Lo3

Question 1

What are the steps to cyber-security risk management?

Answer 1

Identify the risks.

Measure the risk and how serious and how likely is that you might get attacked.

Monitor and report the risks.

Control the risks

Adjust the risk management process.

Question 2

What are the 4 assets in the computer system and networks?

Answer 2

Hardware resources
Software resources
Communication equipment
Information and data

Question 3

Give 3 examples of hardware assets

Answer 3

Hardware resources - computer ,servers ,printers ,scanners

Question 4

Give 3 examples examples of software assets

Answer 4

Software resources - Word processor ,databases ,spreadsheets bespoke software

Question 5

Give 3 examples of communication assets

Answer 5

Communication Resources - Hubs ,routers ,bridges ,gateways ,modems

Question 6

Give 3 examples of information and data assets

Answer 6

Information and data resources - Customer data, employee data, financial reports

Question 7

What is done after a vulnerability is identified?

Answer 7

Risks are placed on a scale from critical impact(High priority) to low impact(Low priority)

Question 8

Define remediation

Answer 8

Remediation is the way vulnerabilities are dealt with

Question 9

State the 3 steps in remediation

Answer 9

Patch Development
Manual
Automated Tools

Question 10

What is Patch Development in remediation?

Answer 10

Where software code is written to solve a software issue

Question 11

What is Manual in remediation?

Answer 11

This is where physical steps are taken to reduce the vulnerabilities by IT technicians

Question 12

What is Automated Tools in remediation?

Answer 12

Tools that can Identify and fix any problems without the need for human intervention

Question 13

What are Biometrics?

Answer 13

A tool that can identify individuals using their biological characteristics

Question 14

Give 3 examples of Biometrics

Answer 14

Finger print, face recognition, voice id, retina scan etc

Question 15

What are assets?

Answer 15

Anything with a value owned by an individual or organization

Question 16

Define vulnerability assessment tools

Answer 16

They find the vulnerabilities in the code which can be exploited to cause damage

Question 17

Define Penetration Testing

Answer 17

This is where an authorized attach on the system is conducted to see where the flaws and weaknesses are in the system

Question 18

Define Fuzz Testing

Answer 18

This is where a large amount of random data(fuzz) is entered in an attempt to discover loopholes in the code and to make it crash

Question 19

Define Sandboxing

Answer 19

Where an isolated piece of code is tested an ran without it affecting the rest of the program

Question 20

Explain the role of an Intrusion Detection System(IDS)

Answer 20

This is a software or device that monitors the network to see if there has been a violation of policies or malicious activities

Question 21

What is Physical Control in terms of security?

Answer 21

Physical control is the implementation of security measures in a de-fined structure used to deter or pre-vent unauthorized access to sensitive material

Question 22

Give 3 examples of Physical Control security methods

Answer 22

Closed-circuit surveillance cameras, Motion or thermal alarm systems, Security guards, Picture IDs, Locked and dead-bolted steel doors, access control cards, biometric access control systems and etc

Question 23

What is Software Control in terms of security?

Answer 23

Software controls is any computer program designed to enhance information security and defend computers against intrusion and unauthorized access.

Question 24

Give 3 examples of Software Control security methods

Answer 24

Firewalls, Anti-malware, Operating system updates, Patch management and etc

Question 25

What is Encryption?

Answer 25

Encryption is a tool that is used to convert plain test into something unreadable and the only way to decrypt is with a secret key/password and it is used so if data is stolen in an attack or a leak then it won’t be useful to the thieves

Question 26

What is Encryption?

Answer 26

Encryption is a tool that is used to convert plain test into something unreadable and the only way to decrypt is with a secret key/password and it is used so if data is stolen in an attack or a leak then it won’t be useful to the thieves

Question 27

What is Asymmetric encryption?

Answer 27

This is a process that uses a pair of related keys – one public key and one private key – to encrypt and decrypt a message and protect it from unauthorized access or use.

Question 28

What is Symmetric encryption?

Answer 28

This is where a key is used to encrypt some plain text and sent to someone, then the receiver uses the same secret key he knows to decrypt the message into the original format

Question 29

What is a risk?

Answer 29

A risk is a threat that something can happen that would be bad for the company in anyway

Question 30

State some risks that can happen to physical assets

Answer 30

Theft, malicious intent, defacing, redundancy

Question 31

State some risks that can happen to digital assets

Answer 31

Viruses , hacking , corruption and failure to protect from internal unauthorized access

Question 32

Describe the acceptable use policy

Answer 32

This policy outlines how to use the computers systems and the security measures to take to ensure there is no information or resource loss

Question 33

what is the digital signature acceptance policy

Answer 33

This is where a digital signature is sufficient evidence for the identity of documents

Question 34

Describe the Disaster recovery plan

Answer 34

Steps that have to be taken to recover any lost data or IT systems from any disaster

Question 35

What is cryptography?

Answer 35

Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents