ISS 5-8 new

What is Web Security? (2 marks)

Web security is a subset of network security that protects web applications, web servers, and communication between servers and browsers.

What are web applications? Give two examples. (3 marks)

Web applications are software applications accessed through a web browser over a network. Examples include e-commerce systems and online banking systems.

Explain the relationship between Web Security and Network Security. (4 marks)

Web security depends on network security. A secure web application can still be compromised if the underlying network is insecure, while compromised web servers can also threaten the entire network.

List the client-side components of a web application. (2 marks)

User interface and web browser.

List the server-side components of a web application. (3 marks)

Web server, application server, and database server.

State the role of a web server. (2 marks)

A web server handles and manages requests from clients.

State the role of an application server. (2 marks)

An application server processes business logic and communicates with databases and other services.

State the role of a database server. (1 mark)

A database server stores and manages application data.

Why are web applications frequently targeted by attackers? (6 marks)

Web applications are constantly exposed to the Internet, accept user input, and use complex technologies such as databases and APIs, making them attractive targets for attackers.

Define malware. (2 marks)

Malware is malicious software designed to disrupt operations, steal information, gain unauthorized access, or damage systems.

List six common types of malware. (6 marks)

Viruses, worms, Trojan horses, ransomware, spyware, and adware.

Define phishing. (2 marks)

Phishing is a social engineering attack that tricks users into revealing sensitive information or downloading malicious software.

Define SQL Injection (SQLi). (3 marks)

SQL Injection is an attack where malicious SQL commands are inserted into input fields to manipulate a database.

Explain how SQL Injection works. (4 marks)

An attacker enters malicious SQL statements into application input fields. If the application does not properly validate the input, the database executes the malicious commands.

What is the purpose of the "--" symbol in SQL Injection? (2 marks)

The "--" symbol is used to comment out the remainder of an SQL statement so that it is ignored by the database.

Define Cross-Site Scripting (XSS). (3 marks)

Cross-Site Scripting is an attack where malicious JavaScript code is injected into a webpage and executed in the victim's browser.

Define Stored/Persistent XSS. (4 marks)

Stored XSS occurs when malicious scripts are permanently stored on a web server, usually in a database, and executed whenever users access the infected page.

Give an example of Stored XSS. (2 marks)

An attacker posts a forum comment containing a hidden malicious

State the impact of Stored XSS. (2 marks)

Any user who visits the infected webpage will automatically execute the malicious script in their browser.

Define Reflected XSS. (4 marks)

Reflected XSS occurs when a malicious script is included in a specially crafted URL and executed when the victim clicks the link.

Give an example of Reflected XSS. (2 marks)

http://vulnerablewebsite.com/search?q=

Define DOM-based XSS. (4 marks)

DOM-based XSS is an attack that exploits vulnerabilities in JavaScript code running in the browser by modifying the Document Object Model (DOM).

Define a Zero-Day attack. (3 marks)

A Zero-Day attack is a cyberattack that exploits a software vulnerability unknown to the vendor before a fix or patch is available.

List the stages of a Zero-Day attack. (6 marks)

Vulnerability discovery, exploit development, and Zero-Day attack execution.

List four security services provided by HTTPS. (4 marks)

Encryption, authentication, integrity, and confidentiality.

Why should users avoid public Wi-Fi for sensitive activities? (2 marks)

Public Wi-Fi networks are vulnerable to interception and monitoring by attackers.

State the purpose of a VPN. (2 marks)

A VPN encrypts Internet traffic to provide secure communication, especially on public networks.

State the purpose of a password manager. (2 marks)

A password manager stores and generates strong passwords securely.

List three countermeasures against SQL Injection attacks. (3 marks)

Input validation, prepared statements, and parameterized queries.

List three countermeasures against XSS attacks. (3 marks)

Input sanitization, output encoding, and Content Security Policy (CSP).

List three countermeasures against Zero-Day attacks. (3 marks)

Regular software updates, IDS/IPS deployment, and behavioral monitoring.

