Home | | Information Security | Important Short Questions and Answers: Security Investigation

Chapter: Information Security - Security Investigation

| Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail |

Important Short Questions and Answers: Security Investigation

Information Security - Security Investigation - Important Short Questions and Answers: Security Investigation

1.  What is a threat?

 

Threat is an object, person or other entity that represents a constant danger to an asset.

 

2. What are Hackers?

 

Hackers are people who use and create computer software for enjoyment or to gain access to information illegally.

 

3.What are the levels of hackers?

 

Expert Hacker Develops software codes

Unskilled Hacker

Uses the codes developed by the experts

 

4. What are script kiddies?

 

These are hackers of limited skills who expertly written software to exploit a system but not fully understand or appreciate the systems they hack.

 

5. What is a Phreaker?

 

A Phreaker hacks the public telephone network to make free calls.

 

6. What is Malicious code?

 

These are programs, which are designed to damage, destroy, or deny service to the target system

 

7.What are the types of virus?

 

Macro virus

 

Boot virus

 

8.What are trojan horses?

 

They are software programs that hide their true nature and reveal their designed behavior only when activated.

 9. What is a polymorphic threat?

 

 

It is one that changes its apparent shape over time.

 

10. What is intellectual propery?

 

It is the ownership of ideas and control over the tangible or virtual representation of those ideas.

What is an attack?


It is a deliberate act that exploits vulnerability.


 11. What vulnerability?


It is an identified weakness of a controlled system with controls that are not present or no longer effective.


12. What are the attack replication vectors?


Ip scan and attack


Web browsing


Virus


Shares


Mass mail


SNMP


13. What is a brute force attack?


Trying every possible combination of options of  assword. 

14. What are sniffers?


Sniffers are programs or device that can monitor data traveling over an network.

 15. What is social engineering?


It is the process of using social skills to convince people to reveal access credentials to the attackers.


16.What are the types of Laws?


Civil Law


Criminal Law


Tort Law


17. Differentiate Private & Public Laws. Private Laws:

This Law regulates the relationship between the individual and the organization.

 

Eg: Family Law, Commercial Law, Labor Law Public Law:

 

This Law regulates the structure and administration of government agencies and their relationship with the citizens, employees and other governments.

 

Eg: Criminal Law, Administrative Law, Constitutional Law.

 

18. What are the fundamental principles of HIPAA.

 

Consumer control of medical information.

 

Boundaries on the use of medical information.

 

Accountability for the privacy of private information.

 

Security of health information.

 

19. What are the general categories of unethical and illegal behaviour?

 

Ignorance

 

Accident

 

Intent

 

20. What is deterrence?

 

It is the best method for preventing illegal or unethical activity.

 

Examples are laws, Policies and technical controls.

 

21. What are the forces of Nature affecting information security? Forces of Nature

 

Forces of nature, force majeure, or acts of God are dangerous because they are unexpected and can occur with very little warning

 

Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information

 

Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation

 

 Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations

 

22. What are technical hardware failures or errors?

 

Technical Hardware Failures or Errors

 

Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws

 

These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability

 

Some errors are terminal, in that they result in the unrecoverable loss of the equipment

 

Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated

 

23.What are technical software failures or errors?

 

Technical Software Failures or Errors

 

This category of threats comes from purchasing software with unrevealed faults

 

Large quantities of computer code are written, debugged, published, and sold only to determine that not all bugs were resolved

 

Sometimes, unique combinations of certain software and hardware reveal new bugs

 

Sometimes, these items aren’t errors, but are purposeful shortcuts left by programmers for honest or dishonest reasons

 

 

24. What is technological obsolescence?

 

Technological Obsolescence

 

When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems

 

Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks

 

Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action

 

25.What is an attack?

 

Attacks

 

An attack is the deliberate act that exploits vulnerability

 

It is accomplished by a threat-agent to damage or steal an organization’s information or physical asset

 

o  An exploit is a technique to compromise a system

 

A vulnerability is an identified weakness of a controlled system whose controls are not present or are no longer effective

 

An attack is then the use of an exploit to achieve the compromise of a controlled system

 

26. What is  a malicious code?

 

Malicious Code

 This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information

 

The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices





Intellectual Property


It is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas.


Software Piracy



Most Common IP breach is the unlawful use or duplication of software based intellectual property more commonly known as software Piracy.


Hackers


“People who use and create computer software to gain access to information illegally”


Expert Hackers-> Masters of several programming languages, networking protocols, and operating systems .


Unskilled Hackers


Virus


Segments of code that performs malicious actions.


Macro virus-> Embedded in automatically executing macrocode common in word processors, spreadsheets and database applications.


Boot Virus-> infects the key operating files located in the computer’s boot sector.


Worms


A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication.


Worms


A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication.


Password Crack


Attempting to reverse calculate a password is often called cracking.


Brute Force


The application of computing & network resources to try every possible combination of options of a password is called a Brute force attack.


SPAM


Spam is unsolicited commercial E-mail.

It has been used to make malicious code attacks more effective.


Mail Bombing


Another form of E-mail attack that is also a DOS called a mail bomb.


Sniffers

A sniffer is a program or device that can monitor data traveling over a network.





Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail


Copyright © 2018-2020 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.