General Security Concepts Flashcards

1
Q

What threat actor is most likely to be hired by a foreign government to attack critical systems in other countries?

A

Organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What security control type does an acceptable use policy best represent?

A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a risk register?

A

A tool used in risk management that records details of all identified risks, making it easier to manage and track them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a group or individual that is sponsored by a government to conduct cyber operations against other nations/organizations/individuals called?

A

Nation-state actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the shared responsibility model, which role is responsible for securing the company’s database in an IaaS model for a cloud environment?

A

Client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What allows for the attribution of messages to individuals?

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the CIA triad, what is Availability?

A

Information is able to be stored, accessed, or protected at all times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the CIA triad, what is Integrity?

A
  • Information has not been modified or altered without proper authorization
  • Hashes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In the CIA triad, what is Confidentiality?

A
  • The information has not been disclosed to unauthorized people
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When does non-repudiation occur?

A

When you have proof that someone has taken an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some examples of non-repudiation?

A
  • Digital signatures
  • Message authentication code (MAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are examples of administrative controls?

A
  • Policies
  • Procedures
  • Security awareness training
  • Contingency planning
  • Disaster recovery plans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an example of regulatory controls?

A

HIIPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Whare are examples of technical controls?

A
  • Smart cards
  • Encryption
  • ACLs
  • IDS
  • Network authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What threat actor is described as having limited skill and only running other people’s exploits and tools?

A

Script kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What threat actor is motivated by social change, political agendas, or terrorism?

A

Hacktivists

17
Q

What threat actors are part of a crime group that is well-funded and highly sophisticated?

A

Organized crime/Crime syndicates

18
Q

What threat actor is described by the use of IT systems, devices, software, applications, and services without explicit approval?

19
Q

What threat actors are groups of highly trained and funded hackers (often by nation states) with covert and open source intelligence at their disposal?

A

Advanced persistent threats (APTs)

20
Q

According to the shared responsibility model, who is responsible for securing the company’s database in an IaaS model for a cloud envrionment?

21
Q

Which data policy controls how data is saved
for compliance or regulatory reasons?

22
Q

Which threat actor would use ransomware-as-a-service?

A

Organized crime

23
Q

What is peer review and approval?

A

A practice that involves having other developers or experts review the code before it is deployed or released

24
Q

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. What tool is being used?

25
Q

An organization wants to limit potential impact to its log-in database in the event of a breach, what should they implement?

A
  • Hashing
  • Database stores only the hash values instead of the actual passwords
26
Q

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. What types of infection is present on the systems?

A

Ransomware

27
Q

What type of file is a .ryk?

A

Ransomeware Ryuk

28
Q

What attack has a typical pattern where there is a SYN flood from different IP addresses to the same server in a short time?

29
Q

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which risk management process describes this example?

A

Mean time to repair

30
Q

What is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A
  • EDR
  • Endpoint Detection and Response
31
Q

Client files can only be accessed by employees who need to know the information and have specified roles in the company. What best describes this security concept?

A

Confidentiality

32
Q

What consideration is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A

Request process for data subject access

33
Q

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. What plan is the IT manager creating?

A

Business continuity