Cybersecurity

Question 1

unwelcomed attempts to steal, expose, alter, disable or detroy information thorugh unauthorized access to copmuter systems

Answer 1

cyber attacks

Question 2

how do cybercriminals get into a system?

Answer 2

-Internal threats
-external threats
-malware
-social engineering
-software vulnerabilities

Question 3

careless, ignorant, negligent behavior

Answer 3

using insecure wifi
-sending info to wrong party or storing it incorreclty
misplace or lost computing or storage hardware

Question 4

without approvale, trusted parties, such as an employee or contractor shares sensitive customer data or properitary copmany technology
-associated with disgruntled employees

Answer 4

malicious behavior

Question 5

information security attack associated with: social engineering, malicious software, software vulnerabilities

Answer 5

external threats

Question 6

software designde to disrupt computer operation, gather sensitive informaion, or gain unauthorized access to computer systems

Answer 6

malicious software

Question 7

art of manipulating people into performing actions or divulging info that can harm the secuirty of their systems

Answer 7

Social engineering

Question 8

errors in software or desgin weaknesses that can be exploited to gain access or install malicious software

Answer 8

software vulnerabilities

Question 9

What are some types of malware

Answer 9

spyware
ntnets
viruses
worms
trojan horse

Question 10

to gather information

Answer 10

spyware

Question 11

take over many computers for use in proxy attacks. can sometimes swamp a network

Answer 11

botnets

Question 12

Infect a software and when run it infects other software, carries payload that causes harm

Answer 12

virsues

Question 13

propagate through the network without user action and carries payload to cause harm, can swamp network

Answer 13

worms

Question 14

invites users to run seemingly legitinate software that in-turn installs malicious code

Answer 14

trojan horse

Question 15

Restricts access to the infected computer system in some way for the restrictions to be removed

Answer 15

Ransomware

Question 16

sometimes try to take advantage of the critical nature of data and data access

Answer 16

ransomware

Question 17

lying to and deceiving legitimiate users
tricking them into divulging restricted information or granting unauthorized access

Answer 17

social engineering

Question 18

falling for a phishing attack is an example of

Answer 18

social engineering

Question 19

targeted toward a specific individual, organization or business

Answer 19

spear phishing

Question 20

inappropiate use of backdoors is an example of

Answer 20

software vulnerabilites

Question 21

code designed into software programs to allow access to the the application by

Answer 21

circumventing password protection

Question 22

bugs in code is an example of

Answer 22

software vulnerabilites

Question 23

unintentionally created flaw in code

Answer 23

bugs in code

Question 24

attacks that exploit a vulnerability a developer has NOT had time to address and patch

Answer 24

zero-day attack

Question 25

the method hackers use to attack systems with a perviously unidentified vulnerability

Answer 25

zero-day exploit

Question 26

what was the heartbleed bug?

Answer 26

zero-day vulnerability in the open SSL encryption library used to secure traffic between web servers and computers

Question 27

used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution

Answer 27

SQL injection attack

Question 28

what are the goals of cybercriminals

Answer 28

-steal time
-steal data
-steal money
-wreak havoc

Question 29

unauthorized use of a machine’s computing ability

Answer 29

steal time

Question 30

what are examples of steal time

Answer 30

cryptojacking: using your machine for calculations needed for bitcoin mining without your consent
- making a “bot” of your machine: using malware youve installed to make your machine part of a”botnet” used ot launch a distributed denial of service (dos) atttack

Question 31

unauthorized access to data- where it’s gathered, transmitted or at rest

Answer 31

steal data

Question 32

in equifax, criminals accessed a system through a web-application vulnerability that was known and for a correction had been availabile for 2 months, this is an example of

Answer 32

steal data

Question 33

using stole credentials

Answer 33

steal money

Question 34

log into the vicitims bank account and create electronic funds transfers to the perp’s account is an example of

Answer 34

steal money

Question 35

using ransomware

Answer 35

steal money

Question 36

with cryptolocker trojan, encrypted files on the affected system and demanded ransom in the forms of bitcoin, this is an example

Answer 36

steal money

Question 37

denial-of-service attack

Answer 37

wreak havoc

Question 38

This attack is meant to shut down a machine, network, or online service making inaccessible to its intended users

Answer 38

DoS attack

Question 39

distributed denial of service attack (DDos)

Answer 39

wreak havoc

Question 40

using botnets, the incoming traffic flooding the victim originates from many different sources

Answer 40

distributed denial of service attack

Question 41

gain control of systems

Answer 41

wreak havoc

Question 42

software aimed at controlling systems to damage them or to gain control of infrastructure

Answer 42

wreak havoc- gain control of systems

Question 43

targets supervisory control and data acquisitoin

Answer 43

stuxnet

Question 44

targets industrial control systems, those of electrical substations

Answer 44

industroyer

Question 45

with it in general, tools have become more capable and availabe, the barrier to entry into the market has ___

