Security

Question 1

What is Network security?

Answer 1

• network security is the activities designed to protect a network and its data from threats such as viruses, hack attackers, denial of service attacks, data interception and theft, and equipment failure.

Question 2

What are the 3 areas that network security protect?

Answer 2

• confidentiality.
• correctness.
• availability.

Question 3

What is DoS?

Answer 3

• denial of service is an attack on a network that attempts to prevent legitimate users from accessing its service.

Question 4

What are the 3 reasons why security is important?

Answer 4

• required for the running of the organization.
• private and confidential.
• financially valuable.

Question 5

What are the 3 ways to protect data confidentiality?

Answer 5

• ensuring only authorized users can access the parts of a network and its resources that they have a reason to require.
• stopping misuse.
• encrypting data.

Question 6

What is authentication and validation?

Answer 6

authentication is the process of checking the identity of a user of a computer system or network.
authentication is done by validating a username and password against details stored on a central server.

Question 7

What is two- factor authentication?

Answer 7

• a security check where users have to type in the code from a portable hardware device called a “secure token” or from and SMS message sent to their mobile phone.

Question 8

What is access control?

Answer 8

this decides which users have access to which data, and what they are allowed to do with it.

Question 9

What are the two options that access control decides whether a particular file?

Answer 9

• read-only access.
• read and write access.

Question 10

What is read-only access?

Answer 10

this is where the user can open the file and read its contents, but not modify the contents or delete the file.

Question 11

What is read and write access?

Answer 11

read and write access(modify access), where the user can read the file, alter the contents and then saves the changes.

Question 12

What is a firewall?

Answer 12

• firewall is a network security system that monitors and controls data that is moving from one network to another.( eg:- between the internet and local internal network)

Question 13

What is hacking?

Answer 13

the act of gaining unauthorized access to a computer system and the data it contains.

Question 14

What is throughput?

Answer 14

• allow more data to pass through them.

Question 15

What is physical security?

Answer 15

• controlling access to critical parts of a network using physical methods (such as locked doors) rather than software.

Question 16

What is malware?

Answer 16

short for ‘malicious software’. it is used as a generic term for any kind of software that is designed to disrupt the use of a computer system.

Question 17

What are the 4 advantages of cloud storage relating to avaliability?

Answer 17

• cloud storage provider is responsible for the hardware your data is stored on.
• the cloud storage provider can normally make extra storage available.
• having data stored off-site, means that it is protected from loss due to fire, theft of computers/ servers, electrical failure so on.
• data can be backed-up

Question 18

What are the disadvantages of cloud storage related to security disadvantages?(5)

Answer 18

• there might be problems for the third-party storage provider.
• could be hacked as it is saved online.
• cloud storage users have to assume that the cloud storage servers are trustworthy.
• need a high-speed internet connection to access data.

Question 19

what is USB?

Answer 19

it is a universal serial bus socket found on most modern computer systems.

Question 20

What is a NAS storage system?

Answer 20

• NAS is a hardware device that is connected to a network to provide file storage for any device connected to that network.

Question 21

What is a cyber attack?

Answer 21

• any kind of malicious attack on a network-connected device.

Question 22

What is social engineering?

Answer 22

• any kind of attack on a computer system or network that takes advantage of how people behave and respond to certain situations.

Question 23

What is phishing?

Answer 23

• directing internet users to a fake website that looks like a real one, to obtain personal information such as passwords, account numbers, etc.

Question 24

What are the two ways cyber attacks can classified to?

Answer 24

• social engineering.
• technical weaknesses.

Question 25

Reasons for cyber attacks? (4)

Answer 25

• gain access to data contained within the system.
• delete or modify information.
• make the system unavailable for use.
• physically damage a device connected to the network (usually by overreading safety limits)

Question 26

What are the 3 common forms of social engineering?

Answer 26

• phishing
• shoulder surfing.
• pharming.

Question 27

What are the 5 ways to prevent pharming?

Answer 27

• check that the http address of site is one you intended to visit.
• check that there is a secure connection if you have to enter sensitive information.
• check the site’s security certificate.
• install the latest security updates.
• install antivirus software.

Question 28

What are the 3 common examples where cyber-attacks rely on technical weaknesses?

Answer 28

• unpatched software.
• USB device.
• eavesdropping.

Question 29

What is unpatched software?

Answer 29

• it is software that hasn’t had the latest security updates applied to it, making it vulnerable to attack.

Question 30

what is eavesdropping?

Answer 30

• eavesdropping means intercepting data being sent to/from another computer system. (simple means reading data without actually copying or stealing it.)

Question 31

What is code vulnerability?

Answer 31

a computer program (code) written in such a way that it creates a security issue that may be taken advantage of to gain access to the computer system or data.

Question 32

What are the 5 questions software and system designers will need to consider ?

Answer 32

• what kind of authentication.
• Does warning need to be issued?
• Stored data need to be encrypted.
• threats the software might face.

Question 33

What is modular testing?

Answer 33

testing each block of code as it is completed to ensure the code works as expected.

Question 34

What is audit trail?

Answer 34

a record of activities that have taken place on a computer system. This record is generated automatically and will record what has happened and who or what made the change

Question 35

What are the 3 ways of identifying vulnerabilities?

Answer 35

• penetration testing.
• commercial analysis tools.
  -reviews of network and user policies.

Question 36

What are the other 3 methods to reduce the chance of cyber attacks succeeding?

Answer 36

• use of an audit trail.
• use of secure operating system.
• Provide effective network security.

Question 37

What are the 2 scans commercial analysis tools take?

Answer 37

• external scan.
• internal scan.

Question 38

What is external scan?

Answer 38

• External scan shows vulnerabilities that a hacker could exploit from outside the company’s network.

Question 39

What is internal scan?

Answer 39

• Internal scan can be used to scan the network from within to show up issues that could be exploited by a rogue employee, or hacker who might get physical access to the networks.

Question 40

What should all networks have in written policies?

Answer 40

• network policy.
• user policy.

Question 41

What should be documented in network policy?

Answer 41

• who is authorized to carry out various activities on the network.
• how and when patches to software should be applied.
• access control.
• password requirements.
• how security is set up and maintained on the network

Question 42

What should be documented in User policy?

Answer 42

• the use of the network is allowed or not allowed?
• what will happen to the user if they do something unacceptable.
• how to report faults, problems, and security issues.
• security information, such as good practice when choosing and using passwords.