Foundations of Cyber Security-Week One Key Terms

Question 1

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.

Answer 1

Cyber Security (Security)

Question 2

A-Focuses on monitoring networks for breaches

B-help develop strategies to secure an organization and research information technology (IT) security trends to remain alert and informed about potential threats.

C-Works to prevent incidents

Answer 2

Cyber Security Analysts/ Security Analysts

Question 3

the process of adhering to internal standards and external regulations, and enables organizations to avoid fines and security breaches.

Answer 3

COMPLIANCE

Question 4

guidelines used for building plans to help mitigate risks and threats to data and privacy

Answer 4

SECURITY FRAMEWORKS

Question 5

used with security frameworks to establish a strong security posture

safeguards designed to reduce specific security risks.

Answer 5

SECURITY CONTROLS

Question 6

STRONG _________leads to lower risk for the organization.

organization’s ability to manage its defense of critical assets and data and react to change

Answer 6

SECURITY POSTURE

Question 7

-Any person or group who presents a security risk.
- Risk can be related to computers, applications, networks, and data.

Answer 7

Threat actor or Malicious attacker

Question 8

At times _______ threats are accidents.

Can be a current or former employee, an external vendor, or a trusted partner who poses a security risk.

Other times, the __________ _______ actors intentionally engage in risky activities, such as unauthorized data access.

Answer 8

Internal Threats

Question 9

practice of keeping an organization’s network infrastructure secure from unauthorized access.

Includes data, services, systems, and devices that are stored in an organization’s network.

Answer 9

NETWORK SECURITY

Question 10

a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

The ________ is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet

the process of ensuring that assets stored in the ______ are properly configured, or set up correctly, and access to those assets is limited to authorized users.

Answer 10

CLOUD /CLOUD SECURITY

Question 11

A process that can be used to create a specific set of instructions for a computer to execute tasks.

Answer 11

PROGRAMMING

Question 12

skills from other areas of study or practice that can apply to different careers

Answer 12

TRANSFERABLE SKILLS

Question 13

apply to several professions, as well; however, they typically require knowledge of specific tools, procedures, and policies.

Answer 13

Technical Skills

Question 15

use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Answer 15

Phishing

Question 16

A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

Answer 16

Business Email Compromise (BEC)

Question 17

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source

Answer 17

Spear phishing

Question 18

form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Answer 18

Whaling

Question 19

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Answer 19

Vishing

Question 20

The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Answer 20

Smishing

Question 21

software designed to harm devices or networks. There are many types of

Answer 21

Malware

Question 22

Malicious code written to interfere with computer operations and cause damage to data and software.

Answer 22

Viruses

Question 23

that can duplicate and spread itself across systems on its own. In contrast to a virus, _______ does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

Answer 23

WORM

Question 24

attack where threat actors encrypt an organization’s data and demand payment to restore access.

Answer 24

Ransomeware

Question 25

used to gather and sell information without consent. _________ can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.

Answer 25

Spyware

Question 26

A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.

Answer 26

Social media phishing:

Question 27

: A threat actor attacks a website frequently visited by a specific group of users.

Answer 27

Watering hole attack

Question 28

A threat actor strategically leaves a malware ______ stick for an employee to find and install, to unknowingly infect a network.

Answer 28

USB baiting

Question 29

: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Answer 29

Physical social engineering