1.Learning Aim A2 System Vulnerabilities

Question 1

What is a system vulnerability?

Answer 1

A weak point in a system that has the potential for exploitation

Question 2

List the different areas from which system vulnerabilities may arise.

Answer 2

• Network vulnerabilities
• Organisational vulnerabilities
• Software vulnerabilities
• Operating system vulnerabilities
• Mobile device vulnerabilities
• Physical vulnerabilities
• Process vulnerabilities
• Cloud/IoT vulnerabilities

Question 3

What are network vulnerabilities?

Answer 3

Major sources of attacks on a business’s IT systems, including open firewall ports

Question 4

What is a network port?

Answer 4

The endpoint of a network communication used for different applications

Question 5

True or False: All network ports are naturally secure.

Answer 5

False

Question 6

What is a common risk associated with external storage devices?

Answer 6

They can introduce malicious software into the organization

Question 7

What can happen if an employee uses an infected USB stick at work?

Answer 7

It can infect the work computer and potentially spread throughout the network

Question 8

What can organisational vulnerabilities stem from?

Answer 8

Processes and policies of the organisation, such as file permissions and password policies

Question 9

What is the consequence of assigning total permissions and privileges to an employee?

Answer 9

Anyone with access to that employee’s login could cause significant damage

Question 10

What does a password policy ensure?

Answer 10

That secure passwords are employed by a system’s users

Question 11

Fill in the blank: Passwords must include _______.

Answer 11

uppercase letters, lowercase letters, numbers & symbols

Question 12

What are software vulnerabilities?

Answer 12

Flaws in software that can be exploited, often from untrustworthy sources

Question 13

What is SQL injection?

Answer 13

A software vulnerability where users can enter an SQL statement to access data

Question 14

What are zero-day vulnerabilities?

Answer 14

Flaws in software that are unknown to the developers, opening the system to threats

Question 15

What can cause operating system vulnerabilities?

Answer 15

Flaws in the code and poor maintenance by the organization

Question 16

What was a key factor in the NHS ransomware attack of 2017?

Answer 16

Use of the unsupported Windows XP operating system

Question 17

What risk do mobile devices pose in a business context?

Answer 17

They may contain vulnerabilities in their system software

Question 18

What is a major issue with OEM updates for mobile devices?

Answer 18

Delays in distributing important security patches

Question 19

What is a significant physical vulnerability to IT systems?

Answer 19

The theft of equipment such as laptops and mobile devices

Question 20

What is social engineering in the context of IT vulnerabilities?

Answer 20

Techniques used to manipulate individuals into divulging confidential information

Question 21

What are process vulnerabilities?

Answer 21

Weaknesses in how individuals use a system that can lead to data leaks

Question 22

What does sharing security details refer to?

Answer 22

Individuals sharing security information with others who may not be trusted

Question 23

What is a vulnerability associated with cloud computing?

Answer 23

Accounts can be hacked, leading to data modification, deletion, or theft

Question 24

What is the Internet of Things (IoT)?

Answer 24

The interconnectivity of non-standard computing devices to gather and share data

Question 25

What issue do IoT devices have regarding security?

Answer 25

They are often developed without security considerations