6.1 SecurityPrivacy&DataIntegrity.data_security

Question 1

What is data privacy?

Answer 1

The privacy of personal information or other data stored on a computer that should not be accessed by unauthorised parties.

Question 2

What are data protection laws?

Answer 2

Laws that govern how data should be kept private and secure.

Question 3

What is data security?

Answer 3

Methods taken to prevent unauthorised access to data and to recover data if lost or corrupted.

Question 4

What is a user account?

Answer 4

An agreement that allows an individual to use a computer or network server, often requiring a username and password.

Question 5

What is authentication?

Answer 5

A way of proving somebody or something is who or what they claim to be.

Question 6

What are access rights in data security?

Answer 6

The use of access levels to ensure only authorised users can gain access to certain data.

Question 7

What is malware?

Answer 7

Malicious software that seeks to damage or gain unauthorised access to a computer system.

Question 8

What is a firewall?

Answer 8

Software or hardware that sits between a computer and an external network, monitoring and filtering all incoming and outgoing activities.

Question 9

What is anti-spyware software?

Answer 9

Software that detects and removes spyware programs installed illegally on a user’s computer system.

Question 10

What is encryption?

Answer 10

The use of encryption keys to make data meaningless without the correct decryption key.

Question 11

What are biometrics?

Answer 11

The use of unique human characteristics to identify a user, such as fingerprints or face recognition.

Question 12

What is hacking?

Answer 12

Illegal access to a computer system without the owner’s permission.

Question 13

What is malicious hacking?

Answer 13

Hacking done with the sole intent of causing harm to a computer system or user, e.g., deleting files or exploiting private data.

Question 14

What is ethical hacking?

Answer 14

Hacking used to test the security and vulnerability of a computer system, carried out with the permission of the system owner.

Question 15

What is phishing?

Answer 15

Legitimate-looking emails designed to trick recipients into giving their personal data to the sender.

Question 16

What is pharming?

Answer 16

Redirecting a user to a fake website to illegally obtain personal data.

Question 17

What is DNS cache poisoning?

Answer 17

Altering IP addresses on a DNS server by a ‘pharmer’ or hacker to redirect users to fake websites.

Question 18

Why is data privacy required?

Answer 18

To ensure that data stored about a person or an organisation remains private and unauthorised access is prevented.

Question 19

How is data privacy achieved?

Answer 19

Partly through data protection laws that set guidelines for data handling.

Question 20

What are the eight guiding principles of data protection laws?

Answer 20

1. Data must be fairly and lawfully processed.
2. Data can only be processed for the stated purpose.
3. Data must be adequate, relevant, and not excessive.
4. Data must be accurate.
5. Data must not be kept longer than necessary.
6. Data must be processed in accordance with the data subject’s rights.
7. Data must be kept secure.
8. Data must not be transferred to another country unless that country has adequate protection.

Question 21

Who do data protection laws usually cover?

Answer 21

Organisations rather than private individuals.

Question 22

Do data protection laws guarantee data privacy?

Answer 22

No, but the legal threat of fines or jail sentences deters most people from violating them.

Question 23

What is data security?

Answer 23

Methods used to prevent unauthorised access to data and to recover data if it is lost.

Question 24

What is the purpose of user accounts in data security?

Answer 24

To authenticate users and control access rights based on their role.

Question 25

How do user accounts authenticate users?

Answer 25

By requiring a username and password, often through a screen prompt.

Question 26

How do user accounts control access rights?

Answer 26

Through access levels, where different users have different permissions based on their role.

Question 27

Give an example of access rights in a real-world scenario.

Answer 27

In a hospital, a cleaner wouldn’t have access to patient data, but a consultant would, based on their access level.

Question 28

What is the purpose of passwords?

Answer 28

To restrict access to data or systems, ensuring only authorised users can gain access.

Question 29

How can passwords be protected?

Answer 29

- Run anti-spyware software to prevent passwords from being relayed. - Regularly change passwords in case they’ve been compromised. - Use strong, hard-to-guess passwords.

Question 30

What makes a password strong?

Answer 30

- At least one capital letter - At least one numerical value - At least one special character (e.g., @, *, &) - Long enough

Question 31

Provide examples of strong and weak passwords.

