Chapter 9 & 10 - Security Concepts and Threats/ Best Practices Flashcards

1.4, 6.1, 6.4

1
Q

Data

A

raw values collected by a computer system. It is meaningless until placed in the correct context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information

A

data that has been process into a form that has meaning and is useful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Insight

A

a meaningful and deep understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Intellectual Property (IP)

A

a category of property that includes creations of the human intellect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Trademark

A

a type of intellectual property consisting of a recognizable sign, design, or expression that uniquely identifies one product or service from others

  • Nike logo, Pepsi logo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Copyright

A

a type of intellectual property that protects original works of authorship form publication, distribution, and sale without the author’s permission

  • Books, songs, movies, software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Patent

A

a type of intellectual property that grants exclusive rights to an invention, which is a product or a process that provides a new way of doing something, or offers a new solution to a problem

  • a machine process, formula, or product
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Digital Product

A

a product that is sold or distributed as binary computer data

  • Software Applications
  • Video Downloads
  • Computer games
  • eBooks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Snooping

A

an attempt to gain access to information that you are not authorized to view

  • prevent shoulder surfing, use a privacy screen
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Eavesdropping

A

secretly listening to the private conversations or communications of others without their consent in order to gather information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Wiretapping

A

the practice of connection a listening device to a telephone or data line to secretly monitor a conversation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Dumpster Diving

A

the process of investigating a person or business’s trash to find information that can be used in an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Social Engineering

A

manipulating, influencing, or deceiving a person in order to gain control over a computer system, or acquire confidential information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Single Sign-On (SSO)

A

a user authentication service that permits a user to use one set of login credentials, like a username and password, to access multiple applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Permissions

A

the specific rights or privileges granted to users or software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Least Privilege

A

giving users or systems only the permissions they absolutely need to perform a task or job function and nothing more

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Logs

A

are records that provide a chronological account of events in a system. They can track a wide range of activities, from user logins, file accesses, to even the smallest system errors and security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Non-Repudiation

A

a safeguard that guarantees individuals or entities involved in a digital transaction cannot later refute or deny their participation or the legitimacy of their actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Antivirus / Anti-Malware

A

software designed to detect, prevent, and remove malicious software (malware) from a computer or network, ensuring the device’s safety and integrity

  • Signature-based Detection
  • Behavioral-based (Heuristic) Detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Host Firewall

A

software that provides protection to an individual device by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Policy

A

a set of rules that dictate what actions should be taken under various circumstances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Procedure

A

a set of step-by-step instructions to perform a task

  • Standard Operating Procedure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Personal Identifiable Information (PII)

A

any information that can be used to identify an individual

  • Name
  • Social Security Number
  • Date of Birth
  • Email Address
  • Phone Number
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Protected Health Information (PHI)

A

any information about an individual’s health status

  • Medical Records
  • Healthcare Service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Plain Text

A

data presented in a format that is immediately understandable and accessible. It’s in its most basic, unaltered state, free from any form of encryption or coding.

26
Q

Confidentiality

A

refers to the ability to keep data and information accessible to ONLY authorized users

27
Q

Integrity

A

Assurance that the information is trustworthy and accurate

28
Q

Availability

A

refers to the ability to allow authorized users to access data whenever they need to

29
Q

Hacking

A

refers to a variety of computer crimes that involve gaining unauthorized access to a computer system, to its data

  • stealing passwords or personal information
  • gaining remote access to a server or an operating system
  • Logging in locally and stealing data
30
Q

Phishing

A

occurs when an attacker pretends to represent a legitimate organization and asks for verification of the victim’s information such as a password, username, address, credit card information, SSN, etc

  • Phishing emails are most common ways people lose their personal info
31
Q

Denial of Service (DoS)

A

sending enough request to overload a resource or even stopping its operation

32
Q

Brute Force attack

A

is a trial-and-error method used to get access to certain data such as passwords

33
Q

Man-in-the-Middle

A

intercepting communications between computers to steal information transiting through the network

34
Q

Key fobs

A

use RF to get access to certain areas

35
Q

RFID badges/ Key Fobs

A

use Radio Frequency to get access to certain areas

36
Q

Cable Locks

A

are mostly used to prevent physical theft of laptops. The lock is usually attached to a metal cable which is ted to a table

37
Q

Man-Traps

A

A two door system that makes access more difficult though the use of some sort of authentication or multi-authentication method such as biometrics, badges, or a combination of others.

