Introduction to Computer Hardware

Questions and Answers

What is the primary purpose of malware?

• To protect users from cyber threats
• To enhance system performance
• To secure confidential information
• To harm, exploit, or compromise devices or data (correct)

Which of the following statements best describes a computer virus?

• It requires no human interaction to spread
• It attaches to executable files to spread and cause damage (correct)
• It is designed to protect data from theft
• It only affects mobile devices

What is a common characteristic of computer viruses?

• They can spread themselves without any user action
• They are always visible to the user
• They primarily exist in physical formats such as discs
• They often result in data loss and system crashes (correct)

Which method is NOT typically used by computer viruses to spread?

Direct virus programming by the user (D)

Which type of malware can encompass various forms, including file infectors and macro viruses?

Computer viruses (A)

What is the primary function of the terminal in command line tools?

To execute and type commands (B)

Which command is specifically used to create a new directory?

mkdir (B)

What type of cyber attack is designed to gain unauthorized access to sensitive data?

Phishing (C)

Why is it advised to avoid using certain commands like 'format' and 'diskpart'?

They can erase critical data (B)

Which of the following is NOT a common type of cyber attack?

Firewall (C)

What is the primary role of internet service providers (ISPs) in relation to personal data?

To track and sell user data to advertisers (C)

What kind of malware specifically disrupts computer operations and damages data?

Computer Virus (A)

Which command displays a list of files and subdirectories in a directory?

ir (D)

What does the Processing State refer to?

Data being used to perform an operation (D)

Which of the following describes the Storage State of data?

Data that is not currently being accessed (A)

What does Technology refer to in the context of cybersecurity?

Software and hardware solutions for protection (A)

Which level of protection is NOT included among the three levels required in cybersecurity?

Individual Level (A)

What is the primary purpose of security measures in data protection?

To protect data from unauthorized access and threats (B)

Which of the following best defines a cyber threat?

A potential risk that could exploit a vulnerability (B)

How are internal threats distinguished from external threats?

Internal threats originate from within the organization. (B)

What role does awareness, training, and education play in cybersecurity?

They ensure users are knowledgeable about threats and protections. (B)

What is one of the primary goals of a SecOps team?

To resolve security incidents quickly (C)

How does using unified SecOps tools benefit an organization?

By closing security gaps and improving resiliency (A)

What does the term GRC stand for?

Governance, Risk, Compliance (A)

Which aspect is NOT a focus of governance in a business context?

Defining strategies for risk management (D)

Which of the following is a benefit of implementing GRC in an organization?

Reduction of noncompliance risk (C)

What type of risks does proper risk management help businesses identify?

Financial, legal, strategic, and security risks (D)

What is one key feature of good governance?

Ethics and accountability (C)

What does enterprise risk management help with?

Minimizing losses by predicting issues (A)

What is spear phishing primarily aimed at?

A specific person or organization (D)

What is the main goal of CEO fraud or whaling?

To impersonate a high-ranking executive for financial gain (C)

Which method is used in smishing attacks?

Text messages delivering phishing content (B)

What is data tampering characterized by?

Unauthorized modification of data (C)

What is the primary goal of a Denial of Service (DoS) attack?

To overload the target system, making it incapable of responding. (A)

Which of the following statements about Distributed Denial of Service (DDoS) attacks is true?

DDoS attacks can utilize a botnet of compromised devices. (C)

Which of the following is NOT a potential goal of cyber attacks mentioned?

Steal intellectual property. (D)

How does a DDoS attack typically initiate?

Through a coordinated effort of multiple devices sending requests. (D)

Flashcards

Terminal

A tool to type and execute commands, now often software-based.

Shell

The program that the terminal runs, functioning as the OS of the terminal.

ls Command

Displays a list of files and subdirectories in a directory.

cd Command

Displays the name of or changes the current directory.

mkdir Command

Creates a new directory.

Cybersecurity

The practice of protecting networks, devices, and sensitive data from attacks.

Cyber Attacks

Malicious attempts to gain unauthorized access to systems to steal or disrupt.

Computer Virus

Malicious code designed to interfere with computer operations and damage data.

Processing State

Data being used to perform an operation, like updating records.

Storage State

Data stored in memory or on permanent devices like USB.

Transmission State

Data traveling between information systems.

Cyber Threat

Potential danger that can exploit vulnerabilities in a system.

External Threat

A threat from outside the organization trying to access private information.

Internal Threat

A threat from current or former employees and trusted partners.

Security Measures

Skills and disciplines used to protect data in cybersecurity.

Denial of Service Attack (DOS)

A cyber attack that overloads a network by flooding it with excessive requests, rendering it unresponsive.

Distributed Denial of Service (DDOS)

A type of DOS attack where multiple devices flood a target with requests simultaneously, overwhelming it.

Botnet

A network of hijacked computers or devices used to perform DDOS attacks, often without the owner's knowledge.

Regulatory Compliance

Adhering to laws and guidelines that protect data and ensure safe operations in business.

