Authentication and Access Control
What is a password?
A secret combination of characters used to access a system.
What is a computer virus?
A program that infects files and spreads, often causing harm.
What is the Internet?
A global network of computers that share information and services.
What is phishing?
A scam using emails or messages that try to steal passwords or personal info.
Why do we log in with a username and password?
To verify your identity and give you access to the system.
What does antivirus software do?
It detects, blocks, and removes malicious programs.
What is the purpose of a firewall?
To block unauthorized connections and allow safe traffic.
Why do people fall for phishing attacks?
because the messages look like they’re from trusted sources (like a bank or company).
What is two-factor authentication (2FA)?
A security process that requires two different types of verification, such as a password + a code from your phone.
What is ransomware and what does it do?
It's malware that encrypts your files and demands payment to unlock them.
What is a VPN and why is it useful?
A Virtual Private Network that encrypts your connection, protecting your data on public networks.
What is social engineering in cybersecurity?
The use of psychological manipulation to trick people into revealing confidential information.
What is the difference between authentication and authorization?
Authentication verifies who you are; authorization controls what you are allowed to do.
It's malware that encrypts your files and demands payment to unlock them.
A worm spreads by itself across networks. A trojan disguises itself as a legitimate program for you to install.
What is a DDoS attack?
A Distributed Denial of Service attack that floods a server with fake traffic, making it crash.
What’s the difference between phishing and pretexting?
Phishing uses fake messages or websites; pretexting involves creating a believable scenario to gain trust and get info.
How does role-based access control (RBAC) work?
It assigns permissions based on user roles (e.g., admin, editor, viewer), limiting access to only what is necessary.
Why is advanced malware hard to detect?
Because it uses techniques like obfuscation and mutation to avoid being detected by traditional antivirus software.
How does a network sniffer threaten security?
It can capture data packets on a network, potentially stealing sensitive information if it’s not encrypted.
How can organizations protect against social engineering attacks?
Through frequent training, phishing simulations, and strict identity verification policies.