Define a computer virus. (2 marks)

A computer virus is an executable program that infects and replicates other programs, often causing damage.

List four signs of a virus infection. (4 marks)

Slow system performance, unexplained disk activity, application crashes, and antivirus alerts.

Define a worm. (2 marks)

A worm is a self-contained malware program that spreads between hosts using network communication protocols without requiring a host program.

List four signs of a worm attack. (4 marks)

Increased bandwidth usage, excessive email traffic, reduced disk space, and increased IDS/IPS alerts.

Define a Trojan horse. (2 marks)

A Trojan horse is malware disguised as legitimate software while hiding malicious intent.

List four signs of a Trojan horse infection. (4 marks)

Unknown processes running, redirected websites, disabled antivirus software, and unexpected installation messages.

Define ransomware. (2 marks)

Ransomware is malware that restricts access to systems or files and demands payment to restore access.

Define spyware. (2 marks)

Spyware is software that secretly monitors and collects information about a user's activities.

Define a cookie. (1 mark)

A cookie is a small text file that stores information about a browser session.

Define adware. (2 marks)

Adware is software that displays unwanted advertisements and may track user activity.

Differentiate between adware and spyware. (6 marks)

Adware displays advertisements and tracks user interests mainly for advertising purposes, while spyware secretly monitors user activities and collects data without consent. Adware is generally less harmful than spyware.

List six ways malware threatens businesses. (6 marks)

Attacks against confidentiality, attacks against integrity, attacks against availability, reduced productivity, legal liability, and reputational damage.

List four unsafe computing practices by employees. (4 marks)

Using untrusted media, installing unauthorized software, downloading untrusted files, and sharing unverified attachments.

List four examples of security breaches caused by malware. (4 marks)

Unauthorized access, privilege escalation, data theft, and the release of malicious code into internal networks.

List the three major categories of attack prevention defenses. (3 marks)

Application defenses, operating system defenses, and network infrastructure defenses.

List five application defense controls. (5 marks)

Antivirus scanning, updating virus definitions, scanning removable media, firewalls/IDS deployment, and maintaining logs.

List five operating system defense controls. (5 marks)

Integrity checking, maintaining logs, trusted installations, disabling unnecessary services, and maintaining system consistency.

List five network infrastructure defense controls. (5 marks)

Creating chokepoints, proxy services, content filtering, maintaining IDS signatures, and applying security patches.

Define defense in depth. (3 marks)

Defense in depth is a layered security strategy where multiple security controls protect systems and networks.

List four goals of defense in depth. (4 marks)

Providing multiple security layers, compensating for weaknesses in other layers, increasing overall security, and making attacks more difficult.

Define a network. (2 marks)

A network is a collection of interconnected devices that communicate and share resources.

List three types of networks. (3 marks)

LAN, WLAN, and WAN.

State the function of a router. (2 marks)

A router forwards data between different networks.

State the function of a switch. (2 marks)

A switch connects devices within a network and directs data traffic.

State the function of an access point. (2 marks)

An access point provides wireless network connectivity to devices.

State the function of a server. (2 marks)

A server provides services, resources, or applications to clients on a network.

Define a firewall. (2 marks)

A firewall is a security device or software that monitors and controls network traffic according to security rules.

Define TCP/IP. (2 marks)

TCP/IP is a suite of communication protocols used for transmitting data across networks and the Internet.

State the purpose of SSL/TLS. (2 marks)

SSL/TLS provides secure encrypted communication over networks.

Define DNS. (2 marks)

DNS is a system that translates domain names into IP addresses and vice versa.

State the purpose of SSH. (2 marks)

SSH provides secure remote access to network devices and systems.

List three communication media used in networking. (3 marks)

Twisted pair cable, fiber optic cable, and wireless communication.

Define a Man-in-the-Middle (MITM) attack. (2 marks)

A MITM attack occurs when an attacker intercepts communication between two parties.

List four types of MITM attacks. (4 marks)

Eavesdropping, session hijacking, SSL stripping, and ARP poisoning.

