ppe pt2 (nov)

Question 1

What is the network security?

Answer 1

The protection of a network from external and internal threats such as viruses, hacker attacks, data interception and theft, etc.

Question 2

What is a security threat?

Answer 2

An incident - malicious or unintended - that causes disruption, damage or data loss.

Question 3

What is a virus?

Answer 3

A piece of malicious code that attaches itself to a legitimate program and is activated when the ‘host’ program is on. It can cause severe damage to data.

Question 4

What is a hacker?

Answer 4

A seeker and exploiter of security vulnerabilities in code in order to gain unauthorised access to a computer system or network.

Question 5

What is a ransomware attack?

Answer 5

An attack on a network in which data stored on a server is encrypted, making it unreadable. The victim must pay a ransom to get the data unlocked/back.

Question 6

What is data integrity?

Answer 6

The reliability and trustworthiness of data.

Question 7

Define a DOS attack.

Answer 7

A Denial Of Service attack on a network that attempts to prevent legitimate users from access its services.

Question 8

Define backup & recovery.

Answer 8

The process of making backup copies of data and storing them in a separate location to the live working environment (possibly in the cloud) so that they can be recovered in the event of data loss or damage.

Question 9

Define ethical hacking.

Answer 9

This is also known as ‘good’ hacking. It is the act of looking for weaknesses in software and systems so that they can be addressed.

Question 10

What is penetration testing?

Answer 10

‘Pen testing’ is the uncovering of vulnerabilities that could be exploited by a criminal by an ethical hacker (a.k.a. white-hat hackers).

Question 11

What is social engineering?

Answer 11

An attack that exploits how people behave and respond to certain situations in order to trick them into revealing personal information, usually used by an ethical hacker to test how easily tricked legitimate users of the network can be.

Question 12

What is the purpose of network security?

Answer 12

The goal o network security is to protect a network and its data from internal and external security threats such as incidents which cause disruption, damage or data loss.

Question 13

List the three important principles underpinning data security.

Answer 13

• Confidentiality (to protect sensitive data)
• Correctness (incorrect data is useless data)
• Availability (networks can go offline by accident or on purpose. Successful backup & recovery is required)

Question 14

Explain data integrity.

Answer 14

• Data integrity is the reliability of data
• It can be jeopardised intentionally or by accident
• Data must be checked, secured and protected to maintain data integrity.

Question 15

What can be used to prevent a DOS attack?

Answer 15

Effective backup and recovery procedures.

Question 16

Who do ethical hackers typically work for?

Answer 16

They typically work on behalf of an organisation, carrying out simulated hacking attacks (e.g. pen testing) on its network to uncover any vulnerabilities.

Question 17

Define access control.

Answer 17

Control of who can log into a network and determines what legitimate/authorised users can see and do on the network.

Question 18

What is authentication?

Answer 18

The process of checking the identity of an individual attempting to gain access to a network.

Question 19

Define multifactor authentication.

Answer 19

Provides an extra level of security. Users must provide a piece of knowledge, a physical artifact and a physical attribute.

Question 20

What is the principle of least privilege?

Answer 20

Employees are only given the permissions and administrative rights they need to do their job.

Question 21

Define file permissions.

Answer 21

Control of the ability to view, change and execute files.

Question 22

What is physical security?

Answer 22

Controlling access to critical parts of a network using physical method rather than software.

Question 23

Define malware.

Answer 23

Standing for ‘malicious software’, it is software that has been designed to gain unauthorised access to a computer system in order to cause damage, disrupt its functioning or collect information without the user’s knowledge.

Question 24

What is encryption?

Answer 24

A technique for keeping data secure by using a key to encode the data. Only someone with the key can decrypt it.

Question 25

Define firewall.

Answer 25

A network security system which inspects incoming and outgoing data traffic and uses a set of rules to decide which data to allow through from one side to the other.

Question 26

List 3 criteria with examples that a user must provide to gain access to a network using multifactor authentication.

Answer 26

• A piece of knowledge, e.g. ID, password or pin
• A physical object, e.g. an identity pass
• A physical attribute, e.g. a fingerprint or voice

Question 27

Give three examples of authentication.

Answer 27

• Username and password
• Algorithms and code
• multifactor authentication

Question 28

List and explain four types of file permissions.

Answer 28

• Read (users can view the content of a file, but not alter it)
• Write (users can read and amend the content of a file)
• Execute (users can execute the file)
• Delete (users can delete a file)

Question 29

Give three examples of firewall rules.

