Cyber Definitions COPY

Question 1

Attack surface

Answer 1

The attack surface of a software-based system is the sum of the different locations (logical or physical) where a threat actor can try to enter or extract data. Reducing the attack surface as small as possible is a primary security measure.

Question 2

AV

Answer 2

Antivirus is a type of security software that scans for, detects, blocks, and eliminates malware. AV programs will run in the background, scanning for known malware signatures and behavior patterns that may indicate the presence of malware.

Question 3

Brute-force attack

Answer 3

A brute force attack is an attempt to decipher a username-password combination by trial and error. It is performed with software designed to try large samples of known username-password combinations. This method is an old attack method, but it’s still useful and popular with hackers.

Question 4

Cryptoworm:

Answer 4

A form of malware that spreads like a worm and encrypts victims’ data.

Question 5

Data breach

Answer 5

A data breach refers to a security event where unauthorized users steal sensitive information from an organization’s IT systems. Often, stolen data is personally identifiable information (PII) or financial information, both of which are valuable on the dark web.

Question 6

EDR

Answer 6

Endpoint detection and response is a type of security tool that focuses on detecting and mitigating suspicious activity on devices and hosts. The value of EDR is the ability to detect advanced threats that may not have a recorded behavioral pattern or malware signature.

Question 7

Firewall

Answer 7

A firewall is a network security system that monitors and controls the network traffic based on specific security rules. A firewall usually establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.

Question 8

Honeypot

Answer 8

A honeypot is a piece of software code designed to detect, deflect, and counteract attempts at unauthorized use of information systems. A honeypot consists of data appearing to be a legitimate part of the site but is isolated and monitored. The data seems to contain information, or a resource of value, to attackers, who are then blocked.

Question 9

IPS

Answer 9

An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats. Intrusion prevention systems continuously monitor a network, looking for possible malicious incidents, then capturing and reporting information about them.

Question 10

Malware

Answer 10

Malware is malicious software that propagates via an email attachment or a link to a malicious website. It infects the endpoints when a user opens the attachment or clicks on the link.

Question 11

NIST

Answer 11

The National Institute of Standards and Technology (NIST) is a non-regulatory entity under the umbrella of the United States Department of Commerce. NIST Publication Series 800 provides a comprehensive listing of information security measures and controls based on extensive research.

Question 12

Phishing/Spearphishing

Answer 12

A malicious email that tricks users into surrendering their user credentials. The email may appear legitimate as if coming from a bank and ask the user to reset their password. Phishing attacks take advantage of mass email programs. In a spearphishing attack, an individually crafted email targets a specific key executive or decision-maker.

Question 13

Ransomware

Answer 13

Ransomware is a class of malicious software that prevents the end-user from accessing a system or data. The most common form is crypto ransomware. This type of ransomware makes data or files unreadable through encryption and requires a decryption key to restore access. Another form, locker ransomware, locks access rather than encrypting data. Attackers typically request a payment, often in the form of bitcoins, to decrypt files or restore access.

Question 14

Ransomware attack

Answer 14

During a ransomware campaign, hackers often use phishing and social engineering to get a computer user to click on an attachment or a link to a malicious website. Some types of ransomware attacks, however, don’t require user action because they exploit site or computer vulnerabilities to deliver the payload. Once a system is infected, the attack will launch an on-screen notification with the ransom demand.

Question 15

Risk management framework

Answer 15

: A Risk Management Framework provides a disciplined and structured process that integrates information security and risk management tasks into the system development life cycle. Essential components of an RMF include identification, measurement and assessment, mitigation, reporting and monitoring, and governance.

Question 16

Security misconfigurations

Answer 16

Security misconfigurations result from the improper implementation of security controls on devices, networks, cloud applications, firewalls, and other systems. They can lead to data breaches, unauthorized access, and other security incidents. Misconfigurations can include anything from default admin credentials, open ports, and unpatched software, to unused web pages and unprotected files.

Question 17

SOC

Answer 17

A security operations center (SOC) is a central location where cybersecurity personnel carry out threat detection and incident response processes. They employ security technologies that make up an organization’s security operations.

Question 18

SQL injection

Answer 18

A SQL injection is a technique that inserts structured query language (SQL) code into a web application database. Web applications use SQL to communicate with their databases. Attackers can use SQL injections to perform actions such as retrieval or manipulation of the database data, spoofing user identity, and executing remote commands.

Question 19

Tor

Answer 19

Tor is free and open-source software used to enable anonymous communication. Its name is derived from an acronym for the original software project name “The Onion Router” and is sometimes referred to as such. Tor directs Internet traffic through a free, worldwide, overlay network consisting of more than seven thousand relays. It conceals a user’s location and usage from anyone conducting network surveillance or traffic analysis.

Question 20

VA

Answer 20

Vulnerability assessment is the process of identifying, classifying, and prioritizing vulnerabilities in digital business systems. Assessments can focus on internal, external, or host-based vulnerabilities.

Question 21

VM

Answer 21

Vulnerability management solutions identify, track, and prioritize internal and external cybersecurity vulnerabilities. They optimize cyberattack prevention activities such as patching, upgrades, and configuration fixes.