Chapter 9 & 10 - Security Concepts and Threats/ Best Practices

Question 1

Data

Answer 1

raw values collected by a computer system. It is meaningless until placed in the correct context

Question 2

Information

Answer 2

data that has been process into a form that has meaning and is useful

Question 3

Insight

Answer 3

a meaningful and deep understanding

Question 4

Intellectual Property (IP)

Answer 4

a category of property that includes creations of the human intellect

Question 5

Trademark

Answer 5

a type of intellectual property consisting of a recognizable sign, design, or expression that uniquely identifies one product or service from others

• Nike logo, Pepsi logo

Question 6

Copyright

Answer 6

a type of intellectual property that protects original works of authorship form publication, distribution, and sale without the author’s permission

• Books, songs, movies, software

Question 7

Patent

Answer 7

a type of intellectual property that grants exclusive rights to an invention, which is a product or a process that provides a new way of doing something, or offers a new solution to a problem

• a machine process, formula, or product

Question 8

Digital Product

Answer 8

a product that is sold or distributed as binary computer data

• Software Applications
• Video Downloads
• Computer games
• eBooks

Question 9

Snooping

Answer 9

an attempt to gain access to information that you are not authorized to view

• prevent shoulder surfing, use a privacy screen

Question 10

Eavesdropping

Answer 10

secretly listening to the private conversations or communications of others without their consent in order to gather information

Question 11

Wiretapping

Answer 11

the practice of connection a listening device to a telephone or data line to secretly monitor a conversation

Question 12

Dumpster Diving

Answer 12

the process of investigating a person or business’s trash to find information that can be used in an attack

Question 13

Social Engineering

Answer 13

manipulating, influencing, or deceiving a person in order to gain control over a computer system, or acquire confidential information

Question 14

Single Sign-On (SSO)

Answer 14

a user authentication service that permits a user to use one set of login credentials, like a username and password, to access multiple applications.

Question 15

Permissions

Answer 15

the specific rights or privileges granted to users or software

Question 16

Least Privilege

Answer 16

giving users or systems only the permissions they absolutely need to perform a task or job function and nothing more

Question 17

Logs

Answer 17

are records that provide a chronological account of events in a system. They can track a wide range of activities, from user logins, file accesses, to even the smallest system errors and security breaches

Question 18

Non-Repudiation

Answer 18

a safeguard that guarantees individuals or entities involved in a digital transaction cannot later refute or deny their participation or the legitimacy of their actions

Question 19

Antivirus / Anti-Malware

Answer 19

software designed to detect, prevent, and remove malicious software (malware) from a computer or network, ensuring the device’s safety and integrity

• Signature-based Detection
• Behavioral-based (Heuristic) Detection

Question 20

Host Firewall

Answer 20

software that provides protection to an individual device by monitoring and controlling incoming and outgoing network traffic based on predetermined security rules.

Question 21

Policy

Answer 21

a set of rules that dictate what actions should be taken under various circumstances.

Question 22

Procedure

Answer 22

a set of step-by-step instructions to perform a task

• Standard Operating Procedure

Question 23

Personal Identifiable Information (PII)

Answer 23

any information that can be used to identify an individual

• Name
• Social Security Number
• Date of Birth
• Email Address
• Phone Number

Question 24

Protected Health Information (PHI)

Answer 24

any information about an individual’s health status

• Medical Records
• Healthcare Service

Question 25

Plain Text

Answer 25

data presented in a format that is immediately understandable and accessible. It’s in its most basic, unaltered state, free from any form of encryption or coding.

Question 26

Confidentiality

Answer 26

refers to the ability to keep data and information accessible to ONLY authorized users

Question 27

Integrity

Answer 27

Assurance that the information is trustworthy and accurate

Question 28

Availability

Answer 28

refers to the ability to allow authorized users to access data whenever they need to

Question 29

Hacking

Answer 29

refers to a variety of computer crimes that involve gaining unauthorized access to a computer system, to its data

• stealing passwords or personal information
• gaining remote access to a server or an operating system
• Logging in locally and stealing data

Question 30

Phishing

Answer 30

occurs when an attacker pretends to represent a legitimate organization and asks for verification of the victim’s information such as a password, username, address, credit card information, SSN, etc

• Phishing emails are most common ways people lose their personal info

Question 31

Denial of Service (DoS)

Answer 31

sending enough request to overload a resource or even stopping its operation

Question 32

Brute Force attack

Answer 32

is a trial-and-error method used to get access to certain data such as passwords

Question 33

Man-in-the-Middle

Answer 33

intercepting communications between computers to steal information transiting through the network

Question 34

Key fobs

Answer 34

use RF to get access to certain areas

Question 35

RFID badges/ Key Fobs

Answer 35

use Radio Frequency to get access to certain areas

Question 36

Cable Locks

Answer 36

are mostly used to prevent physical theft of laptops. The lock is usually attached to a metal cable which is ted to a table

Question 37

Man-Traps

Answer 37

A two door system that makes access more difficult though the use of some sort of authentication or multi-authentication method such as biometrics, badges, or a combination of others.

