Identifies Principles, Policies, Practices, and Methods

Question 1

Concept Risk

Answer 1

It refers to the potential for harm or less arising from uncetainty or occurrence of adverse events.

ex: Implementing a new software system entails the risk of technical issues disrupting business operations if not properly tested and managed

remembering: The uncertain path

Question 2

Clickjacking

Answer 2

It is a cybersecurity attack technique where attackers trick users into clicking on a hidden or disgused elements on a web page without their knowledge.

ex: An attackers creates a malicious website that overlays an invisible frame over a ligtimate button, causing users to unknowingly click the hidden button.

remembering: Sneaky Clicks

Question 3

Pretexting

Answer 3

It is a social engineering technique where an attack fabricates a false idenity or scenario to decive individuals into disclosing sensitive information or performing actions that compromise security

ex: An attacker poses as an IT technician and convices an employee to provide login credentials under the pretext of preforming system maintenence

remembering: Pretend Trust Building

Question 4

Whaling

Answer 4

It is a type of cyberattack targeting high-profile individuals, such as executives or senior management, within an organization.

ex: A phishing email purportedly from a senior executive asks an employee to provide login and credentials to access a supposed urgent document

remembering: Going for the Big Fish

Question 5

Baiting

Answer 5

It is a social engineering technique where attackers entice victums with the promise of a reward or benefit to trick them into taking a specfic action, such as click on a malicious link to download malware or give up sensitive information

ex: An attacker sends out fake emails promising free gift cards to recipients who click on a link and provide their personal information, leading to identify theft

remembering: Tempting Trap

Question 6

Tailgating

Answer 6

It is also known as piggybacking, it is a phyiscal security breach where an unauthorized individual gains access to a restricted area by falsely following an authorized person through

ex: A delivery person tailgates behind a group of employees entering a data center, gaining access to sensitive server rooms without proper clearance

remembering: Sneak Entry

Question 7

Masquerading

Answer 7

It is a cybersecurity attack where an unauthorizied individual aor entity impersonates a legitimate user or system to gain access to sensitive information, resources or privleges.

ex: A hacker impersonates a company executive in an email to employee, requesting sensitive information or initiating fraudulent transactions

remembering: Disquised Intruder

Question 8

Phishing

Answer 8

It is a cyberattack where the attackers send deceptive emails, text messages or websites that appear to be from reputable sources to trick individuals into providing sensitive information, such as passwords, financial details, or personal data, olr to install malware on their devices

ex: A text message claims to be from a delievery company and ask the recipient to click on the link to track the package,m but the link is actually installs malware on their device

remembering: Fishing for information

Question 9

CAPTCHA

Answer 9

It is a security meausre used to determine whether a user is human or automated. It presents challenges that are easy for humans to solve but difficult for automated bots.

ex: A website requires users to enter distorted text from an image before submitting a form to verify they are human

remembering: Humanity Check

Question 10

Raw Data

Answer 10

It refers to unprocessed, unorganized information collected directly from sources without any manipulation or interperatioin. It reprents the most basic form of data and reqauires further processing or analysis to extract meaningful insights or draw conclusions.

ex: Survey repsonses entered into a spreadsheet without any formatting or analysis

remembering: Data Straight from the Source

Question 11

Metadata

Answer 11

It refers to descriptive or structural information about data, providing context and attributes that facilidate its management, discovery and understanding.

ex: In a digital photograph, metadata may include information about the camera settings, location coordinates and date/time of capture

remembering: Data about Data

Question 12

Scoping

Answer 12

In cybersecurity it refers to defining the counderies and parameters of a security assessment, investigation or project. It involves identifying the specfic goals objectives, assets and constraints to ensure the effective allocation of resources and focus on releveant areas of concern.

ex: An incident response, scoping involves determining the extent of a security incident, such as identifying affected systems, data and users, to facilitate a targeted and effected responses.

remembering: Setting the Scene

Question 13

Mapping

Answer 13

It is the context of computer networks or cybersecurity, refers to the process of discovering and visualizing the interconnected devices, systems and resources within a network enviornment.

ex: Network administrators use mapping tools to create diagrams showing the layout of routers, switches and servers in an organizations network

remembering: Network Cartography

Question 14

Vulnerability Analysis

Answer 14

It is the process of identifying, assessing, and prioritzing weaknesses of vulnerabilities in systems, networks or processes that could be explotited by adversaries.

remembering: Spotting weak links

Question 15

Security Awareness Program

Answer 15

It is an organized initiative aimed at educating infividuals within an organization about cybersecurity risks, best practices, and policies to promote a culture of security.

ex: A company launches a cybersecurity awareness campaign, distributing posters, newsletters, and online resources to employees to raise awareness about common security threats and how to prevent them.

remembering: Cybersecurity education hub

Question 16

POP3 = Post Office Protocol v3

Answer 16

It is a standard protocol used for retrieveing emails from a mail server to client device. It allows users to download emaiils from their mailbox to their computer or mobile device for offline access, typically deleting the emails from the server in the process

ex: An email application on a smartphone uses POP3 to download emails from the user’s mailbox to the device for offline reading

remembering: Postman Delievery

Question 17

What is Interagency OpSec Support Staff (IOSS)

Answer 17

It is a collaborative entity formed to provide operational security (OPSEC) support and expertise across multiple government agencies and departments. It facilitates coordination and cooperation in OPSEC efforts to protect sensitive information and operations

ex: IOSS assists verious government agencies in developing OPSEC plans and conducting vulnerability assessments to safeguard critical information

remembering: OPSEC Central Command

Question 18

What is Secure Encapsulated Authorization Layer (SEAL)

Answer 18

It is a security protocol designed for authenticiting and authorizing access to network resources in IoT (Internet of Things) enviornments. It provides secure communication between IoT devices and cloud services, ensuring data confidentiality, intergrity and authentication.

ex: A smart thermostat uses the SEAL protocol to securely authenticate with a cloud-based management platform, allowing users to remotely control and monitor temperature settings.

remembering: Guardian of IoT

Question 19

What is Operational Security (OPSEC)

Answer 19

It is a symmetic process used to identify, analyze, and mitigate risks to sensitve information or operations.

1. Identification of Critical Information
2. Threat Analysis
3. Vulnerability Assessment
4. Risk Assessment
5. Countermeausre Developement
6. Security Plan Implementation
7. Monitoring and Review

Question 20

What is the First Law of Operations Security?

Answer 20

“If you don’t know threat, how can you protect against it”, The importance of undestanding threats in order to effectively secure operations and sensitive information

ex: A company conducts a thorough threat analysis, identifying potential cyber threats, to implement robust cybersecurity protocols and protect its data

remembering: Know the Enemy

Question 21

What is the Second Law of Operations Security?

Answer 21

This principle highlights the necessity of identifying critical information and assets that require protection to ensure effective security measures are implemented

ex: A military unit determines that its operational plans and communication channels are vital assets, insituting strigent security protocols to safe guard them from adversaries.

remembering: Protect Crown Jewels

Question 22

What is the Third Law of Operations Security?

Answer 22

This principle emphasizes the importance of implementing and maintaining security meausre to protect identifed critical inofrmation and asets from adversaries

ex: A military base continuously monitors and endorces security meausre to protect its operational plans and communications systems from espionage.

remembering: Defense in Action

Question 23

What is the Fourth Law of Operations Security?

Answer 23

This principle highlights the necessity of monitoring and detection to identify potential threats and respond effectively to protect critical information and assets

ex: A military installation uses surveillance systems and intelligence gathering to detect enemy activities and prevent breaches

remembering: Always be Watching