Social Engineering

Question 1

(pr) What is a layer

Answer 1

A division of network functuality

Question 2

(pr) Name an advantage of layers

Answer 2

It is self contained- if one layer is removed it does not affect the other layers

Question 3

(pr) Name a way that affects a network

Answer 3

Physical interference/ number of devices/ bandwidth/ distance data has to travel

Question 4

(pr) Name a difference between a switch and a router

Answer 4

a switch uses MAC addresses whereas a router uses IP

Question 5

What does SQL stand for?

Answer 5

Structured Query Language

Question 6

What is the primary use of SQL?

Answer 6

To interact with databases by retrieving, inserting, updating, and deleting data

Question 7

What is an SQL injection?

Answer 7

A technique where an attacker inserts malicious SQL code into a website’s input field

Question 8

How can an SQL injection attack exploit a website?

Answer 8

By manipulating SQL queries to gain unauthorized access to or modify sensitive data

Question 9

What did the hacker do to test the vulnerability of the search bar?

Answer 9

Entered a string of SQL code into the search box instead of a product name

Question 10

What is the consequence of not properly validating user input in SQL?

Answer 10

Malicious code can be processed directly by the database, leading to data exposure or manipulation

Question 11

What should input validation check for to prevent SQL injection?

Answer 11

That the input does not contain malicious SQL statements

Question 12

What is one way to restrict SQL query execution and prevent SQL injection?

Answer 12

Restricting the types of SQL statements that can be executed

Question 13

What are user access levels?

Answer 13

Permissions set for different types of users to limit access to sensitive data

Question 14

What action did the IT team take after discovering the breach?

Answer 14

Launched an investigation into the website’s security

Question 15

What was the main finding of the IT team’s investigation?

Answer 15

Inadequate input validation allowed SQL injection

Question 16

What immediate action did the IT team take to fix the issue?

Answer 16

Implemented input validation

Question 17

Why is error handling important in web applications?

Answer 17

To prevent detailed error messages from being displayed to users, which could aid attackers

Question 18

What does penetration testing involve?

Answer 18

Simulating real-world cyberattacks to test system security defences

Question 19

What is a key benefit of conducting regular security audits?

Answer 19

To identify and fix vulnerabilities before they can be exploited

Question 20

Fill in the blank: SQL injection attacks exploit vulnerabilities in user input validation to manipulate SQL queries and access _______.

Answer 20

sensitive data

Question 21

True or False: User access levels can help limit the damage a hacker can do.

Answer 21

True

Question 22

What is a best practice for securing web applications mentioned in the case study?

Answer 22

Regularly updating software and using strong encryption for sensitive data

Question 23

What is a virus?

Answer 23

A form of malicious software that attaches itself to files or programs, allowing it to spread to other files and programs when the infected file is executed.

Viruses can cause harmful effects such as corrupting or deleting data, slowing down system performance, and disrupting operations.

Question 24

How do viruses typically enter systems?

Answer 24

Through infected email attachments, downloads from untrusted websites, or physical media like USB sticks.

User execution of infected files activates the virus code.

Question 25

What is the main function of a virus?

Answer 25

To replicate itself and spread to other systems, potentially causing damage to data and files. ## Footnote Viruses exploit user trust in seemingly harmless files.

Question 26

What is an example of a well-known virus?

Answer 26

The 'ILOVEYOU' virus, which spread rapidly in 2000 via email. ## Footnote It caused an estimated $10 billion in damages.

Question 27

What distinguishes worms from viruses?

Answer 27

Worms do not require a host file to spread and can replicate and transmit themselves without user intervention. ## Footnote Worms cause network congestion and operational disruption.

Question 28

What is a notorious example of a worm?

Answer 28

The 'Morris Worm,' released in 1988, which infected around 6,000 computers. ## Footnote It exploited vulnerabilities in Unix systems.

Question 29

What is a Trojan horse?

Answer 29

A type of malware that disguises itself as useful software to trick users into downloading and installing it. ## Footnote Trojans rely on social engineering techniques.

Question 30

How do Trojans typically operate once executed?

Answer 30

They can create a backdoor for remote access, allowing attackers to control the infected system. ## Footnote Trojans can lead to data breaches and identity theft.

Question 31

What is a well-known example of a Trojan?

Answer 31

The 'Zeus Trojan,' used to steal banking information and credentials. ## Footnote It captures sensitive data and transmits it to attackers.

Question 32

What is spyware?

Answer 32

A category of malware designed to monitor user activity and collect personal information without consent. ## Footnote Spyware can track browsing habits, keystrokes, and capture sensitive data.

Question 33

How does spyware typically enter systems?

Answer 33

Through bundled software downloads, deceptive websites, or exploiting vulnerabilities in operating systems. ## Footnote It compromises user privacy and degrades system performance.

Question 34

What is a notorious example of spyware?

Answer 34

The 'CoolWebSearch' spyware, which hijacked web browsers and changed search settings without consent. ## Footnote It collected data on users' browsing habits.

Question 35

What is ransomware?

Answer 35

A type of malware that encrypts the victim's files and demands a ransom for the decryption key. ## Footnote Ransomware inflicts severe emotional and financial distress on victims.

Question 36

How does ransomware typically infiltrate systems?

Answer 36

Through phishing emails, malicious downloads, or by exploiting software vulnerabilities. ## Footnote User caution is essential for prevention.

Question 37

What is a prime example of ransomware?

Answer 37

The 'WannaCry' attack that occurred in 2017. ## Footnote It affected hundreds of thousands of computers worldwide by exploiting a Microsoft Windows vulnerability.

Question 38

Fill in the blank: A virus can cause _______ to data and files.

Answer 38

harmful effects

Question 39

True or False: Worms require a host file to spread.

Answer 39

False

Question 40

Fill in the blank: Spyware collects personal information without the user's _______.

Answer 40

knowledge or consent

Question 41

True or False: Trojans replicate themselves like viruses.

Answer 41

False