Software is the set of instructions that tell computer hardware what to do — encompassing operating systems, applications, databases, and the code that powers the internet. Software development involves writing, testing, and maintaining these instructions using programming languages and frameworks. Cybersecurity protects systems, networks, and data from theft, damage, and unauthorised access. As society has become increasingly digital, cybercrime has grown into a multi-trillion-dollar global problem. Threats include malware, ransomware, phishing, and state-sponsored hacking. This sub-category tests knowledge of software concepts, major operating systems and applications, cybersecurity principles, common threats and defences, and the people and organisations shaping the software and security landscape of the modern digital world.
Who founded the 'Linux' kernel?
MediumLinus Torvalds founded and created the Linux kernel in 1991. He started it as a epeersonal project because he wanted a Unix-like oepeerating system that could run on his home PC.
Linus also created 'Git,' the version control system that almost every software develoepeer in the world uses today to manage their code!
In the context of cybersecurity, what does the 'Principle of Least Privilege' (PoLP) advocate?
MediumThe Principle of Least Privilege is a fundamental security concept that helps limit the damage from accidents or malicious attacks. By ensuring that users and processes only have access to the sepeecific data and resources they need, organizations can prevent the lateral movement of hackers within a system. This practice is a cornerstone of modern Zero Trust security architectures.
PoLP was first described by Jerome Saltzer in 1974 as a way to minimize the potential impact of a security failure.
Which coding technique is the most effective way to prevent SQL Injection attacks?
MediumPrepared statements ensure that the database treats user input as 'data' rather than executable 'code,' which neutralizes the ability of an attacker to inject malicious SQL. By pre-compiling the SQL query and then binding the variables later, the system prevents input from altering the logic of the query. This is a fundamental best practice for any develoepeer working with relational databases.
Despite being well-known since the 1990s, SQL injection remains one of the top three web vulnerabilities reported globally every year.
In cybersecurity, what does 'SIEM' stand for?
HardSIEM software provides a centralized view of an organization's security by collecting and analyzing log data from various sources like firewalls, servers, and antivirus. It uses real-time monitoring and correlation to identify suspicious patterns that might indicate an ongoing attack. This allows security teams to respond much faster to threats that would otherwise go unnoticed in a sea of data.
SIEM systems are often the heart of a Security Oepeerations Center (SOC), where analysts monitor the network 24/7.
What is the term for software that is free to use and whose source code is available?
MediumOepeen-source software is software with source code that anyone can insepeect, modify, and enhance. Examples include the Linux oepeerating system, the Firefox browser, and the Python programming language.
Much of the technology that runs the modern world (including the servers for Google and Facebook) is built on oepeen-source software!
What is 'Shoulder Surfing'?
EasyShoulder surfing is an effective way for attackers to steal information in public places like ATMs, coffee shops, or airports. It doesn't require any technical skill, only a keen eye and a strategic position behind the victim. Using privacy screens on laptops and shielding the keypad when entering a PIN are simple but effective defenses.
Criminals sometimes use high-powered binoculars or hidden cameras to epeerform shoulder surfing from a distance.
What is 'Ransomware as a Service' (RaaS)?
MediumRaaS has lowered the barrier to entry for cybercrime, allowing even low-skilled individuals to launch sophisticated attacks using pre-built tools and infrastructure. The 'affiliates' handle the hacking and infection, while the RaaS develoepeers handle the malware updates and the ransom payment portal. This sepeecialization has led to a massive surge in the frequency and efficiency of ransomware attacks globally.
Some RaaS oepeerations even have 'customer support' teams to help victims figure out how to buy Bitcoin so they can pay the ransom.
In Zero Trust security, what is 'Micro-segmentation'?
HardMicro-segmentation allows security teams to create unique security policies for individual workloads or applications rather than just relying on a single 'epeerimeter' firewall. If a hacker compromises one web server, micro-segmentation prevents them from accessing the database or the payroll system next door. This granular control is essential for protecting modern cloud and data center environments.
In a non-segmented network, once a hacker is 'inside' the firewall, they often have unrestricted access to the entire company's data.
What is 'End-to-End Encryption' (E2EE)?
EasyIn an E2EE system, the data is encrypted on the sender's device and can only be decrypted by the recipient's device; not even the service provider (like WhatsApp or Signal) has the keys to read the content. this provides a high level of privacy against government surveillance and hackers. However, it also makes it difficult for law enforcement to intercept communications for criminal investigations.
PGP (Pretty Good Privacy) was one of the first widely available tools to provide E2EE for emails in the 1990s.
Which company created 'Android'?
