Course 1- Foundations of Cybersecurity

Question 1

Cybersecurity (or security)

Answer 1

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

Question 2

Cloud security

Answer 2

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users.

Question 3

Internal threat

Answer 3

A current or former employee, external vendor, or trusted partner who poses a security risk.

Question 4

Network security

Answer 4

The practice of keeping an organization’s network infrastructure secure from unauthorized access.

Question 5

Personally identifiable information (PII)

Answer 5

Any information used to infer an individual’s identity.

Question 6

Security posture

Answer 6

An organization’s ability to manage its defense of critical assets and data and react to change.

Question 7

Sensitive personally identifiable information (SPII)

Answer 7

A specific type of PII that falls under stricter handling guidelines.

Question 8

Technical skills

Answer 8

Skills that require knowledge of specific tools, procedures, and policies.

Question 9

Threat

Answer 9

Any circumstance or event that can negatively impact assets.

Question 10

Threat actor

Answer 10

Any person or group who presents a security risk.

Question 11

Transferable skills

Answer 11

Skills from other areas that can apply to different careers.

Question 12

Adversarial artificial intelligence (AI)

Answer 12

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently.

Question 13

Business Email Compromise (BEC)

Answer 13

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.

Question 14

CISSP

Answer 14

Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium.

Question 15

Computer virus

Answer 15

Malicious code written to interfere with computer operations and cause damage to data and software.

Question 16

Cryptographic attack

Answer 16

An attack that affects secure forms of communication between a sender and intended recipient.

Question 17

Hacker

Answer 17

Any person who uses computers to gain access to computer systems, networks, or data.

Question 18

Malware

Answer 18

Software designed to harm devices or networks.

Question 19

Password attack

Answer 19

An attempt to access password secured devices, systems, networks, or data.

Question 20

Phishing

Answer 20

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Question 21

Physical attack

Answer 21

A security incident that affects not only digital but also physical environments where the incident is deployed.

Question 22

Physical social engineering

Answer 22

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Question 23

Social engineering

Answer 23

A manipulation technique that exploits human error to gain private information, access, or valuables.

Question 24

Social media phishing

Answer 24

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack.

Question 25

Spear phishing

Answer 25

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.

Question 26

Supply-chain attack

Answer 26

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

Question 27

USB baiting

Answer 27

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.

Question 28

Vishing

Answer 28

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Question 29

Watering hole attack

Answer 29

A type of attack when a threat actor compromises a website frequently visited by a specific group of users.

Question 30

Asset

Answer 30

An item perceived as having value to an organization.

Question 31

Availability

Answer 31

The idea that data is accessible to those who are authorized to access it.

Question 32

Compliance

Answer 32

The process of adhering to internal standards and external regulations.

Question 33

Confidentiality

Answer 33

The idea that only authorized users can access specific assets or data.

Question 34

Confidentiality, integrity, availability (CIA) triad

Answer 34

A model that helps inform how organizations consider risk when setting up systems and security policies.

Question 35

Hacktivist

Answer 35

A person who uses hacking to achieve a political goal.

Question 36

Health Insurance Portability and Accountability Act (HIPAA)

Answer 36

A U.S. federal law established to protect patients' health information.

Question 37

Integrity

Answer 37

The idea that the data is correct, authentic, and reliable.

Question 38

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Answer 38

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 39

Privacy protection

Answer 39

The act of safeguarding personal information from unauthorized use.

Question 40

Protected health information (PHI)

Answer 40

Information that relates to the past, present, or future physical or mental health or condition of an individual.

Question 41

Security architecture

Answer 41

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats.

Question 42

Security controls

Answer 42

Safeguards designed to reduce specific security risks.

Question 43

Security ethics

Answer 43

Guidelines for making appropriate decisions as a security professional.

Question 44

Security frameworks

Answer 44

Guidelines used for building plans to help mitigate risk and threats to data and privacy.

Question 45

Security governance

Answer 45

Practices that help support, define, and direct security efforts of an organization.

Question 46

Sensitive personally identifiable information (SPII)

Answer 46

A specific type of PII that falls under stricter handling guidelines.

Question 47

Antivirus software

Answer 47

A software program used to prevent, detect, and eliminate malware and viruses.

Question 48

Database

Answer 48

An organized collection of information or data.

Question 49

Data point

Answer 49

A specific piece of information.

Question 50

Intrusion detection system (IDS)

Answer 50

An application that monitors system activity and alerts on possible intrusions.

Question 51

Linux

Answer 51

An open-source operating system.

Question 52

Log

Answer 52

A record of events that occur within an organization’s systems.

Question 53

Network protocol analyzer (packet sniffer)

Answer 53

A tool designed to capture and analyze data traffic within a network.

Question 54

Order of volatility

Answer 54

A sequence outlining the order of data that must be preserved from first to last.

Question 55

Programming

Answer 55

A process that can be used to create a specific set of instructions for a computer to execute tasks.

Question 56

Protecting and preserving evidence

Answer 56

The process of properly working with fragile and volatile digital evidence.

Question 57

Security information and event management (SIEM)

Answer 57

An application that collects and analyzes log data to monitor critical activities in an organization.

Question 58

SQL (Structured Query Language)

Answer 58

A query language used to create, interact with, and request information from a database.