Computer Science Chapter 6 Data Security

Questions and Answers

What is the primary purpose of data protection laws?

• To prevent unauthorized access to data.
• To allow authorized users to access certain data.
• To ensure data can be recovered if lost or corrupted.
• To govern how data should be kept private and secure. (correct)

Which of the following best describes 'data security'?

• An agreement allowing an individual to use a computer or network server.
• Laws ensuring data is kept private.
• Methods preventing unauthorized data access and enabling recovery of lost/corrupted data. (correct)
• The privacy of personal information stored on a computer.

What is the main function of a firewall?

• To encrypt data.
• To identify users through unique characteristics.
• To monitor and filter network traffic. (correct)
• To remove spyware programs.

Which of the following is the purpose of anti-spyware software?

To detect and remove illegally installed spyware. (B)

Which of the following actions describes hacking?

Illegally accessing a computer system without permission. (A)

What does the term 'authentication' refer to in the context of computer security?

Proving someone is who they claim to be. (D)

Which of the following provides an individual the right to use a computer or network server?

User account. (B)

What is the purpose of 'encryption'?

To make data unreadable without the correct key. (B)

Which of the following activities constitutes 'phishing'?

Sending legitimate-looking emails to trick users into revealing personal data. (B)

What is the intention behind 'malicious hacking'?

To cause harm to a computer system or user. (A)

Which term refers to altering IP addresses on a DNS server to redirect users to a fake website?

DNS cache poisoning. (B)

How does 'ethical hacking' differ from 'hacking'?

Ethical hacking is done with permission to test system security, while hacking is illegal access without permission. (B)

Which of the following uses unique human characteristics to identify a user?

Biometrics. (B)

What is a primary goal of malware?

To damage or gain unauthorized access to a computer system. (C)

Which of the following describes the concept of 'Access rights (data security)'?

The use of access levels to ensure only authorized users can gain access to certain data. (D)

Which scenario best describes the impact of successful 'DNS cache poisoning'?

A user is redirected to a fake login page when trying to access their bank's website. (B)

How might a company utilize 'ethical hacking' to improve its data security?

By hiring external security experts to simulate attacks and identify vulnerabilities. (D)

Consider a scenario where an attacker intercepts encrypted data. What is the attacker missing to decipher the data?

The correct decryption key. (A)

A company's internal network is segmented using firewalls. What security principle does this primarily support?

Defense in depth. (A)

Which of the following illustrates a scenario where 'data privacy' is directly compromised?

A hacker gains unauthorized access to a database containing customers' personal information. (B)

How do data protection laws relate to the concept of data privacy?

Data protection laws establish the legal framework to uphold and enforce data privacy rights. (D)

An attacker spoofs a legitimate website and aims to steal user credentials, which attack best fits this description?

Pharming attack (B)

Which of the following concepts ensures that only authorized individuals can access specific data, aligning with the principle of least privilege?

Access Rights (B)

What is the MOST effective mitigation strategy against phishing attacks targeting employees within an organization?

Implementing multi-factor authentication and educating employees on recognizing phishing attempts. (B)

In the context of network security, what is the PRIMARY difference between a firewall and anti-spyware software?

A firewall monitors and filters network traffic, while anti-spyware software detects and removes spyware already installed on a system. (B)

A security analyst discovers that an attacker has successfully redirected a company's web traffic to a fraudulent site. Which type of attack is MOST likely to have occurred?

A DNS cache poisoning attack. (B)

An organization implements a policy requiring users to authenticate with a username, password, and a fingerprint scan. This is an example of:

Multi-factor authentication (A)

Which of the following scenarios represents the MOST direct violation of data privacy principles?

A hacker gains unauthorized access to a database containing customers' personal information. (B)

Differentiate between 'pharming' and 'phishing' attacks.

Pharming redirects users to fake websites, while phishing uses deceptive emails. (D)

Which of the following illustrates a proactive approach to managing data security?

Conducting regular security audits and penetration testing. (A)

An attacker modifies IP addresses on a DNS server in order to redirect a user to a malicious website. What type of attack is this?

