Cyber Security

Question 1

Blacklist

Answer 1

Used to refer to a list of banned IP addresses, application or users.

Question 2

Whitelist

Answer 2

The exact opposite of a blacklist

Question 3

Cat Fishing

Answer 3

The process of creating a fake profile in order to trick people into believing they are someone else for financial gain.

Question 4

Authentication

Answer 4

The process of proving an individual is who they claim to be.

Question 5

Data Mining

Answer 5

The activity of analyzing and/or searching through data in order to find items of relevance, significance of value.

Question 6

Threat

Answer 6

This generally refers to anything that has the potential to cause our data, systems and networks harm.

Question 7

Exploit

Answer 7

A clearly defined way to breach the security of a system.

Question 8

Vulnerabilities

Answer 8

These are weakness within a system or network that can be exploited to cause us harm.

Question 9

Risk

Answer 9

This refers to the likelihood of something bad happening. A risk requires both a threat and a vulnerability to exist.

Question 10

Zero Data

Answer 10

This is used to describe a threat that is unknown to security specialist and has not been addressed.

Question 11

Hack Value

Answer 11

This is used to describe a target that may attract an above average level of attention from an attacker.

Question 12

Non-Repundiation

Answer 12

This is the concept that once an action is carried out by a party it cannot be denied by that same party.

Question 13

Logic Bomb

Answer 13

A malicious code that is only triggered when a set of conditions are met.

Question 14

Obfuscation

Answer 14

A term used to describe the tactic of making code unclear so that humans or programs like an antivirus cannot understand it.

Question 15

Honey Pot

Answer 15

A decoy or trap for hackers.

Question 16

Spoof

Answer 16

The act of falsifying the identity of the source of a communication or interaction.

Question 17

What is the CIA Triad?

Answer 17

Confidentiality
Integrity
Availability

Question 18

Confidentiality

Answer 18

Ensuring that data is private and accessed only by those with permission to do so. Can be achieved with the use of passwords, biometrics and encryption.

Question 19

Integrity

Answer 19

Ensuring that data has not been altered in any way. Can be achieved though the use of checksums and access control.

Question 20

Availability

Answer 20

Ensuring that data is always available for access and use. Can be achieved though the use of backups, maintenance & disaster recovery plans.

Question 21

HTTP

Answer 21

(HyperText Transfer Protocol)
Determines how web browsers and servers communicate. Uses port 80

Question 22

HTTPS

Answer 22

(HyperText Transfer Protocol Secure)
The secure version of HTTP that uses encryption. Commonly used on websites where there is an exchange of sensitive data like passwords and credit card details. Uses port 443.

Question 23

FTP

Answer 23

(File Transfer Protocol)
Governs how files and data are transferred between servers and computers. Uses port 21.

Question 24

IMAP

Answer 24

(Internet Message Access Protocol)
Used by email clients to retrieve messages. Uses port 143.

Question 25

SMTP

Answer 25

(Simple Mail Transfer Protocol)
Determines how emails are sent. Uses port 25 for plain text and port 587 for encrypted communications.

Question 26

TCP

Answer 26

(Transmission Control Protocol)
Divides a message or file into smaller packets that are transmitted over the internet and then reassembled at the destination point.

Question 27

IP

Answer 27

(Internet Protocol)
Responsible for the address of each packet so they are sent to the right destination.

Question 28

TCP/IP is decided into 4 main layers?

Answer 28

1. Data Link Layer
2. Internet Layer
3. Transport Layer
4. Application Layer

Question 29

Data Link Layer

Answer 29

Consist of protocols that operate on a link that connects host on a network e.g Ethernet.

Question 30

Internet Layer

Answer 30

Connects independent networks together e.g IP

Question 31

Transport Layer

Answer 31

Handles communication between host e.g TCP

Question 32

Application Layer

Answer 32

Standardizes data exchange for applications e.g HTTP, FTP

Question 33

Types of Hackers?

Answer 33

1. Script Kiddies
2. Grey Hats
3. Black Hats
4. White Hats
5. Hacktivist

Question 34

Script Kiddie

Answer 34

Derogatory term used to describe unskilled hackers.

Question 35

Grey Hats

Answer 35

Use black hats techniques

Question 36

Black Hats

Answer 36

The bad guys who are highly skilled and hack for personal and financial gain.

Question 37

White Hats

Answer 37

The good guys who defend data and networks from black hats and malware.

Question 38

Hacktivist

Answer 38

Activist who hack for a social or political cause.

Question 39

Passive Reco

Answer 39

Silent reconnaissance where the target isn’t aware of it. Information gathered here included email addresses, phone numbers, social media accounts etc.

Question 40

Active Recon

Answer 40

More aggressive reconnaissance where the target is actively engaged to discover vulnerabilities. information gathered here included passwords, IP addresses, open ports, conversation with employees.

Question 41

Methods of Exploitation?

Answer 41

1. Phishing Email
2. Social Engineering
3. Unpatched Software
4. Weak Passwords

Question 42

Brute Force Attacks

Answer 42

A very violent attack where the hacker attempts to crack a password by using extremely large possible combinations of letters and numbers to guess the right combination. Can be prevented with the use of very strong passwords and timeouts after consecutive failed login attempts.

Question 43

Phishing

Answer 43

The most popular cyber attack where the victim is tricked into clicking a malicious link in an email. Spear phishing attacks are directed at very specific targets while a whaling attack is directed against senior executives of companies.

Question 44

Email Spoofing

Answer 44

This is the forgery of an email header to make it look like the message originated from someone else other than the actual source

Question 45

Botnets

Answer 45

This refers to a collection of bots (infected computers). A botmaster controls the bots and can use them to perform a DOS attack.

Question 46

DOS

Answer 46

(Denial of Service)
This is an attack where the targeted server is flooded with useless request in an attempt to overwhelm and shut it down. Can be combated by blocking the IP address of the source of the attack.

Question 47

DDOS

Answer 47

(Distributed Denial of Service)
A more sophisticated form of DOS attack. Can be prevented with bandwidth over-provision.

Question 48

Man in the middle attack

Answer 48

A crafty attack where the hacker is able to intercept and alter or steal data sent between two or more workstations. Examples of this attack include email hijacking, session hijacking and wifi eavesdropping.

Question 49

SQL Injection Attack

Answer 49

The attacker executes malicious SQL commands to try and corrupt a database. This type of attack can provide the attacker with unauthorized access to sensitive information like passwords and usernames.