chap1

Question 1

Great businesses have been created by __________ and __________ the power of data and data analytics

Answer 1

Collecting and Harnessing

Question 2

This group of criminals breaks into computers or networks to gain access for various reasons.

Answer 2

Hackers

Question 3

Break into networks or computer systems to discover weaknesses in order to improve the security of these systems.

Answer 3

White hat hackers

Question 4

Somewhere between white and black hat attackers. These attackers may find a vulnerability and report it to the owners of the system if that action coincides with their agenda.

Answer 4

Gray hat hackers

Question 5

Are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks.

Answer 5

Black hat hackers

Question 6

Teenagers or hobbyists mostly limited to pranks and vandalism, have little or no skill, often using existing tools or instructions found on the Internet to launch attacks.

Answer 6

Script Kiddies

Question 7

Grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.

Answer 7

Vulnerability Brokers

Question 8

Grey hat hackers who rally and protest against different political and social ideas. They publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks.

Answer 8

Hacktivists

Question 9

These are black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, they are responsible for stealing billions of dollars from consumers and businesses.

Answer 9

Cyber Criminals

Question 10

Depending on a person’s perspective, these are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate to some degree in state-sponsored hacking.

Answer 10

State Sponsored Hackers

Question 11

The Nation Common Vulnerabilities and Exposures (CVE) database is an example of the development of a national database. The CVE National Database was developed to provide a publicly available database of all know vulnerabilities.

Answer 11

Vulnerability Database

Question 12

The Honeynet project is an example this system. The project provides a HoneyMap which displays real-time visualization of attacks.

Answer 12

Early Warning Systems

Question 13

InfraGard is an example of widespread sharing of cyber intelligence. The InfraGard program is a partnership between the and the private sector. The participants are dedicated to sharing information and intelligence to prevent hostile cyberattacks.

Answer 13

Share Cyber Intelligence

Question 14

The ISO 27000 standards are an example of Information Security Management Standards. The standards provide a framework for implementing cybersecurity measures within an organization.

Answer 14

ISM Standards

Question 15

The ISACA group track law enacted related to cyber security. These laws can address individual privacy to protection of intellectual property. Examples of these laws include Cybersecurity Act, Federal Exchange Data Breach Notification Act and the Data Accountability and Trust Act.

Answer 15

New Laws

Question 16

Is the possibility that a harmful event, such as an attack, will occur.

Answer 16

Cybersecurity threat

Question 17

Is a weakness that makes a target susceptible to an attack.

Answer 17

Cyber vulnerability

Question 18

Criminals use __________ tools to capture data streams over a network. Works by monitoring and recording all information coming across a network.

Answer 18

Packet-sniffing

Question 19

Criminals can also use __________, such as unsecured Wi-Fi access points.

Answer 19

Rogue devices

Question 20

Interferes with an established network communication by constructing packets to appear as if they are part of a communication.

Answer 20

Packet forgery (or packet injection)

Question 21

On a __________ level, everyone needs to safeguard his or her identity, data, and computing devices.

Answer 21

Personal level

Question 22

At the __________ level, it is the employees’ responsibility to protect the organization’s reputation, data, and customers.

Answer 22

Corporate level

Question 23

At the __________ level, national security and the citizens’ safety and well-being are at stake.

Answer 23

State level

Question 24

In the U.S., the __________ is responsible for intelligence collection and surveillance activities.

Answer 24

National Security Agency (NSA)

Question 25

Have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices.

Answer 25

Internal threats

Question 26

An __________ , such as an employee or contract partner, can accidently or intentionally spread threats

Answer 26

Internal user

Question 27

From amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access.

Answer 27

External threats

Question 28

BYOD stands for.

Answer 28

Bring Your Own Device

Question 29

Is the result of data sets that are large and complex, making traditional data processing applications inadequate.

Answer 29

Big data

Question 30

Big data poses both challenges and opportunities based on three dimensions:

Answer 30

Volume or amount of data, velocity or speed of data, variety or range of data types and sources.

Question 31

Is a continuous computer hack that occurs under the radar against a specific object. Criminals usually use this for business or political motives.

Answer 31

Advanced persistent threat (APT)

Question 32

Can track system self-reporting data, like how much energy a computer is using, and use that information to select targets or trigger false alerts.

Answer 32

Algorithm attacks

Question 33

Algorithmic attacks are more __________ because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies.

Answer 33

Devious

Question 34

Refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group.

Answer 34

Federated identity management

Question 35

The goal of __________ is to share identity information automatically across castle boundaries.

Answer 35

Federated identity management

Question 36

The most common way to protect federated identity is to__________ to an authorized device.

Answer 36

tie login ability

Question 37

Uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through.

Answer 37

Telephone denial of service (TDoS) attack

Question 38

The next generation 911 call centres are vulnerable because they use __________ systems rather than traditional landlines.

Answer 38

Voice-over-IP (VoIP) systems

Question 39

Created a framework for companies and organizations in need of cybersecurity professionals.

Answer 39

National Institute of Standards and Technologies (NIST)

Question 40

Includes the identification, analysis, and mitigation of threats to internal systems and networks.

Answer 40

Protect and Defend

Question 41

Includes the investigation of cyber events and/or cybercrimes involving IT resources.

Answer 41

Investigate

Question 42

Includes specialized denial and deception operations and the collection of cybersecurity information

Answer 42

Collect and Operate

Question 43

Includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence

Answer 43

Analyze

Question 44

Provides for leadership, management, and direction to conduct cybersecurity work effectively

Answer 44

Oversight and Development

Question 45

Includes conceptualizing, designing, and building secure IT systems

Answer 45

Securely Provision

Question 46

CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance.

Answer 46

CompTIA Security+ (SY0-701)

Question 47

Is an intermediate-level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices.

Answer 47

EC-Council Certified Ethical Hacker (CEH)

Question 48

A good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for “hands-on” security roles.

Answer 48

SANS GIAC Security Essentials (GSEC)

Question 49

Is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience.

Answer 49

(ISC)² Certified Information Systems Security Professional (CISSP)

Question 50

Cybersecurity specialists responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM.

Answer 50

ISACA Certified Information Security Manager (CISM)

Question 51

Validates that a cybersecurity specialist has the knowledge and skills required to secure Cisco networks.

Answer 51

Cisco Certified Network Associate Security (CCNA Security)

Question 52

These certifications measure knowledge and competency in installing, configuring, and maintaining vendor products.

Answer 52

Company Sponsored Certifications

Question 53

SANS stands for.

Answer 53

SysAdmin, Audit, Network, and Security

Question 54

IISSCC stands for.

Answer 54

International Information Systems Security Certification Consortium

Question 55

MS-ISAC stands for.

Answer 55

Multi-State Information Sharing and Analysis Center

Question 56

FIRST stands for.

Answer 56

Forum of Incident Response and Security Teams

Question 57

INFOSYSSEC stands for.

Answer 57

Information Systems Security