Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Dan’s GCSE Computer Science > Topic 6 - Cyber Security > Flashcards

Topic 6 - Cyber Security Flashcards

You may prefer our related Brainscape-certified flashcards:
GCSE Religious Studies - Edexcel Route A flashcards GCSE Religious Studies - Eduqas Route A flashcards GCSE Geography - AQA flashcards Biology 101 flashcards GCSE Religious Studies - Edexcel Route B flashcards GCSE Religious Studies - Eduqas Route B flashcards
1
Q

What are the 4 types of attacks ?

A

Active attack
Social engineering
Passive attack insider attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an active attack ?

A

When someone uses malware or other technical methods to compromise a network’s security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is social engineering?

A

When a person is exploited into giving away critical information that gives access to the network or accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a passive attack ?

A

When a hacker eavesdrops on a network by ‘sniffing’ the data packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an insider attack ?

A

When someone in an organisation gives away access details or sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the name for any methods which allow users to prove that an account is theirs ?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the most common authentication method ?

A

The most common authentication method is using a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why do many hackers want to find people’s passwords ?

A

so that they can gain access to accounts:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Finding people’s passwords called ?

A

cracking the password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a brute force attack ?

A

A brute force attack tries to crack a password by trying every single combination of letters and numbers until the correct one is found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the problem with a brute force attack ?

A

This can take a very long time, although special software is used to do this which makes it possible to make millions of attempts per second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a dictionary attack ?

A

A quicker form of the brute force attack is the dictionary attack.

Rather than attempting every single combination, a dictionary attack tries words from a predetermined list:
A common dictionary to use would be a list of common passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are three ways to protect against password cracking ?

A

Writing a network policy which enforces strong passwords can protect against dictionary attacks.

Using two-factor authentication can prevent the hacker from logging in, even if they have the password.

Restricting the number of failed password attempts before an account is ‘locked’ for a fixed period of time can deter hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do denial of service (DoS) attacks work ?

A

A denial of service (DoS) attack tries to bring down a server by flooding it with many useless requests.

The attack aims to overload the server. This stops the server responding to legitimate requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can be used to protect a server from a DoS attack ?

A

A fire wall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does a fire wall protect a server from a DoS attack ?

A

a server’s firewall can blacklist (ban) any traffic from an IP address which is known to perform DoS attacks.

Firewalls can also monitor traffic in real time. So if a new IP address starts to send too much traffic then traffic limits can be set.

17
Q

When are Distributed DoS (DDos) attacks used ?

A

commonly used to overcome the blacklisting of an IP address because of a high number of requests

18
Q

In a DDoS attack how are requests sent ?

A

from an army of compromised machines, known as a botnet

19
Q

How do the bonnets work in DDoS attacks ?

A

Botnet machines are infected with malware which allows a hacker to send requests from their computer.

The botnet can launch a huge number of simultaneous requests. The owners of the devices in the botnet might not even realise they are taking part.

20
Q

What does Penetration testing identify ?

A

vulnerabilities in a network’s security

21
Q

How does penetrating testing work ?

A

by attempting a controlled attack on the network

This usually involves carrying out multiple types of attack to see which is most successful.

22
Q

Who performs penetration testing ?

A

the organisation itself, or an external organisation or contractor they have hired

23
Q

What does a good penetration test check ?

A

Technical vulnerabilities.
Likelihood of social engineering.
A test of damage recovery

24
Q

What is the motivation for penetration testing ?

A

Organisations choose to perform penetration testing to try to find vulnerabilities before criminals do.

If an organisation can find and fix a bug before it is exploited, it can save time and money.

25
Q

What are the two types of penetration tests ?

A

White box penetrating testing

Black box penetrating testing

26
Q

What is white box penetration testing ?

A

A white box penetration test is done inside an organisation.

In a white box penetration test, system administrators will test how vulnerable the system is against someone with knowledge of the system, and possibly a user account with low access rights.

This will help to prevent insider attacks.

27
Q

What is black box penetration testing ?

A

A black box penetration test is done outside of an organisation.

A system administrator might pay an outside organisation to attempt to gain access to their systems in a controlled way.

This will allow the system administrators to experience a ‘practice’ attack which is very similar
to a real attack.

28
Q

Who are often the weak point in any network security package?

A

People

29
Q

What is social engineering?

A

the art of manipulating people so they give up confidential information

30
Q

What are ways to protect against social engineering?

A

Education and training
Public awareness campaigns
Company security policies

31
Q

What’s the most effective means of protection against social engineering ?

A

education and training

32
Q

How does education and training help prevent social engineering?

A

People are made aware of the tactics of fraudsters:

This makes it more likely that they will recognise a fraudulent phone call.

33
Q

How do company and security policies help prevent social engineering?

A

Company security policies include instructions that employees must follow to uphold security.
For example:
Don’t discuss a user account without the user having confirmed their PIN number.

34
Q

How do public awareness campaigns help prevent social engineering?

A

Banks and governments often run public awareness campaigns to educate members of the public about the risks of social engineering.

These often include case studies of what could happen if people do not take care.

35
Q

What are three types of social engineering?

A

Shouldering
Pharming
Blagging

Dan’s GCSE Computer Science (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions