Cybersecurity Essentials

Question 1

In the context of cybersecurity, what term describes an area that needs protection, possibly bounded by logical or physical limits, and is subject to control and authority within a specific system?

Answer 1

Domain

Question 2

What term is exemplified by Google, Facebook, and LinkedIn in the context of the Internet, where each represents a controlled area for data collection, user interaction, and providing services, utilizing user-contributed information like personal data, interests, and professional connections?

Answer 2

Domain

Question 3

In the context of cybersecurity, who are individuals with limited skills, often using pre-made tools or online instructions to conduct attacks, ranging from mere curiosity to attempts at causing harm, and can still cause significant damage despite their basic approach?

Answer 3

Amateurs

Question 4

What term describes individuals who infiltrate computers or networks with varying intentions, classified as white, gray, or black hats based on their methods and motives, ranging from identifying and improving system security to exploiting vulnerabilities for illegal gains?

Answer 4

Hackers

Question 5

Who are the ethical cyber specialists that use their programming knowledge for legal and ethical purposes, conducting penetration tests to identify and report security vulnerabilities, and may receive rewards or bounties for their findings?

Answer 5

White hat hackers

Question 6

What term is used for individuals who may operate without ethical approval, compromise systems without permission, and potentially reveal vulnerabilities either publicly or to the organization affected, not necessarily for personal gain but often in ethically ambiguous situations?

Answer 6

Gray hat hackers

Question 7

What is the designation for cybercriminals who intentionally breach computer and network security for personal benefit or to inflict harm, exploiting vulnerabilities to compromise systems?

Answer 7

Black hat hackers

Question 8

What term encompasses the range of groups that operate in the cyber realm including professional criminal organizations, hacktivists, terrorists, and government-funded entities, all of whom may engage in sophisticated and targeted cyber operations for various motives like profit, political activism, espionage, or sabotage?

Answer 8

Organized hackers

Question 9

What term refers to cyber activists who engage in hacking to make political statements, often by exposing sensitive information to raise awareness about various issues, and differs from state-sponsored attackers who conduct cyber espionage or sabotage for national interests?

Answer 9

Hacktivists

Question 10

What type of hacker would work with ATM manufacturers to resolve security vulnerabilities after hacking into ATM machines using a laptop?

Answer 10

Grey Hat

Question 11

What type of hacker would transfer $10 million to their bank account using victims’ account numbers and PINs recorded without their knowledge?

Answer 11

Black Hat

Question 12

What type of hacker is tasked with identifying weaknesses within their company’s computer system?

Answer 12

White Hat

Question 13

What type of hacker uses malware to compromise corporate systems and sell stolen credit card information to the highest bidder?

Answer 13

Black Hat

Question 14

What type of hacker stumbles across a security vulnerability on a corporate network they are authorized to access while researching for exploits?

Answer 14

White Hat

Question 15

What type of hacker collaborates with technology companies to fix a DNS flaw?

Answer 15

White Hat

Question 16

What term, originated in the 1990s, describes young or inexperienced individuals who use pre-written scripts or tools to hack into systems, often without a profit motive but with the potential to cause harm?

Answer 16

Script Kiddies

Question 17

Who are the individuals, often considered gray hat hackers, that seek out security weaknesses and report their findings to the vendors, sometimes in exchange for compensation or bounties?

Answer 17

Vulnerability Broker

Question 18

What term is used for gray hat hackers who engage in online activism, protesting against political or social issues by publishing articles, videos, leaking sensitive data, and conducting DDoS attacks?

Answer 18

Hacktivists

Question 19

What term describes black hat hackers who may operate independently or within organized groups, and are known for committing offenses that result in substantial financial losses for individuals and companies annually?

Answer 19

Cyber Criminals

Question 20

What classification is given to hackers, viewed as white or black hat depending on perspective, that are supported by a nation’s government to infiltrate foreign entities to exfiltrate secrets, gather intelligence, and potentially disrupt networks?

