Cyber security

Question 1

Define Social engineering

Answer 1

Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.

Question 2

What are the types of social engineering techniques

Answer 2

Phishing
Vishing
Baiting
Email hacking
Pre-texting
Quid pro quo scams
Active digital footprints
Passive digital footprints

Question 3

Define Phishing

Answer 3

Fraudulent e-mails, text messages or websites that appear to be from trustworthy sources are used to trick victims into revealing sensitive information

Question 4

Define Vishing

Answer 4

Voice phishing uses voice calls, voicemails or interactive voice response (IVR) systems to trick individuals into revealing sensitive information

Question 5

Define Baiting

Answer 5

When an attacker leaves a physical item, such as a USB drive or CD, in a public place with the intention of tricking someone into taking it and using it on their computer.

Question 6

Define Active digital footprints

Answer 6

Information that is actively shared online (e.g. through social media) that can be used to build a more successful cyber-attack.

Question 7

Define Email hacking

Answer 7

The unauthorised access or manipulation of someone else’s e-mail account or e-mail messages.

Question 8

Define Pre-texting

Answer 8

A false scenario or cover story is used to manipulate someone into revealing sensitive information or performing a certain action

Question 9

Define Quid pro quo scams

Answer 9

When an attacker offers something desirable or valuable to a victim in exchange for sensitive information or access to their computer

Question 10

Define Passive digital footprints

Answer 10

Data or information left behind as a result of online activities, such as browsing history or IP addresses, that can be used to create more convincing social engineering attacks.

Question 11

What are the different sectors social engineering is used in

Answer 11

• commerce
• personal finance and home banking
• process control.

Question 12

What are the different laws in place to protect against social engineering

Answer 12

The Computer Misuse Act 1990: This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks.

The Fraud Act 2006: This Act makes it a criminal offence to carry out deception with the intention of making a gain or causing a loss.

The General Data Protection Regulation (GDPR): This regulation, requires organisations to protect the personal data of individuals and to report data breaches to the ICO within 72 hours.

The Privacy and Electronic Communications Regulations 2003: This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages. It requires organisations to obtain consent from individuals

Question 13

Define Resilience Controls

Answer 13

Cyber resilience is the ability of an organisation to withstand and quickly recover from cyber-attacks, system failures and other security incidents.

Question 14

What are the consequences of a cyber-attack

Answer 14

• Financial loss
• Reputational damage
• Legal liability
• Intellectual property theft
• System downtime
• Long-term damage

Question 15

What are the effects of a website being unavailable

Answer 15

• Loss of reputation
• Loss of competitive advantage
• Legal and social implications
• Financial loss

Question 16

What is the impact of damaged software

Answer 16

• System crashes
• Loss of data
• Security vulnerabilities
• Inefficient performance
• Compatibility issues

Question 17

What are the legal and professional responsibilities

Answer 17

• General Data Protection Regulation (GDPR)
• Network and Information Systems Regulations (NISR)
• Adherence to professional standards, such as ISO 2700
• Responsibility for the protection of personal data
• Duty of care to ensure the continuity of critical business functions
• Ensuring the security and confidentiality of sensitive information

Question 18

Explain how information is temporarily lost

Answer 18

The loss of access to information due to technical issues such as power outages and system crashes.

Can usually be restored from backups or through other recovery processes.

Question 19

Explain how information is permanently lost

Answer 19

The complete and permanent destruction of information that cannot be restored.

Can occur due to physical damage to storage devices, deliberate destruction, or the permanent failure of storage devices.

Question 20

What are the ways to prevent a cyber-attack in a business

Answer 20

Boundary firewall and Internet gateway
Staff training
Secure system configuration
Patch management
Malware protection
Access control

Question 21

What are some methods of resilience controls for recovery from a cyber attack

Answer 21

What if scenarios
Regular backups of data
Planning alternative premises, communication methods and facilities

Question 22

What are what if scenarios

Answer 22

Allows for preparation and mitigation of a cyber-attack. Hypothetical scenarios allow organisations to plan how they would respond to a cyber-attack and identify vulnerabilities

Question 23

What are Regular backups of data

Answer 23

Used in disaster recovery and BCP.
Backups ensure that critical data can be restored in the event of a data loss, minimising the impact on the organisation

Question 24

What is Planning alternative premises, communication methods and facilities

Answer 24

Used in Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) to ensure that critical business operations can continue in the event of a cyber-attack

Question 25

What is required to prevent a malicous attack

Answer 25

Requires a multi-layered approach that includes security awareness training, regular security updates, penetration testing and incident response planning.

Question 26

Define Black hat hacking

Answer 26

A hacker gains unauthorised access to computer systems, networks or data with malicious intent. This type of hacking is illegal and unethical

Question 27

Define Grey hat hacking

Answer 27

A grey hat hacker is a computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent.

Question 28

Define White hat hacking

Answer 28

White hat hackers are security professionals who identify vulnerabilities and weaknesses in computer systems and networks and report them to the relevant organisations.