Differentiate between DoS and DDoS attacks. (4 marks)

A DoS attack originates from a single system, while a DDoS attack originates from multiple distributed systems simultaneously.

Define Layer 2 security. (2 marks)

Layer 2 security involves protecting the data link layer of a network from attacks and unauthorized access.

Define ARP spoofing. (2 marks)

ARP spoofing is an attack where false ARP messages are used to associate an attacker's MAC address with another device's IP address.

Define CAM table overflow. (2 marks)

CAM table overflow is an attack that floods a switch with fake MAC addresses to overload its CAM table.

Define MAC spoofing. (2 marks)

MAC spoofing is the process of changing a device's MAC address to impersonate another device.

List the two techniques used in MAC spoofing. (4 marks)

Cloning and MAC address randomization.

Define DHCP spoofing. (3 marks)

DHCP spoofing occurs when a rogue DHCP server provides malicious network configurations to users.

Define DNS poisoning. (2 marks)

DNS poisoning is the corruption of DNS records to redirect users to malicious websites.

Why are wireless networks more vulnerable than wired networks? (2 marks)

Wireless networks use radio waves, making them easier to intercept and access without authorization.

Define WEP and explain why it is insecure. (3 marks)

WEP is a wireless security protocol that uses weak encryption methods and can be easily cracked by attackers.

What encryption method does WPA use? (2 marks)

WPA uses TKIP encryption.

Why is WPA2 more secure than WPA? (3 marks)

WPA2 uses AES encryption, which provides stronger security than TKIP.

List two features of WPA3. (2 marks)

Stronger encryption and support for modern wireless technologies such as Wi-Fi 6.

Define password-based Wi-Fi authentication. (2 marks)

Password-based authentication requires users to provide a shared password to access the wireless network.

Define certificate-based authentication. (2 marks)

Certificate-based authentication uses digital certificates to verify users or devices.

Define 802.1X authentication. (2 marks)

802.1X is a network access control standard that uses a RADIUS server for authentication.

List six network security measures. (6 marks)

Encryption, VPNs, firewalls, IDS, IPS, and network segmentation.

Define authentication. (2 marks)

Authentication is the process of verifying the identity of a user or system.

Differentiate between identification and authentication. (4 marks)

Identification is the act of claiming an identity, while authentication is the process of verifying that identity.

List the three authentication factors. (3 marks)

Something you know, something you have, and something you are.

Give two examples of "something you know". (2 marks)

Passwords and PINs.

Give two examples of "something you have". (2 marks)

Smart cards and mobile devices.

Give two examples of "something you are". (2 marks)

Fingerprints and facial recognition.

Define Single Sign-On (SSO). (2 marks)

Single Sign-On is an authentication process that allows users to access multiple systems using one login session.

Define Multi-Factor Authentication (MFA). (2 marks)

Multi-Factor Authentication requires users to provide two or more authentication factors to verify identity.

Explain how MFA improves security. (3 marks)

MFA improves security by requiring multiple forms of verification, reducing the risk of unauthorized access if one factor is compromised.

Define access control. (2 marks)

Access control is the process of determining who can access resources and what actions they are allowed to perform.

Differentiate between authentication and authorization. (4 marks)

Authentication verifies identity, while authorization determines the level of access granted to a user.

List the five steps of the access control process. (5 marks)

Authenticate, authorize, access, manage, and audit.

Define Role-Based Access Control (RBAC). (2 marks)

RBAC assigns permissions according to a user's role within an organization.

Define Attribute-Based Access Control (ABAC). (2 marks)

ABAC grants access based on attributes such as user role, location, or time.

Define Discretionary Access Control (DAC). (2 marks)

DAC allows resource owners to decide who can access their resources.

Define Mandatory Access Control (MAC). (2 marks)

MAC restricts access according to classifications and security clearances.

Define Policy-Based Access Control (PBAC). (2 marks)

PBAC grants access according to organizational policies and rules.

Define endpoint security. (2 marks)

Endpoint security protects devices such as laptops, desktops, and mobile devices from cyber threats.