Chapter 1: Introduction to Security Flashcards

1
Q

The protection of information from harm; protection of the integrity, confidentiality, and availability of information through practices, people, and procedures on the devices that store, manipulate, and transmit information

A

Information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The CIA triad

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An individual or entity responsible for cyber incidents against the technology equipment of enterprises and users

A

Threat actor (malicious actor, attacker, hacker)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The hardware device and OS which run applications, programs, or processes

A

Platforms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Three types of platforms

A

Legacy
On-premises
Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The array of features and security settings that must be properly implemented to repel attacks

A

Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

7 weak configurations include …

A
  1. Default settings
  2. Open ports and services
  3. Unsecured root accounts
  4. Open permissions
  5. Insecure protocols
  6. Weak encryption
  7. Errors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

External entities outside of the org, engaging in outsourced code development, data storage, vendor management, and system integration

A

Third parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Principle of the Weakest Link

A

If the security of the third party has any weaknesses, it can provide an opening for attackers to infiltrate the organization’s computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An officially released software security update intended to repair a vulnerability

A

Patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 patching vulnerabilities include …

A
  1. Difficulty patching firmware
  2. Few patches for application software
  3. Delays on in patching OSs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A vulnerability that is exploited by attackers before anyone else even knows it exists

A

Zero-day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A pathway or avenue used by a threat actor to penetrate a system

A

Attack vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

7 Common attack vectors include …

A
  1. Email
  2. Wireless
  3. Direct access
  4. Social media
  5. Removable media
  6. Supply chain
  7. Cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Gathering data by relying on the weaknesses of individuals

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Common psychological principles exploited by social engineering include …

A
  1. Authority
  2. Intimidation
  3. Consensus
  4. Scarcity
  5. Urgency
  6. Familiarity
  7. Trust
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Influencing a subject before an event occurs

A

Prepending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Masquerading as a real or fictitious character and then playing out the role of that person with a victim

A

Impersonation

19
Q

Using impersonation to obtain private information

A

Pretexting

20
Q

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action

21
Q

Targeting specific users through email

A

Spear phishing

22
Q

Targeting wealthy individuals or senior executives within a business through phishing

23
Q

Using a telephone to perform a phishing attack

24
Q

Using SMS to perform a phishing attack

25
Tricking users into visiting malicious websites by exploiting similarly spelled domain names and spelling errors
Redirection
26
Purchasing the domain names of sites that are spelled similarly to actual sites
Typosquatting
27
The registration of domain names one bit different than popular domains
Bitsquatting
28
Exploiting how a URL is converted into its corresponding IP address to redirect traffic away from its intended target to a fake website
Pharming
29
Unsolicited email (or IM) sent to a large number of people
Spam and Spim
30
A false warning often contained in an email message claiming to come from the IT department
Hoaxes
31
An attack directed toward a smaller group of specific individuals, such as the major executives working for a manufacturing company
Watering-hole attack
32
Digging through trash to find information that can be useful in an attack
Dumpster diving
33
Using advanced Google search techniques to look for information that unsuspecting victims have carelessly posted on the web
Google dorking
34
Following an authorized user through a door
Tailgating
35
An employee conspires with an unauthorized person to allow him to walk in with him through an open door
Piggybacking
36
Watching an individual enter a security code on a keypad
Shoulder surfing
37
The destruction of data that cannot be recovered
Data loss
38
Stealing data to distribute it to other parties
Data exfiltration
39
Stealing data to distribute it in an unauthorized way
Data breach
40
Taking personally identifiable information to impersonate someone
Identity theft
41
The loss that results from making systems inaccessible
Availability loss
42
The monetary loss as a result of lost productivity
Financial loss
43
Public perception
Reputation