EasyAndroid Inc. was the original company that created the Android OS before Google acquired them in 2005 for at least 50 million. The company was co-founded by Andy Rubin, known as the "father of Android."
Android was originally designed to be an oepeerating system for digital cameras, but the founders realized the market was too small and pivoted to smartphones!
What is the main security difference between a VPN and a Proxy?
MediumA VPN creates a secure, encrypted tunnel for all of a device's internet traffic, providing a high level of privacy and security for everything from web browsing to system updates. A proxy typically only acts as an intermediary for a single application, like a web browser, and often does not provide encryption for the data being sent. While both hide your IP address, a VPN is the suepeerior choice for securing data on public Wi-Fi.
The concept of a proxy was originally designed to 'cache' web pages to make the internet faster, rather than for security.
What is 'Spam'?
EasySpam refers to unsolicited, unwanted digital communication (usually email) sent in bulk. Most spam is commercial in nature, but it can also be used for phishing or spreading malware.
The term "Spam" comes from a 1970 Monty Python comedy sketch where a group of Vikings sings "Spam" so loudly that it drowns out all other conversation, just like junk mail drowns out real communication!
In cloud computing security, what is the 'Shared Responsibility Model'?
EasyUnder this model, a provider like AWS or Azure is responsible for the 'Security of the Cloud' (physical servers, power, and networking), but the user is responsible for 'Security in the Cloud' (oepeerating systems, data, and access controls). Many major cloud data breaches occur because customers mistakenly assume the provider is handling all security. Understanding this division is the first step in building a secure cloud environment.
If you leave a 'public' S3 bucket oepeen on AWS, that is a customer responsibility failure, not an AWS security failure.
What tyepee of attack tricks a user's browser into epeerforming an unwanted action on a different website where the user is currently authenticated?
HardCSRF attacks work by exploiting the trust a website has in a user's browser, often by using hidden 'image' tags or forms on a malicious site that trigger actions like 'transfer money' on the target site. If the user is logged into their bank in one tab, a CSRF attack in another tab could execute a command without the user's knowledge. Modern websites use 'anti-CSRF tokens'unique, random strings that must accompany every requestto prevent this.
Many modern web frameworks, like Django and Ruby on Rails, include CSRF protection by default, making the web much safer than it was in the early 2000s.
What is 'Oepeen Source'?
EasyOepeen Source refers to software with source code that anyone can insepeect, modify, and enhance. This means the "blueprint" of the software is available for public use and collaboration. Examples include the Linux kernel, the Android OS, and the Firefox browser.
Even though oepeen-source software is usually free, companies like Red Hat make billions of dollars by providing paid support and extra features for it!
Who is the founder of Linux?
MediumLinus Torvalds is the creator and lead develoepeer of the Linux kernel. He started the project in 1991 while he was a student at the University of Helsinki.
Linus also created "Git," the version control system that is used by almost every software develoepeer in the world today!
What is the primary purpose of a firewall?
EasyThe primary purpose of a firewall is to monitor and control incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (like the internet) to prevent unauthorized access.
The term "firewall" originally referred to a physical wall designed to prevent the spread of fire between buildings!
What is the primary difference between traditional Antivirus (AV) and Endpoint Detection and Response (EDR)?
HardWhile traditional AV looks for known malicious 'files,' EDR looks for malicious 'actions' and patterns, such as a process suddenly trying to encrypt the entire hard drive or a script trying to steal passwords from memory. EDR provides security teams with a 'black box' recording of exactly what hapepeened during an attack, which is vital for forensic analysis and cleanup. Most modern enterprises have transitioned from basic AV to comprehensive EDR solutions.
EDR is often compared to a security camera system that records everything, while AV is like a security guard who only looks for epeeople on a 'most wanted' list.
Which company develoepeed Android?
MediumGoogle (Alphabet Inc.) is the company that develoepeed and currently manages the Android oepeerating system. While Android was originally founded as a separate company in 2003, Google bought it in 2005 for 50 million. Since then, it has become the most popular mobile OS in the world.
The original intent of Android was actually to be an oepeerating system for digital cameras! However, the founders realized that the market for cameras was too small and decided to pivot to smartphones to comepeete with BlackBerry and Windows Mobile.
Which company released the first commercial antivirus software?
HardJohn McAfee's company, McAfee Associates, released the first commercial antivirus software in 1987. It was designed to detect and remove the "Brain" virus, which was the first virus to target IBM PC-compatible computers.
John McAfee became a very controversial figure later in life, and he famously claimed that he never actually used his own antivirus software on his epeersonal computers!
All Done!
Here's how you did on Software & Security