Answer 20

State-Sponsored

Question 21

Identifying cybersecurity countermeasure used to thwart cyber criminals:

The Honeynet Project

Answer 21

Early Warning Systems

Question 22

Identifying cybersecurity countermeasure used to thwart cyber criminals:

The InfraGard Program

Answer 22

Sharing Intelligence

Question 23

Identifying cybersecurity countermeasure used to thwart cyber criminals:

ISO/IEC 27000

Answer 23

ISM Standards

Question 24

Identifying cybersecurity countermeasure used to thwart cyber criminals:

Cybersecurity Act

Answer 24

New laws

Question 25

Identifying cybersecurity countermeasure used to thwart cyber criminals:

The Nation Common Vulnerabilities and Exposures (CVE) project

Answer 25

Vulnerability database

Question 26

What tools do cybercriminals utilize to intercept and log data packets as they traverse a network, which can put sensitive information such as usernames, passwords, and financial details at risk, especially when used in conjunction with rogue devices in public spaces?

Answer 26

Packet-sniffing tools

Question 27

What is the cyberattack technique that involves corrupting the cache of a DNS server by introducing false information, leading to the redirection of internet traffic to a fraudulent site or server instead of the intended destination?

Answer 27

DNS spoofing (or DNS cache poisoning)

Question 28

What is another term for DNS spoofing, referring to the technique where attackers alter DNS records to redirect online traffic to a fraudulent website, thereby gaining access to sensitive data?

Answer 28

DNS cache poisoning

Question 29

What is another term for DNS cache poisoning, referring to the technique where attackers alter DNS records to redirect online traffic to a fraudulent website, thereby gaining access to sensitive data?

Answer 29

DNS spoofing

Question 30

What is the term for the act of creating and inserting illegitimate packets into an existing data stream to disrupt or redirect communication, often used in man-in-the-middle attacks by cybercriminals to intercept or manipulate information?

Answer 30

Packet forgery (or packet injection)

Question 31

What is another term for packet forgery, which refers to the malicious act of generating and dispatching deceptive network packets that seem to be a part of a legitimate conversation or data transfer, often used to interrupt or meddle with an ongoing network communication?

Answer 31

Packet injection

Question 32

What is another term for packet injection, which refers to the malicious act of generating and dispatching deceptive network packets that seem to be a part of a legitimate conversation or data transfer, often used to interrupt or meddle with an ongoing network communication?

Answer 32

Packet forgery

Question 33

What is the cybersecurity threat called where a cybercriminal disrupts or intercepts packets within a network by inserting forged packets, leading to the hijacking of a legitimate session or denial of network service?

Answer 33

Man-in-the-middle attack

Question 34

What is the name of the sophisticated computer worm discovered in 2010, known for targeting SCADA systems and is believed to have been designed to disrupt the Iranian nuclear program, representing one of the first instances of cyber warfare?

Answer 34

Stuxnet

Question 35

What is the collective term for the practices, technologies, and processes designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access, which is essential at personal, corporate, and state levels for the protection of identities, data, and safety?

Answer 35

Cybersecurity

Question 36

What term describes the practice of manipulating individuals psychologically to perform certain actions or reveal sensitive information, typically employed in malicious activities targeting security systems?

Answer 36

Social Engineering

Question 37

What is the alternative term for ‘social engineering’ in the context of cybersecurity, referring to the technique of manipulating individuals into unintentionally compromising their own or their organization’s security?

Answer 37

Human hacking

Question 38

What is the alternative term for ‘human hacking’ in the context of cybersecurity, referring to the technique of manipulating individuals into unintentionally compromising their own or their organization’s security?

Answer 38

Social engineering

Question 39

What type of social engineering attack involves enticing victims with a promise of goods, such as free downloads, to obtain their login credentials, and can also occur through physical means like USB drives exploiting human curiosity?

Answer 39

Baiting

Question 40

What term describes the act of obtaining confidential information by directly observing someone as they enter a PIN at an ATM, fill out a form, or type sensitive data, often done in crowded places or from a distance with visual aids, and can be prevented by physical shielding methods?

Answer 40

Shoulder surfing

Question 41

What is the term for a social engineering technique where attackers create a fabricated scenario to deceive victims into divulging sensitive information, often targeting organizations by impersonating authority figures or clients through phone, email, or text?

Answer 41

Pretexting

Question 42

What term refers to the fraudulent practice where attackers disguise themselves as reputable entities via emails or phone calls, aiming to deceive individuals into providing sensitive personal information like usernames, passwords, and credit card details?

Answer 42

Phishing

Question 43

What is the name of the cyberattack method that is a more targeted form of phishing, where attackers select specific individuals or organizations and tailor their deceptive communications to appear more legitimate to those particular victims?

Answer 43

Spear phishing

Question 44

What term is used for a specialized form of phishing attack where the primary targets are high-ranking officials like CEOs or CFOs, involving highly customized and sophisticated methods to deceive these high-profile individuals?

Answer 44

Whaling

Question 45

What is the type of malware attack where cybercriminals encrypt a victim’s data and demand payment for its decryption, with no assurance of actually restoring the data, affecting various sectors including finance, government, healthcare, and education?

Answer 45

Ransomware

Question 46

What term is used for a type of malicious software that tricks users into downloading and installing fake antivirus programs or other security solutions by exploiting their fear of viruses and threats?

Answer 46

Scareware

Question 47

What is the security breach tactic where an unauthorized individual gains physical access to a restricted area by getting help or closely following an authorized person, often through doors or other entry points before they securely close?

Answer 47

Tailgating

Question 48

What term describes the practice in social engineering where attackers sift through trash to find discarded documents or electronic devices that may contain sensitive information, useful for launching further attacks?

Answer 48

Dumpster diving

Question 49

What term is used for risks that arise from within an organization, potentially involving employees or partners who might mishandle data, compromise internal servers, introduce malware through infected devices, or have knowledge of and access to sensitive network resources and security protocols?

Answer 49

Internal security threats

Question 50

What term refers to the risks posed by individuals or groups outside an organization, who may exploit network vulnerabilities or engage in social engineering tactics like deception to gain unauthorized access to internal resources?

Answer 50

External security threats

Question 51

What is the term for the trend where employees use their personal mobile devices like smartphones, tablets, and laptops for accessing enterprise information and networks, posing challenges in central management and security updates?

Answer 51

Bring Your Own Device (BYOD)

Question 52

What term describes a sophisticated form of cyberattack that is continuous and stealthy, targeting specific entities for business or political reasons, characterized by its long duration and the use of advanced malware?

Answer 52

Advanced Persistent Threat (APT)

Question 53

What type of cyberattacks focus on manipulating a system’s self-reporting data, such as energy usage, to either select targets or trigger false alerts, and can also overload a system’s memory or CPU, exploiting designs meant for energy savings and efficiency?

Answer 53

Algorithm attacks

Question 54

What is the system called where multiple organizations allow their users to access each other’s networks using the same identification credentials, thereby increasing the risk of widespread impact in the event of a security breach?

Answer 54

Federated identity management

Question 55

In the context of the National Cybersecurity Workforce Framework, what category encompasses the tasks of supporting, administering, and maintaining IT systems to guarantee their optimal performance and security?

Answer 55

Operate and Maintain

Question 56

Within the National Cybersecurity Workforce Framework, what category involves the activities related to the identification, analysis, and mitigation of threats to an organization’s internal systems and networks?

Answer 56

Protect and Defend

Question 57

In the National Cybersecurity Workforce Framework, what category covers the activities related to probing cyber events and crimes involving IT systems, networks, and digital evidence?

Answer 57

Investigate

Question 58

What is the category in the National Cybersecurity Workforce Framework that focuses on conducting specialized denial and deception operations and gathering cybersecurity information for intelligence development?

Answer 58

Collect and Operate

Question 59

In the National Cybersecurity Workforce Framework, what category encompasses the detailed examination and assessment of incoming cybersecurity information to ascertain its value for intelligence purposes?

