Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Science ATAR U1 > Cybersecurity Module > Flashcards

Cybersecurity Module Flashcards

You may prefer our related Brainscape-certified flashcards:
Biology 101 flashcards
1
Q

What is ethical hacking

A

Ethical hacking involves testing security of computer systems, networks, web applications

Tested by simulating attacks from malicious hackers to identify vulnerabilities and weaknesses in system or network, to help organisation strengthen its security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is purpose of ethical hacking

A

Strengthen organisations security measures by identifying & resolving security weaknesses before they can be exploited by attackers

Forsee potential security threats, develop robust security protocols to prevent security breaches

Demonstrate to clients & stakeholders that organisation values data protection, committed to safeguarding information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is penetration testing

A

Simulating attack on a specific part of organisation’s infrastructure such as network, application, device.

Deliberately try to exploit security vulnerabilities to see if unauthorised access or other malicious activities are possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is black box penetration testing

A

Tester has no prior knowledge of network infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is grey box penetration testing

A

Tester has partial knowledge of network infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is white box penetration testing

A

Tester has full knowledge of network infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is process of penetration testing

A

1) Planning, Obtaining Info

2) Scanning, Gaining Access

3) Maintaining Access, Analysing Risk

4) Reporting Findings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are properties of ethical hacking

A

Authorisation: Performed with permission under contract

Purpose: Intend to improve system security

Reporting: Results privately reported to organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are properties of unethical hacking

A

No Authorisation: Performed Without permission, violates legal boundaries

Malicious Interest: Aims to steal, damage, disrupt operations

Misuse of Data: Exploit vulnerabilities, lead to theft, leaks, data damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is role of privacy act 1988

A

Regulates handling of personal information about individuals

Protects personal information handled by federal government agencies, certain private sector organisations

All Australian & Norfolk Island government agencies, private sector & not-for-profit organisations (> $3 million), all private health providers, small businesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is APP 1

A

Open and Transparent Management of Personal Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is concept of australian privacy principles

A

13 principles, outlines standards/rights/obligations for handling/accessing/correction of personal info

Provide the base framework for how personal data must be treated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is APP 6

A

Use of Disclosure of Personal Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is APP 11

A

Security of Personal Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is authentication

A

Verify identity of users trying to access network resources

Authentication usually requires something the user knows (Password / Security Token / Biometrics)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is characteristics of strong passwords in authentication

A

12-16 characters

Upper & Lower case, numbers, symbols

Avoid common words, phrases, easily guessable info

Different passwords every website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is organisational approach to password policies in authentication

A

Change password every 3-6 months

Teach employees about importance

Use controls to ensure compliance with password policies

Regular checks ensure policies are followed & effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is password policies impact on data security in authentication

A

Strong policies minimise risk of data breaches

Encourage users to take responsibility for own security

Meet requirements for data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is 2-factor authentication in authentication

A

Additional security layer, requires 2 forms of identification

Something you know, something you have

Reduces risk of unauthorised access

20
Q

What is biometrics in authentication

A

Fingerprints, Face ID, Voice Recognition

Difficult to forge, high level of security

Potential errors in recognition systems

21
Q

What is purpose of encryption

A

Protect data privacy

Ensure safe data transfer over internet

Data remains original & unaltered

Organisations comply with legal requirements

22
Q

What is public key encryption

A

Public key to encrypt data, private key to decrypt it

23
Q

What are features of public key encryption

A

Non-Symmetric: Public & Private key aren’t the same

Distribution: Public key can be shared, private key kept secret

Use Cases: Securing emails, authenticate digital signatures, establish secure connection

24
Q

What is private key encryption

A

Same key for encryption & decryption

25
Q

What are features of private key encryption

A

Symmetric: Public & Private key the same

Key Distribution Problem: Key shared securely between communicating parties

Encrypt large amounts of data efficiently

26
Q

What is social engineering (phishing) as methods to compromise security of system

A

Trick individuals to revealing confidential information

Phishing - Sending fraud emails/messages, appear to be from trusted sources

27
Q

What is denial of service as methods to compromise security of system

A

Overload system resources, make it unavailable to users

DDoS - Multiple systems attacking single target, amplify attack’s impact

28
Q

What is back door as methods to compromise security of system

A

Pathway into system, bypass normal authentication methods

Intentionally created by developers, installed through malware

29
Q

What is IP spoofing as methods to compromise security of system

A

Attacker sends message to computer with forged IP address

Pretends to be trusted host to gain unauthorised access to information/services

30
Q

What is SQL injection as methods to compromise security of system

A

Exploits vulnerabilities in database layer of application

Attackers execute malicious SQL commands

31
Q

What is man-in-the-middle attack as methods to compromise security of system

A

Attacker intercepts communications between two parties, modify data being exchanged

Impersonate one/both parties

Occur in unsecured Wi-Fi networks or compromised security certificates

32
Q

What is cross-site scripting as methods to compromise security of system

A

Vulnerability in web apps that allows attackers to inject malicious scripts into content viewed by others

Steal cookies, session tokens, other sensitive info

33
Q

What is types of malware as methods to compromise security of system

A

Viruses, worms, trojan horses, ransomware, spyware, adware

Software designed to harm/exploit any programmable device or network

34
Q

What is physical network threats as methods to compromise security of system

A

Physical damage to network infrastructure disrupts services

Physical access to network = Data theft, hardware tampering

  • Theft of devices containing sensitive data
35
Q

What is zero-day vulnerabilities as methods to compromise security of system

A

Flaws in software unknown to vendor, without patch

Valuable to attackers, can be exploited

Requires vigilance, prompt software updates to mitigate risks

36
Q

What is cryptography

A

Securing communication of data through encryption, unreadable to unauthorised users

37
Q

What is purpose of cryptography

A

Ensures confidentiality, integrity, authenticity, non-repudiation of information & communications

Used in banking, secure communications, password protection

38
Q

What is plain text

A

Original message / data that is readable, understandable without any decoding

39
Q

What is cipher text

A

Encrypted version of plain text, produced through cryptographic algorithms

Appears random, cannot be understood without correct decryption key

40
Q

What is substitution as common ciphers

A

Replace elements of plain text with other characters, symbols, groups of characters

41
Q

What is rotation cipher as substitution

A

Shifts alphabet by fixed number

42
Q

What is random substitution cipher as substitution

A

Each letter of alphabet randomly linked to different letter or symbol

43
Q

What is polyalphabetic cipher as substitution

A

Uses keyword to determine shift for each letter of plaintext

Every letter in keyword is the number of shifts of corresponding letter in plaintext

44
Q

What is brute force attack as methods for cracking substitution ciphers

A

Try every possible key until correct one found

Impractical for ciphers with large number of possible keys

45
Q

What is frequency analysis as methods for cracking substitution ciphers

A

Analyse frequency of letters/groups of letters in ciphertext

Compare to typical letter frequencies in language of original message

Computer Science ATAR U1 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions