Week 2

Question 1

Malware

Answer 1

A software designed to harm devices or networks

Question 2

Virus

Answer 2

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Question 3

Worm

Answer 3

Malware that self-replicates, spreading across the network and infecting computers

Question 4

Ransomware

Answer 4

Type of malware that threat actors encrypt data and demand payment to restore them

Question 5

Spyware

Answer 5

Malicious software installed on computer without permission to spy on or steal user data

Question 6

Phishing

Answer 6

Use of digital communication to trick people into revealing sensitive data or deploying malicious software

Question 7

Spear phishing

Answer 7

Malicious email attack targeting specific users that appears to originated from trusted source

Question 8

Whaling

Answer 8

A form of spear phishing targeting executives to gain access to sensitive data

Question 9

Business email compromise (BEC)

Answer 9

An attack in which threat impersonates a known sorce to obtain a financial advantage

Question 10

Vishing

Answer 10

Exploitation of voice electronic communication to obtain sensitive information or to impersonate a known sorce

Question 11

Social engineering

Answer 11

Manipulation technique that exploits human error to gain unauthorised access to sensitive, private and/or valuable data

Question 12

Social media phishing

Answer 12

An attack in which detailed information about target is collected on social media sites before initiating attack

Question 13

Watering hole attack

Answer 13

Compromising website that is frequently visited by a specific group of users

Question 14

Physical social engineering

Answer 14

An attack in which threat actor impersonates an employee, customer, or vender to obtain unauthorised access to a physical location

Question 15

USB baiting

Answer 15

A malware USB stick is strategically left for an employee to find and unknowingly infect a network

Question 16

8 Security Domains

Answer 16

1. Security and risk management
2. Asset security
3. Security architecture and engineering
4. Communication and network security
5. Identity and access management
6. Security assessment and testing
7. Security operations
8. Software development security

Question 17

Security and Risk Management

Answer 17

Defining security goals and objectives, risk mitigation, compliance, business continuity and law

Question 18

Asset Security

Answer 18

Securing digital and physical assets - storage, maintenance, retention, and destruction of data

Question 19

Security architecture and engineering

Answer 19

Optimising data security by ensuring effective tools, systems, and processes are in place
E.g. configuring firewall

Question 20

Communication and Network Security

Answer 20

Managing and securing physical networks and wireless