Cybersecurity Fundementals Flashcards

1
Q

What is the the CIANA pentagon?

A

C - Confidentiality (encryption/safeguard)
I - Integrity (checksums/hash digests)
A - Availability (redundancy/backups)
N - Non-repudiation (digital signature)
A - Authentication (proving of identity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the reason for the CIANA pentagon?

A

The five CIANA principles are used to guide organizations in implementing and
maintaining effective security controls, including firewalls, intrusion
detection systems, and access control lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is snooping?

A

Unauthorized access to another person’s data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is eavesdropping?

A

Unlawful interception of information while being transmitted over a
computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is wiretapping?

A

Involves the targeted interception of telephone lines or Internet-based
communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is social engineering?

A

Leverages psychological manipulation to coax individuals into revealing
sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is dumpster diving?

A

Looks through someone’s trash looking for discarded information that
could be useful or sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an on-path/man in the middle attack and what is the countermeasure?

A

▪ A malicious actor intercepts the communication between two
unsuspecting parties
▪ Organizations must implement multi-layered security measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a replay attack and what is the countermeasure?

A

▪ An adversary captures data during transmission and then retransmits it (for example login credentials/one time tokens)
▪ Preemptive and reactive security measures are used in effective
countermeasures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an impersonation attack and what is the countermeasure?

A

▪ Occurs when a malicious actor poses as a legitimate user to gain
unauthorized access or execute prohibited actions
▪ Organizations implement user awareness training programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an unauthorized data modification attack and what is the countermeasure?

A

▪ An unauthorized user or modifies data in an unintended manner (modification, addition, or deletion of data)
▪ Techniques such as checksums, digital hash digests, and digital signatures, coupled with robust access control mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is availability important?

A

Security systems and data must be accessible and operational when needed in order to prevent breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a denial of service attack?

A

▪ Attempts to make a computer or network resource unavailable to its
intended users by overwhelming the target with a flood of Internet traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 3 defenses to a DoS attack?

A

● Traffic Filtering
* Controls the packets allowed to enter or exit a network based on attributes

● Rate Limiting
* Set up rate-limiting caps on the number of server requests within a given time from a user or IP address

● IP Allow Listing
* Only traffic from trusted IP addresses is allowed to reach particular services or servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name 4 other availability concerns that could result from unexpected outside factors?

A

Power outage
Hardware failure
Destruction
Service outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is social engineering?

A

Manipulating people into giving up confidential information

17
Q

What is phishing?

A

An attempt by cybercriminals posing as legitimate institutions, usually via email, to obtain sensitive information from targeted individuals

18
Q

What is spear phishing?

A

Attacker tailors the attack and the messaging in emails to a specific individual or organization

19
Q

What is business email compromise?

A

Attacker pose as a high-ranking executive or business partner

20
Q

What is baiting?

A

Occurs when an attacker leaves a seemingly harmless device (a USB flash drive) in an obvious location

21
Q

What is pretexting?

A

An attacker creates a believable pretext, or false scenario, to steal information

22
Q

What is fault tolerance?

A

Allowing for faults by providing backups, redundancies, or replications.

23
Q

What is a good example of data redundancy?

A

● Redundant Array of Independent Disks (RAID)
* Offers a variety of fault-tolerant solutions, defined in numbered levels, including RAID 1 (disk mirroring) and
RAID 5 (striping with parity)

24
Q

What is network redundancy?

A

It’s common for a server to have multiple network cards installed to
provide fault tolerance for your network adapter

25
Q

What is power redundancy?

A

Servers and network appliances require a stable power supply to operate, but power spikes, surges, brownouts, or blackouts can cause potential failures for the systems

26
Q

What is site redundancy?

A

Implementing service and data replication between multiple data centers

27
Q

What are disaster recovery workflows?

A

Comprehensive plans that list the procedures and contingencies in case of a small or large scale disaster

28
Q

What factors should a disaster recovery plan focus on?

A

Security concerns
Prioritization
Data restoration
Restoring access