Foundations of Cybersecurity Flashcards

Module Two

1
Q

What is malware?

A

Software designed to harm devices or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which security event resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?

A

Equifax breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the term for exploiting human error to gain access to private information?

A

Social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the likely consequences of a phishing attack?

A

Employees inadvertently revealing sensitive data, malicious software being deployed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which tasks are part of the security and risk management domain?

A

Business continuity, defining security goals and objectives, compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Optimizing data security by ensuring effective tools, systems, and processes are in place falls under which domain?

A

Security architecture and engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ensuring proper storage, maintenance, and retention of an organization’s data is related to which domain?

A

Asset security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Conducting, collecting, and analyzing data, as well as conducting security audits, falls under which domain?

A

Security assessment and testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Issuing a keycard to a new employee falls under which domain?

A

Identity and access management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Investigating unknown devices connected to an internal network, conducting investigations, and implementing preventive measures are part of which domain

A

Security operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is adversarial artificial intelligence (AI)?

A

A technique that manipulates AI and machine learning technology to conduct attacks more efficiently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Business Email Compromise (BEC)?

A

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a computer virus?

A

Malicious code written to interfere with computer operations and cause damage to data and software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a cryptographic attack?

A

An attack that affects secure forms of communication between a sender and intended recipient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who is a hacker?

A

Any person who uses computers to gain access to computer systems, networks, or data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is phishing?

A

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

17
Q

What is a physical attack?

A

A security incident that affects not only digital but also physical environments where the incident is deployed.

18
Q

What is physical social engineering?

A

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

19
Q

What is social media phishing?

A

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack.

20
Q

What is spear phishing?

A

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.

21
Q

What is a supply-chain attack?

A

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

22
Q

What is USB baiting?

A

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.

23
Q

What is vishing?

A

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

24
Q

What is a watering hole attack?

A

An attack where a threat actor compromises a website frequently visited by a specific group of users.

25
Q

What are Advanced Persistent Threats (APTs) known for?

A

Significant expertise in accessing an organization’s network without authorization, remaining undetected for long periods, and targeting large corporations or government entities to damage critical infrastructure or gain access to intellectual property.