Business Productivity

The efficiency with which a company can produce goods or services, often improved by technology and compliance.

Eavesdropping Attack

An attack allowing the listener to steal data or alter messages unnoticed.

Malware

Software intentionally designed to harm, exploit, or compromise systems.

Virus

A type of malware that spreads and damages data and software.

Activation of Computer Virus

Requires human action, such as opening an infected file, to activate.

Common Virus Types

Includes file infectors, boot sector viruses, and macro viruses.

Phishing

A cyber attack aimed to deceive individuals into revealing personal information.

Spear Phishing

Targeted phishing attacks directed at a specific individual or organization.

CEO Fraud

Impersonation of a CEO to manipulate employees into financial fraud.

Smishing

Phishing done via SMS texts to trick people into revealing information.

Vishing

Voice-based phishing that uses phone calls to deceive victims.

Tampering

Deliberately altering or disrupting data without authorization.

Interception

Capturing information in transit, typically during online communication.

Man in the Middle Attack

A cyber attack where the attacker secretly relays and manipulates communication between two parties.

SecOps

A collaborative team of security and operations professionals that resolves security incidents swiftly.

Security Operations Center (SOC)

A centralized place where security professionals monitor and respond to cyber threats using various tools.

GRC

Governance, Risk, and Compliance; a framework that aligns IT with business goals while managing risks and ensuring compliance.

Governance

The policies and frameworks that guide a company's operations and decision-making towards achieving its goals.

Risk Management

The process businesses use to identify, assess, and mitigate potential risks, safeguarding against losses.

Enterprise Risk Management

An organizational approach to identifying risks and minimizing their impact on overall business objectives.

Compliance Requirements

Legal and regulatory obligations that organizations must follow to operate legally and ethically.

Cyber Resiliency

The ability of an organization to prepare for, respond to, and recover from cyber threats effectively.

Study Notes

What is a Computer?

• A computer is an electronic device that accepts data as input.
• It processes data using a set of instructions.
• It produces meaningful results as output.
• Computers store, retrieve, and process data.
• They employ a combination of hardware and software.

Computer Hardware

• This refers to the physical components of a computer system.
• Components include the processor (CPU), memory, storage, input/output, and peripherals.
• Hardware provides a platform for running software applications.
• Consists of various mechanical, electrical, and electronic components.
• Hardware components can be classified as internal and external.
• Internal Components: Motherboard, CPU, CPU Heatsink, SMPS, RAM, Graphics Card, Hard Disks/Disk Memory.
• External Components: Computer Case, Connection Sockets, Computer Display Monitor, Computer Keyboard, Computer Mouse, Printer & Power Supply Cable, External USB Hard Disks.

Functions of Hardware Components

• Computer Case/Cabinet: A metal enclosure for organizing and assembling internal hardware components.
• Motherboard: The largest printed circuit board, acts as a central hub connecting all hardware components. It manages data flow and power allocation.

CPU (Processor)

• The CPU is responsible for executing most commands.
• 'Clock speed' measures the speed at which it does this (in GHz).
• Key components include ALU (Arithmetic Logic Unit) and the Control Unit (CU).
  • ALU performs arithmetic and logical operations.
  • CU manages data flow and directs CPU operations.
• Registers are small, fast memory units for temporary data storage.
• Cache memory stores frequently used data close to the CPU for quicker access.
• Buses facilitate communication among the CPU and other components (e.g., data bus, address bus, control bus).
• A Clock synchronizes operations.

Power Supply Unit (PSU)

• Supplies stable electrical power.
• Converts AC to DC electricity.
• Standard desktop computer's power cord connects to the PSU.

Memory Unit (RAM)

• Stores data, instructions, and information.
• RAM is essential for fast data access for immediate processing.
• RAM is temporary storage, erased when the computer is turned off.
• There exist various types of computer memory (e.g., DRAM, SRAM).

Read-Only Memory (ROM)

• Stores firmware or software instructions.
• Non-volatile memory—data remains stored even when power is off.
• ROM is used during the computer booting or bootstrapping process.

Types of ROM (ROM chips):

• PROM: Programmable Read-Only Memory, written to once.
• EPROM: Erasable Programmable Read-Only Memory, rewritten with UV light.
• EEPROM: Electrically Erasable Programmable Read-Only Memory, rewritten with an electric charge.
• Flash Memory: Re-writable; often used in mobile devices and flash drives.

Secondary Memory (HDD/SSD)

• Long-term storage for digital content, operating system, and programs.
• HDD is a traditional hard disk drive that's slower than SSD.
• SSD is a newer form of long-term storage that uses flash memory and is faster and more reliable than HDD.

Graphics Card (GPU)

• Processes images and videos to display on the computer monitor.
• Processes images for presentation.

Ports

• Ports are connection points that extend the functionality of a computer by connecting devices.

Computer Software

• A set of instructions that direct the computer's operations.
• Software is categorized as System and Application Software.
• System Software: Manages core functions, allows application software to operate, manages hardware resources (e.g., operating systems, utilities, etc.)
• Application Software: Application software performs tasks for the user (e.g., word processors).

