Basics of Computer Security

Questions and Answers

What is the primary purpose of malware?

• To provide user convenience
• To protect against unauthorized access
• To harm a computer user (correct)
• To optimize system performance

Which of the following best describes phishing?

• A technique to improve network security
• An automated attack on computer systems
• A method of data encryption
• Tricking users into providing personal information (correct)

Which of the following is NOT categorized as malware?

• Web browsers (correct)
• Spyware
• Viruses
• Worms

Identity theft primarily involves which of the following activities?

Gaining unauthorized access to personal information (B)

What is defined as hacking?

Secretly accessing a computer system to steal information (A)

Which type of cyber threats involves manipulating individuals to gain sensitive information?

Social engineering (B)

Which of the following is an example of a privacy attack?

Unauthorized access to personal email (A)

Which category of cyber threats includes attacks carried out by employees from within an organization?

Internal employee cyber attacks (B)

What is the frequency of a cyberattack occurring each day as reported?

Every 39 seconds (D)

What constitutes identity theft?

Obtaining unauthorized access to personal information for fraud (A)

Which of the following is NOT categorized as a common cyber threat?

Social Networking (B)

What is the primary goal of hacking as defined in cybersecurity?

To secretly access and steal information (A)

Which of the following correctly defines malware?

Software designed to cause damage or unauthorized control (A)

Which type of cyber threat is specifically designed to deceive individuals into providing sensitive information?

Phishing (C)

Which of the following is TRUE regarding cyberattacks?

They can target individuals as well as organizations (A)

How is identity theft most commonly executed?

By tricking individuals into providing personal information (A)

What is a primary reason hackers prefer automated attacks?

They can attack a vast number of sites quickly (B)

What is a common tool used for SQL injection attacks?

NetSparker (D)

What symptom often indicates a Remote File Inclusion (RFI) attack?

Poor validation checks (A)

In 2023, what percentage of ransomware attacks targeted critical infrastructure organizations?

42% (D)

Which of the following is a reason behind targeted cyber attacks on infrastructure?

Political motives (D)

What is the significance of SQL injection in cybersecurity?

It allows direct database querying (C)

Which type of attack involves uploading a malicious file to a server?

Remote File Inclusion (C)

Which sector had the highest number of reported cyber attack attempts in 2012?

Energy sector (B)

What are the three key components of computer security known as CIA?

Confidentiality, Integrity, Availability (A)

What is the primary purpose of maintaining availability in computer security?

To assure data is accessible when needed (A)

What is the primary aim of social engineering attacks, such as phishing?

To obtain information about the victim or their organization (A)

Which of the following consequences is associated with compromised computer security?

Inability to access necessary data (B)

What does integrity in the context of computer security refer to?

Data being accurate, complete, and consistent (C)

Which of the following is NOT a common method used in phishing attacks?

Market research surveys (D)

Identity theft primarily involves what type of activity?

Obtaining credentials for unauthorized use (B)

What does non-repudiation in computer security ensure?

The sender cannot deny the authenticity of a sent message (D)

What is a common reason individuals commit identity theft?

To seek medical treatment (B)

Which of the following statements reflects a common misconception about cybersecurity?

Cybersecurity threats are only relevant to large organizations. (A)

What percentage of people believed that cyber espionage is clearly illegal according to a 2012 survey?

82% (B)

What should be ensured to maintain confidentiality in an organization?

Only authorized individuals have access to sensitive data (A)

Which company was accused of espionage in cooperation with China in 2013?

Huawei (A)

Which of the following best describes a vulnerability in a computer-based system?

Weaknesses that could be exploited by cyber threats (B)

What is a typical consequence of data not being available due to a cyber attack?

Disruption of business processes (B)

What was a key finding regarding responsibilities in halting espionage, as per the survey results?

It needs collaborative effort from everyone (B)

Which of the following correctly describes a potential result of a successful social engineering attack?

Breaking into computer systems (C)

How does computer security ensure resources remain protected?

By maintaining data integrity and availability (A)

Study Notes

Overview of Computer Security

• Computer security encompasses information privacy, data integrity, and system availability.
• Protects valuable resources, ensuring data in databases and systems remain intact and accessible without unauthorized changes.

Purpose of Computer Security

• Safeguards business processes to ensure they function without disruption.
• Ensures that information resources are available to the right people at the right time.

Consequences of Poor Computer Security

• Hindered access to critical data affecting decision making.
• Typical outcome of breaches includes unauthorized non-availability of information.
• Challenges may arise due to human or mechanical barriers.

Maintaining Confidentiality

• Authenticity is crucial to verify the identity of individuals accessing information.
• Data integrity must be maintained as information transitions between locations, emphasizing non-repudiation.

Core Concepts of Computer Security (CIA)

• Confidentiality: Protecting data from unauthorized disclosure.
• Integrity: Ensuring data is accurate, consistent, and trustworthy.
• Availability: Guaranteeing that information is accessible when needed.

Trends in Cyber Threats

• Significant rise in cyber threats, with over 2,200 daily cyberattacks reported in 2024.
• Victim of a data breach occurs every 39 seconds.

Common Cyber Threats

• Identity Theft: Unauthorized access to personal information (e.g., Social Security Number).
• Hacking: Illicit access to computer systems for information theft or damage.
• Malware: Malicious software harming computer users, encompassing viruses, worms, and spyware.
• Phishing: Deceptive practices to obtain personal information via misleading communications.

Categories of Cyber Threats

• Automated attacks, malicious intent cyber attacks, internal employee attacks, social engineering tactics, privacy attacks, and cyber espionage.

Automated Attacks

• Often undetected, these attacks are rapidly executed using automated tools, originating from human actions but requiring limited technological skills.
• Tools like SQL injection and Remote File Inclusion exemplify common automated attack methods.

SQL Injection

• A method allowing the execution of SQL commands through user input fields, enabling direct database querying.

Remote File Inclusion (RFI)

• Attack technique enabling the upload of malicious files to servers through vulnerabilities in service scripts.

Malicious Intent Cyber Attacks

• Target essential infrastructures, with notable attacks reported in sectors such as energy, banking, and media.
• Motivated by political reasons or theft.

Internal Employee (Insider) Cyber Attacks

• Influenced by personal circumstances, work situations, financial hardships, and hostile relationships, leading to potential security breaches.

Social Engineering

• Involves tricking individuals to provide information via phishing attempts using emails, phone calls, or misleading websites, commonly posing as urgent notifications.

Privacy and Identity-Related Attacks

• Identity theft arises when personal credentials are stolen and misused for unauthorized activities like renting properties or applying for loans.

Cyber Espionage

• Considered illegal by the majority, cyber espionage often goes underreported, with notable cases involving government allegations against corporations.

Balancing Usability and Security

• Organizations struggle to maintain user-friendly systems while ensuring robust security protocols are in place.

Description

Explore the fundamental concepts of computer security, including information privacy, data integrity, and availability. This quiz will test your understanding of the purpose and importance of cybersecurity in maintaining business processes.