DNS Cache Poisoning (C)

What is the ultimate aim of data security methods?

To prevent unauthorized access to data and to recover data if lost or corrupted. (B)

You discover that a colleague is engaging in 'malicious hacking'. Which action should you take FIRST?

Immediately report the activity to the appropriate authorities or security personnel. (D)

Consider the trade-offs between security and usability. Which security measure offers robust protection but may significantly inconvenience users?

Enabling multi-factor authentication. (B)

You observe someone attempting to gain physical access to a server room by using another employee's access card without their knowledge. This is BEST described as:

Social Engineering (B)

Which of the following is the MOST accurate definition of 'Data Privacy'?

The privacy of personal information or other information stored on a computer. (B)

Imagine a scenario where an employee receives a seemingly legitimate email asking them to update their password by clicking on a link. The link directs them to a fake website that looks identical to the company's login page. If the employee enters their credentials, what type of attack are they MOST likely experiencing?

Phishing (B)

A disgruntled employee intentionally modifies critical system files, leading to a significant disruption of services. Which of the following security concepts has been MOST directly violated?

Data Security (A)

Flashcards

Data privacy

The privacy of personal information stored on a computer that should not be accessed by unauthorized parties.

Data protection laws

Laws that govern how data should be kept private and secure.

Data security

Methods to prevent unauthorized access to data and to recover data if lost or corrupted.

User account

An agreement that allows an individual to use a computer or network server, often requiring a username and password.

Authentication

A way of proving somebody or something is who or what they claim to be.

Access rights (data security)

Use of access levels to ensure only authorized users can gain access to certain data.

Malware

Malicious software that seeks to damage or gain unauthorized access to a computer system.

Firewall

Software or hardware that sits between a computer and external network that monitors and filters all incoming and outgoing activities.

Anti-spyware software

Software that detects and removes spyware programs installed illegally on a user's computer system.

Encryption

The use of encryption keys to make data meaningless without the correct decryption key.

Biometrics

Use of unique human characteristics to identify a user (such as fingerprints or face recognition).

Hacking

Illegal access to a computer system without the owner's permission.

Malicious hacking

Hacking done with the sole intent of causing harm to a computer system or user.

Ethical hacking

Hacking used to test the security and vulnerability of a computer system with permission.

Phishing

Legitimate-looking emails designed to trick a recipient into giving their personal data to the sender of the email.

Pharming

Redirecting a user to a fake website in order to illegally obtain personal data about the user.

DNS cache poisoning

Altering IP addresses on a DNS server to redirect users to fake websites.

Study Notes

• Key terms in information security are outlined.

Data Security

• Data privacy refers to protecting personal information or other data stored on a computer from unauthorized access.
• Data protection laws govern how data should be kept private and secure.
• Data security involves methods to prevent unauthorized data access and to recover data if it is lost or corrupted.
• Access rights, a data security measure, utilizes access levels to ensure only authorized users can access specific data.

User Accounts & Authentication

• A user account is an agreement allowing an individual to use a computer or network server, typically requiring a username and password.
• Authentication is the process of verifying someone or something's claimed identity.

Malware & Hacking

• Malware is malicious software that aims to damage or gain unauthorized access to a computer system.
• A firewall, whether software or hardware, sits between a computer and an external network to monitor and filter all incoming and outgoing activities.
• Anti-spyware software detects and removes illegally installed spyware programs from a user's computer system.
• Encryption uses encryption keys to make data meaningless without the correct decryption key.
• Biometrics uses unique human characteristics, like fingerprints or facial recognition, to identify a user.
• Hacking is defined as illegal access to a computer system without the owner's permission.
• Malicious hacking is hacking with the intent to harm a computer system or user, potentially through deletion of files or private data.
• Ethical hacking is hacking to test the security and vulnerability of a computer system with the owner's permission, often to identify risks.
• Phishing employs legitimate-looking emails to trick recipients into providing personal data to the sender.
• Pharming redirects a user to a fake website to illegally obtain personal data.
• DNS cache poisoning alters IP addresses on a DNS server to redirect a user to a fake website.