Utility Software

• Essential for computer maintenance.
  • Example: antivirus, disk cleanup tools, system optimizers.

Device Drivers

• Specialized software allowing an operating system to communicate with hardware.
• They act as a bridge between the OS and the hardware components or devices.

BIOS

• The basic input/output system program that a computer's microprocessor uses to start the computer system.
• Controls the flow of data between the OS and attached peripheral devices.

UEFI

• Unified Extensible Firmware Interface.
• More modern firmware interface, replacing BIOS.

Operating System

• An interface between users and hardware.
• Manages resources, CPU, file management.
• Makes the computer system more convenient and efficient.

Program/Process/Thread

• Program: A set of instructions.
• Process: The set of instructions in execution (active program).
• Thread: A single sequence of control within a program.

Types of Operating Systems

• Single-Processor OS: Manages a system with a single CPU.
• Batch OS: Processes groups of similar jobs without interaction.
• Multiprogramming OS: Executes multiple programs on a single processor; utilizes the CPU efficiently when one program waits on input/output operations.
• Multitasking/Time-Sharing OS: Allows multiple tasks to execute concurrently (or on the same processor).
• Multiprocessing OS: Uses multiple CPUs to improve performance by processing tasks in parallel.
• Distributed OS: Multiple computer systems communicate through a single communication channel.
• Real-Time OS: Processes data and tasks within strict time constraints (e.g. Air Traffic Control).

Kernel Space/User Space

• Kernel Space: A protected area of memory where the "kernel" works.
• Kernel: Responsible for everything (e.g., scheduling processes, managing memory, and handling interrupts); has complete control over the system.
• Kernel provides functions that are essential for the operating system.
• User Space: User-facing applications and processes operate here.
• User-mode application cannot directly access hardware resources and must use system calls to access the kernel.

System Call Interface (SCI)

• Acts like a receptionist.
• Facilitates communication between user applications and kernel.

Interrupts

• A signal sent to the processor to indicate an event.
• Can temporarily halt the current task ensuring efficient operation.
• Interrupt Service Routine (ISR) is executed in response.

Types of Kernels

• Monolithic kernel: Combines core OS functionality in a single memory space, and enables faster process execution.
• Microkernel: Contains only essential services and separates user and kernel services in distinct memory spaces, reduces OS size.
• Hybrid kernel: Combines characteristics of both monolithic and microkernels.

IPC (Interprocess Communication)

• Medium of conversion between user mode and kernel mode.
• Methods include Message Passing and Shared Memory.

Malware

• Any software designed to harm, exploit, or compromise devices, networks, or data.

Types of Attackers

• Amateurs: Script kiddies (inexperienced hackers, use pre-made tools).
• Hackers: White hat (identify and report vulnerabilities, usually have permission), Gray hat, Black hat (take advantage of vulnerabilities for personal gain), Organised Hackers (State-sponsored, Terrorist groups).

Cyber Warfare

• Use of technology to attack another nation's computer systems.

Computer Viruses

• Malicious software that spreads between computers.
• Can disrupt operations, cause data loss, crash systems, and security breaches.

Worms

• Self-replicating malware, automatically spreads to other computers, causing disruption.

Denial of Service Attacks (DoS/DDoS)

• Malicious attempts to overload a network, preventing legitimate access.
• Types include DoS and DDoS (distribute denial of service).

Interception

• Capture of information in transit between computers or devices.
• Improper encryption leaves information vulnerable to misuse.

Man-in-the-Middle Attack

• Attacker secretly intercepts communications between two parties.
• Modifies messages or data, without the parties' knowledge.

Phishing

• Pretending to be someone/something to gain sensitive data like passwords.
• Example: sending fraudulent emails or messages.
• Types: Phishing, Spear Phishing, CEO Fraud (or Whaling), Smishing, Vishing.

Pretexting

• Making false claims to gain sensitive information from people. (e.g., impersonating a bank worker or social worker)

Tailgating/Social Engineering

• Exploits trust and social connections, may include pretending to be someone you know.
  • Example: Following someone into a building or gaining access physically/digitally in person.

Cryptocurrency

• A digital currency, using encryption algorithms.
• Functioning as both a currency and virtual accounting system.

Security Architecture

• Strategic design of systems, policies, and technologies to protect IT and business assets from cyber threats.

Risk Assessment

• Identifying potential security gaps and cyber threats.
• Determining how well the organization addresses those threats.

Threat Intelligence

• Analysis of data to generate meaningful information about emerging threats.
• Helping anticipate or mitigate cyber threats.

Security Operations (SecOps)

• Integrating security measures and processes for enhanced cyber resiliency within an IT operation.

GRC (Governance, Risk, and Compliance)

• Structured way to align IT with business goals, manage risks, and ensure compliance.
• Unification of the company's governance, risk management, technological innovation, and compliance efforts.