Unit 3- Cyber security Questions and Answers Fully Solved

Unit 3- Cyber security Questions and Answers Fully Solved What is cyber security? The way in which an individual/organisation manages its hardware, software, information and data. What is the CIA triad? A cyber security methodology that manages cyber security standing for confidentiality, integrity and availability. What is a packet sniffer? A device that monitors data across a network able to see everything that passes. What is a symmetric key? When the encryption and decryption codes are the same. What is an asymmetric or public key? Everyone has access to the encryption key but only the recipient has access to the decryption key. What are the two types of privilege escalation? vertical- users exploit bugs in a system to gain higher level privileges. horizontal- when another user gains access to someone on the same levels account. What are the 6 types of cyber incidents? Unauthorised access to data modification of data destruction of data information disclosure inaccessible data theft of data Why should you protect your data? Mail can be intercepted Identity can be stolen May not be allowed insurance Why should an organisation protect its data? To protect income and IPs They have to protect staff data under the DPA. What is a vulnerability? A flaw or issue that results in weakness of a system. Name 3 types of threat. System attacks (ddos, botnets) Physical Environmental State 4 examples of organised cyber crime. Stealing identities. Stealing IP. Black mail. emptying bank accounts. Name all 8 types of attackers. Cyber criminal, hacktivist, cyber terrorist, insider, vulnerability broker, script kiddie, scammer, phisher. What is a script kiddie? Some who uses software or scripts created by others to attack devices. (often done for thrill) Name threats to mobile devices. Can be lost. less likely to have antivirus. Can connect to networks automatically in some cases. Name the types of cyber security controls. Hardware, software, Encryption, Physical, procedures. Define phishing. The act of trying to obtain sensitive data by pretending to be a trustworthy source. What is an information broker? Someone who collects data on people to sell. What are motivations for attackers? Thrill, Income generation, spying, righting perceive wrongs, fraud, public good. What is a cookie? A piece of text sent from a web server stored on the user's computer to track and store information. What is money laundering? Hiding the origin of illegally obtained money. Define state sponsored threats to cyber security. Any cyber attacks done by government spies on foreign powers. What are the different types of targets for cyber criminals? Individuals, Organisations, Equipment, information and data. Why would equipment by targeted in a cyber attack? They may have weaker virus and network protections than most. Can be lost. Can connect to networks automatically in some cases. What does the communications act 2003 do? Makes it illegal to transmit messages over a network that are offensive, indecent, obscene or menacing. Name the key aspects of risks management. Identify the risks, identify the probability of the risk occurring, monitoring and controlling the risk. What are the 4 types of risks in a computer system. Hardware, software, communication devices, information and data. Give an example of an environment vulnerability. A flood. Name 2 hardware assets. servers and computers. Name 3 communications equipment assets. Hubs, routers and modems. How are assets assessed for its vulnerability? The cost to the organisation and the effect of it occurring. Why are logs reviewed after a cyber security incident? To identify what, when and where the incident occurred to contain it. What is a backdoor/trapdoor? A method that allows people to access a network by bypassing the normal security due to a piece of code or shortcut. What can unauthorised cookies do? They can track the sites you visit and use information to enable others to send unwanted emails and popups. Name ways to protect against different vulnerabilities. Automated tools, patch deployment, manually. What are the stages of the vulnerabilities management life-cycle? Identify, prioritise assets, assess, Report, re-mediate and verify. What is patch deployment? When flaws or bugs are fixed through a software update. Where are IDS placed in a network? Between the firewall and the internet. Where are IPS placed in a network? Between a router and a switch. Why are procedures and policies created for security? So that incidents that do occur are more likely by accident. Why should you know the extent of an incident? So you know how to contain and manage it.