Foundations of Cybersecurity Module 1 Flashcards

1
Q

______________ is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

____________ are guidelines used for building plans to help mitigate risks and threats to data and privacy.

A

Security Frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_____________ are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.

A

Security Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

____________ is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.

A

Security posture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A __________ , or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.

A

Threat Actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An _______________ can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.

A

Internal threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_____________ is the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.

A

Network Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

____________ is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.

A

Cloud Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

______________ is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:

Automation of repetitive tasks (e.g., searching a list of malicious domains)

Reviewing web traffic

Alerting suspicious activity

A

Programming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

________________ collect and analyze log data, or records of events such as unusual login behavior, and support analysts’ ability to monitor critical activities in an organization. This helps cybersecurity professionals identify and analyze potential security threats, risks, and vulnerabilities more efficiently.

A

Siem Tools

Security Information and Event Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cybersecurity analysts use __________ to monitor system activity and alerts for possible intrusions. It’s important to become familiar with IDSs because they’re a key tool that every organization uses to protect assets and data. For example, you might use an IDS to monitor networks for signs of malicious activity, like unauthorized access to a network.

A

Intrusion detection systems (IDSs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cybersecurity analysts need to be able to follow established policies and procedures to respond to incidents appropriately. For example, a security analyst might receive an alert about a possible malware attack, then follow the organization’s outlined procedures to start the incident response process. This could involve conducting an investigation to identify the root issue and establishing ways to remediate it.

A

Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

__________________, known as ____, is any information used to infer an individual’s identity. __________ includes someone’s full name, date of birth, physical address, phone number, email address, internet protocol, or IP address and similar information.

A

Personally identifiable information, known as PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

________________, known as _____, is a specific type of PII that falls under stricter handling guidelines and may include social security numbers, medical or financial information, and biometric data, such as facial recognition. If _________ is stolen, this has the potential to be significantly more damaging to an individual than if ________ is stolen.

A

Sensitive personally identifiable information

known as SPII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

____________ is the act of stealing personal information to commit fraud while impersonating a victim. And the primary objective of ___________ is financial gain.

A

Identity theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

A

Cybersecurity (or security)

17
Q

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

A

Cloud security

18
Q

A current or former employee, external vendor, or trusted partner who poses a security risk

A

Internal threat

19
Q

The practice of keeping an organization’s network infrastructure secure from unauthorized access

A

Network security

20
Q

Skills that require knowledge of specific tools, procedures, and policies

A

Technical skills

21
Q

Any circumstance or event that can negatively impact assets

A

Threat

22
Q

Any person or group who presents a security risk

A

Threat actor

23
Q

Skills from other areas that can apply to different careers

A

Transferable skills