Question 29

Define Penetration testing

Answer 29

Also known as pen testing, this is a security testing technique used to evaluate the security of a system by simulating an attack. It identifies security vulnerabilities and weaknesses

Question 30

What are the 4 types of security measures

Answer 30

* Encryption * Firewalls * Antivirus software * Hierarchical access levels

Question 31

Define Biometrics

Answer 31

The use of unique physiological or behavioural characteristics to identify individuals to provide a reliable means of identification and authentication that is difficult to imitate.

Question 32

What are some examples of biometrics

Answer 32

* fingerprint recognition * facial recognition * iris recognition * voice recognition * signature recognition * behavioural biometrics.

Question 33

Evaluate biometrics

Answer 33

+ Increased security Convenience Reduced fraud Increased accuracy - Privacy concerns Technical limitations Cost Bias and discrimination

Question 34

Define Cryptography

Answer 34

The practice of securing communication and data through the use of mathematical algorithms. The purpose of cryptography is to protect the confidentiality, integrity and authenticity of data.

Question 35

What are the techniques of cryptography

Answer 35

* Symmetric key cryptography * Asymmetric key cryptography * Hash functions * Digital signatures * Steganography * Random number generation * Quantum cryptography

Question 36

What are some mechanisms to defend against threats and vulnerabilities

Answer 36

* Firewalls * Encryption * Access control * Antivirus software * Patches and updates * Backups * User education and awareness training * Network segmentation * Intrusion detection and prevention systems * Virtual Private Network (VPN) technology

Question 37

What are some range of mechanisms for attacking vulnerabilities

Answer 37

* Brute force attacks * SQL injection * Cross-Site Scripting (XSS) * Remote Code Execution (RCE) * Man-in-the-middle (MitM) attacks * Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks * Social engineering

Question 38

Define cyber security

Answer 38

How individuals and organisations reduce the risk of cyberattacks, and how to prevent unauthorised access to the personal information we store on our devices and online.

Question 39

What are the risks with online marketing communications

Answer 39

* Spam and unwanted e-mail * Phishing and scam attempts * Privacy concerns * Ad fraud * Brand safety * Misinformation

Question 40

Define accidental damage

Answer 40

Accidental damage is any damage or loss of data that is not intentional. Actions that are intended to cause harm to data are classed as malicious damage.

Question 41

What are the types of accidental damage

Answer 41

Human error Accidental data file deletion Software corruption Hardware malfunction Natural disasters Power failure

Question 42

What are the types of deliberate damage

Answer 42

Malware Phishing and social engineering DDoS attacks SQL injection Ransomware Insider threats

Question 43

What are the threats to the privacy of the individual from the use of data mining

Answer 43

* Data breaches * Unauthorised data sharing * Discrimination * Profiling * Lack of control * Inaccurate data

Question 44

What are the types of malware

Answer 44

* Virus * Trojan * Worm * Ransomware * Adware * Spyware * Rootkit

Question 45

What are the operations of malware

Answer 45

* Data theft * System disruption * Spamming * Crypto jacking * Extortion

Question 46

What is the importance of large data sets to the health sector

Answer 46

Electronic health records (EHRs), patient data and clinical trial data are used to improve patient care, support medical research and streamline operations.

Question 47

What is the importance of large data sets to Finance sector

Answer 47

Transaction data, credit history and market data are used to make informed investment decisions, identify fraud and improve risk management strategies.

Question 48

What is the importance of large data sets to Retail sector

Answer 48

Customer data, sales data and supply chain data are used to improve marketing and sales campaigns, optimise supply chain operations and provide personalised customer experiences

Question 49

What are the security problems during online file updates

Answer 49

* Unauthorised access * Incomplete updates * Man-in-the-middle attacks * Denial of service * Malicious software * Rollback attacks

Question 50

What are the risks of the use of a unique MAC address

Answer 50

* MAC spoofing * Privacy concerns * Network security * Network performance

Question 51

Define MAC address

Answer 51

The Media Access Control (MAC) address is a unique identifier assigned to a Network Interface Controller (NIC) for use as a network address in communications within a network segment.

Question 52

Define Blockchain

Answer 52

Blockchain is a decentralised, digital ledger that records transactions across a network of computers. It uses cryptography to secure and validate transactions, ensuring that the ledger is tamper-proof

Question 53

How is blockchain technology used in cyber security

Answer 53

* Decentralised identity management * Cyber threat intelligence sharing * Secure record keeping * Data privacy * Chain security * Cyber insurance

Question 54

How does anti-virus software detect malware

Answer 54

* signature-based detection, which compares the code of a file or program to a database of known malware signatures in order to identify a match * heuristic-based detection, which looks for patterns or behaviour that are typical of malware in order to identify new or unknown threats * behavioural-based detection monitors the behaviour of a program or process in order to identify malicious activity

Question 55

What is the main purpose of cryptography

Answer 55

* confidentiality: Cryptography is used to protect the confidentiality of data by encrypting it so that it can only be read by authorised parties who possess the proper decryption key. * integrity: Cryptography is used to protect the integrity of data by creating a digital signature or a message authentication code, which can be used to detect any unauthorised changes to the data * authenticity: Cryptography is used to ensure the authenticity of data by verifying the identity of the sender through the use of digital certificates or public key infrastructure.

Question 56

Define steganography

Answer 56

This technique is used to hide a message or other data within another file, such as an image or audio file, in order to conceal its existence