Cyber Security Stuff

Question 1

Cybersecurity

Answer 1

The practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

Question 2

Network security

Answer 2

Any activity designed to protect the usability and integrity of network and data. It includes both hardware and software technologies. Effective network security manages access to a network. It targets a variety of threats and stops them from entering or spreading on a network.

Question 3

Hackers

Answer 3

Individuals who will violate computer security for malicious or financial reasons; they may also be known as crackers.

Question 4

Planting the flag

Answer 4

Individuals who may seek financial reward for finding vulnerability, but are more interested in finding vulnerabilities than gaining something for themselves.

Question 5

Ethical hackers

Answer 5

Individuals whose activities are designed to test and enhance computer security; they may also be known as ethical hackers.

Question 6

Hacktivists

Answer 6

Individuals who use technology to announce a social, ideological, religious, or political message.

Question 7

Social engineering

Answer 7

The psychological manipulation of people into performing actions or divulging confidential information.

Question 8

Keylogging

Answer 8

Software designed to record and store every keystroke made on a computer. Criminals often attempt to install keylogging software onto a computer remotely

Question 9

Tailgating

Answer 9

Tailgating is a physical security breach in which an unauthorised person follows an authorised individual to enter secured premises.

Question 10

Pharming

Answer 10

Pharming redirects victims to a bogus site even if the victim has typed the correct web address. This type of scam is often applied to the websites of banks or e-commerce sites.

Question 11

Phishing

Answer 11

Phishing is the act of trying to obtain confidential records such as passwords. Emails that look as if they are from a legitimate, respected organisation are sent, but they contain links to fake websites that ‘phish’ data from unsuspecting victims.

Question 12

Digital devices

Answer 12

Devices that can be used for eavesdropping on live conversations or voicemails.

Question 13

Eavesdropping

Answer 13

A technique that involves the social engineer being physically present to overhear confidential conversations.

Question 14

Shoulder surfing

Answer 14

Looking over another person’s shoulder to view passwords or other data that is being entered.

Question 15

Pretexting

Answer 15

Attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. This type of attack commonly takes the form of a scammer who pretends that they need certain bits of information from their target in order to confirm their identity.

Question 16

Baiting

Answer 16

Similarly to phishing attacks, the scammer promises items or goods to entice their victims.

Question 17

Quid pro quo

Answer 17

These attacks promise a benefit in exchange for information, usually a service.

Question 18

Malware

Answer 18

Short for malicious software, this is programming or code that is used to disrupt computers by:
● Gathering sensitive information
● Gaining access to private computer systems
● Displaying unwanted advertising
● Distributing the performance of a computer or network

Question 19

Trojan

Answer 19

A malicious computer program that tricks users into willingly running it is called a ‘Trojan horse’ or simply a ‘Trojan’. They can be delivered via internet downloads, infected USBs, or email attachments.

Question 20

Zombie

Answer 20

A computer connected to the internet that has been compromised by a hacker, computer virus, or Trojan horse program and can be used to perform malicious tasks under remote direction

Question 21

Data breach/data interception

Answer 21

A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual who is not authorised to do so.

Question 22

Brute force attack

Answer 22

This type of attack can occur when an attacker systematically submits guessed passwords with the hope of eventually guessing correctly.

Question 23

DoS

Answer 23

A denial of service attack (DoS attack) is a cyberattack in which a criminal makes a network resource unavailable to its intended users by flooding the targeted machine or website with lots of requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Question 24

DDoS

Answer 24

In a distributed denial of service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This makes it impossible to stop the attack simply by blocking a single source.

Question 25

SQL injection

Answer 25

SQL injection occurs when malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Question 26

Virus

Answer 26

Malware that usually embeds itself into existing software on a device and then, once that software is run, spreads to other executable files.

Question 27

Worm

Answer 27

While also self-replicating, a worm does not need to infect an existing program. Worms are able to spread very rapidly, infecting large numbers of machines.

Question 28

Ransomware

Answer 28

This type of Trojan can modify data on a computer or device so that it doesn’t run correctly or so that users can no longer use specific data. The criminal will only restore the computer’s performance, or unblock data, after the victim has paid them the ransom money they demand.

Question 29

Spyware

Answer 29

Programs that can spy on how a user makes use of their computer or device, for example by tracking the data entered via a keyboard, taking screenshots, or getting a list of running applications

Question 30

Adware

Answer 30

Software that contains advertisements embedded in the application. It is not always a bad thing and is considered a legitimate alternative offered to consumers who do not wish to pay for software.

Question 31

Exploit

Answer 31

Code that takes advantage of a security vulnerability in an operating system, application, or any other software code, including application plug-ins or software libraries

Question 32

Encryption

Answer 32

Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its intended recipient.

Question 33

Caesar cipher

Answer 33

The cipher works by giving a number value to a key. Each plain text letter is replaced by a new letter: the one found at the original letter's position in the alphabet, plus or minus the value of the key.

Question 34

Encryption key

Answer 34

An encryption key is a piece of information, usually random characters, used by a software algorithm to encrypt data or a message into a form that is unreadable (encryption) and allow the data or message to be made readable again (decryption).

Question 35

Asymmetric encryption

Answer 35

Encryption that uses two keys: a public key and a private key.

Question 36

Input sanitisation

Answer 36

Including code that removes any SQL commands from the input data, preventing a hacker from gaining control of a database.

Question 37

Code reviews

Answer 37

Plans to review and test code in an attempt to discover vulnerabilities in programs before cybercriminals find them.

Question 38

Modular testing

Answer 38

Testing that checks individual subprograms, subroutines, classes, or procedures in a program.

Question 39

Firewall

Answer 39

A firewall sits between a local network or computer and another network, controlling the incoming and outgoing network traffic.

Question 40

Antivirus software

Answer 40

Software that is designed to detect and block attacks from malware. Some operating systems have their own inbuilt antivirus software.

Question 41

Network policy

Answer 41

Usually contains both an archiving policy and an acceptable use policy.

Question 42

Archiving policy

Answer 42

A policy that determines how long data can be kept for

Question 43

Acceptable use policy

Answer 43

States how the network may be used, including what is and is not acceptable, e.g. online shopping or gambling.

Question 44

Backup policy

Answer 44

A backup is a copy of data or files. A backup policy is a written statement that specifies how backups will be organised in an organisation, including frequency, by whom, using what media, and how the files are labelled

Question 45

Disaster recovery policy

Answer 45

A policy that allows an organisation to resume business quickly during or after a disaster, which could include a cyberattack.

Question 46

MAC address

Answer 46

A unique identifier that is used as a network address in communications within a network.

Question 47

MAC address filtering

Answer 47

This limits the devices that can access a network, either including or excluding specific devices by using their unique MAC address.

Question 48

MAC address white list

Answer 48

MAC addresses permitted to access a network.

Question 49

MAC address black list

Answer 49

MAC addresses banned from a network.

Question 50

Penetration testing (pen test)

Answer 50

A type of security testing used to test the insecure areas of a system or application.

Question 51

Network forensics

Answer 51

The monitoring and analysis of computer network traffic for information gathering and intrusion detection

Question 52

Physical security

Answer 52

Describes security measures that are designed to deny unauthorised access to facilities, equipment, and resources and to protect personnel and property from damage or harm, e.g. the use of passcards and biometric checks (fingerprints, retinal scans).

Question 53

White box pen test

Answer 53

Testing in which the tester has full knowledge, more like a malicious insider.

Question 54

Grey box pen test

Answer 54

Testing in which the tester has some knowledge — a compromise between a white and black box pen test.

Question 55

Black box pen test

Answer 55

Testing in which the tester has no knowledge, more like an external hacker.