Answer 31

- Strong: Sy12@#TT90kj=0 - Weak: GREEN

Question 32

What are digital signatures?

Answer 32

A method to protect data by identifying the sender of digital communications, such as emails.

Question 33

What is a firewall?

Answer 33

A software or hardware security system that filters incoming and outgoing network traffic to protect against threats like hacking, malware, phishing, and pharming.

Question 34

What tasks are carried out by a firewall?

Answer 34

- Examining traffic between a computer and external networks. - Checking if data meets security criteria. - Blocking and warning about suspicious traffic. - Logging all network activity for review. - Preventing access to undesirable sites via IP filtering. - Helping to prevent viruses or hackers from entering. - Warning users when software attempts external access.

Question 35

How can firewalls be implemented?

Answer 35

- As hardware, often referred to as a gateway, between the internal network and the internet. - As software, installed on a computer, sometimes part of the operating system.

Question 36

What can firewalls NOT prevent?

Answer 36

- Users on internal networks bypassing the firewall with personal modems. - Employee misconduct, like poor password management. - Users on stand-alone computers disabling the firewall.

Question 37

How can firewall limitations be managed?

Answer 37

Through proper management practices and personal responsibility to maintain security measures effectively.

Question 38

What is the purpose of antivirus software?

Answer 38

To detect, prevent, and remove viruses from a computer system.

Question 39

How does antivirus software work?

Answer 39

- Checks software or files before running/loading. - Compares files against a database of known viruses. - Uses heuristic checking to detect suspicious behaviour. - Quarantines potentially infected files for deletion or user review.

Question 40

What is heuristic checking in antivirus software?

Answer 40

A method that checks software behaviour for signs of a virus, useful for detecting new, unknown viruses.

Question 41

What is a false positive in antivirus software?

Answer 41

When antivirus software wrongly identifies a safe file as a virus.

Question 42

Why must antivirus software be regularly updated?

Answer 42

To keep the virus database current since new viruses are constantly discovered.

Question 43

How often should full system scans be performed?

Answer 43

Regularly, such as once a week, to detect dormant viruses.

Question 44

What is anti-spyware software?

Answer 44

Software that detects and removes spyware programs installed illegally on a computer.

Question 45

How does anti-spyware software detect threats?

Answer 45

- Rule-based detection (looking for typical spyware behaviours). - Identifying known spyware file structures.

Question 46

What is encryption?

Answer 46

The process of converting data into an unreadable format without the correct decryption key, protecting it from unauthorised access.

Question 47

Can encryption prevent data deletion?

Answer 47

No, it prevents unauthorised data usage but cannot stop data from being deleted.

Question 48

What are biometrics?

Answer 48

Security measures that rely on unique human characteristics, such as fingerprints, retina patterns, face recognition, and voice recognition.

Question 49

How do fingerprint scans work?

Answer 49

They compare scanned fingerprints to stored ones, matching ridge and valley patterns (accuracy ~1 in 500).

Question 50

What are retina scans and how do they work?

Answer 50

They use infra-red to scan unique blood vessel patterns in the retina, requiring the user to stay still for 10–15 seconds (accuracy ~1 in 10 million).

Question 51

How are biometrics used in mobile phones?

Answer 51

To verify that the phone user is the owner through fingerprint, face, or voice recognition.

Question 52

What are the two types of hacking?

Answer 52

Malicious hacking (unauthorised, harmful) and ethical hacking (authorised, legal, for security testing).

Question 53

What is malicious hacking?

Answer 53

Illegal access to a computer system without permission, aiming to delete, alter, or steal data.

Question 54

How can you guard against malicious hacking?

Answer 54

Using strong passwords, firewalls, and software that detects illegal activity.

Question 55

What is ethical hacking?

Answer 55

Legal hacking authorised by companies to test security measures and identify vulnerabilities.

Question 56

What is malware?

Answer 56

Malicious software designed to harm, disrupt, or gain unauthorised access to computer systems.

Question 57

What are viruses?

Answer 57

Malicious code that replicates itself, deletes/corrupts files, or causes system malfunctions, requiring a host program.

Question 58

What are worms?

Answer 58

Stand-alone viruses that replicate and spread through networks, exploiting weak security.

