Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Cyber Security > Section C > Flashcards

Section C Flashcards

1
Q

NAME 5 TOOLS THAT ARE USED TO IDENTIFY VULNERABILITIES IN A COMPUTER SYSTEM

A

PORT SCANNERS - SCAN A COMPUTER FOR ANY OPEN PORTS THAT COULD BE EXPLOITED BY HACKERS

REGISTRY CHECKER - PERFORMS BACKUPS OF THE REGISTRY, MAKING IT EASIER TO RESTORE IT TO A PREVIOUS STATE

WEBSITE VULNERABILITY SCANNERS- SEARCHES FOR VULNERABILITIES ON WEBSITES SUCH AS CROSS-SITE SCRIPTING(XSS), SQL INJECTION AND INSECURE SERVER CONFIGURATION

VULNERABILITY DETECTION AND MANAGEMENT SOFTWARE -
SCANNERS FOR VULNERABILITIES ON IT SYSTEMS

ACCESSING USER VULNERABILITIES-
IDENTIFIES ANY VULNERABILITIES THAT MIGHT BE CAUSED BY THOSE USING THE SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WHAT IS PENETRATION TESTING

A

A PENETRATION TEST IS WHEN A CYBER-ATTACK IS STIMULATED AGAINST A COMPUTER SYSTEM OR NETWORK TO IDENTIFY VULNERABILITIES THAT COULD BE EXPLOITED BY A MALICIOUS HACKER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WHO ARE THE OWASP

A

THEY STAND FOR OPEN WEB APPLICATION SECURITY PROJECT, THEY ARE AN ORGANISATION THAT IDENTIFY COMMON THREATS THAT COULD OCCUR TO A WEB APPLICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WHAT ARE THE TOP 10 RECENT THREATS

A

INJECTION FLAWS -
BROKEN AUTHENTICATION -
SENSITIVE DATA EXPOSURE -
XML EXTERNAL ENTITIES -
BROKEN ACCESS CONTROL -
SECURITY MISCONFIGURATION -
CROSS-SITE SCRIPTING -
INSECURE DESERIALIZATION -
USING COMPONETS WITH KNON VULNERABILITIES
INSUFFICIENT LOGGING AND MONITORING -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

WHAT IS A RISK

A

A RISK IS A THREAT THAT COULD RESULT IN SOME FORM OF LOSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WHAT IS THE FIRST STEP IN IDENTIFYING THE SEVERITY OF A RISK FOR EACH THREAT

A

THE FIRST STEP IS TO IDENTIFY IT’S LIKELIHOOD OF OCCURING AND THE IMPACT LEVEL IT COULD CAUSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WHAT ARE THE 3 PROBABILITIES OF THREATS OCCURING

A

UNLIKELY - NOT EXPECTED TO HAPPEN BUT COULD
LIKELY - WILL PROBABLY HAPPEN AND REOCCUR BUT NOT CONSTANTLY
VERY LIKELY - WILL CERTAINLY HAPPEN AND REPEATEDLY AND EVEN FREQUENTLY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

WHAT ARE THE 3 LEVELS OF IMPACT THAT COULD BE CAUSED

A

MINOR - UNLIKELY THAT MUCH WILL BE LOST BUT THERE MIGHT BE SOME FINANCIAL LOSS
MODERATE - SOMETHING WILL BE LOST AND FINANCIAL DAMAGE WILL HAVE AN IMPACT ON THE ORGANISATION
MAJOR - HIGH AMOUNT OF LOSS WILL BE CAUSED AND FINANCIAL DAMAGE IS LIKELY TO BE SUBSTANTIAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

WHEN ARE RISK ASSESSMENTS CARRIED OUT

A

THEY SHOULD BE CARRIED OUT DURING THE DESIGN OF A SYSTEM AND AT REGULAR INTERVALS DURING OPERATION IN ORDER TO AUDIT SECURITY PROCESSES. A RISK ASSESSMENT IS ALSO DONE WHEN THERE IS A BREACH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WHAT ARE THE 5 STEPS TO PERFORMING A RISK ASSESSMENT