Answer 29

• A rule which stops certain protocols from being used to prevent the organisation’s data from being potentially copied to an external sever
• Block data coming/going to/from certain network addresses
• Stop attempts at hacking the internal network’s servers by disallowing data that watches the pattern an attacker would use

Question 30

Give four suspicious activities that firewalls can block.

Answer 30

• Downloading viruses while browsing online
• Emailing sensitive data to themselves or to someone else outside the organisation
• Visiting harmful or time-wasting websites
• Downloading files from file sharing sites

Question 31

What is a digital device?

Answer 31

A smartphone, tablet, embedded system, e.g.

Question 32

Define e-waste.

Answer 32

Any form of discarded electronic equipment, including digital devices.

Question 33

What is a precious metal?

Answer 33

A very rare, naturally occurring, metallic elements of high economic value.

Question 34

What is a semiconductor?

Answer 34

Present in every piece of computing technology, it’s a substance (solid, element or compound) used to make computer chips. It can conduct electricity under some conditions but not others, making it a good medium for the control of an electrical current.

Question 35

Define the replacement cycle.

Answer 35

The period of time between the purchase of assets (e.g. digital devices) and their replacement with equivalent assets.

Question 36

What is a carbon footprint?

Answer 36

The amount of CO₂ an individual or organisation produces as a result of the energy they consume.

Question 37

Define cloud computing.

Answer 37

The storing of software and data on a remote server accessed through the internet (e.g. microsoft office 365)

Question 38

Explain why e-waste disposal represents a threat to the environment.

Answer 38

• E-waste can include hazardous materials that can include toxic substances. They will leak out into the ground, contaminating water supplies, infiltrating the food chain and polluting the air.
• Large amounts of e-waste are shipped overseas to developing countries, where it’s dumped into landfill sites or dismantled to extract the minerals.

Question 39

What is the main aim of the WEEE regulation?

Answer 39

The Waste Electrical and Electronic Equipment regulation’s main aim is to set targets for the collection, recycling and recovery of computing technology and other electronic devices. They apply to businesses, but not individual.

Question 40

What is the main aim of the ROHS directive?

Answer 40

The EU Restriction of Hazardous Substances directive was brought into the UK law in 2013, restricting the use of all 6 toxic materials typically used in manufacturing to force manufacturers of computing tech to replace them with safe materials.

Question 41

Explain why cloud computing can affect the environment.

Answer 41

Cloud computing and storage of vast amounts of data on remote servers has led to the building of data centres around the world. These store all images, tweets and selfies generated by social networking.

Question 42

Give 3 measures to make data centres more energy efficient.

Answer 42

• Using hot-aisle/cold-aisle configuration to increase cooling system efficiency; using blanking panels to minimise recirculation of hot air and sealing the floor to prevent cooling losses
• Investing in research to develop a new, less energy hungry alternative to silicon-based data storage.
• Ration internet usage - possibly by imposing a tax on uploading data - and/or educate users so that they behave in a more environmentally responsible fashion

Question 43

Describe two environmental issues associated with the manufacture of digital devices.

Answer 43

• The production of digital devices has many environmental issues associated with it. The extraction of raw materials from the ground, which are used in the production of digital devices, can lead to intense damage to the local environment, including scarring of the landscape and contamination of ground soil and water supplies.
• Once the raw materials have been extracted, the shipping of the materials also has an environmental impact. The transportation to manufacturers uses fossil fuels, such as oil and coal. This contributes further to global warming.

Question 44

State 2 ways in which governments are attempting to control the environmental impact of digital device manufacture.

Answer 44

The RoHS directive became UK law in 2013. Tougher recycling targets are set by governments to collect more reusable materials from computing technology when they are disposed of. Recycling sites are being upgraded to take a wide range of materials, including appliances and smaller digital devices.

Question 45

Explain how having a short replacement cycle for digital devices is harmful to the environment.

Answer 45

• It results in an increase in demand, production and disposal over a shorter period of time.
• An increase in manufacture leads to more extraction of raw materials, transportation of goods and energy usage in factories.
• These increases, lead to further burning of fossil fuels that contribute to global warming. Once a device is finished with, it’s likely to end up at a landfill, contributing to increasing amounts of e-waste already in the world.

Question 46

List ways computing technology harms the environment.

