Cyber Security

Question 1

What is cyber security?

Answer 1

Cyber security is the prevention of cyber attacks, and stopping unauthorised access to personal information stored on online and on our devices.

Question 2

What is accidental damage?

Answer 2

Accidental damage is any damage or loss of data which is not intentional

Question 3

What are examples of accidental damage?

Answer 3

Human error
Accidental data file deletion
Software corruption
Hardware malfunction
Natural disasters
Power failure

Question 4

What is malicious damage?

Answer 4

Actions that are intended to cause harm to data

Question 5

What are examples of malicious damage?

Answer 5

Malware
Phishing and social engineering
DDoS attacks
SQL injection
Insider threats
Ransomware

Question 6

What are the risks with online marketing communications?

Answer 6

Spam and unwanted emails
Phishing and scam attempts
Privacy concerns
Ad fraud
Brand safety
Misinformation

Question 7

What are the problems that can arise during online updating of files?

Answer 7

Unauthorised access
Man-in-the-middle attacks
Malicious software
Incomplete updates
Denial of service
Rollback attacks

Question 8

What are examples of malicious software?

Answer 8

Virus
Trojan
Worm
Ransomware
Adware
Spyware
Rootkit

Question 9

What is malware’s intended use?

Answer 9

Data theft
System disruption
Spamming
Cryptojacking
Extortion

Question 10

What is human error?

Answer 10

Day to day operations involves a lot of data manipulation through typing editing updating and deleting which susceptible to human mistake

Question 11

What is accidental data file deletion?

Answer 11

This is the result of a file or folder being accidentally deleted without an available backup leading to the permanent loss of data

Question 12

What is software corruption?

Answer 12

I here software fails and crashes leading to data loss or corruption during data manipulation

Question 13

What is hardware malfunction?

Answer 13

Hardware can degrade from damage done to it or mechanical failure, when hardware malfunctions it can cause permanent data loss

Question 14

What are power failures?

Answer 14

When power is disrupted during data manipulation causing for data to be lost

Question 15

What is malware?

Answer 15

Malicious software that infects and damages computer systems and disrupts network operation

Question 16

What is phishing and social engineering?

Answer 16

The use of deception to trick individuals into revealing sensitive information or installing malware

Question 17

What are DDoS attacks

Answer 17

DDoS is distributed denial of service,
It is where networks or websites are flooded with traffic to overload them, causing them to be disabled

Question 18

What is SQL injection?

Answer 18

Attackers executing malicious code on servers by injecting it into web applications

Question 19

What are insider threats?

Answer 19

The intentional harm of stealing sensitive information by employees or insiders

Question 20

What is ad fraud?

Answer 20

Online advertisement is vulnerable to to being botted which leads to a wasted marketing budget and loss of credibility

Question 21

What is brand safety?

Answer 21

The safety of the brand’s reputation which can be damaged though ads appearing on inappropriate and offensive sites

Question 22

What is misinformation?

Answer 22

The spread of false information which leads to confusion and mistrust and potential harm

Question 23

What is unauthorised access?

Answer 23

An attacker that doesn’t have permission gains access to the update server

Question 24

What are man in the Middle attacks?

Answer 24

Attackers intercepts and alters update files during transmission

Question 25

What are incomplete updates?

Answer 25

Attackers cause the updates to fail leaving systems in an insecure state making them vulnerable

Question 26

What are rollback attacks?

Answer 26

Where attackers use old versions of files to carry out attacks

Question 27

What are viruses?

Answer 27

Self-replicating programmes that attach themselves to other files and spread to other devices

Question 28

What are Trojans?

Answer 28

A hidden programmes that appears legitimate but performs malicious actions

Question 29

What is a worm?

Answer 29

A self replicating program that spreads through networks and causes damage to computer systems

Question 30

What is Ransomware?

Answer 30

A type of malware that encrypts a users files and demands payment for the decryption key

Question 31

What is adware?

Answer 31

A type of software that displays unwanted advertisement

Question 32

What is spyware?

Answer 32

A program that collects and sends personal information from a users device without their knowledge

Question 33

What is rootkit?

