Topic 6-Cyber security

Question 1

What is cyber security?

Answer 1

Protecting networks, computers, data and programs from attack damage or unauthorized access and is done through processes practices and technologies.

Question 2

What is social engineering?

Answer 2

Art of manipulating people so they divulge personal information such as passwords. Blagging, phishing and shouldering are all examples.

Question 3

How can you protect against social engineering?

Answer 3

Public awareness, policies and education.

Question 4

What is blagging?

Answer 4

The act of obtaining/disclosing personal data or information without the owners consent. This can be prevented by security training.

Question 5

What is phishing?

Answer 5

Phishing emails are designed to steal money, get login details or steal and identity. Usually done through email or SMS. Remember to look for spelling or grammar mistakes.

Question 6

What is shouldering?

Answer 6

Using direct observation techniques to gain information such as passwords.

Question 7

What is malicious code(malware)?

Answer 7

Hostile or intrusive software.

Question 8

How can malware spread?

Answer 8

Through attachments and links.

Question 9

What is a macro?

Answer 9

Small piece of code that is given permission to run on the device, found in attachments and are set to install malware of other sorts.

Question 10

What is a virus?

Answer 10

Program installed onto computer without your knowledge or permission with the purpose of doing harm. It cannot copy itself on its own it has to infect a program.

Question 11

What is a worm?

Answer 11

Self replicating virus.

Question 12

What is a trojan?

Answer 12

Any form of malware which tricks the user into installing it by pretending to be a legitimate program.

Question 13

What is ransomware?

Answer 13

Encrypts files on an infected system and only decrypts files once a payment is made to the hacker.

Question 14

What is spyware?

Answer 14

Gathers information about a user by tracking their activity without their consent. Key loggers and screen capture software’s are two examples.

Question 15

What is a rootkit?

Answer 15

Malware which modifies the OS to avoid detection by anti-virus and ant-malware software.

Question 16

What is a backdoor?

Answer 16

Malware which opens up an access channel to a computer that other malware can use to get in/gain access.

Question 17

What is an insider attack?

Answer 17

When someone inside of an organisation gives away access details or data.

Question 18

What is a passive attack?

Answer 18

When a hacker eavesdrops on a network by “sniffing” the data packets.

Question 19

What is an active attack?

Answer 19

When someone uses malware or other technical methods to compromise a networks security.

Question 20

What are the two ways of cracking passwords?

Answer 20

Brute force and dictionary.

Question 21

What are misconfigured access rights?

Answer 21

Allows the employees/students to access more data than they should be able to in their position. If a hacker hacks a computer they will only be able to see what that person can access.

Question 22

What is removable media?

Answer 22

USB sticks or removable hard drives can cause data theft and virus infection.

Question 23

What is unpatched or outdated software?

Answer 23

Vulnerable to attacks as software may not be able to detect viruses or malware. People update software to protect it from known methods.

Question 24

What is adware?

Answer 24

Software that either causes pop-ups or windows. These will not close. Used by companies legit, but when installed without knowledge or intent to gather browser information it is malicious.

Question 25

What is penetration testing?

Answer 25

The process of attempting to compromise a networks security in a controlled manner so the company can patch and increase their network’s security.

Question 26

What is black box penetration testing?

Answer 26

The ethical hacker has no knowledge of the system being attacked. This can simulate external attacks.

Question 27

What is white box penetration testing?

Answer 27

The tester has prior knowledge of the system being attacked. This saves time and cost and can simulate an insider attack.

Question 28

What is the difference between anti-malware and anti-virus?

Answer 28

Antimalware focuses on new threats, while antivirus keeps you protected against the traditional versions, like worms and phishing attacks, that can still harm your device. Think of antivirus as proactive protection against threats infecting your device while antimalware roots and destroys activated malware.

Question 29

What is biometrics?

Answer 29

Physical characteristics that are quite unique.

Question 30

What does CAPTCHA stand for?

Answer 30

Completely automated public turing test to tell computers and humans apart.

Question 31

Why are software updates automated?

Answer 31

So user does not have to do it themselves as they could forget.

Question 32

What is a denial of service attack?

Answer 32

Prevents users from accessing parts of a network that they normally could.

Question 33

What is a distributed denial of service attack?

Answer 33

Uses botnets to overflow systems with traffic to stop them from working. Firewalls can blacklist IP’s.

Question 34

What is a botnet?

Answer 34

Network of private computers infected with malicious software and controlled as a group without the owners knowledge.

Question 35

White, grey and black hat hackers.

Answer 35

White-payed to hack programs for safety
Grey-does it for right reason but against the law
Black-does it for wrong reason for personal gain(against the law).

Question 36

What is pharming?

Answer 36

Technique intended to redirect a websites traffic to another fake website and you will be asked to give personal details.