Cybersecurity Flashcards

1
Q

unwelcomed attempts to steal, expose, alter, disable or detroy information thorugh unauthorized access to copmuter systems

A

cyber attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

how do cybercriminals get into a system?

A

-Internal threats
-external threats
-malware
-social engineering
-software vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

careless, ignorant, negligent behavior

A

using insecure wifi
-sending info to wrong party or storing it incorreclty
misplace or lost computing or storage hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

without approvale, trusted parties, such as an employee or contractor shares sensitive customer data or properitary copmany technology
-associated with disgruntled employees

A

malicious behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

information security attack associated with: social engineering, malicious software, software vulnerabilities

A

external threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

software designde to disrupt computer operation, gather sensitive informaion, or gain unauthorized access to computer systems

A

malicious software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

art of manipulating people into performing actions or divulging info that can harm the secuirty of their systems

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

errors in software or desgin weaknesses that can be exploited to gain access or install malicious software

A

software vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some types of malware

A

spyware
ntnets
viruses
worms
trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

to gather information

A

spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

take over many computers for use in proxy attacks. can sometimes swamp a network

A

botnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Infect a software and when run it infects other software, carries payload that causes harm

A

virsues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

propagate through the network without user action and carries payload to cause harm, can swamp network

A

worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

invites users to run seemingly legitinate software that in-turn installs malicious code

A

trojan horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Restricts access to the infected computer system in some way for the restrictions to be removed

A

Ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

sometimes try to take advantage of the critical nature of data and data access

A

ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

lying to and deceiving legitimiate users
tricking them into divulging restricted information or granting unauthorized access

A

social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

falling for a phishing attack is an example of

A

social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

targeted toward a specific individual, organization or business

A

spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

inappropiate use of backdoors is an example of

A

software vulnerabilites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

code designed into software programs to allow access to the the application by

A

circumventing password protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

bugs in code is an example of

A

software vulnerabilites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

unintentionally created flaw in code

A

bugs in code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

attacks that exploit a vulnerability a developer has NOT had time to address and patch