Answer 33

A type of malware that is designed to hide its presence and gives full control of the infected device to the attacker

Question 34

What is data theft?

Answer 34

Stealing personal information or confidential data

Question 35

What is system disruption?

Answer 35

Disrupting the normal functioning of a device or network

Question 36

What is spamming?

Answer 36

Sending unsolicited emails or messages?

Question 37

What is crypto jacking?

Answer 37

Secretly using a victim’s device to mine crypto currency

Question 38

What is extortion?

Answer 38

Demanding payment in exchange for not carrying out malicious actions

Question 39

How can the risks of online marketing organisations be reduced?

Answer 39

Implementing strong security protocols
Adhering to privacy regulations
And verifying sources and accuracy of information

Question 40

How can risks of online updating of files be reduced?

Answer 40

Use secure protocols likes HTTPS or SFTP transmission

Implement digital signatures and hash functions to verify file integrity

Develop a robust incident response plan

Conduct a regular security assessments for system maintenance and updates

Question 41

What are media access control (MAC) addresses? And what are they used for?

Answer 41

MAC addresses are unique identifiers assigned to Network Interface controllers (NICs), and are used as network addresses for communication within a network

Question 42

What is MAC address spoofing? And what’s it used for?

Answer 42

The practice of changing a device’s MAC Address to impersonate another device on a network, it’s used to bypass security measures or evade network monitoring and detection

Question 43

What are the risks of MAC spoofing?

Answer 43

As it allows users to bypass security measures, attackers can gain unauthorised access violating privacy.

It can also impact the performance of a network as it confuses devices leading to data loss or duplication.

Question 44

How can MAC spoofing risks be avoided?

Answer 44

Implementation of strong security measures

Regularly monitoring network traffic

Utilising MAC authentication to require valid MAC addresses for network access

Question 45

What is blockchain?

Answer 45

A decentralised, digital ledger for recording tamper-proof transactiond

Question 46

How does blockchain work?

Answer 46

It uses cryptography to secure and validate transactions across a network of computers

Question 47

How is blockchain used in cyber security?

Answer 47

Decentralised identity management
Secure record keeping
Supply chain security
Cyber threat intelligence sharing
Data privacy
Cyber insurance

Question 48

What are the threats of data mining?

Answer 48

Data breaches
Unauthorised data sharing
Discrimination
Profiling
Lack of control
Inaccurate data

Question 49

Data breaches?

Answer 49

Occurs when sensitive information is illegally obtained

Question 50

Unauthorised data sharing?

Answer 50

Companies sharing personal data without an individual’s consent

Question 51

Discrimination and profiling?

Answer 51

Data mining algorithms unfairly discriminate against specific groups, or profile individuals potentially making them targets to advertisements or discriminatory decision making

Question 52

Lack of control and inaccurate data?

Answer 52

Users have limited control over their personal information collection and use, which can cause data mining algorithms to produce inaccurate results impacting individuals negatively

Question 53

How can the threats of data mining be reduced?

Answer 53

Organisations implement strong data protection policies and technologies

Individuals are cautious online

Question 54

Why are large data sets important?

Answer 54

It is critical for an originations efficiency and competitiveness in todays digital age

Question 55

Health sector and large data sets

Answer 55

Electronic health record hold comprehensive patient data and medical history allowing for better decision in healthcare improving the patient care

Question 56

Finance sector and large data sets

Answer 56

Utilises transaction data, credit history and market data for investment decision, fraud identification and risk management.

Question 57

Retail sector and large data sets

Answer 57

Use of customer data, sales data and supply chain data to improve marketing, sales and supply chain operations

Question 58

what are the legal and professional responsibilities in cybersecurity?

Answer 58

Preventing damage caused by malicious attacks, by having security awareness training, regular updates, penetration testing and incident response planning

Question 59

What is attacking vulnerabilities?

Answer 59

identifying and exploiting weaknesses within a system or network for malicious gain

Question 60

What are methods of attacking vulnerabilities?

