Unit 3 - Systems Software and Security

Question 1

What is social engineering?

Answer 1

the art of manipulating people so they give up confidential information

Question 2

What do cyber attacks take advantage of?

Answer 2

1) human weakness or gullibility

2) Technical weakness in computer systems, networks or digital devices

Question 3

What is a phishing email?

Answer 3

An email that tricks the user into handing over sensitive or personal information.

Question 4

Signs of a phishing email

Answer 4

1) Greeting - not personalized
2) The sender’s address - a variation on a genuine address
3) Forged link
4) Request for personal information
5) Sense of urgency
6) Poor spelling and grammar

Question 5

Define Shoulder Surfing

Answer 5

Shouldering involves direct observation of a user enter their security details.

Question 6

Define a brute force attack and how can you limit the attack?

Answer 6

A hacker may go through a list of different passwords until access to an account is gained. Also the attacker may try every combination of characters until the correct password is found.

Ways to avoid it could be to set a limit on how many passwords can be tried at one time.

Question 7

How to validate a password?

Answer 7

1) between 10 to 15 characters (length check)
2) mixture of numbers, lower and uppercase characters and symbols (format checks)
3) the user should never include their DOB, name or personal details

Question 8

Define Malware

Answer 8

a malicious software intended to damage/disable computers.

Question 9

Define Virus

Answer 9

A program which infects (embeds itself in) other programs or data files without the user’s knowledge. Can be easily spread if a user innocently sends an infected file to someone else.
It can also be used to slow down the performance of a hard disk or network

Question 10

Define Worm

Answer 10

another type of malware. needs to attach itself to an existing file in order to spread. It may scan the internet looking for vulnerable computers to infect.

Question 11

Common sources or forms of attack

Answer 11

1) USB devices
2) digital devices
3) eavesdropping

Question 12

What two significant security issues do portable devices pose?

Answer 12

1) Data loss and/or theft

2) Infection from viruses

Question 13

How can minimize the risk of viruses?

Answer 13

Scan all devices, never use a found device and disable the auto run facility for removable media​

Question 14

Define Eavesdropping

Answer 14

Method used to intercept data packets as they move across the network. Packets are inspected for useful data that could be misused or sold.

Question 15

Define Digital Stalking

Answer 15

Type of eavesdropping. Hackers can use your mobile device to access detailed information about your daily life e.g. location, interests, apps used that day.

Question 16

What threats do digital devices present?

Answer 16

1) Loss of a mobile phone can lead to the loss of all the data stored on it, including passwords, account numbers and credit card details​
2) Malware which targets digital devices may create “back doors” to give malicious users access to your device​
3) Many apparently legitimate apps are malicious and may lead to fraudulent charges on your phone bill or theft of personal information ​
4) Technical measures like firewalls, antivirus protection and encryption are uncommon on mobile phones​

Question 17

How to avoid hacking on mobile phones?

Answer 17

) create a strong password

2) Not following links in suspicious emails
3) Don’t install apps without researching them first - ​if they require extra permissions, don’t install them​
4) Delete all information stored on your mobile ​before discarding​

Question 18

Define Denial of Service attacks

Answer 18

An attack that attempts to flood a website server with an overwhelming number of data requests.
E.g. flood the victim’s site with spam emails or disrupt access to a victim’s website or entire geographical area by re configuring software to crsh network sites.

Motives: revenge, blackmail, terrorism

Question 19

Define SQL injection

Answer 19

takes advantage of web input forms to access or destroy data.
SQL commands can be input into web forms instead of the expected ‘real’ data. This can be interpreted by vulnerable web applications as an additional instruction to operate in the hacker’s favor

Question 20

What is an example of a good network policy?

Answer 20

An Acceptable Use Policy details strict guidelines about what is and is not acceptable behavior on a network. All employees or students should be asked to read and sign this.

Question 21

Define Penetration Testing

Answer 21

The practice of deliberately trying to find security holes in your own systems

Question 22

What is the goal of penetration testing?

Answer 22

1) identify the targets of potential attacks

2) identify possible entry points

Question 23

What is black box testing?

Answer 23

Type of penetration testing. Black-box testing is a method in which the tester is provided no more information than any potential hacker may have

Question 24

What is white box testing?

Answer 24

Type of penetration testing. Testers are given as much information as an insider may have, in order to determine how much damage a rogue employee could do to a system. They are ethical hackers employed by the company or security firms.

Question 25

Who are grey hat hackers?

Answer 25

Grey hats will frequently seek out system vulnerabilities without authorization from the system owners. Any flaws they find may by reported without actually doing anything to take advantage of the flaws themselves.

Question 26

What are Audit trails?

Answer 26

They monitor all network activity and can keep a record of all user activity. Useful for maintaining security and for recovering lost data. Network administrators can sue audit trail data to identify data leaks and prevent security attacks. An instruction detection system can alert administrators in real time.

Question 27

Name a type of Anti-malware software

Answer 27

Automatic updates are commonly used to keep it up to date

Question 28

Define Firewall

Answer 28

A software that checks data coming from the Internet or a network.

• it either blocks the data or allows it to pass through, depending on the firewall settings
• only certain data packets that meet set filtering rules are allowed to pass through

Question 29

Define Proxy server

Answer 29

a computer that acts as an gateway between a web browser and the internet.

