Section A

Question 1

What is an internal threat

Answer 1

An internal threat refers to the risk of someone inside a company that could exploit a system to cause damage or steal data

Question 2

What is an external threat

Answer 2

An external threat refers to someone outside of a company that attempts to exploit system vulnerabilities such as hacking or social engineering

Question 3

What is Malware

Answer 3

Software that is designed to cause harm to your IT system

Question 4

What is spyware

Answer 4

This is a form of malware that gathers information after infecting a user and secretly sending it to third-party users

Question 5

What is ransomware

Answer 5

This prevents you from accessing your computer, it often encrypts the storage devices and demands a sum of money, in order to gain access back

Question 6

What are rootkits

Answer 6

They are used to get unauthorised remote administrator access, they spread by hiding software by appearing to be legitimate, but can steal data or hide other malware within the system

Question 7

What is commercial hacking

Answer 7

When Companies hack for the purpose of corporate espionage, finding out about their competitor plans, products and finances

Question 8

What is government hacking

Answer 8

This when companies or governments hire white hat hackers to detect system vulnerabilities so that they can prevent black hat hackers from getting in the system

Question 9

What is sabotage

Answer 9

Sabotage refers to the activity used to deliberately disrupt services this could include distributing malware and denial of service attacks

Question 10

What is social engineering

Answer 10

This refers to techniques that are used to deceive people to give their private and confidential information, this can be through the form of a phishing email.

Question 11

What is operational loss

Answer 11

This refers to a loss that damages the capability of an organisation, such as manufacturing output, service availability or service data

Question 12

What is financial loss

Answer 12

This refers to the loss where an organisation loss wealth, such as compensation, legal fees or increased costs due to the threat

Question 13

What is a system vulnerability

Answer 13

This refers to a weak point in the system which can be exploited

Question 14

What is the data protection act?

Answer 14

This act was introduced in 1998 to protect the privacy of individuals by ensuring that their confidential is processed in an ethical manner

Question 15

Who is responsible for investigating possible data protection violations ad what are the consequences

Answer 15

The information commissioners office is an independent body that is responsible for this, if an organization has been breaching any of these regulations they can be fined up to £500000

Question 16

What is the general data protection regulations

Answer 16

This was enforced on 25th May 2018 in the EU member states, this replaced the DPA but most of it is similar

Question 17

LIST 3 POINTS OF THE DATA PROTECTION ACT

Answer 17

• PERSONAL DATA SHOULD NOT BE KEPT FOR LONGER THAN IT’S NECESSARY PURPOSES
• PERSONAL DATA SHOULD NOT BE TRANSFERRED TO A COUNTRY OR TERRITORY OUTSIDE THE EU WITHOUT ADDEQUATE PROTECTION
• APPROPIATE TECHNICAL AND ORGANISATIONAL MEASURES SHOULD BE TAKEN TO PROTECT DATA

Question 18

WHAT IS THE COMPUTER MISUSE ACT

Answer 18

THIS LAW BROUGHT INTO FORCE TO PROTECT USERS AGASINT THEFT AND DAMAGE OF THE INFORMATION STORED ON THEIR IT SYSTEMS

Question 19

What is the telecommunications law(2000)?

Answer 19

This law allows businesses to monitor the activity on their network so that they can protect themselves from cyber threats.

Question 20

What were the 3 crimes that were covered by the computer misuse act?

Answer 20

Offence 1 - unauthorised access to computer material could result in 2 years of imprisonment
Offence 2 - unauthorised access with the intent to cause harm or damage, this can result in up to 5 years of imprisonment
Offence 3 - impairing the operation of a computer, this could include changing data, is punishable of 10 years imprisonment

Question 21

What rules do organisations need to comply with when monitoring employees on their network

Answer 21

• To be ensured that legislations of the company are being followed
• To ensure employees are fulfilling their duties
• To prevent or detect crime
• To secure and ensure the effective operation of the network

Question 22

What is a network vulnerability

Answer 22

They are a major source of attacks on a business’s attacks, an example of this are firewall ports

Question 23

GIVE 3 EXAMPLES OF ORGANISATIONAL VULNERABILITIES

Answer 23

• FILE PERMISSIONS AND PRIVILIGES ASSIGNED TO EMPLOYEES COULD LEAVE THEM OPEN TO MANY THREATS
• THE PASSWORD POLICY
• IF AN ORGANISATION GIVES STAFF FULL PERMISSION AND PRIVILIGES THEN ANYONE WITH THE EMPLOYEES LOGIN CAN CAUSE DAMAGE TO THE SYSTEM

