CS Flashcards
(197 cards)
1
Q
What is cybersecurity?
A
-protecting against cyber threats and attacks
2
Q
Common method used by cybercriminals to trick users into revealing sensitive information
A
Phishing
3
Q
Name common cybersecurity threats
A
- Malware
- Randomware
- Social engineering
4
Q
What is the first line of defense in cybersecurity
A
Employee training and awareness
5
Q
Type of malware locks users out of their systems and demands a ransom to restore access
A
Ransomware
6
Q
‘VPN’ stands for in cybersecurity
A
Virtual private network
7
Q
Purpose of penetration testing in cybersecurity
A
Find and fix vulnerabilities in system
8
Q
Cybersecurity concept involves restricting access to sensitive information only to authorized users
A
Access control
9
Q
Cybersecurity protocol ensures that data transmitted between a user’s browser and website s server is secure
A
HTTPS
10
Q
Purpose of MFA
A
Multi-factor authentication
To add an extra layer of security by requiring multiple forms of verification
11
Q
Cybersecurity practice that involves regularly creating copies of data to prevent data loss in case of cyber incident
A
Data backup
12
Q
“Zero day vulnerabilities “ in CS
A
Vulnerability that has not yet been discovered or patched
13
Q
Purpose of firewall in CS
A
Prevent unauthorized access to a network
14
Q
Most common CS risk associated with using public wi-fi networks
A
Man in the middle attacks
15
Q
Main goal of social engineering attacks in CS
A
To trick individuals into revealing sensitive information
16
Q
Small piece of code that spreads from one computer to another often causing harm
A
Worm
17
Q
Type of attack that floods a target system with excessive traffic to overload and disrupt its operations
A
DDos attack
18
Q
Purpose of regular software updates and patches
A
To fix security vulnerabilities and bugs
19
Q
“IoT “ stand for
A
Internet of things
20
Q
CS measure involves encoding data so that only authorized parties can access and read it
A
Data encryption
21
Q
CS practice involves removing all data from a storage device to ensure it cannot be recovered
A
Data destruction
22
Q
Person or group of people who carry out cyber attacks for malicious purposes
A
Black hat hacker cuz hide like punk scared in dark
23
Q
Primary purpose of CS awareness training for employees
A
Make employees aware of CS threats and best practices
24
Q
Practice of regularly reviewing and auditing security measures in place to identify vulnerabilities
A
Vulnerability assessment
25
Purpose of virtual machine in CS
To create a secure network for testing software
26
Practice involves assigning specific permissions and access levels to users based on their roles
Least privilege
27
Involves breaking up a network into smaller segments to limit the spread of cyber threats
Network segmentation
28
Purpose of a honeypot in CS
Attract cyber criminals and study their tactics
29
CS attack that targets a specific individual or organization
Targeted attack
30
Primary goal of CS
Ensuring data privacy and security
31
Purpose of a firewall
Filtering network traffic and blocking unauthorized access
32
“Phishing” refers to in CS
Manipulating people to disclose sensitive information
33
Which of following is example of a strong password
A) 123456
B) Password123
C) P@ssw0rd
D) Username1234
C)
34
“Malware” stands for
Malicious software
35
Purpose of encryption
Hiding sensitive data from attackers
36
Best practices for handling suspicious emails or messages
Ignoring them and deleting them immediately
37
CS measure helps protect against software vulnerabilities and bugs
Regular software patching and updates
38
Practice of tricking individuals into revealing their login credentials or personal information by pretending to be a trustworthy entity
Phishing
39
MFA
Multi factor authentication
It uses several different types of authentication methods
40
Attack that floods a network with excessive traffic to disrupt its normal operations
DDoS attack
Distributed denial of service
41
Purpose of VPN
Virtual private network
Providing secure and private communication over public network
42
Main goal of red team in CS context
Testing system vulnerabilities and weaknesses
43
CS principle focuses on limiting user access to only the resources necessary to perform their job functions
Least privilege
44
Malicious software that restricts access to a computer system or files until a ransom is paid
Ransomware
45
Involves segmenting a network into smaller zones to contain potential threats and limit their impact
Network isolation
46
“Social engineering “ refers to
Manipulating people to divulge sensitive information
47
CS practice involves analyzing and investigating security incidents to identify the cause and extent of a breach
Incident management
48
CS attack intercepts and modifies communication between two parties without their knowledge
Man in the middle attack
49
Purpose of a disaster recovery plan in CS
