Quiz # 02

Give brief and short answers of following questions.

1. How to reset a password-protected BIOS configuration? (03)
Method 1: If a BIOS or CMOS password is forgotten, in some cases it may be possible
to use a generic BIOS password to bypass the unknown password. Using a generic BIOS
password, you can change the password to a different password. but we cannot guarantee
any of these passwords work on your computer.
Method 2: On the computer motherboard, locate the BIOS clear or password jumper or
DIP switch and change its position. This jumper is often labeled CLEAR, CLEAR
CMOS, JCMOS1, CLR, CLRPWD, PASSWD, PASSWORD, PSWD or PWD. To clear,
remove the jumper from the two pins currently covered, and place it over the two
remaining jumpers. An example of the various jumper positions is shown in the image.
Some computers may also clear the password by keeping the jumper open (one or no pins

covered).
Method 3: Removing the CMOS battery, like the one shown in the picture, causes the
system to lose all CMOS settings, including the BIOS password. Locate and remove the
CMOS battery from the motherboard for at least five minutes, then replace the battery
and turn the computer back on.
2. How to make the user authentication process more secure? (03)

  Activate multifactor authentication functionality whenever possible for all of your

accounts.
  Do not re-use your passwords. Cybercriminals work under the assumption that many
users re-use passwords, hence their high success rates for compromising accounts.
  Use single sign-on functionality combined with multifactor authentication in order to
reduce the risk of account compromise.
  Use a password manager.
  Generate strong and unique passwords or passphrases according to the latest
guidelines available, for each individual website and service. This is where password
managers come in handy.
  Check if any your accounts appear in existing data breaches and act immediately by
changing your passwords for the services identified.
  Many websites offer password reminder functionalities. Make sure you do not rely on
easily retrievable personal information to reset your password, e.g., name of your pet,
your date of birth, your high school, etc.
  Make use of VPNs or at least mobile access points when accessing e-Banking or other
private services from public Wi-Fi.
  Be aware of your surroundings in lounges, airports, trains and cafés, and make sure
there is nobody behind you trying to snoop your password. This is where screen privacy
filters come in handy.
  Do not leave your devices unattended/unlocked in public spaces such as hotels, public
transport, lounges, etc.
3. What are the risks associated with public Wi-Fi? (03)

 Theft of Personal Information. One of the most serious and common threats
concerns theft of personal information.
 Cyber Attacks on Businesses.
 Man-In-The-Middle Attacks.
 Unencrypted Connections.
 Packet Sniffing / Eavesdropping.
 Malware Distribution.
 Session Hijacking.

4. What do you see as the objective of information security within a business or

organization? (03)

The primary information security objective is to protect information assets against threats
and vulnerabilities, to which the organization’s attack surface may be exposed. Taken
together, threats and vulnerabilities constitute information risk. Ensuring that security
objectives are met and risk mitigated will benefit an organization by contributing to:

 Business continuity
 Operational Efficiency
 Cost Effectiveness

5. What are the possible results of an attack on a computer network? (03)

Here we are presenting some basic class of attacks which can be a cause for slow network
performance, uncontrolled traffic, viruses etc. Attacks to network from malicious nodes.
Attacks can be categories in two:

1. Active attack
 Spoofing
 Modification
 Wormhole
 Sinkhole
 Sybil

2. Passive attack
 Traffic analysis
 Eavesdropping
 Monitoring

6. Speaking of your home network, do you have a Wireless Access Point, and if so, how
do you defend it? (03)

Yes, I have a Wireless Access Point.

 There are many ways but I will recommend apply MAC address filter.
Only allow trusted devices simple easy and enough.
There are many methods of protecting a WAP, but the three most popular are: employing
MAC address filtering, using WPA2, and not broadcasting the SSID. This is yet another
attempt by an employer to see what matters to you personally in terms of security. After
all, people tend to prefer the best things for themselves!

7. How do you deal with “Man In The Middle” attacks? (03)

  Educate your employees regarding the most common cyber-attacks, cyber threats and

what they should to avoid compromising the security of your organization.
  Make sure that your employees don’t use public networks.
  Employ VPNs (Virtual Private Network) in order to ensure the secure connections
from your organization.
  Secure your e-mails by employing SSL/TLS. Moreover, you can also
consider PGP/GPG encryption as well.
  Make a habit of regularly auditing your networks and devices. Also monitor the
activity there so that you can instantly notice any unusual activities.
  Don’t forget to update your browsers. Make sure that your organization always uses
the latest version of secure browsers.
  Get browser plugins like Force TLS of HTTPS Everywhere to secure the sensitive
online transactions.
  Separate your Wi-Fi networks. Make sure that guests don’t use your internal network.
  Install high technology, capable intrusion detection systems.
  Implement two-factor authentication.

8. You get a phone call from a very influential executive high up on the organizational
chart. He or she tells you to bend company policy to suit them and let them use their
home device to do company work. What do you do? (03)

This is another case of letting someone higher than you make the decision. Send the
question/request up to your manager and let them sort it out. This is far outside of your
realm. Let your boss deal with the higher-up.