• it helps to improve web performance by storing a copy of frequently used web page
• mostly used by networks in organisations
• can acts as a firewall, help improve security by filtering out some web content and malware

Question 30

User Access Levels

Answer 30

Access rights may be set on disks, folders and even individual files.
If a computer is used by more than one person, each user should be able to see only their own files ​

Users and system administrators have different levels of access rights​

Some users may be allowed to read files but not edit them​

May include encryption of some files.

Question 31

Encryption

Answer 31

measures taken to prevent data from being interpreted.

Data is transmitted over a network can be intercepted.
Any intercepted data can be read and understood unless

Question 32

HTTPS

Answer 32

Hypertext Transfer Protocol Secure.

A security protocol used to ensure a trusted, encrypted data connection

Question 33

Define Operating System

Answer 33

Software that manages a computer’s hardware and provides a user interface

Question 34

Functions of an operating system

Answer 34

1) Provides a user interface.

2) Manages: memory, multitasking, peripherals, files, user access rights

Question 35

Types of User interface

Answer 35

1) GUI: Graphical User interface => WIMP: Windows, Icons, Menus and Pointers
2) Menu-driven Interface e.g. ATMs
3) CLI: Command Line Interface => Just text, e.g. Windows command prompt
4) Voice activated
5) Real-time => sensors detect inputs, actuators output actions

Question 36

WIMP Interfaces

Answer 36

User can click on icons using a pointer or cursor. Icons representing functions mean less need to type instructions - just click on an icon or menu item.Different shaped pointers have different uses. Right - clicking brings up context sensitive menus.

Question 37

Command Line Interfaces

Answer 37

All user commands must be typed as text. No graphics. Quicker for expert users who know the commands. Takes less space on the disk and in a RAM

Question 38

OS : Memory Management

Answer 38

To run a program, the computer must copy the program from storage into main memory.

Data is used by the program is copied into main memory. The os keeps a record where each program and its data are located. It must overwrite existing programs

Question 39

OS : Multi-tasking

Answer 39

The computer doing several tasks at the same time with different software: browser, playing music, background processes.

They are taking it in turns to get processor time to execute instructions. The OS must manage how the processes share the processor.

Question 40

Define Interupts

Answer 40

Signals sent to the CPU by external devices to indicate an event that needs immediate attention.
They tell the CPU to suspend its current activities and execute appropriate instructions

Question 41

Hardware interrupts

Answer 41

Generated by hardware devices - e.g. printer out of paper

Question 42

Software interrupts

Answer 42

generated by programs e.g. a divide by 0 error will cause calculation to be abandoned and an error message displayed.

Question 43

OS : Peripheral Management

Answer 43

The os must manage: getting input and sending output, copying files from disk to main memory, copy data files back to secondary storage.

Peripherals are all the devices outside the CPU. The access speed of these is relatively slow

Question 44

What is a device driver?

Answer 44

A program that controls a peripheral device such as printer, CD-ROM drive etc.

Each device communicates with the OS via its own driver.

Many device drivers are built into the operating system but if you buy a brand new type of device, it will be supplied with a driver which you will need to install.

Question 45

OS : Disk and file managment

Answer 45

The hard disk in a computer is a storage peripheral.

The os:

• manages where on the disk files are written
• keeps track of where they are so they can retrieved
• makes sure no file overwrites another file.

Question 46

OS : User management

Answer 46

The os organises user logins and passwords May include password protection on individual files. Controls access rights.

Question 47

Define Utilities

Answer 47

Utilities provide extra functionality that make computer systems easier to use. They can be packaged as part of the operating system or bought as stand-alone software programs

Question 48

Encryption software

Answer 48

used to transform text so it that it cannot be read without knowing the key to decode it.

Question 49

Uses of Encryption software utilities

Answer 49

1) Encrypt files and folders on a portable disk such as a USB memory stick
2) Encrypt web communication
3) Encrypt data on an organisation’s database

Question 50

Examples of Disk organization utilities

Answer 50

1) File management and transfer e.g. move, copy and delete folders and files
2) Disk defragmentation

Question 51

Utilities : Disk Defragmentation

Answer 51

A file is referred to as ‘fragmented’ when you save large file and it does not fit on the disk in consecutive memory locations.

• Retrieving data from the file takes more processing
• More processing means reduced performance

Defragmenting the hard disk re organises files so they are stored together.

• processing time reduces so performance is improved
• free space is also in one place so new files do not have to be fragmented.

Question 52

Utilities : Data compression software

Answer 52

WinZip enables users to compress and decompress files or folders​

• Reduces bandwidth usage and data consumption to download and send a compressed file​
• Can enable file sizes to fit with strict email attachment or ISP limits​
• Increases the amount of data that can be stored or archived on disk​

Question 53

Reasons for Backup utilities

Answer 53

You need to save the backed up data onto an external hard drive​

• Organisations from the smallest companies to the largest banks, cannot afford to lose any data​
• Commercial backup utilities make sure that even in the event of fire or flood, all data can be recovered​
• Backing up files is vital to protect against loss from accidental or malicious damage, corruption or natural disaster​

Question 54

What is a full backup?

Answer 54

Complete backup of everything which can be restored independently of any other backup​

Takes greater time and disk space to create the backup​

Question 55

What is an incremental backup?

Answer 55

Records only the changes made since the last backup​

A entire chain of backups is required to fully restore files​

Question 56

Examples of OS Functions

Answer 56

1) Communicate with internal and external hardware via device drivers
2) Provide User interface
3) Provide a platform for different applications to run
4) Allow the computer to multi-task by controlling memory resources and the CPU
5) Deal with file management and disk management
6) Manage system security and user accounts