Network Security (1.4)

Question 1

What is a passive attack

Answer 1

• monitoring data across network and intercepting any sensitive information they find (through the use of network monitoring hardware and software)

Question 2

What is a active attack

Answer 2

• Attacking a network with malware or other planned attacks

Question 3

What is an insider attack

Answer 3

• an insider who exploits their network to steal/expose information

Question 4

What is a brute force attack

Answer 4

• Trying to gain access by using many password combinations (using automated software)

Question 5

What is a denial of service attack (DoS)

Answer 5

• Stopping users from accessing part of a network by flooding the network with many requests

Question 6

What is malware

Answer 6

• malicious software which causes damage (e.g. Editing/deleting files) when it is run

Question 7

What is phishing

Answer 7

• luring people into giving personal data through email/SMS messages sent from source that looks legitimate

Question 8

What is pharming

Answer 8

• redirects network traffic to a fake website which is intended to collect persona;/sensitive data

Question 9

What is social engineering

Answer 9

• the art of manipulating people into giving up their personal/sensitive data

Question 10

What is data interception and theft

Answer 10

• data sent to another device is intercepted by a 3rd party (unauthorised user)

Question 11

What is the concept of SQL Injection

Answer 11

• inserting malicious SQL statements into a database to edit/steal personal data

Question 12

What is poor network policy

Answer 12

• limited/no security rules to follow so easier for unauthorised users to gain access to data (e.g. no access rights, no back up of data etc)

Question 13

What are weak passwords

Answer 13

• passwords that do not consist of upper/lower case characters, minimum length requirement, symbols and are not updated regularly

Question 14

What is out of date software

Answer 14

• software prone/not protected from the latest threats and malware

Question 15

What is ransomware

Answer 15

• prevents access to files and data unless a ransom is paid to the hacker/3rd party

Question 16

What is penetration testing

Answer 16

• testing the vulnerability of a network by paying authorised users (internal or external) to try and find weaknesses to exploit, and then fixing these to improve network security.

Question 17

What is physical security

Answer 17

• having physical restrictions, such as ID cards, locks and keys to ensure sensitive data cannot be leaked/stolen

Question 18

What are network policies

Answer 18

• having thorough sets of rules in place to reduce the chances of employees giving accidental or deliberate access to data

Question 19

What is anti-malware software

Answer 19

• downloading an active program which protects data from malware by blocking malware from entering a system/network or finding and deleting/quarantining the malware to reduce impact

Question 20

What are Firewalls

Answer 20

• monitors incoming and outgoing network traffic to protect against unauthorised connections to/from the internet

Question 21

What do user access levels do

Answer 21

• granting different levels of access based on role in company to prevent access to sensitive/personal data

Question 22

What is a password

Answer 22

• string of characters used to verify the identity of a person trying to gain access to a system/data (preventing unauthorised access)

Question 23

What is encryption

Answer 23

• using algorithms to change the form of data sent across a network to make it difficult for unauthorised users to access or recognise, and can only access using the encryption key