computer or device so that it doesn’t run correctly or so that users can no longer use specific data. The criminal will only restore the computer’s performance, or unblock data, after the victim has paid them the ransom money they demand.

Question 19

Spyware

Answer 19

Programs that can spy on how a user makes use of their computer or device, for example by tracking the data entered via a keyboard, taking screenshots, or getting a list of running applications.

Question 20

Software that contains advertisements embedded in the application. It is not always a bad thing and is considered a legitimate alternative offered to consumers who do not wish to pay for software.

Answer 20

Adware

Question 21

Encryption

Answer 21

Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its intended recipient.

Question 22

Caesar cipher

Answer 22

The cipher works by giving a number value to a key. Each plain text letter is replaced by a new letter: the one found at the original letter’s position in the alphabet, plus or minus the value of the key.

Question 23

An encryption key is a piece of information, usually random characters, used by a software algorithm to encrypt data or a message into a form that is unreadable (encryption) and allow the data or message to be made readable again (decryption).

Answer 23

Encryption Kay

Question 24

Firewall

Answer 24

A firewall sits between a local network or computer and another network, controlling the incoming and outgoing network traffic.

Question 25

Antivirus software

Answer 25

Software that is designed to detect and block attacks from malware. Some operating systems have their own inbuilt antivirus software.

Question 26

Network policy

Archiving policy

Answer 26

Usually contains both an archiving policy and an acceptable use policy.
A policy that determines how long data can be kept for.

Question 27

Disaster recovery policy

Answer 27

A policy that allows an organisation to resume business quickly during or after a disaster, which could include a cyberattack.

Question 28

MAC address

Answer 28

A unique identifier that is used as a network address in communications within a network.

Question 29

MAC address white list

MAC address black list

Answer 29

MAC addresses permitted to access a network.

MAC addresses banned from a network.

Question 30

MAC address filtering

Answer 30

This limits the devices that can access a network, either including or excluding specific devices by using their unique MAC address.

Question 31

A type of security testing used to test the insecure areas of a system or application.

Answer 31

Penetration testing

pen test

Question 32

Network forensics

Answer 32

The monitoring and analysis of computer network traffic for information gathering and intrusion detection.

Question 33

Physical security

Answer 33

Describes security measures that are designed to deny unauthorised access to facilities, equipment, and resources and to protect personnel and property from damage or harm, e.g. the use of passcards and biometric checks (fingerprints, retinal scans).

Question 34

White box pen test

Answer 34

Testing in which the tester has full knowledge, more like a malicious insider.

Question 35

Grey box pen test

Answer 35

Testing in which the tester has some knowledge — a compromise between a white and black box pen test.

Question 36

Black box pen test

Answer 36

Testing in which the tester has no knowledge, more like an external hacker.