Deck 1

Question 1

The process of granting or denying specific requests to: i) obtain and use information or related systems or services; or ii) enter specific physical facilities.

Answer 1

Access Control

Question 2

A person who is responsible for managing a computer system or network.

Answer 2

Administrator

Question 3

Unlike regular user accounts, administrator accounts have full privileges and can perform tasks such as modifying computer hardware and software settings and managing user accounts. Some systems may refer to administrators as having “root” or “elevated” access.

Answer 3

Administrator Account

Question 4

A program designed to detect many forms of malware (e.g., viruses and spyware) and prevent them from infecting computers. It may also cleanse already-infected computers.

Answer 4

Antivirus/Anti-malware software

Question 5

Verifying the identity of a user, process, or system, often as a prerequisite to allowing access to resources in an information system.

Answer 5

Authentication

Question 6

Timely, reliable access to data, information, and systems by authorized users.

Answer 6

Availability

Question 7

A copy of information, files, and programs to facilitate recovery. Backups may be stored on the same machine that contains the original information, another machine, a storage device such as a thumb drive, or “in the cloud.”

Answer 7

Backups

Question 8

A wireless protocol that allows two similarly equipped devices to communicate with each other within a short distance (e.g., 30 ft.). “Bluetooth-enabled” means that nearby devices can communicate with each other without a physical connection. Examples of Bluetooth-enabled devices include cell phones, portable wireless speakers, and wireless headphones.

Answer 8

Bluetooth

Question 9

A scam that targets businesses by using social engineering or computer intrusion to compromise legitimate business email accounts and conduct unauthorized fund transfers or obtain personal information.1

Answer 9

Business Email Scams

Question 10

A scam that targets businesses by using social engineering or computer intrusion to compromise legitimate business email accounts and conduct unauthorized fund transfers or obtain personal information.1

Answer 10

Business Email Scams

Question 11

Assurance that information is not disclosed to unauthorized individuals, processes, or devices.

Answer 11

Confidentiality

Question 12

Criminal offenses committed on the internet or aided by the use of computer technology.2

Answer 12

Cyber Crime

Question 13

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or that constitutes a violation or imminent threat of violating security policies, security procedures, or acceptable use policies.

Answer 13

Cyber Incident/Cyber Breach

Question 14

Cyber InsuranceInsurance that is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.3

Answer 14

Cyber Insurance

Question 15

An approach or series of steps to prevent or manage the risk of damage to, unauthorized use of, exploitation of, and—if needed—to restore electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity, and availability of these systems.

Answer 15

Cybersecurity

Question 16

An incident that involves sensitive, protected, or confidential information being copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Exposed information may include credit card numbers, personal health information, customer data, company trade secrets, or matters of national security, for example.4

Answer 16

Data breach

Question 17

The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Answer 17

Digital Forensics

Question 18

A security incident that occurs when a user unknowingly visits an infected/compromised website and malware is downloaded and installed without their knowledge.5

Answer 18

Drive-by-Download

Question 19

The transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state.

Answer 19

Encryption

Question 20

A device or program that restricts data communication traffic to or from a network and thus protects that network’s system resources against threats from another network.

Answer 20

Firewall

Question 21

Someone who attempts to or gains access to an information system, usually in an unauthorized manner. A “white hat” hacker is a cybersecurity specialist who breaks into systems with a goal of evaluating and ultimately improving the security of an organization’s systems.

Answer 21

Hacker

Question 22

A common connection point for devices in a network. Hubs commonly are used to pass data from one device (or network segment) to another.

Answer 22

Hub

Question 23

Crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, often for economic gain.6

Answer 23

Identity Theft

Question 24

The approach to protect and manage the risk to information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Answer 24

Information Security

Question 25

A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored.

Answer 25

Integrity