Question 24

GIVE 2 EXAMPLES OF SOFTWARE VULNERABILITIES

Answer 24

• DOWNLOADED SOFTWARE THAT CAN COME FROM WEBSITES CAN BE UNTRUSTWORTHY AS THEY CAN HAVE MALWARE
• ILLEGAL COPIES CAN ALSO HAVE MALWARE AND ALSO ILLEGAL COPIES DON’T HAVE UPDATES WHICH LEAVES YOUR SYSTEM VULNERABLE

Question 25

WHAT ARE OPERATING SYSTEM VULNERABILITIES CAUSED BY

Answer 25

THEY CAN CONTAIN CODING VULNERABILITIES WHICH CAN BE EXPLOITED BY HACKERS, IF YOUR OPERATING SYSTEM IS UNSUPPORTED OR ISN’T REGULARLY UPDATES IT CAN BE OPEN TO MALICIOUS USERS

Question 26

WHAT CAN MOBILE DEVICE VULNERABILITIES CAUSED BY

Answer 26

• ORIGINAL EQUIPMENT MANUFACTURER MAY TAKE TIME TO RELEASE UPDATES

Question 27

WHAT ARE PHYSICAL VULNERABILITIES

Answer 27

A WEAKNESS IN PHYSICAL STRUCTURE OR ENVIRONMENT THAT CAN BE CAUSED BY NATURAL DISASTERS, ACCIDENTS OR HUMAN ACTIONS

Question 28

GIVE 3 EXAMPLES OF PHYSICAL VULNERABILITIES

Answer 28

• THEFT OF IT EQUIPMENT
• USB DEVICES MAY HAVE A VIRUS WHICH COULD TRANSFER FILES FROM ONE DEVICE TO ANOTHER
• SOCIAL ENGINEERING SUCH AS PHISHING OR AN ATTACKER GAINING UNAUTHOURISED ACCESS

Question 29

WHY CAN CLOUD COMPUTING BE A VULNERABILITY

Answer 29

BECAUSE FILES STORED USING CLOUD COMPUTING WILL BE AVAILABLE OVER THE INTERNET WHICH LEADS TO A POSSIBILITY OF OUR DEVICES BEING HACKED

Question 30

WHAT ARE IOT DEVICES

Answer 30

THIS IS THE INTER-CONNECTIVITY OF NON-STANDARD COMPUTING DEVICES SO THAT THEY GATHER AND SHARE DAAT TO DO SOMETHING

Question 31

WHY ARE IOT DEVICES VULNERABLE

Answer 31

BECAUSE THEY ARE NOT DEVELOPED WITH SECURITY IN MIND AND CAN BE AFFECTED BY THINGS LIKE MALWARE

Question 32

WHAT IS THE FRAUD ACT (2006)

Answer 32

WHEN SOMEONE ACTS DISHONESTLY TO MAKE A GAIN OR CAUSE A LASS, IF IF NOTHING THE ATTEMPT IS SUFFICIENT

Question 33

WHAT ARE THE 3 CLASSES THAT THE OFFENCES CAN BE SPLIT INTO

Answer 33

• FRAUD BY FALSE REPRESENTATION
• FRAUD BY FAILING TO DISCLOSE INFORMATION
• FARUD BY ABUSE OF POWER

Question 34

WHAT IS THE HEALTH AND SAFETY AT WORK ACT(1974)

Answer 34

THIS IS THE PRIMRARY LEGISLATION FOR ENSURING THE HEALTH, SAFETY AND WELAFARE OF STAFF AT WORK

Question 35

WHAT ARE THE DUTIES THAT EMPLOYEES MUST PERFORM SO THAT THEY COMPLY WITH THE HEALTH AND SAFETY ACT

Answer 35

• PROVIDE A SAFE SYSTEM OF WORK
• PROVIDE INFORMATION, INSTRUCTIONS AND TRAINING AND SUPERVISION
• MAINATAIN THE WORK PLACE IN A CONDITION THAT IS SAFE AND WITHOUT RISKS
• PROVIDE A HEALTH AND SAFETY POLICY

Question 36

WHAT ARE SOME PHYSICAL SECURITY METHODS TO RESTRICT ACCESS

Answer 36

SIT SECURITY LOCKS
CARD ENTRY
BIOMETRICS
CCTV
PROTECTED CABLING
CABINETS

Question 37

WHAT ARE 3 TYPES OF BACK-UPS

Answer 37

FULL BACKUP - A COMPLETE BACK UP ALL YOUR DATA
INCREMENTAL BACKUP - A BACK UP OF THE DATA THAT HAS CHANGED SINCE THE PREVIOUS BACK-UP
DIFFERENTIAL BACKUP - A MIXTURE OF THE PREVIOUS TWO

