Cyber terminology

Question 1

a group of computers that is networked together and used by hackers to steal information

Answer 1

Botnet

Question 2

Definition of cyber security

Answer 2

the technologies and procedures intended to safeguard computers, networks and data from unlawful access.

Question 3

Principal of protecting sensitive information against access and disclosure to unauthorised entities, either intentionally or unintentionally.

Answer 3

Confidentiality

Question 4

Principle of protecting information against improper modification. It is the accuracy, consistency, and trustworthiness of data during its entire life cycle. Related to the originality of the data.

Answer 4

Integrity

Question 5

Assurance that the systems responsible for delivering, storing, and processing information are accessible when needed, by those who need them.

Answer 5

Availability

Question 6

Which CIA triad was breached when they stole bank data and customers personal identification in the US target case?

Answer 6

Confidentiality

Question 7

The mechanism of verifying the identity of a user to prevent unauthorised access

Answer 7

Authentication

Question 8

The services which determine which r4esouces are accessed, when and by who

Answer 8

Authorisation

Question 9

Keeping track of what users do, including what they access, the amount of time they access resources and any changes made

Answer 9

Accounting

Question 10

Identification

Answer 10

determines the true identity of a user in relation to the authentication, authorisation and accounting system

Question 11

Non-repudiation

Answer 11

protects against denial by one of the parties in a communication

Question 12

Peers if they implement the same protocol in different systems

Answer 12

Peer-entity authentication

Question 13

Data-origin authentication

Answer 13

Corroborates the sources of the data unit

Question 14

Access control

Answer 14

limit and control access via communications links

Question 15

Data confidentiality

Answer 15

protection of transmitted data from passive attacks and the protection of traffic flow from analysis.

Question 16

Data integrity

Answer 16

total stream protection. Service can be with or without recovery

Question 17

Keyless algorithm

Answer 17

cryptographic hash function which turns a variable amount of text into a small, fixed-length value (AKA hash value, hash code , digest)

Question 18

Symmetric encryption algorithms

Answer 18

Encryption algorithms which use a single key (block or stream cypher) Also MAC (message authentication code)

Question 19

Communications security

Answer 19

network protocols (IPsec, IEEE 802.11i WIFI, TSL, SSH)

Question 20

the minimum necessary access that is required should be assigned for the shortest duration necessary. Automated privilege relinquish system and reassigning privilege after a set time.

Answer 20

Least privilege

Question 21

‘security through obscurity’ doesn’t work. Alternatively, an open design gets assurance from many potential critics, so more chance to improve. Some secrecy is necessary, though make these secrets replaceable data rather than the algorithm itself. E.g. cryptographic keys

Answer 21

Open design

Question 22

implementation of security in layers. Establish multiple layers of security controls and safeguards. Rather than establishing a control measure only at the entry point, better to have control measures at every critical point.

Answer 22

Defence in depth

Question 23

an access authorisation scheme in which a subject’s right to access an object takes into consideration not just a privilege level but also the relevance of the data involved in the role the subject plays (or the job they perform)

Answer 23

Need to know

Question 24

builds on the principle of least privilege. It requires the use of granular access permissions. For each type of privileged operation, there should be different roles in the system. It will ensure that the subject is only getting the essential roles and privileges

Answer 24

Separation of duties

Question 25

the system should consist of a secure state where only certain essential operations can be performed , and all access are blocked. In an event of failure, the system should fall back to the secure state allowing only the essential tasks to repair and monitor the system.

Answer 25

Fail secure

Question 26

the security mechanism should be as simple as possible. Complex system design makes it harder to audit and errors can easily be overlooked. In a simplified system, it is easier to audit, find errors and resolve them, So the system should be sufficiently small and simple to be verified and implemented

Answer 26

economy of mechanism

Question 27

every access to every object must be checked for security and efficiency. Whenever a subject attempts to access an object , the system must check for privileges, of the action is permitted, the system will allow access, otherwise block access

Answer 27

Complete mediation

Question 28

minimise the number of mechanisms common to more than one user and depended on by all users, Every shared mechanism is a potential information path so shared mechanisms should be minimised for granular control.

Answer 28

Least common mechanism

Question 29

the user interface must be easy to use so that users routinely and automatically apply the mechanisms correctly. Otherwise they will be bypassed. Security mechanisms should not add to the difficulty of accessing resources.

Answer 29

Psychologically acceptable

Question 30

weakest point of a system should be identifies and reinforced. Often the least valuable resources or privileges are not secured properly and as a result, they turn into a weak link in the system security, The security of a system is as strong as the weakest link in it. So, this type of weak point should be identified, treated properly and eliminated

Answer 30

Weakest link

Question 31

in a system, existing code or functionality should be reused when possible, this ensures that the attack surface is kept to a minimum by not introducing new vulnerabilities when adding new code to the system.

Answer 31

Leveraging existing components

Question 32

Advertising that is integrated into software. It results in pop-up ads or redirection of a browser to a commercial site.

Answer 32

Adware

Question 33

A malicious hacker tool used to break into new machines remotely.

Answer 33

Auto-rooter

Question 34

Any mechanisms that bypass a normal security check; it may allow unauthorised access to functionality.

