5. Security Flashcards
What is the difference between a virus and a worm?
A virus requires user interaction to spread, while a worm spreads automatically across networks.
What is the purpose of two-factor authentication (2FA)?
Enhances security by requiring two forms of verification, such as a password and a mobile code.
What is the role of a firewall?
Monitors and controls incoming and outgoing network traffic based on security rules.
What does encryption do?
Converts data into a coded format to protect it from unauthorized access.
What is the principle of least privilege (PoLP)?
A security concept where users are granted the minimum permissions needed to perform their tasks.
What is the purpose of a firewall?
Monitors and controls incoming and outgoing network traffic based on security rules.
What is two-factor authentication (2FA)?
A security method that requires two forms of verification, such as a password and a phone verification code.
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses one key for encryption and decryption, while asymmetric encryption uses a public and private key pair.
What is the purpose of a VPN (Virtual Private Network)?
Encrypts internet traffic to provide secure communication and anonymity online.
What is a phishing attack?
A type of cyberattack where attackers trick users into providing sensitive information via fraudulent emails or websites.
What is a brute force attack?
A hacking method that tries all possible password combinations to gain unauthorized access.
What is the purpose of antivirus software?
Detects, prevents, and removes malware from a computer or network.
What is social engineering?
A tactic where attackers manipulate individuals into revealing confidential information.
What is the role of encryption in data security?
Protects data by converting it into unreadable formats accessible only with a decryption key.
What is a zero-day vulnerability?
A software flaw unknown to the vendor, often exploited before a fix is available.
What is the difference between a worm and a virus?
A worm spreads independently, while a virus requires a host file to spread.
What is multi-factor authentication (MFA)?
A security system requiring multiple verification methods, such as something you know, have, or are.
What is ransomware?
Malware that locks users out of their data until a ransom is paid.
What is the difference between a public and private key in encryption?
A public key encrypts data, while a private key decrypts it.
What is a man-in-the-middle (MITM) attack?
A cyberattack where an attacker intercepts and alters communication between two parties.
What is a digital certificate?
A certificate issued by a trusted authority to verify the identity of a website or user.
What is the purpose of penetration testing?
Identifies vulnerabilities in a system or network by simulating cyberattacks.
What is a DDoS attack?
A Distributed Denial of Service attack overwhelms a target with traffic, rendering it inaccessible.
What is the purpose of a security policy in an organization?
Defines rules and procedures for maintaining security and protecting assets.
What is the purpose of a hash function in cybersecurity?
Converts data into a fixed-length string, ensuring data integrity by detecting changes.
What is the purpose of a firewall?
Filters network traffic to protect systems from unauthorized access.
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a public and a private key.
What is two-factor authentication (2FA)?
A security process that requires two forms of identification before granting access to a system or service.
What is a VPN (Virtual Private Network)?
A secure, encrypted connection between a device and a network, often used to protect internet traffic.
What is a DDoS (Distributed Denial of Service) attack?
An attack that overwhelms a system with traffic from multiple sources, causing it to become unavailable.
What is a man-in-the-middle (MITM) attack?
An attack where the attacker intercepts communication between two parties without their knowledge.
What is the purpose of an antivirus program?
Detects, prevents, and removes malicious software (malware) from a computer or network.
What is the difference between a virus and a worm?
A virus attaches itself to a program or file, while a worm is a standalone malicious program that spreads across networks.
What is a Trojan horse?
Malicious software disguised as legitimate software that performs harmful actions when executed.
What is the principle of least privilege (PoLP)?
A security principle where users and applications are given the minimum level of access required to perform their tasks.
What is a zero-day vulnerability?
A security flaw that is unknown to the software vendor and can be exploited by attackers.
What is phishing?
A type of social engineering attack where an attacker attempts to trick individuals into revealing sensitive information.
What is multi-factor authentication (MFA)?
A security system that requires multiple forms of authentication (e.g., password, fingerprint, or SMS code).
What is a brute force attack?
An attack that tries every possible password combination until the correct one is found.
What is a dictionary attack?
A type of brute force attack that uses a predefined list of possible passwords.
What is the purpose of a Security Information and Event Management (SIEM) system?
Monitors and analyzes security events in real-time to detect and respond to threats.
What is the role of encryption in securing data?
Protects data by converting it into a format that cannot be read without the proper decryption key.
What is an SSL/TLS certificate?
A digital certificate that provides secure, encrypted communication over the internet.
What is the difference between a public and private key in asymmetric encryption?
A public key is used to encrypt data, while a private key is used to decrypt it.
What is a hash function?
A one-way function that converts data into a fixed-length hash value, used for data integrity checks.
What is a rootkit?
A type of malware designed to hide its presence on a system and maintain privileged access.
What is a sandbox in cybersecurity?
A controlled, isolated environment used to test or analyze suspicious programs without affecting the rest of the system.
What is the purpose of an Intrusion Detection System (IDS)?
Monitors network traffic for signs of unauthorized access or malicious activity.
What is an intrusion prevention system (IPS)?
An active security system that detects and prevents potential security threats in real-time.
What is a digital signature?
A cryptographic technique used to verify the authenticity and integrity of a digital message or document.
What is a vulnerability assessment?
The process of identifying, evaluating, and prioritizing security vulnerabilities in a system or network.
What is a penetration test (pen test)?
A simulated attack on a system to identify vulnerabilities and weaknesses in the security controls.
What is a security patch?
A software update designed to fix security vulnerabilities or bugs in a program.
