Ethics and Law/Hacking
Secure Communication
Cryptography
Network Threats
Security Solutions
100

What is the main purpose of the Privacy Act 1988?

Privacy protection

100

What type of encryption uses the same key to both encrypt and decrypt data?

Symmetric encryption

100

What type of cipher shifts letters by a fixed number?

Caesar cipher

100

What type of threat floods a network to make it unavailable?

DoS attack

100

What security tool scans and removes malicious software?

Anti-malware

200

What does Australian Privacy Principle (APP) 11 require organisations to do?

Take reasonable steps to protect personal data from misuse, loss, and unauthorised access.

200

What makes asymmetric encryption more suitable than symmetric for exchanging data securely over the internet?

Key pair system/public+private key

200

What attack checks all possible keys until the correct one is found?

Brute force

200

Which network threat can occur even when a user is connected to a secure-looking (HTTPS) site and doesn’t realize the data is being intercepted?

Man-in-the-middle

200

What device controls incoming and outgoing network traffic based on rules?

Firewall

300

How is ethical hacking different from malicious hacking?

Permission

300

Which key is used to encrypt data that only the receiver can decrypt?

Receiver’s public key

300

What technique is often used to break substitution ciphers?

Frequency analysis

300

What type of attack exploits a website’s failure to validate or sanitize user input, allowing attackers to run database commands?

SQL injection

300

What is the purpose of an access control list (ACL) in a network?

Restrict access

400

What role does a red team play in penetration testing?

Simulate attacks

400

What ensures the sender of a message is authentic in asymmetric encryption?

Digital signature

400

What is the name of a modern symmetric encryption algorithm widely used today?

AES

400

What makes zero-day vulnerabilities difficult to defend against?

Unknown flaw

400

What type of system monitors and blocks suspicious activity in real-time?

Intrusion prevention system

500

Why might an organisation be legally required to notify the public after a data breach?

NDB scheme (privacy amendment)

500

What allows a user to verify that a public key belongs to a trusted entity?

Certificate authority

500

What encryption algorithm uses large prime numbers and is asymmetric?

RSA

500

How can compromised credentials lead to both internal and external threats simultaneously?

External access as insider

500

How does regular user training reduce the effectiveness of social engineering attacks?  

Prevent human error  

M
e
n
u