Foundations of Cybersecurity

Question 1

What is malware?

Answer 1

Software designed to harm devices or networks.

Question 2

Which security event resulted in one of the largest known data breaches of sensitive information, including customers’ social security and credit card numbers?

Answer 2

Equifax breach.

Question 3

What is the term for exploiting human error to gain access to private information?

Answer 3

Social engineering.

Question 4

What are the likely consequences of a phishing attack?

Answer 4

Employees inadvertently revealing sensitive data, malicious software being deployed.

Question 5

Which tasks are part of the security and risk management domain?

Answer 5

Business continuity, defining security goals and objectives, compliance.

Question 6

Optimizing data security by ensuring effective tools, systems, and processes are in place falls under which domain?

Answer 6

Security architecture and engineering.

Question 7

Ensuring proper storage, maintenance, and retention of an organization’s data is related to which domain?

Answer 7

Asset security.

Question 8

Conducting, collecting, and analyzing data, as well as conducting security audits, falls under which domain?

Answer 8

Security assessment and testing.

Question 9

Issuing a keycard to a new employee falls under which domain?

Answer 9

Identity and access management.

Question 10

Investigating unknown devices connected to an internal network, conducting investigations, and implementing preventive measures are part of which domain

Answer 10

Security operations.

Question 11

What is adversarial artificial intelligence (AI)?

Answer 11

A technique that manipulates AI and machine learning technology to conduct attacks more efficiently.

Question 12

What is Business Email Compromise (BEC)?

Answer 12

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.

Question 13

What is a computer virus?

Answer 13

Malicious code written to interfere with computer operations and cause damage to data and software.

Question 14

What is a cryptographic attack?

Answer 14

An attack that affects secure forms of communication between a sender and intended recipient.

Question 15

Who is a hacker?

Answer 15

Any person who uses computers to gain access to computer systems, networks, or data.

Question 16

What is phishing?

Answer 16

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Question 17

What is a physical attack?

Answer 17

A security incident that affects not only digital but also physical environments where the incident is deployed.

Question 18

What is physical social engineering?

Answer 18

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Question 19

What is social media phishing?

Answer 19

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack.

Question 20

What is spear phishing?

Answer 20

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source.

Question 21

What is a supply-chain attack?

Answer 21

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

Question 22

What is USB baiting?

Answer 22

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.

Question 23

What is vishing?

Answer 23

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Question 24

What is a watering hole attack?

Answer 24

An attack where a threat actor compromises a website frequently visited by a specific group of users.

Question 25

What are Advanced Persistent Threats (APTs) known for?

Answer 25

Significant expertise in accessing an organization’s network without authorization, remaining undetected for long periods, and targeting large corporations or government entities to damage critical infrastructure or gain access to intellectual property.