Answer 34

Backdoor/ trapdoor

Question 35

Insertion of malicious code by exploiting an injection flaw.

Answer 35

Code injection

Question 36

A deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.

Answer 36

Cyber attack

Question 37

An attack that prevents authorised access to resources or the delaying of time-critical operations.

Answer 37

Denial of service attack (DoS)

Question 38

A DoS technique that uses numerous hosts to perform the attack.

Answer 38

Distributed denial of service attack (DDoS)

Question 39

Attacks that encompass a variety of exploits that subvert the functioning of the Domain Name System (DNS), which provides a mapping between hostnames and IP addresses.

Answer 39

DNS attack

Question 40

A program that installs other items on a machine that is under attack. Usually, a downloader is sent in an email.

Answer 40

Downloader

Question 41

An installer that surreptitiously carries malware to be executed on the compromised machine. They are often disguised and hidden in a computer’s directories, so that although they are visible, they look like valid programs or file types.

Answer 41

Dropper

Question 42

Pre-packaged software made available for use by others that uses an arsenal of exploits to infect a computer. Then it typically installs malware.

Answer 42

Exploit kit

Question 43

A program that is used to attack networked computer systems with a large volume of traffic to carry out a DoS attack.

Answer 43

Flooder

Question 44

Software that captures keystrokes on a compromised system.

Answer 44

Keylogger

Question 45

A set of tools for generating new viruses automatically.

Answer 45

Kit (virus generator)

Question 46

A program inserted into software by an intruder. A logic bomb lies dormant until a predefined condition is met; the program then triggers an unauthorised act.

Answer 46

Logic bomb

Question 47

Software (for example, scripts, macros, or other portable instructions) that are shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.

Answer 47

Mobile code

Question 48

A method of accessing an obstructed device, using one of various methods, by capturing the user ID/password of a validated user.

Answer 48

Password attack

Question 49

A digital form of social engineering that uses authentic-looking, but bogus, emails to request information from users or direct them to a fake website that requests information.

Answer 49

Phishing

Question 50

A type of malware that tries to extract a ransom payment in exchange for unblocking access to an asset that belongs to the victim or in exchange for a promise not to release the data captured by the ransomware.

Answer 50

Ransomware

Question 51

Attacks made across the Internet or a corporate network.

Answer 51

Remote access attacks

Question 52

A set of hacker tools used after an attacker has broken into a computer system and gained root-level access.

Answer 52

Rootkit

Question 53

A derisive term used to describe an unskilled individual that uses existing computer scripts or programs to hack computers, networks or websites, lacking the expertise to write their own.

Answer 53

Script kiddie

Question 54

A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious.

Answer 54

Social engineering

Question 55

Software that collects information from a computer and transmits it to another system.

Answer 55

Spyware

Question 56

A private actor that conducts activity on behalf of a state, for example, a contracted hacker or company.

Answer 56

State-sponsored actor

Question 57

An entity that is partially or wholly responsible for an incident that impacts – or has the potential to impact – an organisation’s security. Also referred to as a malicious actor. Malicious actors can be categorised as cyber-criminals, hacktivists, malicious insiders etc.

Answer 57

Threat actor

Question 58

A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorisations of a system entity that invokes the Trojan horse program.

Answer 58

Trojan horse

Question 59

Malware that, when executed, tries to replicate itself into other executable code; when it succeeds, the code is said to be infected. When the infected code is executed, the virus also executes.

Answer 59

Virus

Question 60

An attack that inserts malicious code on a web server, either to attack the server itself or as a means of attacking source systems of users who access the website.

Answer 60

An attack that inserts malicious code on a web server, either to attack the server itself or as a means of attacking source systems of users who access the website.

Question 61

A computer program that runs independently and propagates a complete working version of itself onto other hosts on a network.

Answer 61

Worm

Question 62

A program activated on an infected machine that launches attacks on other machines.

Answer 62

zombie or bot

Question 63

allows you to create an encrypted ‘tunnel’ to the end point. However you need to trust the VPN service. If it’s a foreign service, how do you know they are doing the right thing?

Answer 63

VPN

Question 64

not safe for sensitive materials. Safety depends on encryption, passwords provide limited security.

Answer 64

Public WIFI

Question 65

Can turning your phone GPS function on your phone prevent tracking?

Answer 65

No. Our phones are designed to download from satellites. Our phones don’t send information back to the satellites, so the satellites don’t track you. WIFI can track you, cell towers can track you.

Question 66

An attacker sends a specially crafted malicious link (such as ads) to a
victim containing JS and entices them to click on it. When the user
clicks on the link, their browser sends a request to a vulnerable
website that contains JS, and the vulnerable site displays the JS in the
page retrieved by the browser. And then the JS executes in the
browser.

Answer 66

Reflected XSS

Question 67

A malicious user may store the JavaScript commands in a server-site
database, and then be rendered by any future clients that access the
page and display the contents of the database. This type of XSS
attack is common on websites that allow users to store data, like
Forums, Wikis, and comments pages on shopping websites.

Answer 67

Stored XSS

Question 68

AAA stands for…

Answer 68

Authentication, authorisation, accounting