Network Security

Question 1

Acceptable Use Policy

Answer 1

a document that stipulates what users of a network may or may not do with that network

Question 2

Adware

Answer 2

not dangerous in its own right, but may contain links to other malware, such as viruses and key loggers

Question 3

Alphanumeric Characters

Answer 3

letters and numbers

Question 4

Anti-Malware

Answer 4

software that detects and removes harmful software, such as viruses, from a computer

Question 5

Anti-Virus

Answer 5

a program that can be loaded into memory when the computer is running that monitors activity on a computer system for the signs of virus infection that scans for a virus’s signature

Question 6

Archive

Answer 6

long-term storage of files no longer in use

Question 7

Backdoor

Answer 7

built into a computer program that allows someone to bypass any security to get to it

Question 8

Back Up

Answer 8

where the original file is still on the computer, but there is another copy somewhere else

Question 9

Full Backup

Answer 9

where everything is backed up

Question 10

Differentiation Backup

Answer 10

where files are backed up between different time intervals

Question 11

Incremental Backup

Answer 11

where only files that have been edited are backed up

Question 12

Blagging

Answer 12

the act of convincing someone that you are someone else to make them directly give away information such as passwords

Question 13

Brute Force Attack

Answer 13

where hackers have multiple guesses in quick succession at your password until they eventually guess it correctly

Question 14

Buffer Overflow Attack

Answer 14

a malware attack where the attacker attempts to fill up your memory

Question 15

Compression

Answer 15

process that reduces a file’s size for efficient storage or transmission

Question 16

Cookie

Answer 16

a text file stored on your computer that contains details about a website that you have visited

Question 17

Cyberattack

Answer 17

attacks on computers or networks that use various types of malware

Question 18

Cyphertext

Answer 18

text that has been encrypted and cannot be decrypted without the decryption key

Question 19

Dictionary Attack

Answer 19

an attack where a hacker uses a file containing every word in the dictionary to guess your password

Question 20

Digital Footprint

Answer 20

the record that is kept of everything you have done online

Question 21

Disaster Recovery Policy

Answer 21

a document that describes how a company would aim to recover from catastrophic damage to hardware, software or data

Question 22

Distributed DoS Attack

Answer 22

a DoS attack involving several networks, either because several networks are attacking at once, or several networks are being attacked at once

Question 23

DoS Attack

Answer 23

Denial of Service Attack

attempt to make your website and servers unavailable to legitimate users by swamping a system with fake requests, usually in an attempt to exhaust server resources, not to break system security, involving a single internet connection

Question 24

Encryption

Answer 24

by encrypting data, it can only be read by someone who has the same decryption software on the other end

Question 25

Firewall

Answer 25

a security system that controls incoming and outgoing network traffic, that analyses packets of data to determine whether they should be allowed through or not, its function is to monitor where data has come from and where it is going and to determine if this communication is allowed by checking a list of pre-determined rules, not to stop viruses

Question 26

Footprinting

Answer 26

where an attacker builds up a profile about someone to make it easier to guess their passwords

Question 27

Fraud

Answer 27

a crime in which you purposefully deceive someone for monetary gain

Question 28

Guess Attack

Answer 28

where a hacker makes an educated guess at your password

Question 29

Hashing

Answer 29

performing an algorithm on a password which allows entered passwords to be checked, without allowing the actual password to be viewed

Question 30

Human Error

Answer 30

the biggest threat to any type of cyber security

Question 31

Injection Attacks

Answer 31

when an attacker tries to get the program to execute their malicious code by including it as a regular output, which can be avoided by using input validation

Question 32

IP Address Spoofing

Answer 32

involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page, meaning the attacker can then use this page to steal sensitive data or install malware

Question 33

JPEG

Answer 33

Joint Photographic Experts Group

a format for compression images using lossy compression

Question 34

Key Logger

Answer 34

a type of software that can be used to track keystrokes and capture passwords, account numbers, fraudulent use or people’s online activity

Question 35

Malware

Answer 35

malicious software

a broad term used to describe software used to disrupt computer operation

Question 36

Name Generator Attack

Answer 36

attacks in which the victim is asked on an app or social media to put in personal details about themselves, often to produce a name, allowing attackers to find out key pieces of information about you to help them answer security questions that protect people’s accounts

