Chapter 7

Question 1

complex ensemble of techniques, technologies, regulations, and behaviors that collaboratively protect the integrity of and access to computer systems and data

Answer 1

Information Security

Question 2

Confidentiality

Answer 2

characteristic of something made accessible to authorized parties only

Question 3

Integrity

Answer 3

characteristic of not having been altered by an unauthorized party

Question 4

Availability

Answer 4

characteristic of being accessible and usable during a specified time period.

Question 5

Authenticity

Answer 5

is the characteristic of something having been provided by an authorized source

Question 6

Non-repudiation

Answer 6

inability of a party to deny or challenge the authentication of an interaction

Question 7

Security Controls

Answer 7

Counter measures used to prevent or respond to security threats and reduce/avoid risk

Question 8

Security Mechanisms

Answer 8

are components comprising a defensive framework that protects IT resources, information, and services

Question 9

Counter measures are typically described in terms of

Answer 9

security mechanisms

Question 10

Security policy

Answer 10

establishes a set of security rules and regulations and how they’re implemented

Question 11

Risk

Answer 11

is the potential unwanted and unexpected loss that may result from a give action

Question 12

Vulnerability

Answer 12

flaw, gap or weakness in an IT env that leaves an organization open to breaches

Question 13

occurs when an attacker is able to take advantage of vulnerabiltiy

Answer 13

exploit

Question 14

vulnerability that an organization is either unaware of or for which it has not been able to yet provide a patch or fix

Answer 14

Exploit

Question 15

any incident that may result in unauthorized access to information or systems.

Answer 15

Security Breach

Question 16

type of security breach whereby an attacker is able to steal confidential information.

Answer 16

data breach

Question 17

data leak

Answer 17

occurs when sensitive info os shared with an unauthorized party without an attack taking place

Question 18

potential attack that poses danger or risk

Answer 18

threat

Question 19

… when a treat is carried out by an attacker

Answer 19

attack

Question 20

Different types of attackers

Answer 20

cyber criminals
malicious users
cyber activists
state-sponsored attackers

Question 21

attacker that has successfully gained unauthorized access

Answer 21

intruder

Question 22

attack vector

Answer 22

path an attacker takes to exploit vulnerabilities

Question 23

collection of attack vector

Answer 23

attack surface

Question 24

an entity that poses a threat because it is capable of carrying out an attack

Answer 24

threat agent

Question 25

Anonymous attacker

Answer 25

non-trusted cloud service consumer without permission and exploits using network-level attacks

Question 26

able to intercept and forward network traffic

Answer 26

malicious service agent

Question 27

trusted attacker(malicious tenants)

Answer 27

abuses the trust boundary in a cloud environment to exploit legitimate credentials to access confidential info

Question 28

Malicious insiders

Answer 28

human threat agents acting on behalf or in relation to a cloud provider

Question 29

Traffic eavesdropping

Answer 29

a cyber threat where data transferred is intercepted by a malicious service agent passively

Question 30

Malicious intermediary

Answer 30

messages are intercepted and altered by a malicious service agent

Question 31

DoS

Answer 31

overload IT resources so that can't function properly

Question 32

Insufficient Authorization

Answer 32

occurs when access is granted to an attacker too broadly

Question 33

Variation of insufficient authorization

Answer 33

weak authentication

Question 34

Virtualization attack

Answer 34

exploits vulnerabilities in the virtualization platform to jeopardize its confidentiality, integrity, and/or availability

Question 35

Explain one-service per physical server deployment

Answer 35

a method to mitigate containerization attack where all containers deployed on a host are the same

Question 36

software program designed to cause harm

Answer 36

malware

Question 37

Types of malware

Answer 37

1. Virus - spread by infecting and replicating 2. Trojan - appears to be legitimate service 3. Spyware - type of malware that collects information 4. Adware - unwanted ads 5. Ransomware - restricts data access and requires ransom 6. Crypto jacking - practice of using browser based programs that run scripts in web content

Question 38

Insider threat

Answer 38

potential damage that can be inflicted by an organization’s staff and others that may have access to the organization’s premises or systems

Question 39

Common types(3) of insider threat

Answer 39

malicious accidental negligent

Question 40

form of social engineering that uses electroning comms to send fraudulent data

Answer 40

phishing

Question 41

Bots and Botnets

Answer 41

Bots - programs that can receive remote instructions and perform attacks. They are type of malware. Botnet - a swarm of bots to carry out attacks