CO1201 Computer Security Quiz

Questions and Answers

What is the primary purpose of encryption?

To hide the information's true meaning

Which of the following is NOT a type of encryption method?

IDS

What is the primary function of a firewall?

To filter packets in a network

Which of the following threats can be prevented by using encryption?

Sniffing, Eavesdropping, MitM

What is the primary goal of system security?

To minimize downtime, interference, and malicious intrusion

What is a physical threat to a system?

Physical access to devices

What is a common technique used to extract passwords?

Sniffing

What is a design problem related to passwords?

Using personal data

What is an operation issue related to passwords?

Using common passwords

What is an application issue related to passwords?

Password checking issues

What is a good practice for creating passwords?

Using a sentence to create a password

What is an alternative to passwords?

Biometric data

What is a type of biometric data?

All of the above

What is the estimated cracking time for the password '1’mAen6Std@'?

400 years

What is the primary purpose of a Trojan horse?

To do something malicious or spy for the attacker

What is a characteristic of a virus?

It requires user action to spread

Which of the following is a risk associated with spam?

Time wastage

What is a method of infection for malware?

Through infected files

What is a prevention method for malware?

Installing anti-virus software

What is a characteristic of a worm?

It can travel from one computer to another without user action

Which of the following is a method of infection for malware?

Through network

What is a risk associated with malware?

All of the above

What is the primary difference between a credit card and a debit card?

Credit cards allow cardholders to borrow funds, while debit cards directly debit money from the bank account.

What is an example of a fraud technique involving credit cards?

Creating a fraudulent card using an existing card number and PIN.

What is a security measure used to prevent credit card fraud?

Requesting additional information, such as a postal code or PIN number.

What is a feature of smart cards?

A microprocessor and memory chip in addition to a magnetic strip.

What is a benefit of using RFID technology with smart cards?

It enables the creation of virtual cards instead of physical cards.

What is a common type of fraud involving credit cards?

Forgery.

What is a way to improve security when using credit or debit cards?

Requesting additional information, such as a postal code or PIN number.

What is a feature of smart cards that allows for more secure transactions?

A microprocessor and memory chip.

What is the primary goal of Physical Network Security?

To prevent unauthorized physical access to network components.

Which of the following is NOT a type of Network Security category?

Information Network Security

What is the main purpose of keeping a backup station (DR) in Physical Network Security?

To maintain network services in case of a disaster

Which type of attack involves intercepting packets passing through the network?

Sniffing

What is the primary goal of Administrative Network Security?

To control user behavior of using the network.

What is Eavesdropping also known as?

Sniffing

What is the primary goal of Technical Network Security?

To protect data stored and in transit.

Which of the following is NOT a type of Network based attack?

Firewall

Study Notes

Network Security

• Network security categories:
  • Physical Network Security: prevent unauthorized physical access to network components
  • Administrative Network Security: controls user behavior of using the network
  • Technical Network Security: protect data stored and in transit

Physical Network Security

• Access control:
  • Badges/ IDs
  • Biometrics (face detection, Iris and Fingerprints)
  • Smart locks
  • Key pads
• Surveillance:
  • 24/7 cameras
  • Guards
  • Sensors-based mechanisms
• Backup station (DR)

Administrative Network Security

• Allow only privileged personnel to make changes to the network
• Keep a log of the changes made

Technical Network Security

• Network-based attacks:
  • Sniffing/ Eavesdropping
  • Man-in-the-middle attack
  • Spoofing
  • Denial of Service

Eavesdropping

• Information like passwords, card details, and other sensitive data is easily stolen while it is getting transferred from one device to another
• Also known as sniffing attack

Sniffing

• Access to the network and intercept packets passing through the network
• Prevention methods:
  • Intrusion Detection Systems (IDS)
  • Encryption

Encryption

• Information is converted into a secret code that hides the information's true meaning
• Use a key to:
  • Make the secret code
  • Get the message from secret code
• Process:
  • Encrypt at the sender
  • Decrypt at the receiver
• Encryption methods:
  • WEP, WPA, WPA2, RSA
  • IPSec

Firewall

• Filters packets:
  • Receiving to the network (Ingress traffic)
  • Sending from the network (Egress traffic)
• Check the rules in Windows firewall for filtering packets

Prevention Methods

• Sniffing, Eavesdropping, Man-in-the-middle: Encryption
• Spoofing, DoS: IDS, Firewall

System Security

• Controls and safeguards taken to minimize:
  • Downtime
  • Interference
  • Malicious intrusion
• Categories:
  • Physical security
  • OS and application security

Physical Threats to a System

• Physical access to devices
• Attaching components to devices
• Tamper with devices
• Jamming the wires
• Prevention methods:
  • Access control
  • Surveillance
  • Backup

Attacks on OS and Applications

• Password attacks
• Malware attacks
• Pharming
• Spams
• Phishing attacks

Password Attacks

• Common technique to authenticate systems
• Can extract by:
  • Sniffing
  • Brute force
  • Dictionary attack
• Prevention methods:
  • Set a good password that cannot be guessed easily
  • Account lock features
  • Multi-factor authentication
  • Encryption

Good Practices for Creating Passwords

• Dos:
  • Lengthy password
  • Case-sensitive password
  • Numbers and special characters included
  • Random characters
  • Memorable password
• Don'ts:
  • Personal data
  • Short passwords
  • Repetitive characters
  • Same password for multiple applications

Alternatives to Passwords

• Biometric data:
  • Signature
  • Face recognition
  • Voice recognition
  • Fingerprint
  • Iris pattern
• Additional questions

Malware

• Methods of infection:
  • Network
  • Infected files
  • Websites
  • Email
  • USB
• Prevention methods:
  • Install anti-virus software and anti-spyware software

Credit/ Debit Cards

• Allows cardholders to borrow funds to pay for goods and services
• Credit cards:
  • Customer has to pay back the amount to the bank after the purchase in a given time
  • Otherwise, interest is added
• Debit cards:
  • Customer directly debits money from the bank account
• Frauds:
  • Using credit card number and PIN number for transaction without the knowledge of the owner
  • Forgery
• Prevention methods:
  • Request additional information
  • Verification code
  • Daily transaction limit

Smart Cards

• Most credit and debit cards are now smart cards
• Includes:
  • Microprocessor
  • Memory chip
  • RFID
• Has to place in the device instead of swiping
• RFID allows creating virtual cards instead of physical cards using smartphones

Description

This quiz covers the basics of computer security, including network security and system security. It's a part of the introduction to computer systems course.