What is the role of an endpoint protection system?
Protects devices such as computers, smartphones, and tablets from malware and unauthorized access.
What is the principle of defense in depth?
A layered security approach where multiple defense mechanisms are employed to protect systems from threats.
What is a public key infrastructure (PKI)?
A framework for managing digital keys and certificates to enable secure communication and authentication.
What is a honeypot?
A decoy system or service designed to attract and trap cyber attackers in order to study their behavior.
What is a security audit?
A comprehensive review of an organization’s security policies, practices, and systems to identify potential risks.
What is the purpose of a firewall rule?
Specifies the conditions under which network traffic is allowed or blocked by a firewall.
What is data encryption at rest?
Encrypting data stored on a device or server to protect it from unauthorized access when it is not being transmitted.
What is data encryption in transit?
Encrypting data while it is being transmitted over a network to prevent unauthorized access or interception.
What is the role of the security operations center (SOC)?
A team that monitors and responds to security threats in real-time.
What is a whitelist?
A list of approved entities (e.g., IP addresses, email addresses) that are trusted and allowed to access a system or network.
What is a blacklist?
A list of known malicious entities (e.g., IP addresses, websites) that are blocked from accessing a system or network.
What is the difference between a public and private network?
A public network is accessible to everyone, while a private network is restricted to authorized users.
What is the purpose of an access control list (ACL)?
Defines the permissions and access rights for users or devices to resources in a system or network.
What is a cross-site scripting (XSS) attack?
An attack where malicious code is injected into a web page, which is then executed by the victim�s browser.
What is a cross-site request forgery (CSRF) attack?
An attack that tricks the victim into performing an action on a website where they are authenticated, without their consent.
What is a session hijacking attack?
An attack where the attacker steals a valid session token to impersonate the victim and gain unauthorized access.
What is the purpose of a password manager?
A tool that securely stores and manages passwords for websites and applications.
What is a Zero Trust security model?
A security approach that assumes no trust for any user or device, requiring authentication and authorization for all access requests.
What is a certificate authority (CA)?
An entity that issues and manages digital certificates, ensuring the authenticity and integrity of public keys.
What is an incident response plan?
A documented approach for responding to security incidents, ensuring that the organization can quickly and effectively mitigate damage.
What is a remote wipe?
A feature that allows an administrator to erase data from a mobile device remotely in case it is lost or stolen.
What is the role of security awareness training?
Educates employees and users on best practices for protecting sensitive information and avoiding security threats.
What is an advanced persistent threat (APT)?
A prolonged and targeted cyberattack aimed at stealing sensitive information or compromising an organization�s network.
What is a brute force attack?
An attack where an attacker attempts to gain access by trying every possible password or encryption key.
What is a denial of service (DoS) attack?
An attack that aims to make a service or network resource unavailable by overwhelming it with traffic or requests.
What is the difference between black hat, white hat, and gray hat hackers?
Black hat hackers engage in illegal activities, white hat hackers work ethically to protect systems, and gray hat hackers may operate in between the two.
What is an SSL/TLS handshake?
The process of establishing a secure connection between a client and server using SSL/TLS protocols.
What is the purpose of an audit trail?
A record of actions and events that helps track access to sensitive data and can be used for forensic analysis in case of a security breach.
What is the difference between encryption and hashing?
Encryption converts data into a readable format with a decryption key, while hashing generates a fixed-length representation of data that cannot be reversed.
What is the purpose of an access token?
An object that represents the authorization granted to a user or application to access a specific resource.
What is a security patch management process?
The process of identifying, testing, and applying security patches to software and systems to fix vulnerabilities.
What is a security token?
A physical or digital device that generates a one-time passcode for authentication purposes.
What is endpoint detection and response (EDR)?
A security solution that monitors and responds to threats across endpoint devices such as laptops, desktops, and servers.
What is social engineering?
The manipulation of individuals into revealing confidential information or performing actions that compromise security.
What is the difference between authentication and authorization?
Authentication verifies a user’s identity, while authorization determines what actions the user is allowed to perform.
What is the purpose of a patch management system?
To ensure that software updates, including security patches, are applied in a timely and effective manner.
What is an SSL/TLS certificate expiration date?
The date after which an SSL/TLS certificate is no longer valid and must be renewed to ensure secure communication.
What is a VPN kill switch?
A security feature that disconnects a device from the internet if the VPN connection is lost, preventing data from being exposed.
What is a brute-force password attack?
An attack where all possible combinations of passwords are tried until the correct one is found.
What is a botnet?
A network of infected devices controlled by cybercriminals to launch coordinated attacks, often for DDoS or spam purposes.
What is phishing with spoofing?
A phishing attack where the attacker masquerades as a trusted entity, often by modifying the sender’s address to appear legitimate.
What is the purpose of a VPN concentrator?
A device that manages multiple VPN connections and ensures secure communication between remote users and a network.
What is a honeynet?
A network of intentionally vulnerable systems designed to lure cyber attackers and gather intelligence about their tactics.
What is the purpose of a security patch release cycle?
To regularly provide and update security patches to fix vulnerabilities and ensure systems are protected.
What is a Digital Rights Management (DRM) system?
Technology used to control and restrict the use, copying, and distribution of digital content.
What is a ransomware attack?
A type of malware that encrypts a victim’s files and demands payment for the decryption key.
What is a Trojan-backdoor?
A type of Trojan horse malware that opens a backdoor into a system, allowing unauthorized access.