Answer 45

lowered

Question 46

web-based attack platforms

Answer 46

malware kits

Question 47

set of defenses put in place to counter threats to technology infrastructure and data resources

Answer 47

cybersecurity

Question 48

may extend beyond the enterprise and affect the selection of partners

Answer 48

scope

Question 49

cybersecurity is part of

Answer 49

IT risk management

Question 50

the process of identifying and measuring IT risks and devising the optimal risk mitigation strategyu

Answer 50

cybersecurity

Question 51

the cost of data breaches involving customer information can be wide-reaching

Answer 51

investigation and remediation
-notification
-identify theft and credit monitoring

Question 52

associated w the exploited vulnerability

Answer 52

investigation and remediation

Question 53

impacted consumers via mail

Answer 53

notifxation

Question 54

companies hit with a data breach will subsidize identity theft protection and credit monitoring for affected custoners

Answer 54

identity theft and credit monitoring

Question 55

disruptions in normal business operations if services are down or denided
-credit card companies may reuse to provide card services
- due to defecting customers

Answer 55

lost business

Question 56

cybersecurity risks are hard to assess in the ___ of an attack

Answer 56

absence

Question 57

security is a ___-

Answer 57

negative deliverable

Question 58

security is recurring investment in a ____

Answer 58

never-ending arms race

Question 59

it departments may not be able to fully fund comprehensive security solutions by themselves becaues:

Answer 59

• departments have limited budgets
• most security problems are NOT IT, they people problems

Question 60

balancing three principles designed to guyide cybersecurity policies

Answer 60

confidentiality, integrity, availability

Question 61

indivduals must be able to consume information when and where needed

Answer 61

availabiity

Question 62

sensitive information should be accesed only by authorized people

Answer 62

confidentiality

Question 63

focuses on ensuring data hasn;t been tampered with and that it can be trusted as authentic and reliable

Answer 63

integrity

Question 64

by making data available, thers risk to exposing it to

Answer 64

unauthorized access and unapproved modifications

Question 65

the process of ranking security threats and matching them to appropriate repsonses

Answer 65

cost/benefit analysis

Question 66

designed to manage the trae-off between the degree of desired security and the investment necessary to achieve it

Answer 66

Cybersecurity

Question 67

countermeasures to put in place to mitigate the risk of a successful cyber attack

Answer 67

threat prevention

Question 68

use multiple tools to put as many roadblocks as possible to hinder the attacker- this is a key security

Answer 68

defense in depth

Question 69

IT professionals install detection software
- training and policies

Answer 69

malware

Question 70

prevention is practically impossible because attacks can come from anywhere
- repsonse involves worldwide cooperation of network and hosting organizations

Answer 70

distributed denial of service attacks

Question 71

once vulnerability is discovered

Answer 71

disclosure should be done in a responsible manner

Question 72

should be notified first in the case of properietary software

Answer 72

developer

Question 73

should be delayed in order to allow time for a mitigation method

Answer 73

public disclosure

Question 74

to reduce ignorance and indifference
-part of onboarding but must be reinfornced periodically

Answer 74

trainign

Question 75

check compliance with polices
-look for suspicious activities

Answer 75

user activity and behavior monitoring

Question 76

prevent supply chain attack that seeks to damage an organization by targeting less-secure elements in the supply netowrk after identifying a weakest link

Answer 76

intervention with suppliers and customers

Question 77

based on the premise that legitimate use looks different from illegitimate use

Answer 77

behavioral anomaly detection

Question 78

serves as a trap for attackers- deception mechanism to lure hackers into a vulnerable system

Answer 78

honey pot

Question 79

responding to a potential damaging on-going cyber attack is

Answer 79

crisis management

Question 80

capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident

Answer 80

business continuity plan

Question 81

meeting to discuss simulated emergency situation
-practice incident repsonse plans

Answer 81

tabletop exercise

Question 82

meeting to discuss simulated emergency situation
-practice incident repsonse plans

Answer 82

tabletop exercise

Question 83

cybercriminals who infiltrate systems and collect data for illegal resale

Answer 83

harvesters

Question 84

criminals who purchase assets from data harvesters to be used for illegeal financial gain

Answer 84

cash-out fraudsters

Question 85

hordes of surreptitiously infilitrated copmuters, linked and controlled remotely aka zombie works

Answer 85

otnets

Question 86

attack where firms computer systems are flooded with thousands of seemingly llegitimate requests, the sheer volume of which will slow or shut down the sites use

Answer 86

distributed denial of service (DDoS)

Question 87

someone who uncovers computer weakness without explotiing them

Answer 87

white hat hackers

Question 88

computer criminals

Answer 88

black hat hackers

Question 89

attacks that are so new that they havent been clearly indentified, so they havent made it into software screening systems

Answer 89

zero-day exploits

Question 90

system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use

Answer 90

firewalls

Question 91

system that monitors network use for potential hacking attemps.

Answer 91

intrusion detection system

Question 92

highly restrictive programs that permit communication only with approved entities in an approved manner

Answer 92

whitelists