CYBER 160 Module 1~ Introduction to Security

Question 1

tasks of securing digital information, whether manipulated by micro processor (personal computer) or a storage device or transmitted over a network

Answer 1

Information Security

Question 2

3 protections over information (CIA)

Answer 2

Confidentiality, Integrity, Availability

Question 3

individual or entity responsible for cyber incidents against the technology equipment of enterprises and users

Answer 3

threat actor or malicious actor

Question 4

attacker who violates computer security for personal gain

Ex: steal credit card numbers or inflicts mailicous damage (corrupts a hard drive)

Answer 4

black hat hacker

type of hacker

Question 5

attackers that study’s a system with the organization permission for weakness and privately provides that information to the organization

Answer 5

white hat hackers

type of hacker

Question 6

attacker who attempts to break into a computer system without an organizations permission to publically disclose the attack and shame the organization into taking action

Answer 6

gray hat hackers

type of hacker

Question 7

individual who wants to perform attacks, yet lack the technical knowledge to carry them out

Answer 7

script kiddes

type of threat actor

Question 8

attacker strongly motivated by beliefs or principles

Answer 8

Hactivist

Question 9

government sponsored attackers who launch cyber attacks against the foes of the states

Answer 9

state actors

Question 10

class of attacks that uses innovative attack tools to affect and silently extract data over an extended period of time

Answer 10

Advanced persistent threat (APT)

most commonly associated with state actors

Question 11

attacker that manipultaes data from a position of a trusted employee

Answer 11

Insider threat

Ex: healthcare worker passed on for a promotion might sell celebrity health care records to the media

Question 12

threat actor who moved from traditional criminal activiries to more rewarding and less risky online attacks

Answer 12

cryminal sindicates

Question 13

a system that consists of the hardware device and operating system that runs software such as application programs or processes

Answer 13

platform

Question 14

platform thats no longer in widespread use because its been replaced by an updated version of the eearlier technology

Answer 14

legacy platform

Question 15

software and technology located with in the physical confines of an enterprise which is usually stronger in the company’s data center

Answer 15

on-premises platform

Question 16

pay per use computing model in which customer pay for the resources they need

Answer 16

cloud platform

Question 17

configuration settings that aren’t properly implemented, resulting, invulnerabilities

Answer 17

weak configurations

Question 18

default settings set by vendor for usability and ease and not for security

Answer 18

default settings

Question 19

unprotected account that gives unrestricted access to all resources

Answer 19

unsecure root accounts

Question 20

user access over files that should have been restricted

Answer 20

open permissions

Question 21

using protocols for telecommunicatioin that don’t provide adequate protection

Answer 21

insecure or unsecure protocols

Question 22

external entities outside of the organization

Answer 22

third parties

Ex: marketing agencies,landscapers, attorneys

Question 23

contracting with the third parties to assist organizations in developtment and writing of software programs

Answer 23

outsourced code development

Question 24

third party facilities used for storing important data

Answer 24

data storage

Question 25

used to monitor and manage interactions with third parts that they have relationships with

Answer 25

vendor management

Question 26

connectivity between systems of an organization and its third parties

Answer 26

system intergration

Question 27

officially released software security update intended to repair a vulnerability

Answer 27

patch

Question 28

vulnerability exploited by attackers before anyone else even know it exhists

Answer 28

zero day

Question 29

pathway or avenue used by a threat actor to penetrate a system

Answer 29

attack vector

Question 30

attack vector in which a threat actor can gain direct physical access to a computer

Answer 30

direct access

Question 31

gathering data by relying on the weakness of individuals

Answer 31

social engineering

Question 32

using social engineering to sway attention and sympathy in a particular direction

Answer 32

influence campaigns

Question 33

influence campaign used on social media and other resources

Answer 33

Hybrid warfare influence campaign

Question 34

influencing a subject before an event occurs

Answer 34

prepending

Question 35

using impersonation to obtain private information

Answer 35

pretexting

Question 36

sending an email or web announcement falsely claiming to be a legitimate enterprise to trick user to surrendering personal information

Answer 36

phising

Question 37

targets specific users

Answer 37

spear phising

Question 38

targeting wealthy individuals or senior executives with a buisness

Answer 38

whaling (type of spear phising)

Question 39

using a telephone call to perform a phising

Answer 39

vishing (voice phising)

Question 40

using short messages services (SMS) text mesages to perform phising

Answer 40

smishing (text phising)

Question 41

purchasing domain names of sites that are spelled similarly to actual sites

Answer 41

typo squatting

Ex: google.net instead of google.com

Question 42

exploiting a URL converted into a corresponding IP address to redirect traffic a way to fake website

Answer 42

pharming

Question 43

when an attacker directs a user to fake look alike site

Answer 43

redirection

Question 44

unsolicited email sent to large number reipients

Answer 44

spam

Question 45

spam delivered through imessage instead of email

Answer 45

spim

Question 46

false warning oftem contained in email claiming to come from IT department

Answer 46

hoax

Question 47

attack directed toward a smaller group of specific individual

Answer 47

water hole attack

Ex: major executives working for a manufacturing company

Question 48

digging thorugh trash to find information that can be useful in a an attack

Answer 48

dumpster driving

Ex: calendars,policy manuals, memos

Question 49

following an authorized user through a door

Answer 49

tailgating

Question 50

watching an indivual enter a security code in on a keypad

Answer 50

shoulder surfing