Security Threats

Question 1

What is a passive attack?

Answer 1

A passive attack is where someone monitors data travelling on a network and intercepts sensitive information.

Best defense against passive attacks is data encryption.

Question 2

What tools do hackers use for passive attacks?

Answer 2

Network-monitoring hardware and software such as packet sniffers.

Question 3

How are passive attacks detected?

Answer 3

Passive attacks are hard to detect as the hacker is quietly listening.

Question 4

What is an active attack?

Answer 4

An active attack is when someone attacks a network with malware or other planned attacks.

Question 5

How are active attacks detected?

Answer 5

Active attacks are more easily detected.

Question 6

What is the main defense against active attacks?

Answer 6

A firewall.

Question 7

What is an insider attack?

Answer 7

An insider attack occurs when someone within an organisation exploits their network access to steal information.

Question 8

What is a brute force attack?

Answer 8

A type of active attack used to gain information by cracking passwords through trial and error.

Question 9

What methods do brute force attacks use?

Answer 9

Brute force attacks use automated software to produce hundreds of likely password combinations.

Question 10

What are simple measures to reduce the risk of a brute force attack?

Answer 10

• Locking accounts after a certain number of attempts
• Using strong passwords

Question 11

What is a denial-of-service attack (DoS)?

Answer 11

A DoS attack is where a hacker tries to stop users from accessing a part of a network or website.

Question 12

How do most DoS attacks operate?

Answer 12

By flooding the network with useless traffic, making it extremely slow or completely inaccessible.

Question 13

What is malware?

Answer 13

Malware is software that can harm devices and is installed without the user’s knowledge or consent.

Question 14

What are typical actions of malware?

Answer 14

• Deleting or modifying files
• Scareware
• Locking files
• Spyware
• Opening backdoors

Question 15

What is scareware?

Answer 15

Scareware tells the user their computer is infected to scare them into following malicious links or paying for fixes.

Question 16

What is ransomware?

Answer 16

Ransomware encrypts files on a computer and demands payment for a decryption key.

Question 17

What does spyware do?

Answer 17

Spyware secretly monitors user actions, such as key presses, and sends information to the hacker.

Question 18

What are rootkits?

Answer 18

Rootkits alter permissions, giving malware and hackers administrator-level access to devices.

Question 19

How can malware access your device?

Answer 19

• Viruses
• Worms
• Trojans

Question 20

What is a virus?

Answer 20

A virus attaches itself to certain files and spreads when users copy infected files.

Question 21

How do worms differ from viruses?

Answer 21

Worms self-replicate without any user help, exploiting weaknesses in network security.

Question 22

What is a Trojan?

Answer 22

A Trojan is malware disguised as legitimate software that users install unknowingly.

Question 23

What is a common reason for security threats in organizations?

Answer 23

Failure to properly secure their network, such as forgetting to encrypt data or using bad code.

Question 24

Who is often considered the weak point in secure systems?

Answer 24

People

Question 25

What is social engineering?

Answer 25

A method of gaining sensitive information or illegal access to networks by influencing people.

Question 26

How does social engineering typically occur over the telephone?

Answer 26

A caller pretends to be a network administrator and persuades an employee to disclose confidential information.

Question 27

What is phishing?

Answer 27

A form of social engineering where criminals send emails or texts pretending to be from a legitimate business to steal personal information.

Question 28

What do phishing emails often contain?

Answer 28

Links to spoof versions of a company's website requesting personal information.

Question 29

What features do many email programs and browsers have to combat phishing?

Answer 29

Anti-phishing features

Question 30

What are some giveaways that an email might be a phishing attempt?

Answer 30

Poor grammar and requests to follow links or update personal details.

Question 31

What are SQL injections?

Answer 31

Pieces of SQL typed into a website's input box that can reveal sensitive information.

Question 32

What does SQL stand for?

Answer 32

Structured Query Language

Question 33

How can SQL injections exploit weak input validation?

Answer 33

By entering SQL code that allows access to more data than intended.

Question 34

What could happen if a website's SQL code does not enforce strong validation?

Answer 34

Hackers can access sensitive information from the database.

Question 35

Fill in the blank: SQL injections can give criminals easy access to _______.

Answer 35

insecure data

Question 36

What is an example of an SQL injection attack?

Answer 36

Entering '12345 OR 1=1' instead of a valid PIN.

Question 37

True or False: SQL injections can bypass a website's firewall if the SQL code is insecure.

Answer 37

True

Question 38

What is the consequence of executing an SQL injection like 'SELECT name, address, account number WHERE pin = 12345 OR 1=1'?

Answer 38

It shows the details of everyone on the website's database.

Question 39

What is the role of input validation in preventing SQL injections?

Answer 39

It ensures only valid input is processed to prevent unauthorized access.

Question 40

What is the purpose of a good network policy?

Answer 40

To regularly test the network, use passwords, enforce user access levels, install anti-malware and firewall software, and encrypt sensitive data. ## Footnote A good network policy helps in identifying and fixing security weaknesses and preventing unauthorized access.

Question 41

What is penetration testing?

Answer 41

A method where organizations employ specialists to simulate potential attacks on their network to identify weaknesses. ## Footnote Results of the pentest are reported back for further action.

Question 42

What is the role of network forensics?

Answer 42

To investigate the cause of cyber accidents or attacks by capturing and analyzing data packets. ## Footnote This analysis helps in understanding how the network was attacked and in preventing future attacks.

Question 43

How do passwords help in network security?

Answer 43

They prevent unauthorized users from accessing the network and should be strong, long, and changed regularly. ## Footnote A strong password typically includes a combination of letters, numbers, and symbols.

Question 44

What are user access levels?

Answer 44

Controls which part of the network different groups of users can access. ## Footnote Higher access levels allow users, like business managers, to access sensitive data and modify permissions.

Question 45

What is anti-malware software designed to do?

Answer 45

To find and stop malware from damaging an organization’s network and devices. ## Footnote Includes antivirus programs that isolate and destroy computer viruses.

Question 46

What is the function of firewalls?

Answer 46

To block unauthorized access by examining all data entering and leaving the network. ## Footnote Firewalls help in preventing potential threats to the network.

Question 47

What is encryption?

Answer 47

The process of translating data into a code that can only be accessed by someone with the correct key. ## Footnote Encrypted data is known as cipher text, while unencrypted data is plain text.

Question 48

Why is encryption essential?

Answer 48

It ensures secure transmission of data over a network. ## Footnote Encryption protects sensitive information from unauthorized access during transfer.

Question 49

Fill in the blank: Encrypted text is called _______.

Answer 49

cipher text

Question 50

Fill in the blank: Data which has not been encrypted is called _______.

Answer 50

plain text