Cybersecurity Module

Question 1

What is ethical hacking

Answer 1

Ethical hacking involves testing security of computer systems, networks, web applications

Tested by simulating attacks from malicious hackers to identify vulnerabilities and weaknesses in system or network, to help organisation strengthen its security

Question 2

What is purpose of ethical hacking

Answer 2

Strengthen organisations security measures by identifying & resolving security weaknesses before they can be exploited by attackers

Forsee potential security threats, develop robust security protocols to prevent security breaches

Demonstrate to clients & stakeholders that organisation values data protection, committed to safeguarding information

Question 3

What is penetration testing

Answer 3

Simulating attack on a specific part of organisation’s infrastructure such as network, application, device.

Deliberately try to exploit security vulnerabilities to see if unauthorised access or other malicious activities are possible

Question 4

What is black box penetration testing

Answer 4

Tester has no prior knowledge of network infrastructure

Question 5

What is grey box penetration testing

Answer 5

Tester has partial knowledge of network infrastructure

Question 6

What is white box penetration testing

Answer 6

Tester has full knowledge of network infrastructure

Question 7

What is process of penetration testing

Answer 7

1) Planning, Obtaining Info

2) Scanning, Gaining Access

3) Maintaining Access, Analysing Risk

4) Reporting Findings

Question 8

What are properties of ethical hacking

Answer 8

Authorisation: Performed with permission under contract

Purpose: Intend to improve system security

Reporting: Results privately reported to organisation

Question 9

What are properties of unethical hacking

Answer 9

No Authorisation: Performed Without permission, violates legal boundaries

Malicious Interest: Aims to steal, damage, disrupt operations

Misuse of Data: Exploit vulnerabilities, lead to theft, leaks, data damage

Question 10

What is role of privacy act 1988

Answer 10

Regulates handling of personal information about individuals

Protects personal information handled by federal government agencies, certain private sector organisations

All Australian & Norfolk Island government agencies, private sector & not-for-profit organisations (> $3 million), all private health providers, small businesses

Question 11

What is APP 1

Answer 11

Open and Transparent Management of Personal Information

Question 12

What is concept of australian privacy principles

Answer 12

13 principles, outlines standards/rights/obligations for handling/accessing/correction of personal info

Provide the base framework for how personal data must be treated

Question 13

What is APP 6

Answer 13

Use of Disclosure of Personal Information

Question 14

What is APP 11

Answer 14

Security of Personal Information

Question 15

What is authentication

Answer 15

Verify identity of users trying to access network resources

Authentication usually requires something the user knows (Password / Security Token / Biometrics)

Question 16

What is characteristics of strong passwords in authentication

Answer 16

12-16 characters

Upper & Lower case, numbers, symbols

Avoid common words, phrases, easily guessable info

Different passwords every website

Question 17

What is organisational approach to password policies in authentication

Answer 17

Change password every 3-6 months

Teach employees about importance

Use controls to ensure compliance with password policies

Regular checks ensure policies are followed & effective

Question 18

What is password policies impact on data security in authentication

Answer 18

Strong policies minimise risk of data breaches

Encourage users to take responsibility for own security

Meet requirements for data protection

Question 19

What is 2-factor authentication in authentication

Answer 19

Additional security layer, requires 2 forms of identification

Something you know, something you have

Reduces risk of unauthorised access

Question 20

What is biometrics in authentication

Answer 20

Fingerprints, Face ID, Voice Recognition

Difficult to forge, high level of security

Potential errors in recognition systems

Question 21

What is purpose of encryption

Answer 21

Protect data privacy

Ensure safe data transfer over internet

Data remains original & unaltered

Organisations comply with legal requirements

Question 22

What is public key encryption

Answer 22

Public key to encrypt data, private key to decrypt it

Question 23

What are features of public key encryption

Answer 23

Non-Symmetric: Public & Private key aren’t the same

Distribution: Public key can be shared, private key kept secret

Use Cases: Securing emails, authenticate digital signatures, establish secure connection

Question 24

What is private key encryption

Answer 24

Same key for encryption & decryption

Question 25

What are features of private key encryption

Answer 25

Symmetric: Public & Private key the same Key Distribution Problem: Key shared securely between communicating parties Encrypt large amounts of data efficiently

Question 26

What is social engineering (phishing) as methods to compromise security of system

Answer 26

Trick individuals to revealing confidential information Phishing - Sending fraud emails/messages, appear to be from trusted sources

Question 27

What is denial of service as methods to compromise security of system

Answer 27

Overload system resources, make it unavailable to users DDoS - Multiple systems attacking single target, amplify attack's impact

Question 28

What is back door as methods to compromise security of system

Answer 28

Pathway into system, bypass normal authentication methods Intentionally created by developers, installed through malware

Question 29

What is IP spoofing as methods to compromise security of system

Answer 29

Attacker sends message to computer with forged IP address Pretends to be trusted host to gain unauthorised access to information/services

Question 30

What is SQL injection as methods to compromise security of system

Answer 30

Exploits vulnerabilities in database layer of application Attackers execute malicious SQL commands

Question 31

What is man-in-the-middle attack as methods to compromise security of system

Answer 31

Attacker intercepts communications between two parties, modify data being exchanged Impersonate one/both parties Occur in unsecured Wi-Fi networks or compromised security certificates

Question 32

What is cross-site scripting as methods to compromise security of system

Answer 32

Vulnerability in web apps that allows attackers to inject malicious scripts into content viewed by others Steal cookies, session tokens, other sensitive info

Question 33

What is types of malware as methods to compromise security of system

Answer 33

Viruses, worms, trojan horses, ransomware, spyware, adware Software designed to harm/exploit any programmable device or network

Question 34

What is physical network threats as methods to compromise security of system

Answer 34

Physical damage to network infrastructure disrupts services Physical access to network = Data theft, hardware tampering - Theft of devices containing sensitive data

Question 35

What is zero-day vulnerabilities as methods to compromise security of system

Answer 35

Flaws in software unknown to vendor, without patch Valuable to attackers, can be exploited Requires vigilance, prompt software updates to mitigate risks

Question 36

What is cryptography

Answer 36

Securing communication of data through encryption, unreadable to unauthorised users

Question 37

What is purpose of cryptography

Answer 37

Ensures confidentiality, integrity, authenticity, non-repudiation of information & communications Used in banking, secure communications, password protection

Question 38

What is plain text

Answer 38

Original message / data that is readable, understandable without any decoding

Question 39

What is cipher text

Answer 39

Encrypted version of plain text, produced through cryptographic algorithms Appears random, cannot be understood without correct decryption key

Question 40

What is substitution as common ciphers

Answer 40

Replace elements of plain text with other characters, symbols, groups of characters

Question 41

What is rotation cipher as substitution

Answer 41

Shifts alphabet by fixed number

Question 42

What is random substitution cipher as substitution

Answer 42

Each letter of alphabet randomly linked to different letter or symbol

Question 43

What is polyalphabetic cipher as substitution

Answer 43

Uses keyword to determine shift for each letter of plaintext Every letter in keyword is the number of shifts of corresponding letter in plaintext

Question 44

What is brute force attack as methods for cracking substitution ciphers

Answer 44

Try every possible key until correct one found Impractical for ciphers with large number of possible keys

Question 45

What is frequency analysis as methods for cracking substitution ciphers

Answer 45

Analyse frequency of letters/groups of letters in ciphertext Compare to typical letter frequencies in language of original message