Answer 46

• The development of a device requires raw materials to be extracted from the ground, including sand, oil and metals of various types (including precious metals like gold, silver and copper).
• This extraction can scar the landscape of the area and contaminate soil and local water supplies.
• Transportation of raw materials and manufacturing of devices contribute to CO₂ emissions through the burning of fossil fuels.
• Further transportation needed to distribute devices to supplies and consumers.
• At the end of a device’s life, it’s often disposed of in landfill if not recycled or reused, shortening the length of the replacement cycle.

Question 47

What is personal data?

Answer 47

Any information relating to an identified or identifiable living person, including name, age, gender and location.

Question 48

Define identity theft.

Answer 48

The stealing of another person’s personal details, such as their bank account details or passport number. It’s usually done to commit identity fraud.

Question 49

Data protection laws in the UK is based on which directive?

Answer 49

The General Data Protection Regulation containing 99 articles setting out the rights of individuals and the obligations of organisations who collect, process and store data.

Question 50

Define data subject.

Answer 50

A person who has their data is being collected and processed.

Question 51

What is a data breach?

Answer 51

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data.

Question 52

Describe ethics.

Answer 52

Ethics is about good practice and behaving in a morally correct way.

Question 53

List 4 legal responsibilities of data holders.

Answer 53

• The data must be processed in a fair, lawful and transparent manner.
• The data should be accurate and up-to-date.
• The data must not be kept longer than necessary.
• The data subjects must give their consent - they must be asked to ‘opt-in’ or ‘opt-out’

Question 54

List 4 legal rights of data subjects.

Answer 54

• They must be informed about the collection and use of this data
• They have the right to have their data erased
• They have the right to restrict or stop the processing of their data
• They have the right of data portability, meaning they can move, copy or transfer the data

Question 55

List and explain 3 types of offences in the Computer Misuse Act 1990.

Answer 55

• Unauthorised access to computer material; using a computer to attempt ot access a program or data to which you know you are not authorised. The attempt itself is an offence, successful or not.
• Unauthorised access with intent to commit further offences; to attempt to access a computer system with the intention of committing a further offence.
• Intentional and unauthorised destruction of software or data; to gain unauthorised access to a computer with the intention to change the data or impair the running of the computer.

Question 56

Define robotics.

Answer 56

The design, construction, operation and use of robots.

Question 57

What is AI?

Answer 57

Artificial intelligence. They’re machines and their programs that solve problems commonly associated with human intelligence, e.g. learning, problem-solving and pattern recognition.

Question 58

What are LAWS?

Answer 58

Lethal Autonomous Weapons. They can search for and engage targets on their own, making their own decisions with direct human control.

Question 59

Define machine learning and give an example of where it’s used.

Answer 59

• Machine learning is the branch of AI that allows them to learn independently. It’s used by music and video streaming services to make recommendations.

Question 60

Give an ethical concern associated with the use of surveillance cameras.

Answer 60

Surveillance cameras can use face recognition to identify individuals. There’s an ethical concern in this, as personal data is being collected without express permission of those being captured.

Question 61

What does the Data Protection Act (2018) expect organisations to do to verify consent?

Answer 61

• The act expects organisations to allow users to say no to their data being used.
• The organisation must be specific about what data processing activities are being carried out.
• In addition, the user must know the identity of the organisation and have the option to withdraw consent any time.

Question 62

What is algorithmic bias?

Answer 62

Bias in computer systems that create unfair outcomes, e.g. in sleecting candidates for a job using AI that has preprogrammed bias by the devlopers or the data.

Question 63

How can algorithmic bias be introduced?

Answer 63

Through pre-existing bias in data or by the programmers themselves.

Question 64

List 4 types of protection against cyberattacks.

Answer 64

Antimalware, encryption, acceptable use policies and backup and recovery policies/procedures.

Question 65

Define signatures.

Answer 65

Signatures are known malware definitions (set of unique data or bits of code) allowing it to be identified.

Question 66

What is heuristics?

Answer 66

Heuristics identifies malware by behaviour and characterisation instead of comparing against a known list of malware. It’s a set of rules used to detect malicious behaviour without having to uniquely identify the program responsible or it.

Question 67

Give 3 heuristics rules.

Answer 67

• A program which tries to copy itself into other programs
• A program which tries to write directly on the disk
• A program which decrypts itself when run (malware often does this to hide itself from the signatures known).

Question 68

What is encryption?

Answer 68

It scrambles any data into an unreadable form to anyone who doesn’t have the key to turn it back it unto its unscrambled form. This is useful for when we send sensitive information, so it can’t be understood. There are 2 types; asymmetric and symmetric.