Question 37

MPEG

Answer 37

Moving Picture Experts Group

a standard for compression videos using lossy compression

Question 38

Network Forensics

Answer 38

monitoring and analysis of network traffic to detect intrusion

Question 39

Network Security

Answer 39

security methods such as passwords, user access levels, encryption, etc

Question 40

Nonalphanumeric Characters

Answer 40

characters such as punctuation marks

Question 41

Parity Bit

Answer 41

used to indicate whether the number of bits transmitted that are equal to one are even or odd, an error is detected when the parity bit is not set to the expected value

Question 42

Parity Checking

Answer 42

the most straightforward method of detecting errors, usually a parity bit

Question 43

Passphrase

Answer 43

a technique using WhatThreeWords for coming up with passwords

Question 44

Password

Answer 44

used to prove a person’s identity to a computer system, thus allowing them access to relevant data. These should be easy for the user to remember, but hard for other people to guess, can be guessed using formula:

Attempts = Number of characters^Password length

Question 45

Penetration Testing

Answer 45

where a company is attacked and the results are reported back to the company

Question 46

Blind Testing

Answer 46

testing to simulate the actions and procedures of a real attacker by severely limiting the information given to the team performing the test

Question 47

External Testing

Answer 47

testing carried out to find out if an outside attacker can get in and how far they can get in once they have gained access

Question 48

Internal Testing

Answer 48

testing carried out to find out how much damage a dissatisfied employee could cause

Question 49

Targeted Testing

Answer 49

testing carried out by the organisation’s IT and the penetration team working together

Question 50

Pharming

Answer 50

where users are unknowingly redirected to a fake website with the intention of identity or information theft

Question 51

Phishing

Answer 51

fraud where a user is tricked, often by e-mail, into revealing personal or confidential information, eg bank details which can be used fraudulently

Question 52

Physical Security

Answer 52

security methods such as locking doors, CCTV etc

Question 53

Pretexting

Answer 53

an attack in which the perpetrator invents a scenario in order to convince the victim to give them data or money, often requiring the attacker to maintain conversation with the victim until they are persuaded to give them whatever the attacker asked for

Question 54

Private Key

Answer 54

used for encryption/decryption and should not be shared with unauthorised parties, usage of them is laid out in the company’s AUP

Question 55

Ransomware

Answer 55

malware attack that holds the computer to ransom, locking the computer and demanding money to unlock the computer or regain access to files

Question 56

Shouldering

Answer 56

an attack designed to steal a victim’s password or other sensitive data, involving the attacker watching the user input information, for example, over their shoulder, and is often done at PIN machines, but can be carried out long-distance by binoculars or CCTV

Question 57

Signature

Answer 57

all viruses have a unique signature that anti-virus software scans for

Question 58

Smishing

Answer 58

a form of phishing that is done through SMS

Question 59

Social Engineering

Answer 59

psychological manipulation of people into revealing personal or confidential information, eg bank details which can be used fraudulently

Question 60

Spear Pharming

Answer 60

a type of pharming with a specific intended target

Question 61

Spear Phishing

Answer 61

a type of phishing with a specific intended target

Question 62

Spyware

Answer 62

installed by opening attachments or downloading infected software, used to collect stored data without the user’s knowledge

Question 63

SQL

Answer 63

Structure Query Language

a set of commands that allows you to get information

Question 64

SQL Injection

Answer 64

a technique where malicious user can inject SQL commands into SQL statement, via web page input, which can alter SQL statements and compromise the security of information held in a database

Question 65

System Access

Answer 65

users should only be able to access areas for which they have permission

Question 66

Trojan Horse

Answer 66

a program that appears to perform a useful function, but also provides a ‘backdoor’ that allows data to be stolen

Question 67

User Access Levels

Answer 67

allowing different users to have access to different data, such as giving some people Read Only access, or allowing some people to access more data than others

Question 68

User Account

Answer 68

these should not be shared, permitted usage of these is laid out in a company’s AUP

Question 69

Virus

Answer 69

programs that can replicated themselves sand be spread from one system to another by attaching themselves to host files, used to modify or corrupt information on a targeted computer system

Question 70

Worms

Answer 70

self-replicating programs that identify vulnerabilities in operating systems and enable remote control of the infected computer

Question 71

Xor

Answer 71

exclusive or, used in encryption and decryption

Question 72

World Wide Web

Answer 72

the name given to the large number of webpages stored on the internet

Question 73

Distributed DoS Attack

Answer 73

a DoS attack involving several networks, either because several networks are attacking at once, or several networks are being attacked at once

Question 74

Dictionary Attack

Answer 74

an attack where a hacker uses a file containing every word in the dictionary to guess your password