Answer 59

Analyze

Question 60

Within the National Cybersecurity Workforce Framework, what category involves providing leadership, management, direction, and advocacy to ensure effective conduct of cybersecurity work by individuals and organizations?

Answer 60

Oversight and Development

Question 61

In the National Cybersecurity Workforce Framework, what category is responsible for the creation, design, and construction of secure IT systems, encompassing some aspects of systems development?

Answer 61

Securely Provision

Question 62

What is the name of the certification program sponsored by CompTIA that validates the knowledge and skills of IT administrators in information assurance, covering key areas such as network security, risk management, and cloud computing concerns?

Answer 62

CompTIA Security+

Question 63

What is the name of the intermediate-level certification that indicates cybersecurity professionals have the skills and knowledge to employ hacking techniques, similar to those used by cybercriminals, for identifying system vulnerabilities and access points?

Answer 63

EC-Council Certified Ethical Hacker (CEH)

Question 64

What entry-level cybersecurity certification, offered by the SANS GIAC program, validates a professional’s understanding of security terminology and concepts, and their capability in “hands-on” security roles, with additional certifications available in security administration, forensics, and auditing?

Answer 64

SANS GIAC Security Essentials (GSEC)

Question 65

What is the globally recognized, vendor-neutral certification, approved by the U.S. Department of Defense, designed for cybersecurity specialists with extensive technical and managerial experience, emphasizing a broad range of security topics and best practices?

Answer 65

(ISC)² Certified Information Systems Security Professional (CISSP)

Question 66

What certification is suitable for professionals responsible for managing, developing, and overseeing enterprise-level information security systems and who possess advanced skills in security risk management, focusing on developing best security practices?

Answer 66

ISACA Certified Information Security Manager (CISM)

Question 67

What certification confirms that a cybersecurity specialist has the necessary knowledge and skills to secure networks, specifically focusing on Cisco network environments?

Answer 67

Cisco Certified Network Associate Security (CCNA Security)

Question 68

In the context of the internet, what does FQDN stands for?

Answer 68

Fully Qualified Domain Name

Question 69

In the cybersecurity cube’s first dimension, which three foundational principles are identified as the primary goals for protecting cyberspace, serving as a guide for experts to prioritize their actions in securing networked systems?

Answer 69

Confidentiality, Integrity, and Availability

Question 70

What cybersecurity principle involves preventing the unauthorized disclosure of information to people, resources, and processes, often referred to as privacy, and is maintained through methods like data encryption, authentication, and access control?

Answer 70

Confidentiality

Question 71

What principle in cybersecurity refers to the maintenance of data’s accuracy, consistency, and trustworthiness throughout its entire lifecycle, ensuring it remains unaltered during operations like capture, storage, and transfer, often achieved through methods like hashing, validation, and access controls?

Answer 71

Integrity

Question 72

What principle in cybersecurity emphasizes the necessity to have information systems and services accessible when required, highlighting that cyberattacks like DoS can compromise this principle by preventing legitimate access?

Answer 72

Availability

Question 73

In the second dimension of the Cybersecurity Cube, what are the three states of data that must be protected in cyberspace, encompassing the movement, storage, and active use of the data?

Answer 73

Transmission, Storage, Processing

Question 74

According to the Cybersecurity Cube, what are the three types of skills and disciplines essential for protecting information systems, which include not only the use of technological tools but also the establishment of policies and practices, and fostering a culture of awareness and learning among users?

Answer 74

Technology, Policies and Practice, People

Question 75

What term is used to describe data that requires protection from unauthorized access in order to safeguard the interests and privacy of individuals or organizations, distinguishing it from publicly available information?

Answer 75

Sensitive information

Question 76

What term refers to data that can be used to uniquely identify, contact, or locate a single person, including details like social security numbers, medical records, credit card numbers, and financial records?

Answer 76

Personally Identifiable Information (PII)

Question 77

What term describes data within an organization that, if disclosed to competitors or the public, could pose a risk, and includes details like trade secrets, acquisition plans, financial data, and customer information?