Question 69

Explain asymmetric encryption.

Answer 69

Asymmetric encryption encrypts and decrypts data using 2 different keys; a public key and a private key. Every user has both. A message encrypted with a specific public key can only be decrypted by the corresponding private key.

Question 70

Explain symmetric encryption.

Answer 70

Algorithms encrypt and decrypt a message using the same key. Both ends of the transmission must know the exact same shared key.

Question 71

Why does antimalware need to be regularly updated?

Answer 71

• New malware may’ve been created and distributed
• This means the out-of-date anti-malware won’t have the signature of the new malware in its database.
• Therefore, the infection goes unidentified and the antimalware fails to protect the computer.

Question 72

Define plain text.

Answer 72

The readable content before it’s encrypted or once it has been decrypted. Cipher text is encrypted plain text.

Question 73

What does an acceptable use policy need?

Answer 73

• Rules that ensure all laws are complied with.
• Rules that ensure malicious software isn’t installed.
• Rules that ensure files aren’t downloaded from the internet.

Question 74

What is an acceptable use policy?

Answer 74

A set of conditions or rules that a network user must agree to comply with before they’re allowed to use the network.

Question 75

Define a backup network policy.

Answer 75

A policy which ensures the copying of programs and data stored on the network to safeguard them in case of natural or man-made disasters.

Question 76

What could a backup network policy have?

Answer 76

• Who’s responsible for the backup process
• When the backup is to be made
• Where the backups will be kept
• How long the backups will be kept

Question 77

Define a recovery policy.

Answer 77

A set of procedures that the organisation will follow to restore normal system operations if there’s a natural disaster or a man-made one.

Question 78

What could a recovery policy include?

Answer 78

• How often it should be tested
• A statement of where all the data backups are kept
• A description of where all data backups are kept
• A description of which data should be restores and in which order it should be restored in.

Question 79

State two ways that anti-malware software may identify an infection.

Answer 79

• Using a database of malware definitions (using signatures)
• Heuristics (define heuristics _{(Identifies malware by behaviours and characteristics, instead of comparing against a list of known malware)})

Question 80

Why should users always apply patches to their software?

Answer 80

They correct errors in the program or vulnerabilities in the security of the software application.

Question 81

Describe the role of a signature file in anti-malware software.

Answer 81

A signature file is used to identify known malware. Periodically, the program will check online to see if there is a signature file newer than the one currently installed on a machine. If there is a new file, then it’ll be downloaded and updated.

Question 82

Give two reasons why an employee must not attach one of their own portable devices to the network.

Answer 82

• The device may contain malware of some kind that could be transmitted to the network.
• If the device does contain malware of some kind, it’d jeopardise the security of the network, potentially harming other users and the network itself.

Question 83

What is a worm?

Answer 83

A malware that doesn’t need a user to distribute it.

Question 84

What is a virus?

Answer 84

The malware that embeds itself into other programs or files.

Question 85

What is a trojan?

Answer 85

Malware that must be installed by the user and is hides itself as authentic software.

Question 86

What is a phishing attack?

Answer 86

Attacks which spread via apparently legitimate email communication, but actually extracts sensitive or confidential information from the user.

Question 87

What is a subprogram?

Answer 87

A self-contained block of code which performs a specific/dedicated task.

Question 88

State 3 types of errors in programs.

Answer 88

• Runtime
• Syntax
• Logic

Question 89

How can a user increase the useful life of a smartphone rather than throwing it away?

Answer 89

• Repairing it
• Give away to charity
• Keep the software updated

Question 90

Give one way a patent protects intellectual property.

Answer 90

• It prevents someone from selling an invention because it gives the inventor the exclusive right to sell it for 20 years.

Question 91

Describe two ways an operating system manages processes.

Answer 91

• The OS extends main memory by using a part of secondary storage as virtual memory.
• The OS also uses a scheduling program to share processing time between competing processes.

Question 92

Define decomposition in terms of computational thinking.

Answer 92

Breaking down a problem.

Question 93

State the worst case for a linear search algorithm.

Answer 93

The target item is not on the list or is at the end of the list.

Question 94

What is bubble sorting?

Question 95

What is the component of an algorithm to store whether a swap has been made during a pass.

Answer 95

A variable.

Question 96

Define iteration.

Answer 96

Looping every item in a data structure.

Question 97

Give one benefit of using subprograms.

Answer 97

The subprograms may be used more than once in a program so that writing, debugging, testing will save time.