Question 38

Multi-Factor Authentication (MFA)

Answer 38

occurs when multiple protection techniques are used in collaboration to prevent unauthorized access to sensitive data or rooms’

• Physical (Badges, Cell Phone, etc.)
• Private (Pin Code, passwords, On time passwords, security questions, etc.)
• Biometric (Fingerprint, retina scan, etc.)

Question 39

VPN (Virtual Private Network)

Answer 39

is a service that uses an encryption tunnel which encrypts data in transit while making it difficult in seeing the data that is in transmission’

Question 40

SOHO (Small office/home office)

Answer 40

this is the typical router for networks that don’t require dedicated equipment to perform daily functions.

• It is a router, switch, access point, firewall, and sometimes modem all in one device

Question 41

Shoulder Surfing

Answer 41

a physical security threat where an unauthorized person gains access to sensitive information by observing someone’s actions or keystrokes.

• looking over someone shoulder while they are typing in a password or watching them enter a PIN at an ATM

Question 42

Whaling

Answer 42

uses phishing tactics to target high-profile people and professionals

Question 43

Tailgating

Answer 43

a physical attack used to gain access to a restricted area by following someone who is authorized to enter

Question 44

Brute Force Attack

Answer 44

is when attackers use trial and error to guess a password

• run combination for a password

Question 45

Cybersecurity

Answer 45

is the practice of protecting hardware, software, infrastructure, and data from the criminal/unauthorized access

• Viruses
• Social Engineering
• Ransomware
• Rootkits
• Man-in-the-Middle Attacks

Question 46

Encryption

Answer 46

involves encoding data, making it unreadable. This protects data from being read by potential hackers and malicious software

• Decipher the data, and encryption key must be provided
• Unencrypted data is known a s plaintext
• Encrypted data is often referred to as ciphertext

Question 47

Data Capture and Collection

Answer 47

This could be from varying sources, like web server log files or tracking systems used to gather data with scanning sensors.

• Once captured, you must store the data.

Question 48

Meaningful Reporting

Answer 48

Captured data or correlations statics are helpful in making better business decisions only if they can be presented in a way that makes sense to those making the decisions.

Question 49

Data Correlation

Answer 49

Establishing a correlation in data enables an organization to make better business decisions.

• This kind of correlation is often made using special tools that use machine learning and AI.

Question 50

Reconnaissance

Answer 50

A type of social engineering exploit that passively gathers information about a potential victim

• The goal is to get the information needed to further exploit the victim.

Question 51

Email Attacks

Answer 51

A form of social engineering that attempts to exploit a victim using email messages.

Question 52

Spear phishing

Answer 52

a variation of phishing attacks that involves gathering as much information about the victim as possible, like online bank or credit card company.

• The attacker then sends phishing emails that appear to be from the trusted bank or credit card company.

Question 53

Replay Attack

Answer 53

a hacker sniffs the packets between a client and a server in hopes of obtaining
authentication information.

Question 54

Authorization

Answer 54

means creating one or more barriers around the resource such that only
authenticated users can gain access.

• Each resource has a permissions list specifying what users
  can do.
• Resources often have different access levels, for example, being able to read a file or being able to read and edit it

Question 55

Authentication

Answer 55

means one or more methods of proving that a user is who they say they are and
associates that person with a unique computer or network user account.

Question 56

Accounting

Answer 56

means recording when and by whom a resource was accessed.

Question 57

Type 1 Authentication

Answer 57

is something you know

• Personal Identification numbers (PINs)
• Passphrase
• Pattern Lock

Question 58

Type 2 Authentication

Answer 58

is something you have

• Keys
• Hardware tokens like fobs, electronic chips, and smart cards
• Physical location
• Software tokens
• One time password (OTP)

Question 59

Type 3 Authentication

Answer 59

is something you are

• Biometric scanners
• fingerprints
• Handprints
• Retinal patterns
• Face, or voice

Question 60

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Answer 60

is a protocol used to encrypt emails

• It allows the sender to digitally sign and encrypt emails.
• If a user cannot receive attachments aka files then sending an email using cipher text would encrypt the message so that only
  the sender and receiver could read the content of the message.