Physical and software security controls

Question 1

What is a “zero-day” attack? Why is it so effective for hackers?

Answer 1

Zero-day attacks leave no time (zero days) to respond to the threat. There
has been no preparation, as the threat or vulnerability was previously
unknown. These attacks include web application attacks, client-side attacks
and buffer overflow attacks.

Question 2

What is the difference between a vulnerability and an exploit?

Answer 2

A vulnerability is a weakness in an application, an exploit is when an agent
makes use of that weakness to take advantage of an insecure situation.

Question 3

Only certain users are permitted to view the information because they have…

Answer 3

Authorisation

Access to confidential and sensitive information is available only to those who have authorisation; anyone not authorised is denied access.

Implementation relies on usernames, passwords, access control lists and encryption.

Question 4

Defence against attackers is increasingly difficult due to:

Answer 4

• complexity of attack tools.
• greater sophistication of attacks.
• delays in patching software products.

Threats are increasing due to availability of software tools, complexity and
improved planning of attacks and delays once vulnerabilities have been
identified.

Question 5

The process that ensures an individual is who they claim to be is
known as…

Answer 5

Authentication

Typical processes to identify authorised personnel are: Security passes
to authorise access to secure areas; biometric authentication for
authorised personnel.