Question 38

WHAT ARE 3 PLACES WE CAN STORE BACK UPS

Answer 38

ON-SITE BACKUPS - STORED IN THE SAME BUILDING AS THE ORIGINAL DATA
OFF-SITE BACKUPS - STORED IN A DIFFERENT LOCATION AS THE ORIGINAL DATA, THIS IS MORE SECURE BECAUSE YOUR DATA WILL BE PROTECTED FROM WHATEVER DAMAGED IT
CLOUD BACKUPS - DATA WILL BE STORED IN A DIFFERENT LOCATION BUT IS CONNECTED TO THE INTERNET

Question 39

WHAT IS ANTI-VIRUS SOFTWARE

Answer 39

A UTILITY PROGRAM THAT IS USED TO PREVENT MALICIOUS FROM INFECTING YOUR COMPUTEROR DETECT OR REMOVE MALICIOUS SOFTWARE THAT HAS ALREADY INFECTED YOUR COMPUTER

Question 40

WHAT ARE THE 2 DETECTION TECHNIQUES THAT ANTI-VIRUS USES

Answer 40

VIRUS SIGNATURES - THIS IS HOW ANTI-VIRUS DETECTS MALWARE, ANTI-VIRUS COMPANIES ANALYSE MALWARE AND IDENTIFY A PATTERN FOR THE MALWARE CODE
HEURISTIC TECHNIQUES - THIS MONITORS THE BEHAVIOUR OF PROGRAMS AND DETECTS ANYTHING THAT APPEARS SUSPICIOUS

Question 41

WHAT 3 OPTIONS DOES ANTI-VIRUS PRESENT

Answer 41

CLEAN - REMOVING THE MALWARE WITHOUT REMOVING THE FILE
QUARANTINE - THIS MOVES THE MALWARE TO A SECURE LOCATION ON THE COMPUTER AND PREVENTS IT FROM SPREADING
DELETE - REMOVES THE FILE FROM THE COMPUTER, A QUICK AND SAFE TO PROTECT YOUR SYSTEM BUT ANY DATA IN THAT FILE WILL BE GONE WITH IT

Question 42

WHAT ARE FIREWALLS

Answer 42

A HARDWARE DEVICE OR UTILITY PROGRAM THAT MONITORS INCOMING AND OUTCOMING NETWORK TRAFFIC AND BLOCKS ANY TRAFFIC THAT APPEARS SUSPICIOUS

Question 43

WHAT IS THE DIFFERENCE BETWEEN SOFTWARE AND HARDWARE FIREWALLS

Answer 43

HARDWARE FIREWALLS - A PHYSICAL DEVICE THAT WILL SIT BETWEEN YOUR LOCAL AREA NETWORK AND INTERNET
SOFTWARE FIREWALL - THIS WILL BE INSTALLED ON EACH INDIVIDUAL DEVICE

Question 44

NAME SOME TECHNIQUES FIREWALLS USE TO INSPECT DATA

Answer 44

PACKET FILTERING AND INSPECTION - THE FIREWALL INSPECTS EACH PACKET OF DATA AND COMPARES IT TO PRE-DEFINED RULES, IF THE PACKET IS FLAGGED BY THESE RULES IT WON’T BE ALLOWED TO PASS THROUGH
APPLICATION LEVEL AWARENESS - A FORM OF FIREWALL THAT CONTROLS THE INPUT AND OUTPUT OF PACKETS TO AN APPLICATION, IMPORTANT BECAUSE IF A HACKER TRIES TO GACK AND GETS THROUGH THE APPLICATION LAYER, THERE IS AN EXTRA LAYER OF PROTECTION

Question 45

WHAT ARE INPUT AND OUTBOUND RULES

Answer 45

THESE ARE PART OF THE FILTERING PROCESS
INBOUND RULES - WILL DEFINE WHAT DATA SHOULD BE ACCEPTED, REJECTED AND DROPPED FROM ENTERING
OUTBOUND RULES - WILL DEFINE WHAT DATA CAN LEAVE THE NETWORK OR COMPUTER

Question 46

WHAT IS A NETWORK ADDRESS

Answer 46

AL DEVICES ON A NETWORK ARE ASSIGNED AN IP ADDRESS TO UNIQUELY IDENTIFY THEM.

