Chapter 1: Introduction to Security

Question 1

The protection of information from harm; protection of the integrity, confidentiality, and availability of information through practices, people, and procedures on the devices that store, manipulate, and transmit information

Answer 1

Information security

Question 2

The CIA triad

Answer 2

Confidentiality
Integrity
Availability

Question 3

An individual or entity responsible for cyber incidents against the technology equipment of enterprises and users

Answer 3

Threat actor (malicious actor, attacker, hacker)

Question 4

The hardware device and OS which run applications, programs, or processes

Answer 4

Platforms

Question 5

Three types of platforms

Answer 5

Legacy
On-premises
Cloud

Question 6

The array of features and security settings that must be properly implemented to repel attacks

Answer 6

Configurations

Question 7

7 weak configurations include …

Answer 7

1. Default settings
2. Open ports and services
3. Unsecured root accounts
4. Open permissions
5. Insecure protocols
6. Weak encryption
7. Errors

Question 8

External entities outside of the org, engaging in outsourced code development, data storage, vendor management, and system integration

Answer 8

Third parties

Question 9

The Principle of the Weakest Link

Answer 9

If the security of the third party has any weaknesses, it can provide an opening for attackers to infiltrate the organization’s computer network

Question 10

An officially released software security update intended to repair a vulnerability

Answer 10

Patches

Question 11

3 patching vulnerabilities include …

Answer 11

1. Difficulty patching firmware
2. Few patches for application software
3. Delays on in patching OSs

Question 12

A vulnerability that is exploited by attackers before anyone else even knows it exists

Answer 12

Zero-day

Question 13

A pathway or avenue used by a threat actor to penetrate a system

Answer 13

Attack vector

Question 14

7 Common attack vectors include …

Answer 14

1. Email
2. Wireless
3. Direct access
4. Social media
5. Removable media
6. Supply chain
7. Cloud

Question 15

Gathering data by relying on the weaknesses of individuals

Answer 15

Social engineering

Question 16

Common psychological principles exploited by social engineering include …

Answer 16

1. Authority
2. Intimidation
3. Consensus
4. Scarcity
5. Urgency
6. Familiarity
7. Trust

Question 17

Influencing a subject before an event occurs

Answer 17

Prepending

Question 18

Masquerading as a real or fictitious character and then playing out the role of that person with a victim

Answer 18

Impersonation

Question 19

Using impersonation to obtain private information

Answer 19

Pretexting

Question 20

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action

Answer 20

Phishing

Question 21

Targeting specific users through email

Answer 21

Spear phishing

Question 22

Targeting wealthy individuals or senior executives within a business through phishing

Answer 22

Whaling

Question 23

Using a telephone to perform a phishing attack

Answer 23

Vishing

Question 24

Using SMS to perform a phishing attack

Answer 24

Smishing

Question 25

Tricking users into visiting malicious websites by exploiting similarly spelled domain names and spelling errors

Answer 25

Redirection

Question 26

Purchasing the domain names of sites that are spelled similarly to actual sites

Answer 26

Typosquatting

Question 27

The registration of domain names one bit different than popular domains

Answer 27

Bitsquatting

Question 28

Exploiting how a URL is converted into its corresponding IP address to redirect traffic away from its intended target to a fake website

Answer 28

Pharming

Question 29

Unsolicited email (or IM) sent to a large number of people

Answer 29

Spam and Spim

Question 30

A false warning often contained in an email message claiming to come from the IT department

Answer 30

Hoaxes

Question 31

An attack directed toward a smaller group of specific individuals, such as the major executives working for a manufacturing company

Answer 31

Watering-hole attack

Question 32

Digging through trash to find information that can be useful in an attack

Answer 32

Dumpster diving

Question 33

Using advanced Google search techniques to look for information that unsuspecting victims have carelessly posted on the web

Answer 33

Google dorking

Question 34

Following an authorized user through a door

Answer 34

Tailgating

Question 35

An employee conspires with an unauthorized person to allow him to walk in with him through an open door

Answer 35

Piggybacking

Question 36

Watching an individual enter a security code on a keypad

Answer 36

Shoulder surfing

Question 37

The destruction of data that cannot be recovered

Answer 37

Data loss

Question 38

Stealing data to distribute it to other parties

Answer 38

Data exfiltration

Question 39

Stealing data to distribute it in an unauthorized way

Answer 39

Data breach

Question 40

Taking personally identifiable information to impersonate someone

Answer 40

Identity theft

Question 41

The loss that results from making systems inaccessible

Answer 41

Availability loss

Question 42

The monetary loss as a result of lost productivity

Answer 42

Financial loss

Question 43

Public perception

Answer 43

Reputation