General Security Concepts Flashcards

1
Q

What threat actor is most likely to be hired by a foreign government to attack critical systems in other countries?

A

Organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What security control type does an acceptable use policy best represent?

A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a risk register?

A

A tool used in risk management that records details of all identified risks, making it easier to manage and track them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a group or individual that is sponsored by a government to conduct cyber operations against other nations/organizations/individuals called?

A

Nation-state actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the shared responsibility model, which role is responsible for securing the company’s database in an IaaS model for a cloud environment?

A

Client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What allows for the attribution of messages to individuals?

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the CIA triad, what is Availability?

A

Information is able to be stored, accessed, or protected at all times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the CIA triad, what is Integrity?

A
  • Information has not been modified or altered without proper authorization
  • Hashes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In the CIA triad, what is Confidentiality?

A
  • The information has not been disclosed to unauthorized people
  • Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When does non-repudiation occur?

A

When you have proof that someone has taken an action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some examples of non-repudiation?

A
  • Digital signatures
  • Message authentication code (MAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are examples of administrative controls?

A
  • Policies
  • Procedures
  • Security awareness training
  • Contingency planning
  • Disaster recovery plans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an example of regulatory controls?

A

HIIPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Whare are examples of technical controls?

A
  • Smart cards
  • Encryption
  • ACLs
  • IDS
  • Network authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What threat actor is described as having limited skill and only running other people’s exploits and tools?

A

Script kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What threat actor is motivated by social change, political agendas, or terrorism?

A

Hacktivists

17
Q

What threat actors are part of a crime group that is well-funded and highly sophisticated?

A

Organized crime/Crime syndicates

18
Q

What threat actor is described by the use of IT systems, devices, software, applications, and services without explicit approval?

A

Shadow IT

19
Q

What threat actors are groups of highly trained and funded hackers (often by nation states) with covert and open source intelligence at their disposal?

A

Advanced persistent threats (APTs)

20
Q

According to the shared responsibility model, who is responsible for securing the company’s database in an IaaS model for a cloud envrionment?

A

Client

21
Q

Which data policy controls how data is saved
for compliance or regulatory reasons?

A

Retention

22
Q

Which threat actor would use ransomware-as-a-service?

A

Organized crime

23
Q

What is peer review and approval?

A

A practice that involves having other developers or experts review the code before it is deployed or released

24
Q

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. What tool is being used?

A

DLP

25
Q

An organization wants to limit potential impact to its log-in database in the event of a breach, what should they implement?

A
  • Hashing
  • Database stores only the hash values instead of the actual passwords
26
Q

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. What types of infection is present on the systems?

A

Ransomware

27
Q

What type of file is a .ryk?

A

Ransomeware Ryuk

28
Q

What attack has a typical pattern where there is a SYN flood from different IP addresses to the same server in a short time?

A

DDoS

29
Q

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which risk management process describes this example?

A

Mean time to repair

30
Q

What is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A
  • EDR
  • Endpoint Detection and Response
31
Q

Client files can only be accessed by employees who need to know the information and have specified roles in the company. What best describes this security concept?

A

Confidentiality

32
Q

What consideration is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A

Request process for data subject access

33
Q

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. What plan is the IT manager creating?

A

Business continuity