Answer 77

Business information

Question 78

What term is used for information held by a government body that is categorized based on its sensitivity level, with designations such as top secret, secret, confidential, and restricted?

Answer 78

Classified information

Question 79

What are the three key security services involved in access control that form the foundation for safeguarding against unauthorized access to computers, networks, databases, or other resources, encompassing user identity verification, permissions granting, and usage tracking?

Answer 79

AAA (Authentication, Authorization, and Accounting)

Question 80

What is the process in cybersecurity called that verifies a user’s identity to prevent unauthorized access, which may involve proving identity through means like something they know (password), something they have (token or card), or something they are (biometric data)?

Answer 80

Authentication

Question 81

What is the security process where access is granted only after successfully presenting two or more pieces of evidence to an authentication mechanism, such as a combination of a bank card (something you have) and a PIN (something you know)?

Answer 81

Multifactor authentication

Question 82

What process in cybersecurity involves defining and managing the access rights of users to specific resources and operations, often using access control lists (ACLs) to specify privileges, and can include restrictions based on time or context, like limiting access to a sales database outside of work hours?

Answer 82

Authorization

Question 83

What is the cybersecurity mechanism that specifies user access rights to various resources and operations within a system, determining what authenticated users are permitted to do, and can include time-based restrictions, like granting access to a database only during work hours?

Answer 83

ACL (Access Control List)

Question 84

What process in cybersecurity involves monitoring and recording users’ activities, such as accessed resources, duration of access, and modifications made, allowing for audits that can reveal transaction details, times, and responsible parties or systems?

Answer 84

Accounting

Question 85

What term refers to the proper use of data, particularly in contexts where organizations collect information from customers or employees and are expected to use that data solely for its intended purpose, often requiring consent through a release form?

Answer 85

Privacy

Question 86

In which level of need for data integrity do healthcare and emergency services operate, where all data must be validated, tested, and verified to ensure its trustworthiness, as exemplified by healthcare and financial records?

Answer 86

Critical level

Question 87

What level of data integrity need is associated with e-commerce and analytics, where validation and trustworthiness checks are essential, typically involving databases of organizations?

Answer 87

High level

Question 88

At which level of data integrity need do online sales and search engines operate, where there is minimal verification, data may not be entirely reliable, and information is often gathered through publicly posted forms?

Answer 88

Mid level

Question 89

What level of data integrity is typically associated with blogs and personal posting sites, where data is often unverified, there’s a low level of trust in the content, and examples include areas like public opinion and open contribution platforms?

Answer 89

Low level

Question 90

What term describes the method used to ensure the consistency and unchanged state of a data set over time, utilizing a process known as a hash function to create a snapshot for later comparison?

Answer 90

Integrity check

Question 91

What is the specific type of hash function used to verify the integrity of data before and after transmission by converting the information into a numerical value, summing it up, and then comparing the result with the original to ensure no alteration has occurred?

Answer 91

Checksum

Question 92

What are the algorithms called that create a unique, fixed-size hash value from data, such as files, and are used for verifying data integrity, with common examples including MD5, SHA-1, SHA-256, and SHA-512?

Answer 92

Hash functions

Question 93

What system do organizations implement to avoid unintentional alterations by authorized users, ensuring that only one user at a time can make changes to objects like files, records, or transactions, with subsequent users receiving read-only access until the changes are completed?

Answer 93

Version control

Question 94

What is essential for preserving data integrity in the event of data corruption, requiring organizations to regularly verify the process to ensure that the data can be effectively restored when needed?

Answer 94

Accurate backups

Question 95

What term is used to describe systems that are engineered to minimize downtime and maintain performance over an extended period, usually involving design principles to eliminate single failure points, ensure reliable crossovers, and detect failures promptly, often aiming for an operational standard known as ‘five nines’?

Answer 95

High availability

Question 96

What design principle in system architecture involves identifying and addressing any device or component whose failure could lead to the failure of the entire system, typically mitigated by methods such as using hot stand-by devices, redundant components, and multiple pathways?