Providing step by step instructions to respond to and recover from a disaster
50
Best practice for securing passwords
Creating complex and unique passwords for each account
51
Purpose of security risk assessment in CS
Evaluating security controls and vulnerabilities
52
Helps prevent unauthorized physical access to sensitive areas of organization
Biometric authentication
53
Example of CS incident
Unintentional exposure of sensitive information
54
Primary goal of penetration test in CS
Identifying and fixing security vulnerabilities
55
Emphasizes use of multiple layers of defense to protect against various threats
Defense in depth
56
Example of a CS best practice for employees
Reporting suspicious emails or activities to IT or security teams
57
Primary purpose of a security information and event management (SIEM) system
Analyzing and correlating security events across the network
58
Example of CS control for data protection
Encryption of sensitive data
59
CS principle involves not trusting any entity, both inside and outside the organization and continuously verifying access before granting it
Zero Trust
60
Primary goal of CS
Preventing cyberattacks
61
Example of social engineering attack
A) brute force attack
B) SQL injection
C) phishing
D) denial of service (DDoS)
C- phishing
62
What does S stand for in HTTPS
Secure
63
Purpose of firewall in CS
Prevent unauthorized access to a network
64
CS attack aims to render a system or network unavailable
DDoS denial of service attack
65
Best practice for creating strong passwords
Combining uppercase, lowercase letters, numbers and special characters
66
“Zero day vulnerability “ refers to
Vulnerability that is unknown to the software vendor
67
Individuals should only have access to resources they need to perform their tasks
Least privilege
68
Purpose of 2-factor authentication (2FA)
Adding an extra layer of security by requiring two forms of identification
69
DDoS
Distributed denial of service
70
Primary purpose of VPN (virtual private network)
Creating a secure and encrypted connection over the internet
71
Program that spreads from one computer to another without the user s knowledge and interferes with computer operations
Worm
72
Type of CS attack aims to gain unauthorized access to system by trying different password combinations
Brute force attack
73
Example of hardware based authentication factor
Biometric fingerprint scanner
74
Process of converting data into a secret code to prevent unauthorized access
Encryption
75
What does I stand for in SIEM (security information and event management)
Information
76
Primary purpose of a honeypot
Collecting threat intelligence
77
Best practice to protect sensitive data when disposing of old hard drives
Use disk wiping software to overwrite data
78
Involves updating software and systems with the latest security patches and fixes
Patch management
79
Emphasizes use of multiple layers of security controls to protect against various attack vectors
Defense in depth
80
C stand for in CIA triad
Confidentiality integrity availability
Continuity
81
Attacker masquerades as a trusted entity to deceive individuals or gain unauthorized access
Phishing
82
Ransomware attack
Blocking access to a computer system until a ransom (or set fee) is paid
83
Categorizing data based on its sensitivity and criticality
Data classification
84
Purpose os Security Operations Center (SOC) in CS
Investigating and responding to security incidents
85
Malware disguises itself as legitimate but performs malicious activities in background
Spyware
86
Main purpose of incident response plan in CS
Responding effectively to security incidents
87
Principle emphasizes importance of verifying the identity of users before granting them access to resources
User authentication
88
Attack that intercepts and alters communication between two parties without their knowledge
Man in the middle attack (MitM)
89
Primary goal of CS
To prevent unauthorized access and protect sensitive data
90
Common example of social engineering
Sending phish emails to trick users into revealing their passwords
91
Process of converting plaintext into unreadable ciphertext to protect sensitive data
Encryption
92
Security principle emphasizes idea of using multiple layers of security controls
Defense in depth
93
Security testing method involves simulating real world attacks to identify vulnerabilities
Penetration testing
94
Main purpose of firewall in network security
Prevent unauthorized access to the network
95
“Phishing”
Sending deceptive emails to trick users into revealing sensitive information
96
Purpose of “intrusion detection system “
To detect and respond to suspicious activities or security breaches
97
Security control involves hiding complex technical details to simplify security management
Abstraction
98
Process of evaluating and prioritizing security vulnerabilities in a system or network
Vulnerability assessment
99
Encryption key management practice protects encryption keys from unauthorized access