A

IDENTIFY POSSIBLE THREATS
IDENTIFY LIKELIHOOD OF THREATS
ASSESS THE VULNERABILITIES
ASSESS THE IMPACT LEVEL
DETERMINE THE RISK SEVERITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WHY IS IT IMPORTANT THAT WE DOCUMENT OUR RISK ASSESSMENT

A

SO THAT WE CAN REFER TO IT LATER WHEN PRODUCING THE SECURITY PLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WHAT STRUCTURE DO YOU FOLLOW WHEN DOCUMENTING A RISK ASSESSMENT

A

YOU MUST FILL IN THE FOLLOWING DETAILS:
THREAT NUMBER
THREAT TITLE
PROBABILITY
IMPACT LEVEL
RISK SEVERITY
EXPLANTION OF THE THREAT IN CONTEXT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHAT IS THE PURPOSE OF A CYBER SECURITY PURPOSE

A

A CYBER SECURITY PLAN WILL IDENTIFY HOW WE WILL PROTECT OURSELVES FROM BEING AFFECTED BY THE THREATS IDENTIFED IN THE RISK ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHAT ARE 8 HEADINGS WE NEED TO IDENTIFY IN A CYBER SECURITY PLAN

A
  • THREAT ADDRESSED BY THE PROTECTION MEASURE
  • ACTIONS TO BE TAKEN
  • REASONS FOR THE ACTION
  • OVERVIEW OF TECHNICAL AND FINANICAL CONSTRAINTS
  • OVERVIEW OF LEGAL RESPONSIBILITIES
  • OVERVIEW OF USABILITY OF THE SYSTEM
  • OUTLINE COST BENEFIT
  • TEST PLAN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the financial and technical costs that could occur when developing a new network

A
  • The configuration of the software or hardware will require IT specialists
  • Hardware or software may be limited in performing the security measure
  • Training costs for staff so that they can use the new system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

GIVE 3 HARDWARE PROTECTION METHODS THAT CAN BE USED TO PREVENT SOME OF THE MOST COMMON RISKS

A

HARDWARE FIREWALLS - CAN BE USED TO PROTECT ALL PCS ON A NETWORK, CAN ALSO FILTHER TRAFFIC TO PREVENT DOS ATTACKS
ROUTERS - CAN BE USED TO SEGMENT A NETWORK ALONGSIDE SWITCHES
WIRELESS ACCESS POINTS - CONFIGURING IT PROPERLY HELPS TO PREVENT UNAUTHORISED ACCESS

16
Q

NAME 5 SOFTWARE METHODS THAT CAN BE USED TO PROTECT SOME OF THE MOST LIKELY RISKS

A

ANTI-MALWARE
SOFTWARE FIREWALLS
PORT SCANNING
ACCESS RIGHTS
INFORMATION AVAILABILITY

17
Q

NAME 5 PHYSICAL SECURITY METHODS TO PREVENT INTRUDERS

A

LOCKS
CCTV
ALARM SYSTEMS
BACKUPS

18
Q

NAME 3 ALTERNATIVE RISK MANAGMENT MEASURES

A

RISK TRANSFER TO A THIRD PARTY - ANY ACTIVITY THAT A BUSINESS PERFORMS WHICH COULD POTENTIALLY LEAD TO VULNERABILITIES CAN BE OUTSOURCED BY COMMISSIONING A SERVICE PROVIDER
RISK AVOIDANCE BY STOPPING AN ACTIVITY - ANY ACTIVITY THAT A BUSINESS PERFORMS WHICH COULD HAVE A RISK COULD BE PREVENTED FROM HAPPENING
RISK ACCEPTANCE - IS USED FOR RISKS THAT MAY BE TOO COSTLY TO DEAL WITH

19
Q

WHAT DO YOU TALK ABOUT FOR THE USABILITY OF THE SYSTEM

A

WE SAY HOW ANY OF THE PROTECTION METHODS MAY IMPACT ON THE USABILITY OF THE SYSTEMS
FOR EXAMPLE IMPLEMENTING ANTI-VIRUS MAY SLOW DOWN OLDER DEVICES
IT COULD ALSO SLOW STAFF IN PERFORMING TASKS BY LIMITING FUNCTIONS
MAY IMPACT THE USER EXPERIENCE

Cyber Security (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions