Foundations of Cybersecurity Flashcards
Module Two
What is malware?
Software designed to harm devices or networks.
Which security event resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?
Equifax breach.
What is the term for exploiting human error to gain access to private information?
Social engineering.
What are the likely consequences of a phishing attack?
Employees inadvertently revealing sensitive data, malicious software being deployed.
Which tasks are part of the security and risk management domain?
Business continuity, defining security goals and objectives, compliance.
Optimizing data security by ensuring effective tools, systems, and processes are in place falls under which domain?
Security architecture and engineering.
Ensuring proper storage, maintenance, and retention of an organization’s data is related to which domain?
Asset security.
Conducting, collecting, and analyzing data, as well as conducting security audits, falls under which domain?
Security assessment and testing.
Issuing a keycard to a new employee falls under which domain?
Identity and access management.
Investigating unknown devices connected to an internal network, conducting investigations, and implementing preventive measures are part of which domain
Security operations.
What is adversarial artificial intelligence (AI)?
A technique that manipulates AI and machine learning technology to conduct attacks more efficiently.
What is Business Email Compromise (BEC)?
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.
What is a computer virus?
Malicious code written to interfere with computer operations and cause damage to data and software.
What is a cryptographic attack?
An attack that affects secure forms of communication between a sender and intended recipient.
Who is a hacker?
Any person who uses computers to gain access to computer systems, networks, or data.
What is phishing?
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
What is a physical attack?
A security incident that affects not only digital but also physical environments where the incident is deployed.
What is physical social engineering?
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
What is social media phishing?
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack.
What is spear phishing?
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.
What is a supply-chain attack?
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.
What is USB baiting?
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.
What is vishing?
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
What is a watering hole attack?
An attack where a threat actor compromises a website frequently visited by a specific group of users.
What are Advanced Persistent Threats (APTs) known for?
Significant expertise in accessing an organization’s network without authorization, remaining undetected for long periods, and targeting large corporations or government entities to damage critical infrastructure or gain access to intellectual property.