Key protection
100
Security principle suggests that security mechanisms should not rely solely on secrecy
Open design
101
Purpose of a VPN
Virtual private network
Provide secure remote access to the network
102
What does C stand for in CIA Triad , a fundamental concept of information security
Confidentiality
103
Security testing method involves analyzing the source code of an application to identify security vulnerabilities
Security code review
104
Purpose of a security incident response plan
To provide guidelines for responding to and managing security incidents
105
Security control aims to limit the impact of a security breach by dividing a system into smaller, isolated components
Compartamentalizing
106
Primary goal of security risk assessment
Identify and prioritize security risks based on their potential impact
107
Prevent unauthorized users from accessing a specific resource
Authorization
108
Security testing method involves sending unexpected and random inputs to an application to identify vulnerabilities
Fuzz testing (fuzzing)
109
Purpose of implementing data loss prevention (DLP) solutions
To monitor and protect sensitive data from unauthorized transmission
110
Primary goal of security compliance assessments
Verify whether security practices comply with industry regulations and standards
111
Security control that ensures access to resources is validated and authorized every time it is requested
Complete mediation
112
Purpose of a security incident response team (SIRT)
To coordinate and respond to security incidents
113
Security control aims to simplify security mechanisms and avoid unnecessary complexity
Least common mechanism
114
Security principle involves ensuring that users are not surprised or confused by system behavior
Least astonishment
115
CS attack is disguised as a trustworthy entity to steal sensitive information
Phishing
116
Authentication factor involves physical chrcs like fingerprints
Something you are
117
Best practice to protect sensitive data when it is not in use
Encryption at rest
118
CS term refers to software that disguises itself as a legitimate program but is malicious
Trojan horse
119
CS concept involves assigning access rights based on predefined roles
Role based access control (RBAC)
120
CS attack that exploits weak passwords to gain unauthorized access to system
Brute force attack
121
First step in CS incident response team
Identification
122
CS concept involves tricking users into revealing sensitive info through psy manipulation
Social engineering
123
CS concept involves securely disposing of old computer hardware to prevent data breaches
Secure disposal of assets
124
CS practice of hiding sensitive data in image or another file format
Stenography
125
CS measure involves using predefined rules to block or allow network traffic
Firewall
126
Process of identifying and addressing potential vulnerabilities in a system or application
Penetration testing
127
Purpose of Honeypot
Luring hackers into a controlled environment to monitor their activities
128
Analyzing and responding to security events and incidents
Incident response
129
Monitoring network traffic for suspicious activities or anomalies
Intrusion detection system (IDS)
130
Primary goal of distributed denial of service DDoS attack
Disrupt or shut down a service or website
131
Process of capturing and analyzing network traffic to detect and prevent threats
Packet sniffing
132
Security mechanism can prevent unauthorized access to a network by acting as a barrier between internal and external networks
Firewall
133
Purpose of penetration test
Identify vulnerabilities in the network
134
CS attack involves manipulating individuals into revealing sensitive information
Phishing attack
135
SIEM stand for
Security information and event management
136
Cs measure helps prevent unauthorized data disclosure by monitoring and blocking transmission of sensitive information
Data loss prevention (DLP)
137
“Zero trust”
Do not trust any user or device by default
138
Type of social engineering attack that relies on urgent and alarming messages to trick users into taking immediate action
Baiting
139
Main goal of threat hunting
Investigating and proactively searching for hidden threats
140
Dividing network into smaller, isolated segments to limit the impact act of a security breach
Network segmentation
141
CS mechanism uses automated tools to scan for known vulnerabilities in systems and networks
Vulnerability scanning
142
Attackers attempt to guess passwords by trying all possible combinations
Brute force attack
143
Purpose of honeypot in CS
Attracting and trapping attackers
144
Example of two factor authentication
Using a password and pin to log in
145
“UEBA” stand for
User and entity behavior analytics
146
Primary purpose of a web Application Firewall (WAF)
Blocking malicious web traffic and attacks
147
CS measure aims to prevent unauthorized access by granting users access based on their roles and responsibilities
