Deck 1

Question 1

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Answer 1

Adversarial artificial intelligence (AI):

Question 2

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Answer 2

Business Email Compromise (BEC):

Question 3

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 3

Computer virus:

Question 4

An attack that affects secure forms of communication between a sender and intended recipient

Answer 4

Cryptographic attack:

Question 5

Any person who uses computers to gain access to computer systems, networks, or data

Answer 5

Hacker:

Question 6

Software designed to harm devices or networks

Answer 6

Malware:

Question 7

An attempt to access password secured devices, systems, networks, or data

Answer 7

Password attack:

Question 8

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Answer 8

Phishing:

Question 9

A security incident that affects not only digital but also physical environments where the incident is deployed

Answer 9

Physical attack:

Question 10

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Answer 10

Physical social engineering:

Question 11

A manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.

Answer 11

Social engineering:

Question 12

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Answer 12

Social media phishing:

Question 13

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Answer 13

Spear phishing:

Question 14

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Answer 14

Supply-chain attack:

Question 15

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Answer 15

USB baiting:

Question 16

Refer to “computer virus”.
A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Answer 16

Virus:

Question 17

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Answer 17

Vishing:

Question 18

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Answer 18

Watering hole attack:

Question 19

is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Answer 19

Cybersecurity (or security)

Question 20

is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

Answer 20

Compliance

Question 21

are guidelines used for building plans to help mitigate risks and threats to data and privacy.

Answer 21

Security frameworks

Question 22

are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.

Answer 22

Security controls

Question 23

is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.

Answer 23

Security posture

Question 24

is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

Answer 24

A threat actor, or malicious attacker,

Question 25

can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.

Answer 25

An internal threat

Question 26

is the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.

Answer 26

Network security

Question 27

is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

Answer 27

Cloud security

Question 28

is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:
Automation of repetitive tasks (e.g., searching a list of malicious domains)
Reviewing web traffic
Alerting suspicious activity

Answer 28

Programming

Question 29

computer security incident response teams

Answer 29

(CSIRTs)

Question 30

Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

Answer 30

Worms:

Question 31

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.

Answer 31

Ransomware:

Question 32

Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Answer 32

Spyware:

Question 33

Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.

Answer 33

Social engineering principles

Question 34

Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.

Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.

Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.

Scarcity: A tactic used to imply that goods or services are in limited supply.

Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.

Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.

Urgency: A threat actor persuades others to respond quickly and without questioning.

Answer 34

Reasons why social engineering attacks are effective include:

Question 35

Password attack
A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:

Brute force

Rainbow table

Password attacks fall under the communication and network security domain.

Social engineering attack
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:

Phishing

Smishing

Vishing

Spear phishing

Whaling

Social media phishing

Business Email Compromise (BEC)

Watering hole attack

USB (Universal Serial Bus) baiting

Physical social engineering

Social engineering attacks are related to the security and risk management domain.

Physical attack
A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:

Malicious USB cable

Malicious flash drive

Card cloning and skimming

Physical attacks fall under the asset security domain.

Adversarial artificial intelligence
Adversarial artificial intelligence is a technique that manipulates
artificial intelligence and machine learning
technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.

Supply-chain attack
A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.

Cryptographic attack
A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:

Birthday

Collision

Downgrade

Cryptographic attacks fall under the communication and network security domain.

Answer 35

Attack types

Question 36

Advanced persistent threats (APTs) have significant expertise accessing an organization’s network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

Damaging critical infrastructure, such as the power grid and natural resources

Gaining access to intellectual property, such as trade secrets or patents

Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:

Sabotage

Corruption

Espionage

Unauthorized data access or leaks

Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:

Demonstrations

Propaganda

Social change campaigns

Fame

Answer 36

Threat actor types: Advanced persistent threats

Question 37

A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

Note: There are multiple hacker types that fall into one or more of these three categories.

New and unskilled threat actors have various goals, including:

To learn and enhance their hacking skills

To seek revenge

To exploit security weaknesses by using existing malware, programming scripts, and other tactics

Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

Answer 37

Hacker types

Question 38

Any information used to infer an individual’s identity

Answer 38

Personally identifiable information (PII):

Question 39

A specific type of PII that falls under stricter handling guidelines

Answer 39

Sensitive personally identifiable information (SPII):

Question 40

is a model that helps inform how organizations consider risk when setting up systems and security policies.

Answer 40

The confidentiality, integrity, and availability (CIA) triad

Question 41

are the three foundational principles used by cybersecurity professionals to establish appropriate controls that mitigate threats, risks, and vulnerabilities.

Answer 41

CIA

Question 42

are safeguards designed to reduce specific security risks. So they are used alongside frameworks to ensure that security goals and processes are implemented correctly and that organizations meet regulatory compliance requirements.

Answer 42

security controls

Question 43

are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

Identifying and documenting security goals

Setting guidelines to achieve security goals

Implementing strong security processes

Monitoring and communicating results

Answer 43

Security frameworks

Question 44

is the process of adhering to internal standards and external regulations.

Answer 44

Compliance

Question 45

is a U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage risk. The more aligned an organization is with compliance, the lower the risk.
Examples of frameworks include the NIST Cybersecurity Framework (CSF) and the NIST Risk Management Framework (RMF).

Answer 45

The National Institute of Standards and Technology (NIST)

Question 46

can change depending on the type of organization you work for.

Answer 46

Note: Specifications and guidelines

Question 47

FERC-NERC is a regulation that applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. These types of organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. They are also legally required to adhere to the Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC.

Answer 47

The Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC)

Question 48

FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.

Answer 48

The Federal Risk and Authorization Management Program (FedRAMP®)

Question 49

CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.

Answer 49

Center for Internet Security (CIS®)

Question 50

GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory. For example, if an organization is not being transparent about the data they are holding about an E.U. citizen and why they are holding that data, this is an infringement that can result in a fine to the organization. Additionally, if a breach occurs and an E.U. citizen’s data is compromised, they must be informed. The affected organization has 72 hours to notify the E.U. citizen about the breach.

Answer 50

General Data Protection Regulation (GDPR)

Question 51

PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud.

Answer 51

Payment Card Industry Data Security Standard (PCI DSS)

Question 52

This law prohibits patient information from being shared without their consent. It is governed by three rules:

Privacy

Security

Breach notification

Organizations that store patient data have a legal obligation to inform patients of a breach because if patients’ Protected Health Information (PHI) is exposed, it can lead to identity theft and insurance fraud. PHI relates to the past, present, or future physical or mental health or condition of an individual, whether it’s a plan of care or payments for care. Along with understanding HIPAA as a law, security professionals also need to be familiar with the Health Information Trust Alliance (HITRUST®), which is a security framework and assurance program that helps institutions meet HIPAA compliance.

Answer 52

HIPAA is a U.S. federal law established in 1996 to protect patients’ health information.

Question 53

ISO was created to establish international standards related to technology, manufacturing, and management across borders. It helps organizations improve their processes and procedures for staff retention, planning, waste, and services.

Answer 53

International Organization for Standardization (ISO)

Question 54

The American Institute of Certified Public Accountants® (AICPA) auditing standards board developed this standard. The SOC1 and SOC2 are a series of reports that focus on an organization’s user access policies at different organizational levels such as:

Associate

Supervisor

Manager

Executive

Vendor

Others

They are used to assess an organization’s financial compliance and levels of risk. They also cover confidentiality, privacy, integrity, availability, security, and overall data safety. Control failures in these areas can lead to fraud.

Answer 54

System and Organizations Controls (SOC type 1, SOC type 2)