Question 59

What are logic bombs?

Answer 59

Malicious code triggered by specific conditions (e.g., a date), used to delete files or send data to hackers.

Question 60

What are Trojan horses?

Answer 60

Malicious programs disguised as legitimate software to harm systems or steal data.

Question 61

What are bots (internet robots)?

Answer 61

Automated programs, sometimes harmful, that can take control of systems and launch attacks.

Question 62

What is spyware?

Answer 62

Software that secretly gathers information (like keystrokes) and sends it to the attacker.

Question 63

What is phishing?

Answer 63

A scam using legitimate-looking emails to trick users into revealing personal data or clicking harmful links.

Question 64

How can you identify phishing emails?

Answer 64

- Generic greetings (e.g., "Dear Customer"). - Suspicious links or attachments. - Requests for sensitive information.

Question 65

How can you prevent phishing attacks?

Answer 65

- Stay updated on phishing scams. - Avoid clicking suspicious links. - Use anti-phishing toolbars. - Check for https and a green padlock in the address bar. - Regularly update passwords and monitor accounts. - Use up-to-date browsers with firewalls. - Block pop-ups and avoid clicking "cancel" on suspicious ones; close using the X button.

Question 66

What is the purpose of anti-phishing toolbars?

Answer 66

To alert users of malicious websites linked in phishing emails.

Question 67

Why is https important when browsing?

Answer 67

It indicates encrypted communication, providing a layer of security for online transactions.

Question 68

What is pharming?

Answer 68

Pharming is malicious code that redirects users to fake websites without their knowledge, often to steal personal data.

Question 69

How does pharming differ from phishing?

Answer 69

Unlike phishing, pharming doesn’t require user action (like clicking a link); redirection happens automatically.

Question 70

What is DNS cache poisoning?

Answer 70

A pharming technique where the real IP address in the DNS server is altered, redirecting users to fake websites.

Question 71

How can pharmers infect a user’s computer?

Answer 71

By sending malicious code stored on the HDD, which redirects web traffic to fake sites when specific URLs are typed.

Question 72

How can you protect against pharming?

Answer 72

- Use antivirus software to detect unauthorised website alterations. - Use modern browsers with pharming/phishing alerts. - Check website spellings carefully. - Look for https and the green padlock symbol in the address bar.

Question 73

Why is pharming hard to mitigate if the DNS server is infected?

Answer 73

Because the redirection occurs at the DNS level, beyond the user’s control, affecting all users relying on that server.

Question 74

What are common causes of data loss?

Answer 74

- Accidental deletion. - Hardware faults (e.g., HDD crash). - Software faults (e.g., system crashes). - Incorrect computer operation (e.g., improper shutdown).

Question 75

How can you recover data after accidental deletion?

Answer 75

- Use back-ups. - Regularly save data. - Use passwords to restrict access.

Question 76

How can hardware faults cause data loss?

Answer 76

Issues like HDD crashes or power loss can corrupt or delete data.

Question 77

How do you safeguard against hardware faults?

Answer 77

- Use back-ups. - Install an uninterruptable power supply (UPS). - Save data regularly. - Use parallel systems as hardware back-ups.

Question 78

What risks come from software faults?

Answer 78

Software crashes or incompatibility issues can corrupt or delete data.

Question 79

How can you prevent data loss from software faults?

Answer 79

- Back-up data regularly. - Save data frequently while working.

Question 80

What are examples of incorrect computer operations that cause data loss?

Answer 80

- Improper shutdowns. - Removing memory sticks without following procedures.

Question 81

How can you minimise risks from incorrect computer operation?

Answer 81

- Regular back-ups. - Provide proper training on hardware operations.

Question 82

Why is regular data back-up important?

Answer 82

It ensures data recovery in case of accidental loss, hardware faults, or software errors.

Question 83

Where should back-ups be stored?

Answer 83

In a separate location (like cloud storage or an external HDD) to protect against physical threats (e.g., fire, theft).

Question 84

Who should be responsible for data back-ups?

Answer 84

A designated person to ensure back-ups are performed consistently.

Question 85

Why might back-ups not help after a virus infection?

Answer 85

The back-up could contain the virus, risking re-infection when restoring data.