Access controls
148
Type of malware that spreads through networks without user interaction
Worm
149
CSRF stands for
Cross site request forgery
150
Security principle assumes that both internal and external networks are potentially compromised, and access should be strictly authenticated and verified
Zero trust
151
Primary purpose of a network intrusion detection system (NIDS)
Monitoring network traffic for suspicious activities
152
CS mechanism involves recording keystrokes to capture sensitive information such as passwords and credit card details
Keylogging
153
CS attack involves redirecting website traffic to a fraudulent website to steal sensitive information
Pharming attack
154
Primary purpose of bug bounty programs in CS
Encouraging security researchers to find and report vulnerabilities
155
CS framework provides guidelines and best practices for securing information systems and networks
NIST cybersecurity framework
156
Encryption algorithm is commonly used for securing data and passwords
AES
157
Security vulnerability that allows an attacker to inject malicious code into web application s database
Cross site scripting (XSS)
158
Involves sending deceptive emails to trick recipients into revealing sensitive information or clicking on malicious links
Phishing attack
159
Encryption algorithm uses a pair of keys : public key for encryption and private key for decryption
RSA
160
Cybersecurity framework provides guidelines and best practices for securing information systems and networks
NIST cybersecurity framework
161
Encryption algorithm is commonly used for securing data and passwords
AES
162
Term for malicious software that disguises itself as legitimate software to trick users
Trojan
163
CS concept involves ensuring data remains unchanged and can be verified as genuine
Integrity
164
CS concept involves redundant protective measures to secure organization s assets
Defense in depth
165
CS term refers to code based attack that spreads through infected files and software
Virus
166
Involves hiding internal IP addresses from external networks
NAT ( network address translation)
167
CVE stand for
Common vulnerabilities and exposures
168
HTTPS indicate in a website URL
Hypertext transfer protocol secure
169
CS attack involves exploiting software vulnerabilities to gain unauthorized access
Exploit attack
170
Best practice for securely disposing of sensitive documents or data
Shredding the physical documents and using secure data deletion for digital files
171
Primary goal of CS
Minimize the impact of cyber threats
172
C stand for in CIA triad
Confidentiality
173
Type of malware spread by attaching itself to other programs
Worm
174
CS technology inspects network traffic to block malicious content and unauthorized access
Firewall
175
A stand for in theCIA triad
Availability
176
CS practice involves separating network segments to limit spread of a cyber attack
Defense in depth
177
CS regulation is aimed at protecting privacy of personal data for EU citizens
GDPR
178
CS regulation is aimed at protecting the privacy of personal health information
HIPAA
179
CS principle focuses on limiting the impact of a security breach as it occurs
Incident response
180
CS regulation is aimed at protecting consumers financial information
GLBA
181
CS technology monitors and analyzes network traffic for suspicious behavior
Intrusion detection system (IDS)
182
CS regulation is aimed at protecting personal data of California residents
CCPA
183
CS principle ensures data is accurate and trustworthy
Integrity
184
Main goal of intrusion detection system
Monitor network activity for suspicious behavior
185
Cs technology scans and analyzes files for known malware signatures
Antivirus software
186
CS attack involves sending unauthorized commands to a web applications database through input fields
SQL injection attack
187
Practice of tricking individuals into revealing their passwords by pretending to be a Legitimate entity
Social engineering
188
CS protocol encrypts data transmission over a network connection
HTPPS
189
VPN stand for
Virtual private network
190
CS principle ensures that data is accessible and usable when needed
Availability
191
CS defense mechanism uses heuristics and behavior analysis to detect new and unknown threats
Antivirus software
192
CS attack involves redirecting users to a fake website that mimics legitimate one to steal their login credentials
Pharming attacks
193
Primary role of security operations center (SOC)
Monitor network traffic and security alerts
194
Piece of code or software designed to exploit a vulnerability in system
Malware
195
Ca principle ensures that data is only accessible to authorized individuals or systems
Confidentiality
196
Practice of securing software applications against security vulnerabilities during development
Secure coding
197
Ca measure protects network by filtering and blocking incoming and outgoing traffic based on predefined rules
Firewall