Answer 96

Eliminate single points of failure

Question 97

What design principle ensures that a system continues to operate smoothly in the event of the failure of one component, through the use of alternative resources such as redundant power supplies, backup power systems, and backup communication systems?

Answer 97

Provide for reliable crossover

Question 98

What design principle focuses on the continuous monitoring of devices and systems to identify and respond to failures in real-time, potentially activating backup systems automatically to maintain operations?

Answer 98

Detect failures as they occur

Question 99

What practice can significantly enhance system uptime and involves periodic actions such as replacing components, cleaning, and aligning equipment to ensure optimal performance?

Answer 99

Equipment maintenance

Question 100

What process is crucial for correcting errors and eliminating vulnerabilities in modern operating systems, applications, and software, requiring regular implementation and often involving subscription to alerts for new releases?

Answer 100

OS updates

Question 101

What are critical for ensuring that organizational, configuration, and personal data are available even in the event of data loss, and must be regularly tested to confirm the ability to restore information effectively?

Answer 101

Backup systems

Question 102

What is an essential component of maintaining system availability that involves preparing employees and customers for potential disruptions, training the cybersecurity team in response protocols, and testing and knowing the procedures to restore critical systems?

Answer 102

Plan for disasters

Question 103

What is a vital strategy in maintaining high availability, involving the ongoing evaluation and adoption of new technologies, products, and devices to keep pace with the evolving tactics of cyber criminals?

Answer 103

Implement technologies

Question 104

What practice is essential to enhancing system availability, involving the constant supervision of event logs, system alerts, and access logs to provide real-time data, allowing cybersecurity professionals to identify and respond to attacks promptly?

Answer 104

Monitor systems

Question 105

What is the procedure called that involves rigorously assessing all systems to uncover vulnerabilities, often using methods such as port scans, vulnerability scans, and penetration tests?

Answer 105

System testing

Question 106

What term is used to describe data that is not actively moving through network devices or being processed by applications, and is instead stored on a local or networked storage device?

Answer 106

Data at rest

Question 107

What term describes a type of digital storage that is physically connected to the computer it serves, such as a hard drive or USB flash drive, and is not configured by default for sharing across a network?

Answer 107

Direct-attached storage (DAS)

Question 108

What is the storage technology that combines multiple disk drive components into a single unit for improved performance and data redundancy, seen by the operating system as one disk?

Answer 108

Redundant array of independent disks (RAID)

Question 109

What is the dedicated file storage device that provides local area network (LAN) users with centralized and consolidated disk storage through a standard Ethernet connection, known for its flexibility and scalability?

Answer 109

Network attached storage (NAS)

Question 110

What is the high-speed, network-based storage architecture that allows multiple servers to connect to a centralized pool of disk storage, offering enhanced performance and storage consolidation?

Answer 110

Storage area network (SAN)

Question 111

What type of storage allows users to save data to an off-site storage system maintained by a third party and accessed via the internet, with services like Google Drive, iCloud, and Dropbox as examples?

Answer 111

Cloud storage

Question 112

Which type of data storage is known to be challenging to manage and control due to its susceptibility to attacks on the local host, and why is it advised that organizations limit the use of this storage for critical data?

Answer 112

Direct-attached storage

Question 113

What type of storage systems, encompassing technologies like RAID, SAN, and NAS, are considered more secure and offer better performance and redundancy, but are also more complex to configure and present increased risk due to the larger volume of data they handle?

Answer 113

Network storage systems

Question 114

What term describes the informal method of data transfer that involves physically moving removable media, such as USB drives or external hard drives, from one computer to another?

Answer 114

Sneaker net

Question 115

What type of network transmits data through cables, offering a physical means of communication between computers and devices? It includes copper-wired and fiber optic media. Can serve a local geographical area (Local Area Network) or they can span great distances (Wide Area Networks).

Answer 115

Wired networks

Question 116

What type of network employs radio waves for data transmission, allowing communication between devices without the need for physical cables?

Answer 116

Wireless networks