Answer 60

Brute Force Attacks
SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Buffer Overflow
Remote Code Execution (RCE)
Directory Traversal
Man-in-the-Middle (MitM) Attacks
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
Social Engineering

Question 61

What is defending from threats?

Answer 61

Measures taken to prevent, detect, and respond to attacks on a system or network.

Question 62

What are methods of defending from threats?

Answer 62

Firewalls
Encryption
Access Control
Antivirus Software
Patches and Updates
Backups
User Education and Awareness Training
Network Segmentation
Intrusion Detection and Prevention Systems
Virtual Private Network (VPN) Technology

Question 63

What is encryption?

Answer 63

A security measure which uses a mathematical algorithm to convert plaintext into unreadable ciphertext.
It protects data from unauthorised access

Question 64

What is a firewall?

Answer 64

Security measure regulating incoming and outgoing network traffic based on rules and policies.
It acts as a barrier between trusted internal networks and untrusted external networks.

Question 65

What are the types of firewalls?

Answer 65

Hardware based
Software based

Question 66

How do firewalls work?

Answer 66

Packet-Filtering: Examines packet headers based on source, destination, IP address, and port number.
Stateful Inspection: Tracks conversation or “state” of connections for informed traffic decisions.
Application-Level Gateways: Inspects data at the application layer, understanding specific application-level protocols.

Question 67

What is an antivirus software?

Answer 67

A security measure that detects, prevents and removes malware, it is installed onto a users devices and constantly monitors the device.

Question 68

What techniques are used in an Antivirus Software?

Answer 68

Signature-Based Detection: Compares code to a database of known malware signatures.

Heuristic-Based Detection: Looks for patterns or behaviors typical of malware.

Behavioral-Based Detection: Monitors program behavior to identify malicious activity.

Question 69

What happens once malware is detected?

Answer 69

Quarantine: Isolates malware to prevent further system damage.

Deletion: Removes malware entirely from the system.

Repair: Attempts to reverse damage caused by the malware.

Question 70

What is hierarchal-access levels?

Answer 70

Divides system or network access into different tiers with distinct privileges and restrictions. This limits the damage done by unauthorised access.

Question 71

What is cryptography?

Answer 71

Securing communication and data through mathematical algorithms.

Question 72

What is the purpose of cryptography?

Answer 72

Confidentiality: Encrypts data for authorized party access.

Integrity: Protects data integrity via digital signatures or authentication codes.

Authenticity: Verifies sender identity using digital certificates or public key infrastructure.

Question 73

What is symmetric key cryptography?

Answer 73

Uses the same secret key for both encryption and decryption.
Both parties require a copy of the secret key for communication.

Question 74

What is asymmetric key cryptography?

Answer 74

Uses a pair of keys for encryption and decryption.
Keys are not identical; one is public, the other is private.

Question 75

What is Hash Function cryptography?

Answer 75

Generates unique digital fingerprints for file verification.
Uses algorithms like SHA-256, SHA-512.

Question 76

What is digital signatures cryptography?

Answer 76

Ensures sender authenticity.
Sender uses private key, recipient verifies with public key.

Question 77

What is steganography?

Answer 77

Hides messages within other files like images or audio.
Conceals the existence of data.

Question 78

What is random number generator?

Answer 78

Generates random numbers for security applications.
Utilized in encryption keys and digital signatures.

Question 79

What is quantum cryptography?

Answer 79

Uses principles of quantum mechanics for secure communication.
Considered more secure than traditional methods.

Question 80

Compare symmetric and asymmetric key cryptograph

Answer 80

Symmetric: Uses one key for encryption and decryption, faster but requires secure key exchange.
Asymmetric: Uses different keys for encryption/decryption, eliminates need for key sharing, slower and computationally more expensive.

Question 81

What is biometrics?

Answer 81

Biometrics is the use of unique physiological or behavioural characteristics to identify individuals.

Question 82

What is fingerprint recognition?

Answer 82

Uses unique fingerprint patterns for identity verification.

Question 83

What is facial recognition?

Answer 83

Verifies identity using distinct facial characteristics.

