6 exam-style questions with full mark schemes and model answers. Write your own answer and the AI examiner marks it against the mark scheme.
Learn this properly: Common Network Security ThreatsA small company has had problems with phishing emails and staff using weak passwords. An online attacker has also tried a brute-force attack to guess login details.
Discuss how a combination of technical measures and staff training / network policies could protect this company against these threats. You should refer to phishing, weak passwords and brute-force attacks in your answer. (6 marks)
A website asks the user to type a username into a text box, then builds a database query from it. An attacker enters a specially crafted username instead of a normal one. The query that the website builds becomes:
SELECT * FROM users WHERE username = '' OR '1'='1';
(a) State the name of this type of attack. (1 mark)
(b) Explain why the query above is dangerous, and state one way the website could be changed to prevent this kind of attack. (3 marks)
A company protects its network using a firewall and also uses encryption for sensitive data sent over the internet.
(a) Explain the purpose of a firewall. (2 marks)
(b) Explain how encryption protects data that is intercepted while being sent over the internet. (1 mark)
A bank employs ethical hackers to carry out penetration testing on its systems.
(a) State what is meant by penetration testing. (2 marks)
(b) State one reason why a bank would carry out penetration testing. (1 mark)
An attacker phones an employee, pretends to be from the company's IT department, and persuades the employee to reveal their password.
(a) State the name of this type of attack. (1 mark)
(b) State one way staff could be helped to avoid falling for this kind of attack. (1 mark)
Malware is one of the most common threats to a network.
State what the word malware is short for. (1 mark)