LO3

Question 1

How can you mitigate risks?

Answer 1

Testing systems and networks for vulnerabilities

Question 2

What are assets?

Answer 2

Hardware, software, communication equipment, information and data

Question 3

What is a ‘back door’

Answer 3

Method by which a programmer or network manager bypasses the normal security procedures

Question 4

What is cost/benefit

Answer 4

The cost of implementing security against the benefits that it would bring

Question 5

How can you protect vulnerabilities

Answer 5

Put measures in place to protect assets

Question 6

What are examples of hardware assets

Answer 6

Servers, printers, scanners and computers

Question 7

What are examples of software assets

Answer 7

Word processors, spreadsheets, CRM, financial packages

Question 8

What is risk management

Answer 8

Taking steps to monitor the system or network to identify its weaknesses or vulnerabilities and put in place sufficient and appropriate measures to reduce or eliminate the risk

Question 9

What is a patch deployment

Answer 9

Software issues are identified and reported. Hot fixes are designed to remove the vulnerability

Question 10

What is manual remediation

Answer 10

Instead of using automated tools, technician or network manager will take steps to remove or reduce the vulnerability

Question 11

What are automated tools

Answer 11

Tools that identify and repair vulnerabilities without the intervention of the technician or network manager

Question 12

What is vulnerability
testing

Answer 12

Identification of a list of vulnerabilities that can be prioritised in order of severity

Question 13

What is penetration testing

Answer 13

A software tool that tests a compute system/network to identify vulnerabilities that could be exploited by a hacker

Question 14

What is fuzzing

Answer 14

Fuzzing is used to identify coding errors and security loopholes in software, operating systems and networks.

Question 15

What does fuzzing involve

Answer 15

Inputting huge amounts of random data in an attempt to make the system crash

Question 16

What is security functionality

Answer 16

Used to identify flaws in security mechanisms that are supposed to protect data and information

Question 17

What is sandboxing

Answer 17

Test environment that isolates untested code changes to ensure any issues are not transmitted onto the main areas of the system

Question 18

What is an intrusion detection system (IDS)

Answer 18

Software that monitors computer systems and networks for unexpected malicious activities

Question 19

What is a network intrusion detection system (NIDS)

Answer 19

Monitors all inbound and outbound network activity to identify any suspicious patterns that indicate a cyber attack

Question 20

What is risk analysis

Answer 20

Determining the likelihood of a risk occurring and its impact on the company

Question 21

What is a monitoring system

Answer 21

A system that alerts/reports if it detects specific type of activity.

Question 22

What is a control system

Answer 22

A system that would be used if there was a need for certain access and/or denial of traffic to your network.

Question 23

What is a host intrusion detection system

Answer 23

detects unusual, unauthorised or illegal activities on a specific device.

Question 24

What is a distributed intrusion detection system

Answer 24

Consists of multiple IDs (intrusion detection systems) over a large network that communicate with each other or a central server

Question 25

What is a honeypot

Answer 25

A computer system set up as a decoy to detect, deflect and even counteract unauthorised use of the system

Question 26

What is an intrusion prevention system

Answer 26

Proactive detection and prevention against unwanted intruders

Question 27

What are biometrics

Answer 27

The identification of a user based on a physical characteristic, such as a fingerprint, iris, face or voice recognition

Question 28

What are RFIDs

Answer 28

uses electromagnetic fields to attach tags to physical objects. ID cards. It allows authorised people to access certain areas

Question 29

What is a firewall

Answer 29

Controls and monitors incoming and outgoing traffic in a network

Question 30

What is anti malware

Answer 30

Locates and destroys or quarantines malware

Question 31

What is asymmetric encryption

Answer 31

Uses two keys to encrypt plaintext. Anything encrypted using a public key can be decrypted using a private key

Question 32

What is symmetric encryption

Answer 32

Only uses one key shared among the people who need to access the data