Glossary_Foundations in Cybersecurity_C1

Question 1

Adversarial artificial intelligence.
What is it?

Answer 1

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Question 2

Antivirus software:

Answer 2

A software program used to prevent, detect, and eliminate malware and viruses

Question 3

Asset:

Answer 3

An item perceived as having value to an organization

Question 4

Business Email Compromise (BEC):

Answer 4

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Question 5

Cloud security:

Answer 5

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 6

Compliance:

Answer 6

The process of adhering to internal standards and external regulations

Question 7

Computer virus:

Answer 7

Malicious code written to interfere with computer operations and cause damage to data and software

Question 8

Confidentiality, means?

Answer 8

Only authorized users can access specific assets or data

Question 9

CIA triad: What is it and what are the 3 components?

Answer 9

Confidentiality, integrity, availability
A model that helps inform how organizations consider risk when setting up systems and security policies

Question 10

Cryptographic attack:

Answer 10

An attack that affects secure forms of communication between a sender and intended recipient

Question 11

Cybersecurity (or security):

Answer 11

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Question 12

Database:

Answer 12

An organized collection of information or data

Question 13

Data point:

Answer 13

A specific piece of information

Question 14

Hacker:

Answer 14

Any person who uses computers to gain access to computer systems, networks, or data

Question 15

Hacktivist:

Answer 15

A person who uses hacking to achieve a political goal

Question 16

HIPAA

Answer 16

Health Insurance Portability and Accountability Act
A U.S. federal law established to protect patients’ health information

Question 17

Integrity

Answer 17

The idea that the data is correct, authentic, and reliable.
One of the CIA Triad components

Question 18

Internal threat:

Answer 18

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 19

IDS

Answer 19

Intrusion Detection System
An application that monitors system activity and alerts on possible intrusions

Question 20

Linux:

Answer 20

An open-source operating system

Question 21

Malware:

Answer 21

Software designed to harm devices or networks

Question 22

What does NIST stand for?

Answer 22

National Institute of Standards and Technology

Question 23

NIST (CSF):

Answer 23

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF):
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 24

Network protocol analyser (packet sniffer):

Answer 24

A tool designed to capture and analyse data traffic within a network

Question 25

Network security is the practice of:

Answer 25

The practice of keeping an organisation’s network infrastructure secure from unauthorized access

Question 26

OWASP

Answer 26

Open Web Application Security Project
A non-profit organization focused on improving software security

Question 27

Password attack:

Answer 27

An attempt to access password secured devices, systems, networks, or data

Question 28

PII

Answer 28

Personally identifiable information
Any information used to infer an individual’s identity

Question 29

Order of volatility:

Answer 29

A sequence outlining the order of data that must be preserved from first to last

Question 30

Phishing

Answer 30

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 31

Physical attack:

Answer 31

A security incident that affects not only digital but also physical environments where the incident is deployed

Question 32

Physical social engineering:

Answer 32

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 33

Privacy protection:

Answer 33

The act of safeguarding personal information from unauthorized use

Question 34

Programming:

Answer 34

A process that can be used to create a specific set of instructions for a computer to execute tasks

Question 35

PHI: Protected health information

Answer 35

Information that relates to the past, present, or future physical or mental health or condition of an individual

Question 36

Protecting and preserving evidence:

Answer 36

The process of properly working with fragile and volatile digital evidence

Question 37

Security architecture:

Answer 37

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Question 38

Security controls:

Answer 38

Safeguards designed to reduce specific security risks

Question 39

Security ethics:

Answer 39

Guidelines for making appropriate decisions as a security professional

Question 40

Security frameworks:

Answer 40

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 41

Security governance:

Answer 41

Practices that help support, define, and direct security efforts of an organization

Question 42

SIEM

Answer 42

Security information and event management
An application that collects and analyzes log data to monitor critical activities in an organization

Question 43

Security posture:

Answer 43

An organization’s ability to manage its defence of critical assets and data and react to change

Question 44

SPII

Answer 44

Sensitive personally identifiable information
A specific type of PII that falls under stricter handling guidelines

Question 45

Social engineering:

Answer 45

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 46

Social media phishing:

Answer 46

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Question 47

Spear phishing:

Answer 47

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Question 48

SQL (pronounced sequel)

Answer 48

(Structured Query Language): A programming language used to create, interact with, and request information from a database

Question 49

Supply-chain attack:

Answer 49

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Question 50

Threat:

Answer 50

Any circumstance or event that can negatively impact assets

Question 51

Threat actor:

Answer 51

Any person or group who presents a security risk

Question 52

USB baiting:

Answer 52

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Question 53

Virus:

Answer 53

Malicious code written to interfere with computer operations and cause damage to data and software

Question 54

Vishing:

Answer 54

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 55

Watering hole attack:

Answer 55

A type of attack when a threat actor compromises a website frequently visited by a specific group of users