Question 47

WHAT IS USER AUTHENTICATION

Answer 47

TO GAIN ACCESS TO AN OPERATING SYSTEM OR APPLICATION WE MUST AUTHENTICATE OURSELVES AS HAVING THE RIGHT TO THAT SYSTEM

Question 48

WHAT ARE GRAPHICAL PASSWORDS

Answer 48

THIS IS WHEN THE USER IS PRESENTED WITH A SCREEN FULL OF IMAGES AND THE USER WILL SELECT THE IMAGES IN A SPECIFIC ORDER

Question 49

WHAT IS BIOMETRIC AUTHENTICATION

Answer 49

WHEN A USER AUTHENTICATES THEMSELVES WITH THEIR IDENTIFY
COMMON FORMS ARE:
- FINGER PRINT RECOGNITION
- FACIAL RECOGNITION

Question 50

WHAT IS 2 STEP VERIFICATION

Answer 50

AN ADDITONAL LAYER OF SECURITY BY ASKING THE USER TO VERIFY THEIR IDENTITY MORE THAN ONCE

Question 51

WHAT ARE SECURITY TOKENS

Answer 51

SMALL HARDWARE DEVICESN OFTEN IS A USB DEVICE YOU PLUG INTO YOUR COMPUTER OR A KEY FOB THAT USES NEAR FIELD KEYS TO WIRELESSLY AUTHENTICATE

Question 52

WHAT IS KNOWLEDGE BASED AUTHENTICATION

Answer 52

A USER WILL BE ASKED SOME QUESTIONS WHICH THEY MUST ANSWER CORRECTLY TO GAIN ACCESS

Question 53

WHAT IS THE KERBEROS NETWORK AUTHENTICATION

Answer 53

A CLIENT HAS TO AUTHENTICATE THEMSELVES WITH THE DOMAIN CONTROLLER, ONCE AUTHENTICATED THE CLIENT WILL BE ABLE TO REQUEST ACCESS TO THE RESOURCES FROM THE DOMAIN CONTROLLER FOR A PERIOD OF TIME, IT DOES THIS THROUGH A TICKETING SYSTEM TO AUTHENTICATE USERS WHICH IS ENCRYPTED USING DIFFERENT PASSWORDS

Question 54

CERTIFICATE-BASED AUTHENTICATION

Answer 54

USES A DIGITAL CERTIFICATE TO IDENTIFY A CLIENT ON A NETWORK

Question 55

WHAT ARE ACCESS CONTROLS

Answer 55

THIS RESTRICTS ACCESS TO FILES, FOLDERS, APPLICATIONS AND PHYSICAL RESOURCES

Question 56

WHAT ARE THE 3 MAIN AREAS OF ACCESS CONTROLS

Answer 56

• AUTHENTICATION
• AUTHORISATION
• AUDIT

Question 57

WHAT IS TRUSTED COMPUTING

Answer 57

TECHNOLOGY THAT ENSURES HARDWARE HAS SECURITY BUILT-IN FEATURES SO THAT DEVICES WILL PERFORM IN PREDICTABLE AND SECURE WAYS

Question 58

WHAT IS ENCRYPTION

Answer 58

THE PROCESS OF CONVERTING A PIECE OF PLAIN-TEXT INTO AN ENCODED VERSION THAT IS UNREDABLE TO THE HUMAN EYE

Question 59

WHAT IS ENCYRPTION OF DATA AT REST

Answer 59

THIS REFERS TO THE DATA THAT IS STORED ON YOUR COMPUTER, THIS DATA IS ENCRYPTED USING SYMMETRIC ENCRYPTION WHICH MEANS THE SAME KEY IS USED TO ENCRYPT AND DECRYPT DATA

Question 60

WHAT IS SAFE PASSWORD STORAGE

Answer 60

WEBSITES SUCH AS FACEBOOK REQUIRE US TO CHOOSE A PASSWORD WHICH IS STORED ON THEIR SERVER, IF THE WEBSITE IS HACKED THEY COULD GAIN ACCESS TO ALL USER DETAILS THEREFORE STORED PASSWORDS SHOULD BE ENCRYPTED

Question 61

WHAT IS THE DIGITAL RIGHTS MOVEMENT

Answer 61

REFERS TO A TECHNOLOGY THAT ATTEMPTS TO CONTROL COPYRIGHTED MATERIALS, DRM USES ENCRYPTION TO PROTECT COPY RIGHT MATERIALS

Question 62

WHAT IS FILE, FOLDER AND DISC ENCRYPTION

Answer 62

ENCRYPTING THESE ARE USED WHEN GREATER SECURITY IS NEEDED, THIS IS DONE BY ENCRYPTING SPECIFIC AREAS OF OUR COMPUTER SO THAT OTHER USERS CAN’T ACCESS THEM

Question 63

WHAT IS ENCRYPTION OF DATA IN TRANSIT

Answer 63

DATA IN TRANSMIT IS DATA THAT’S BEING TRANSMITTED BETWEEN 2 DEVICES OVER A NETWORK. THIS DATA IS USUALLY ENCYRPTEDUSING ASYMMETRIC ENCRYPTION WHICH MEANS A DIFFERENT KEY IS USED TO ENCRYPT AND DECRYPT THE DATA

Question 64

WHAT IS THE ONION ROUTER

Answer 64

A METHOD SO THAT INDIVDUALS CAN USE THE INTERNET WITH ANONYMITY