Unit 5 eSecurity

Question 1

Define personal data.

Answer 1

Personal data is any information that relates to an identified or identifiable living individual, such as name, address, email, IP address.

Question 2

Give three examples of personal data.

Answer 2

Examples: Name and surname, home address, email address.

Question 3

Why should personal data be kept confidential?

Answer 3

To prevent identity theft, fraud, and misuse of sensitive information.

Question 4

What is encryption?

Answer 4

Encryption is the process of converting data into a coded form to prevent unauthorized access.

Question 5

What is anonymisation?

Answer 5

Anonymisation removes identifying details from data so individuals cannot be recognized.

Question 6

Explain two methods of keeping personal data secure.

Answer 6

Methods: Using firewalls to block unauthorized access; applying encryption to protect data.

Question 7

Describe the difference between anonymisation and pseudonymisation.

Answer 7

Anonymisation removes all identifiers permanently; pseudonymisation replaces identifiers with temporary codes.

Question 8

What is a firewall and how does it work?

Answer 8

A firewall monitors and filters incoming and outgoing network traffic to prevent unauthorized access.

Question 9

Explain two-factor authentication with an example.

Answer 9

Two-factor authentication uses two methods: something you know (password) and something you have (smart card).

Question 10

List three physical methods of preventing data misuse.

Answer 10

Examples: Locking devices, restricting access to servers, confidentiality agreements.

Question 11

Compare advantages and disadvantages of using anti-virus software.

Answer 11

Advantage: Prevents malware infections; Disadvantage: May slow system performance and needs regular updates.

Question 12

Explain how pharming works and suggest two prevention methods.

Answer 12

Pharming redirects users to fake websites by corrupting DNS or hosts file. Prevention: Use anti-virus software and verify URLs.

Question 13

Describe the differences between ransomware and scareware.

Answer 13

Ransomware locks data until payment is made; scareware tricks users into thinking their system is infected.

Question 14

Discuss three consequences of malware for organizations.

Answer 14

Consequences: Financial loss, data breaches, reputational damage.

Question 15

Evaluate the effectiveness of penetration testing in preventing attacks.

Answer 15

Penetration testing identifies vulnerabilities before hackers exploit them, but requires skilled professionals and regular updates.

Question 16

A hospital stores patient data online. Suggest five security measures to protect this data.

Answer 16

Measures: Encryption, firewalls, strong authentication, regular software updates, staff training.

Question 17

A company suffers a phishing attack. Explain steps to prevent future attacks.

Answer 17

Steps: Implement anti-phishing software, educate employees, enforce strong password policies, use two-factor authentication.

Question 18

Design a security policy for employees to prevent misuse of personal data.

Answer 18

Policy: No sharing of passwords, lock screens when away, report suspicious emails, use secure networks, follow GDPR compliance.

Question 19

Describe three different types of authentication techniques.

Answer 19

Techniques: Passwords, smart cards, biometric data (fingerprints, iris scans).

Question 20

Give two advantages and two disadvantages of using biometric authentication.

Answer 20

Advantages: High security, hard to replicate; Disadvantages: Expensive, privacy concerns.

Question 21

Define malware and give two examples.

Answer 21

Malware is malicious software designed to harm systems. Examples: Virus, Trojan horse.

Question 22

Explain how spyware works.

Answer 22

Spyware secretly collects user data such as keystrokes and sends it to hackers.

Question 23

What is ransomware and how can it be prevented?

Answer 23

Ransomware locks user data until payment is made. Prevention: Regular backups, anti-malware software.

Question 24

List four methods of preventing smishing.

Answer 24

Methods: Do not click unknown links, verify sender identity, use mobile security apps, block suspicious numbers.

Question 25

Briefly describe two ways pharming attacks can be carried out.

Answer 25

Ways: Corrupting DNS server entries; modifying hosts file on the victim's computer.

Question 26

What does GDPR stand for?

Answer 26

General Data Protection Regulation.

Question 27

Give two reasons why software updates are important for security.

Answer 27

They patch vulnerabilities and improve protection against new threats.

Question 28

What is phishing?

Answer 28

Phishing is a fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity via email or messages.

Question 29

Define malware.

Answer 29

Malware is malicious software designed to damage, disrupt, or gain unauthorized access to systems.

Question 30

Name two types of malware.

Answer 30

Examples: Virus, Trojan horse.

Question 31

What is a strong password? Give one example.

Answer 31

A strong password is long, complex, and includes letters, numbers, and symbols. Example: P@ssw0rd!2025

Question 32

What does two-factor authentication mean?

Answer 32

It means using two different methods to verify identity, such as a password and a code sent to a phone.

Question 33

Explain the difference between phishing and smishing.

Answer 33

Phishing uses emails to trick users; smishing uses SMS messages.

Question 34

How does a Trojan horse differ from a worm?

Answer 34

A Trojan horse disguises as legitimate software; a worm self-replicates and spreads without user action.

Question 35

Why is encryption important when sending data over the internet?

Answer 35

It ensures data cannot be read by unauthorized parties during transmission.

Question 36

Describe how a firewall protects a network.

Answer 36

A firewall filters incoming and outgoing traffic based on security rules to block unauthorized access.

Question 37

Give two examples of biometric authentication.

Answer 37

Examples: Fingerprint scanning, facial recognition.

Question 38

Explain why penetration testing is useful for organizations.

Answer 38

It identifies vulnerabilities before attackers exploit them, improving security posture.

Question 39

How does ransomware typically spread?

Answer 39

It spreads through malicious email attachments, infected websites, or software vulnerabilities.

Question 40

Scenario: A school stores student records on a cloud server. Suggest five security measures to protect this data.

Answer 40

Measures: Encrypt data, use strong passwords, enable two-factor authentication, perform regular backups, train staff on security policies.

Question 41

Scenario: A company experiences a ransomware attack. Explain immediate steps to recover and prevent future attacks.

Answer 41

Steps: Disconnect infected systems, restore from backups, update security software, educate staff, implement network segmentation.

Question 42

Scenario: A hospital needs to comply with GDPR. Outline three key requirements they must follow.

Answer 42

Requirements: Obtain consent for data use, allow data access and deletion requests, ensure secure storage and transmission.

Question 43

Scenario: An employee receives a suspicious email asking for login details. What should they do and why?

Answer 43

Do not click links, report to IT department, verify sender identity; prevents phishing attacks.

Question 44

Scenario: A bank wants to implement biometric authentication. Discuss two benefits and two drawbacks.

Answer 44

Benefits: High security, hard to replicate; Drawbacks: Costly, privacy concerns.

Question 45

Scenario: A university network is targeted by a worm. Suggest three preventive measures.

Answer 45

Measures: Install anti-virus software, apply regular patches, restrict network access with firewalls.

Question 46

Scenario: A retail company wants to prevent smishing attacks. Recommend four actions.

Answer 46

Actions: Educate employees, block suspicious numbers, use mobile security apps, verify sender identity before responding.

Question 47

Scenario: A government agency needs to secure sensitive data during transmission. What method should they use and why?

Answer 47

Method: Use strong encryption protocols (e.g., AES) to ensure data confidentiality and integrity.

Question 48

Scenario: A business plans to allow remote work. Suggest five security measures for remote employees.

Answer 48

Measures: VPN usage, strong passwords, two-factor authentication, updated anti-virus software, secure Wi-Fi connections.

Question 49

Scenario: A healthcare provider wants to prevent phishing attacks. Suggest three strategies.

Answer 49

Strategies: Implement anti-phishing filters, conduct staff training, enforce strict email verification policies.