Cyber security

Question 1

Cybersecurity

Answer 1

The practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Question 2

Network security

Answer 2

Any activity designed to protect the usability and integrity of network and data. It includes both hardware and software technologies. Effective network security manages access to a network. It targets a variety of threats and stops them from entering or spreading on a network.

Question 3

Hackers

Answer 3

Individuals who will violate computer security for malicious or financial reason

Question 4

Ethical hackers

Answer 4

Individuals whose activities are designed to test and enhance computer security

Question 5

Hacktivists

Answer 5

Individuals who use technology to announce a social, ideological, religious, or political message.

Question 6

Keylogging

Answer 6

Software designed to record and store every keystroke made on a computer. Criminals often attempt to install keylogging software onto a computer remotely.

Question 7

Social engineering

Answer 7

The psychological manipulation of people into performing actions or divulging confidential information.

Question 8

Tailgating

Answer 8

Tailgating is a physical security breach in which an unauthorised person follows an authorised individual to enter secured premises.

Question 9

Pharming

Answer 9

Pharming redirects victims to a bogus site even if the victim has typed the correct web address. This type of scam is often applied to the websites of banks or e-commerce sites.

Question 10

Phishing

Answer 10

Phishing is the act of trying to obtain confidential records such as passwords. Emails that look as if they are from a legitimate, respected organisation are sent, but they contain links to fake websites that ‘phish’ data from unsuspecting victims.

Question 11

Eavesdropping

Answer 11

A technique that involves the social engineer being physically present to overhear confidential conversations

Question 12

Shoulder surfing

Answer 12

Looking over another person’s shoulder to view passwords or other data that is being entered.

Question 13

Malware

Answer 13

Short for malicious software, this is programming or code that is used to disrupt computers by:
● Gathering sensitive information
● Gaining access to private computer systems
● Displaying unwanted advertising
● Distributing the performance of a computer or network

Question 14

Trojan

Answer 14

A malicious computer program that tricks users into willingly running it is called a ‘Trojan horse’ or simply a ‘Trojan’. They can be delivered via internet downloads, infected USBs, or email attachments.

Question 15

Zombie

Answer 15

A computer connected to the internet that has been compromised by a hacker, computer virus, or Trojan horse program and can be used to perform malicious tasks under remote direction.

Question 16

Data breach

Answer 16

A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual who is not authorised to do so.

Question 17

Brute force attack

Answer 17

This type of attack can occur when an attacker systematically submits guessed passwords with the hope of eventually guessing correctly

Question 18

DoS

Answer 18

A denial of service attack (DoS attack) is a cyberattack in which a criminal makes a network resource unavailable to its intended users by flooding the targeted machine or website with lots of requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Question 19

DDoS

Answer 19

In a distributed denial of service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This makes it impossible to stop the attack simply by blocking a single source

Question 20

SQL injection

Answer 20

SQL injection occurs when malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)

Question 21

Virus

Answer 21

Malware that usually embeds itself into existing software on a device and then, once that software is run, spreads to other executable files.

Question 22

Worm

Answer 22

While also self-replicating, a worm does not need to infect an existing program. Worms are able to spread very rapidly, infecting large numbers of machines.

Question 23

Ransomware

Answer 23

This type of Trojan can modify data on a computer or device so that it doesn’t run correctly or so that users can no longer use specific data.

Question 24

Spyware

Answer 24

Programs that can spy on how a user makes use of their computer or device, for example by tracking the data entered via a keyboard, taking screenshots, or getting a list of running applications.

Question 25

Adware

Answer 25

Software that contains advertisements embedded in the application. It is not always a bad thing and is considered a legitimate alternative offered to consumers who do not wish to pay for software.

Question 26

Exploit

Answer 26

Code that takes advantage of a security vulnerability in an operating system, application, or any other software code, including application plug-ins or software libraries.

Question 27

Encryption

Answer 27

Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its intended recipient.

Question 28

Encryption key

Answer 28

An encryption key is a piece of information, usually random characters, used by a software algorithm to encrypt data or a message into a form that is unreadable (encryption) and allow the data or message to be made readable again (decryption).

Question 29

Firewall

Answer 29

A firewall sits between a local network or computer and another network, controlling the incoming and outgoing network traffic.

Question 30

Antivirus software

Answer 30

Software that is designed to detect and block attacks from malware. Some operating systems have their own inbuilt antivirus software.

Question 31

Network policy

Answer 31

Usually contains both an archiving policy and an acceptable use policy.

Question 32

Backup policy

Answer 32

A backup is a copy of data or files. A backup policy is a written statement that specifies how backups will be organised in an organisation, including frequency, by whom, using what media, and how the files are labelled.

Question 33

Disaster recovery policy

Answer 33

A policy that allows an organisation to resume business quickly during or after a disaster, which could include a cyberattack.

Question 34

Penetration testing

Answer 34

A type of security testing used to test the insecure areas of a system or application.

Question 35

White box pen test

Answer 35

Testing in which the tester has full knowledge, more like a malicious insider.

Question 36

Grey box pen test

Answer 36

Testing in which the tester has some knowledge — a compromise between a white and black box pen test.

Question 37

Black box pen test

Answer 37

Testing in which the tester has no knowledge, more like an external hacker.