Lesson 1

Question 1

What is information security?

Answer 1

Information security refers to the policies, procedures, and technical measures that can be applied to prevent unauthorised use, modication and theft to computer based resources, such as hardware, software and data.

Question 2

Why is information security important?

Answer 2

In today’s high technology environment, organisations are becoming more and more dependent on their information systems

Question 3

What are the three basic information security concepts?

Answer 3

1) Confidentiality
2) Integrity
3) Availability

Question 4

You visit an organisation’s website and you realised that you are able to view sensitive files on their web server. Even though it is not your fault, it is still considered an information security breach.

A. True
B. False

Answer 4

A. True

Since you were not allowed to access sensitive files

Question 5

Verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

A. Authenticity
B. Integrity
C. Confidentiality
D. None of the above

Answer 5

A. Authenticity

Question 6

List the three stages in plan-protect-respond cycle

Answer 6

Planning, protection and response

Question 7

In plan, protect and response cycle, which stage consumes the most time?

Answer 7

Protection

Question 8

How is protection defined?

Answer 8

Protection is defined as the plan-based creation of operation and countermeasures.

Question 9

How is response defined?

Answer 9

Response is defined as recovery according to plan.

Question 10

Why is there a need to understand Threat Environment?

Answer 10

To know how the attacks are going to attack us, and thus how to defend our systems.

Question 11

The changing nature of information security attacks is more common than the traditional attacks.

A. True
B. False

Answer 11

A. True

Question 12

Automation, speed and action at distance are encouraging online attacks

A. True
B. False

Answer 12

A. True

The chances of getting punished is low as well.

Question 13

Most obvious reason(s) for computer security attacks is (are):

Answer 13

Privacy violations,
Criminal attacks,
Publicity attacks,
Legal attacks

Question 14

The fabrication of information that is purported to be from someone who is not actually the author is called:

Answer 14

Masquerading

(taking someone else’s identity)

Question 15

The interruption or degradation of a data service or information access is called

Could be due to traffic of any other reason

Answer 15

Denial of service

Question 16

Malware is a generic term for “evil/malicious software”

A. True
B. False

Answer 16

A. True

Question 17

Distinguish between viruses and worms.

Answer 17

Virus needs a host program while worms are full programs and don’t need a host program. Both differ in the way they come to the target.

Similarities: Both can cause malicious damage and can be detected by antivirus programs.

Question 18

How do most viruses spread between computers today?

Answer 18

Mostly via email messages, but also through thumb drives, file sharing programs, downloading infected programs from a malicious website, social networking sites.

Most mobile applications have been scanned and verified, only some are infected

Question 19

What is a virus or worm payload?

Answer 19

Payloads are pieces of code that causes damage

Could be delete, steal, spy, make the system unstable, etc.

Question 20

What is a Logic Bomb?

Answer 20

Malicious codes that execute when certain predefined events occur.

Question 21

What are the likely motivations for hackers

A. Financial gain, publicity, espionage
B. They are too smart and want people to know about it
C. They do it for a challenge
D. They do it as they are bored
E. All of the above

Answer 21

E. All of the above

A) is the most common reason
B) This was part of the motivations in the early hacking era, however today there are more compelling reasons.
C & D) could be some of the reasons, but not the most common reason

Question 22

What is the definition of hacking?

Answer 22

Hacking is intentionally accessing a computer resource without authorisation or in excess of authorisation.

Excess of authorisation - when you have authorisation that you’re not supposed to have

Question 23

What is spyware?

Answer 23

Spyware refers to a broad spectrum of Trojan horse programs that gather information about you and make it available to an attacker.

Spyware is different from adware and malicious software. Spyware’s purpose is to gather information about someone.

Question 24

Why can cookies be dangerous?

Answer 24

Cookies can record too much sensitive information about you and could become spyware.

Cookies are legal, and that’s what makes them dangerous

Question 25

What is social engineering?

Answer 25

Social engineering attacks take advantage of flawed human judgement by convincing the victim to take actions that are counter to security policies.

Question 26

What is spam?

Answer 26

Spam is unsolicited, unwanted, commercial e-mail.

Question 27

What is phishing?

Answer 27

Phishing attack victims receive an email message that appears to come from a bank or another firm with which the victim does business with, but is not. Purpose of phishing is to trick people by misleading them.

Question 28

How can social engineering be used to get access to a sensitive file?

Answer 28

Simply by asking someone to send the file or to give access to the file by tricking the user.