Question 84

What is iris recognition?

Answer 84

Utilizes unique iris patterns for identification.

Question 85

What is voice recognition?

Answer 85

Identifies individuals based on their unique voice characteristics.

Question 86

What is signature recognition?

Answer 86

Uses unique signature characteristics for verification.

Question 87

What is behavioural biometrics?

Answer 87

Identifies individuals based on behavioural traits like typing rhythm or mouse movements.

Question 88

What is the benefit of biometric authentication?

Answer 88

Provides high security and convenience, reduces fraud and accuracy in authentication

Question 89

What is the disadvantage of biometric authentication?

Answer 89

Privacy concerns, technical limitations, it is expensive to implement and maintain, and there is the potential of bias and discrimination.

Question 90

What is black-hat hacking?

Answer 90

Obtaining unauthorised access to systems with malicious intent

Question 91

What is white-hat hacking?

Answer 91

Improves security by identifying system vulnerabilities, helps prevent cyber-attacks and identifies weaknesses enhancing security.

Question 92

What is penetration testing?

Answer 92

Used to simulate attacks and is used to
evaluate the security of a system. It identifies security vulnerabilities and weaknesses providing with recommended improvements.

Question 93

What is tracert (Tracer route)

Answer 93

a network diagnostic tool used to track the
path taken by data packets from a source computer to a destination computer

Question 94

What is whois protocol?

Answer 94

a protocol and database system that stores
information about registered domain names and the associated organisations and individuals.

Question 95

What is IP address masking and impersonating?

Answer 95

the process of hiding or changing the real IP address of a device or network to appear as if it originates from a different location or device.

Question 96

What is cyber resilience?

Answer 96

the ability of to withstand and quickly recover from cyber-attacks, system failures and other security incidents

Question 97

What are the consequences of a cyber attack to a company?

Answer 97

Financial Loss
Reputational Damage
Legal Liability
Intellectual Property Theft
System Downtime

Question 98

What are the types of data loss?

Answer 98

Temporary and permanent

Question 99

What is temporary data loss?

Answer 99

Temporary data loss is where data that is lost can easily be recovered from backups or recovery processes

Question 100

What is permanent data loss?

Answer 100

Permanent data loss is where data is lost completely and irreversible

Question 101

How do you avoid permanent data loss?

Answer 101

Implementing proper data backups and disaster recovery procedures
Regular software and system updates
Physical security for storage devices
Regular backups

Question 102

What can damaged or corrupt software lead to?

Answer 102

System crashes
Data Losses
Security Risks
Inefficiency
Compatibility Issues

Question 103

In what ways are companies effected by their website being unavailable?

Answer 103

Loss of Reputation
Loss of competitive advantage
Legal and social implications
Financial Issues

Question 104

Loss of Reputation because of a website being down is caused as there is?

Answer 104

Poor user experience, leading to decreased trust.
Brand image tarnishing.
Penalties in search engine rankings.

Question 105

Loss of competitive advantage because of a website being down is caused as there is a?

Answer 105

Reduced market share.
Missed business opportunities.
Decreased visibility and brand reputation damage.

Question 106

The legal and social implications of a website being unavailable are

Answer 106

Legal liabilities and contractual breaches.
Reputational damage and loss of trust.
Increased customer complaints.

Question 107

The financial loss because of a website being down is due to the

Answer 107

Reduced revenue and increased costs.
Decreased ad revenue and search rankings.
Loss of customers and market share.

Question 108

The resilience controls to prevent cyber attacks are?

Answer 108

Boundary firewalls and Internet gateways
Secure system configuration
Access control
Malware Protection
Patch Management
Staff Training

Question 109

How does Boundary firewalls and Internet gateways prevent cyber-attacks?

Answer 109

Boundary firewall monitors and controls network traffic.
Prevents unauthorised access, malware infections and hacking attempts.
Internet gateway aids in secure data exchange and prevents cyber-attacks using firewalls, intrusion detection systems, and VPNs.

Question 110

How does Secure system configuration prevent cyber-attacks?

Answer 110

Admin account access controls and audit trails.
Account management and regular backups.
Provides multiple layers of protection, reducing the attack surface and increasing visibility to respond to security incidents.

Question 111

How does Access control prevent cyber-attacks?

Answer 111

Limits individuals accessing sensitive data and systems.
Reduces the attack surface, minimises the risk of unauthorised access, theft and manipulation.
Strengthens security posture and reduces the likelihood of successful cyber-attacks.

Question 112

How does Malware protection prevent cyber-attacks?

Answer 112

Detects and blocks malicious software
Prevents harm, data theft, and unauthorised access.
Utilises antimalware software, firewalls, and other security measures to reduce the risk of malware-based cyber-attacks.

Question 113

How does Patch management prevent cyber-attacks?

Answer 113

Regularly updates software to close security vulnerabilities.
Protects against new threats and maintains compliance with industry regulations.
Identifies, acquires, tests, and installs patches to prevent cyber-attacks.

Question 114

How does Staff training prevent cyber-attacks?

Answer 114

Raises employee awareness of cyber threats.
Teaches safe computing practices and ensures compliance with security policies.
Facilitates early detection of potential cyber-attacks through informed employees.

Question 115

The resilience controls to recover from cyber-attacks are?

Answer 115

Alternative Facilities
What-If Scenarios
Regular Backups of data

Question 116

How do alternative facilities recover from cyber-attacks?

Answer 116

Provides options if primary locations are affected by cyber-attacks.

Question 117

How do What-if scenarios recover from cyber-attacks?

Answer 117

Identifies attack vectors, evaluates impact, and prioritizes response efforts.

Question 118

How do Regular Backups recover from cyber-attacks?

Answer 118

Helps restore lost data, minimizing operational impact.

Question 119

What are the Legal and Professional Responsibilities for Resilience Controls

Answer 119

Compliance with laws (GDPR, NISR) and standards (ISO 27001, Cyber Essentials).

Responsible for protecting personal data and preventing unauthorized access.

Duty to ensure continuity of critical business functions through business continuity planning and disaster recovery strategies.

Ensuring security and confidentiality of sensitive information like financial data and intellectual property.

Question 120

What is social engineering?

Answer 120

Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.

Question 121

What is phishing?

Answer 121

Cyber-attack seeking sensitive data through deceptive emails, texts, or websites impersonating trusted entities.

Question 122

What is vishing?

Answer 122

Voice Phishing, Social engineering attack using voice calls, voicemails, or IVR systems to extract sensitive information.

Question 123

What is baiting?

Answer 123

A social engineering attack involving leaving a physical item (USB, CD) in public spaces to entice victims into using it on their devices.

Question 124

What is email hacking?

Answer 124

The unauthorised access or manipulation of someone else’s e-mail account or e-mail messages.

Question 125

What is pretexting?

Answer 125

A method where false scenarios or cover stories are used to manipulate individuals into disclosing sensitive information or performing actions.

Question 126

What is quid pro quo scams?

Answer 126

A social engineering attack where an attacker offers something valuable to a victim in exchange for sensitive information or computer access.

Question 127

What is passive digital footprints?

Answer 127

Passive digital footprints are data or information inadvertently left behind due to online activities, like browsing history, social media posts, or IP addresses.

Question 128

What is active digital footprints?

Answer 128

Active digital footprints result from actively sharing information online via social media, email, or messaging.

Question 129

How can your digital footprint be exploited?

Answer 129

In a cyber-attack campaign, attackers leverage passive and active digital footprints to access systems and steal sensitive information.

Question 130

Social engineering and the legal requirement in the UK

Answer 130

Computer Misuse Act 1990: Criminalizes unauthorized system access via hacking or cyber-attacks.

Fraud Act 2006: Criminalizes deception causing gain or loss, encompassing social engineering scams like phishing and vishing.

GDPR: Enforces personal data protection, mandates timely data breach reporting to the ICO.

Privacy and Electronic Communications Regulations 2003: Regulates electronic communication services, requiring consent for marketing messages and opt-out options for individuals.