A

zero-day attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
the method hackers use to attack systems with a perviously unidentified vulnerability
zero-day exploit
26
what was the heartbleed bug?
zero-day vulnerability in the open SSL encryption library used to secure traffic between web servers and computers
27
used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
SQL injection attack
28
what are the goals of cybercriminals
-steal time -steal data -steal money -wreak havoc
29
unauthorized use of a machine's computing ability
steal time
30
what are examples of steal time
cryptojacking: using your machine for calculations needed for bitcoin mining without your consent - making a "bot" of your machine: using malware youve installed to make your machine part of a"botnet" used ot launch a distributed denial of service (dos) atttack
31
unauthorized access to data- where it's gathered, transmitted or at rest
steal data
32
in equifax, criminals accessed a system through a web-application vulnerability that was known and for a correction had been availabile for 2 months, this is an example of
steal data
33
using stole credentials
steal money
34
log into the vicitims bank account and create electronic funds transfers to the perp's account is an example of
steal money
35
using ransomware
steal money
36
with cryptolocker trojan, encrypted files on the affected system and demanded ransom in the forms of bitcoin, this is an example
steal money
37
denial-of-service attack
wreak havoc
38
This attack is meant to shut down a machine, network, or online service making inaccessible to its intended users
DoS attack
39
distributed denial of service attack (DDos)
wreak havoc
40
using botnets, the incoming traffic flooding the victim originates from many different sources
distributed denial of service attack
41
gain control of systems
wreak havoc
42
software aimed at controlling systems to damage them or to gain control of infrastructure
wreak havoc- gain control of systems
43
targets supervisory control and data acquisitoin
stuxnet
44
targets industrial control systems, those of electrical substations
industroyer
45
with it in general, tools have become more capable and availabe, the barrier to entry into the market has ___
lowered
46
web-based attack platforms
malware kits
47
set of defenses put in place to counter threats to technology infrastructure and data resources
cybersecurity
48
may extend beyond the enterprise and affect the selection of partners
scope
49
cybersecurity is part of
IT risk management
50
the process of identifying and measuring IT risks and devising the optimal risk mitigation strategyu
cybersecurity
51
the cost of data breaches involving customer information can be wide-reaching
investigation and remediation -notification -identify theft and credit monitoring
52
associated w the exploited vulnerability
investigation and remediation
53
impacted consumers via mail
notifxation
54
companies hit with a data breach will subsidize identity theft protection and credit monitoring for affected custoners
identity theft and credit monitoring
55
disruptions in normal business operations if services are down or denided -credit card companies may reuse to provide card services - due to defecting customers
lost business
56
cybersecurity risks are hard to assess in the ___ of an attack
absence
57
security is a ___-
negative deliverable
58
security is recurring investment in a ____
never-ending arms race
59
it departments may not be able to fully fund comprehensive security solutions by themselves becaues:
- departments have limited budgets - most security problems are NOT IT, they people problems
60
balancing three principles designed to guyide cybersecurity policies
confidentiality, integrity, availability
61
indivduals must be able to consume information when and where needed
availabiity
62
sensitive information should be accesed only by authorized people
confidentiality
63
focuses on ensuring data hasn;t been tampered with and that it can be trusted as authentic and reliable
integrity
64
by making data available, thers risk to exposing it to
unauthorized access and unapproved modifications
65
the process of ranking security threats and matching them to appropriate repsonses
cost/benefit analysis
66
designed to manage the trae-off between the degree of desired security and the investment necessary to achieve it
Cybersecurity
67
countermeasures to put in place to mitigate the risk of a successful cyber attack
threat prevention
68
use multiple tools to put as many roadblocks as possible to hinder the attacker- this is a key security
defense in depth
69
IT professionals install detection software - training and policies
malware
70
prevention is practically impossible because attacks can come from anywhere - repsonse involves worldwide cooperation of network and hosting organizations
distributed denial of service attacks
71
once vulnerability is discovered
disclosure should be done in a responsible manner
72
should be notified first in the case of properietary software
developer
73
should be delayed in order to allow time for a mitigation method
public disclosure
74
to reduce ignorance and indifference -part of onboarding but must be reinfornced periodically
trainign
75
check compliance with polices -look for suspicious activities
user activity and behavior monitoring
76
prevent supply chain attack that seeks to damage an organization by targeting less-secure elements in the supply netowrk after identifying a weakest link
intervention with suppliers and customers
77
based on the premise that legitimate use looks different from illegitimate use
behavioral anomaly detection
78
serves as a trap for attackers- deception mechanism to lure hackers into a vulnerable system
honey pot
79
responding to a potential damaging on-going cyber attack is
crisis management
80
capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident
business continuity plan
81
meeting to discuss simulated emergency situation -practice incident repsonse plans
tabletop exercise
82
meeting to discuss simulated emergency situation -practice incident repsonse plans
tabletop exercise
83
cybercriminals who infiltrate systems and collect data for illegal resale
harvesters
84
criminals who purchase assets from data harvesters to be used for illegeal financial gain
cash-out fraudsters
85
hordes of surreptitiously infilitrated copmuters, linked and controlled remotely aka zombie works
otnets
86
attack where firms computer systems are flooded with thousands of seemingly llegitimate requests, the sheer volume of which will slow or shut down the sites use
distributed denial of service (DDoS)
87
someone who uncovers computer weakness without explotiing them
white hat hackers
88
computer criminals
black hat hackers
89
attacks that are so new that they havent been clearly indentified, so they havent made it into software screening systems
zero-day exploits
90
system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use
firewalls
91
system that monitors network use for potential hacking attemps.
intrusion detection system
92
highly restrictive programs that permit communication only with approved entities in an approved manner
whitelists