38
Q

Multi-Factor Authentication (MFA)

A

occurs when multiple protection techniques are used in collaboration to prevent unauthorized access to sensitive data or rooms’

  • Physical (Badges, Cell Phone, etc.)
  • Private (Pin Code, passwords, On time passwords, security questions, etc.)
  • Biometric (Fingerprint, retina scan, etc.)
39
Q

VPN (Virtual Private Network)

A

is a service that uses an encryption tunnel which encrypts data in transit while making it difficult in seeing the data that is in transmission’

40
Q

SOHO (Small office/home office)

A

this is the typical router for networks that don’t require dedicated equipment to perform daily functions.

  • It is a router, switch, access point, firewall, and sometimes modem all in one device
41
Q

Shoulder Surfing

A

a physical security threat where an unauthorized person gains access to sensitive information by observing someone’s actions or keystrokes.

  • looking over someone shoulder while they are typing in a password or watching them enter a PIN at an ATM
42
Q

Whaling

A

uses phishing tactics to target high-profile people and professionals

43
Q

Tailgating

A

a physical attack used to gain access to a restricted area by following someone who is authorized to enter

44
Q

Brute Force Attack

A

is when attackers use trial and error to guess a password

  • run combination for a password
45
Q

Cybersecurity

A

is the practice of protecting hardware, software, infrastructure, and data from the criminal/unauthorized access

  • Viruses
  • Social Engineering
  • Ransomware
  • Rootkits
  • Man-in-the-Middle Attacks
46
Q

Encryption

A

involves encoding data, making it unreadable. This protects data from being read by potential hackers and malicious software

  • Decipher the data, and encryption key must be provided
  • Unencrypted data is known a s plaintext
  • Encrypted data is often referred to as ciphertext
47
Q

Data Capture and Collection

A

This could be from varying sources, like web server log files or tracking systems used to gather data with scanning sensors.

  • Once captured, you must store the data.
48
Q

Meaningful Reporting

A

Captured data or correlations statics are helpful in making better business decisions only if they can be presented in a way that makes sense to those making the decisions.

49
Q

Data Correlation

A

Establishing a correlation in data enables an organization to make better business decisions.

  • This kind of correlation is often made using special tools that use machine learning and AI.
50
Q

Reconnaissance

A

A type of social engineering exploit that passively gathers information about a potential victim

  • The goal is to get the information needed to further exploit the victim.
51
Q

Email Attacks

A

A form of social engineering that attempts to exploit a victim using email messages.

52
Q

Spear phishing

A

a variation of phishing attacks that involves gathering as much information about the victim as possible, like online bank or credit card company.

  • The attacker then sends phishing emails that appear to be from the trusted bank or credit card company.
53
Q

Replay Attack

A

a hacker sniffs the packets between a client and a server in hopes of obtaining
authentication information.

54
Q

Authorization

A

means creating one or more barriers around the resource such that only
authenticated users can gain access.

  • Each resource has a permissions list specifying what users
    can do.
  • Resources often have different access levels, for example, being able to read a file or being able to read and edit it
55
Q

Authentication

A

means one or more methods of proving that a user is who they say they are and
associates that person with a unique computer or network user account.

56
Q

Accounting

A

means recording when and by whom a resource was accessed.

57
Q

Type 1 Authentication

A

is something you know

  • Personal Identification numbers (PINs)
  • Passphrase
  • Pattern Lock
58
Q

Type 2 Authentication

A

is something you have

  • Keys
  • Hardware tokens like fobs, electronic chips, and smart cards
  • Physical location
  • Software tokens
  • One time password (OTP)
59
Q

Type 3 Authentication

A

is something you are

  • Biometric scanners
  • fingerprints
  • Handprints
  • Retinal patterns
  • Face, or voice
60
Q

S/MIME (Secure/Multipurpose Internet Mail Extensions)

A

is a protocol used to encrypt emails

  • It allows the sender to digitally sign and encrypt emails.
  • If a user cannot receive attachments aka files then sending an email using cipher text would encrypt the message so that only
    the sender and receiver could read the content of the message.