SLR1.4

Question 1

types of attacks

Answer 1

malware
phishing
brute force attack
denial of service attack
data interception and theft
SQL injection
people as a weakpoint in secure systems

Question 2

malware

Answer 2

software specifically designed to disrupt, damage or gain unauthorised access to a computer system

Question 3

phishing

Answer 3

sending emails proposing to be from a company to convince individuals to reveal their personal information

Question 4

brute force attack

Answer 4

a trial and error method of attempting passwords and pin numbers. automated software is used

Question 5

DDOS

Answer 5

denial of service attack
flooding a server with useless traffic causing the server to become overloaded and unavailable

Question 6

data interception and theft

Answer 6

stealing computer-based information with the intent of compromising or obtaining personal information

Question 7

sql injection

Answer 7

a technique used to view or change data in a database by inserting additional code into a text input box, creating a string

Question 8

what happens during malware

Answer 8

files are deleted, become corrupt or encrypted

crashing occurs, reboot spontaneously and slow down

internet connection becomes slow

keyboard inputs are recorded and sent to hackers to find passwords

Question 9

what happen during phishing

Answer 9

accessing a victims account to withdraw money

open bank accounts and credit cards, cashing illegitimate cheques

gain access to high value corporate data

Question 10

what happen during brute force attack

Answer 10

hacker attempts to access corprate systems and try to access sensitive information

Question 11

what happen during DDOS

Answer 11

companies lose services for customers

lose revenue

productivity lowers

reputation damaged

Question 12

what happen during interception

Answer 12

usernames and passwords are compromised

corporate data is disclosed

Question 13

packet sniffers

Answer 13

listens to data that is being transferred between 2 points

Question 14

what happen during sql injections

Answer 14

reveal private information

data in the database can be amended or deleted

Question 15

using people as weakpoints

Answer 15

not installing operating system updates

not keeping antimalware up to date

not logging out of a computer

sharing passwords

Question 16

security softwares

Answer 16

firewalls
spam filters
anti virus
anti spyware
anti spam
staff training
backing up files regularly

Question 17

preventing phishing

Answer 17

have strong security software
staff training-awareness of spotting fake emails
staff training-disabling browser pop ups
staff training-not revealing personal information

Question 18

preventing brute force attacks

Answer 18

using progressive delays
using effective passwords
network lockout policy-locks out after 3 tries

Question 19

preventing DDOS

Answer 19

having strong firewalls
packet filtering on routers
web servers that spot DDOSs

Question 20

preventing data interception and theft

Answer 20

encryption
using virtual networks
use of passwords
investigating network vulnerabilities

Question 21

preventing sql injections

Answer 21

validation on input boxes
using parameters queries
setting database permissions
penetration testing

Question 22

penetration testing

Answer 22

employing people to hack your programs

Question 23

common errors that staff can make to endanger the security of a network

Answer 23

problem - bringing unauthorised files
solution - not allowing external devices being used on the network

problem - allowing physical access to a network
solution - locking doors

problem - Sending/sharing sensitive data with
third parties
solution - blocking/restricting access to USB ports/emails