Kahoots Flashcards
What involves psychological manipulation of people to divulge information or perform actions that benefit attackers?
Social Engineering
True or False: A targeted social engineering attack on a specific user for his/her specific likes is known as an insider attack.
False
True or False: Cybersecurity in the supply chain can be viewed as an information technology problem only.
False
Ensuring a third party is ___________ data is an important prerequisite when considering cloud computing.
Securing
A third party contractor gaining _______ unauthorized access to information systems is considered an insider threat.
Physical or Virtual
What malware has the defining factor of being able to replicate itself without user interaction?
Worm
Malicious code is a category including _________ and website scripts that can be uploaded into a vulnerable system.
Malicious Software (malware)
What are the two common pathways from criminals to users?
Email and World Wide Web
Where does a “boot-sector virus” reside?
First sector of a disk or Universal Serial Bus (USB) drive
File infector viruses will infect what type of files?
Executable Files
A worm has the unique characteristic of being able to replicate without needing _________ to activate the virus.
a user
Per the STRIDE model, what threat involves claiming you didn’t do something or were not responsible for an action?
Repudiation
Per the STRIDE model, what term is described by exhausting resources needed to provide service?
Denial of Service
Name the destructive behavior where the attacker changes entries in records.
Data diddling
What are the ways to characterize an attack?
intent, point of initiation, and method of delivery
Which network attack is difficult to address because it sends more requests to one machine than it can handle?
Distributed Denial of Service (DDoS)
When Network Access Control connects to a network, what can it scan for on the system?
Virus definitions, antivirus software, and operating systems updates
Agentless Network Access Control does not require a/an agent _________ to be installed on a client.
software
True or False: Dissolvable agents run the NAC check for a current status of the system and remain installed on the system.
False
What type of authentication factor requires a biometrics system?
something you are
What type of authentication factor is based on user habits like typing patterns?
something you do
True or False: Combining username & password is considered multi-factor authentication.
False
Why are Universal Serial Bus (USB) devices particularly dangerous to computer systems and networks?
Worms can activate and spread just by plugging one in to a computer, they are easy to conceal, they hold large amounts of data
What is a cryptographic processor stored on a separate card and installed on a system as an add-on device?
Hardware Security Module (HSM)
To prevent data theft and worms, USB data ports are _________ on Department of Defense computers.
disabled
When Bitlocker is enabled, Windows 7 and newer versions can’t boot without a key. What type of encryption is this?
full disk encryption (FDE)
When using Full Disk Encryption (FDE), what stores the cryptographic keys within the system?
Trusted Platform Module (TPM)
Storage Drive encryption can encrypt what kinds of storage drives?
Hard drives and Universal Serial Bus (USB) drive
Which of the following is NOT an authentication factor?
Someone you know
What service has this drawback: if an account is compromised, a hacker can access multiple servers rather than one?
Single-Sign-On (SSO)
What must be supplied by a user who’s attempting to connect to a network secured with 802.1X?
Valid Credentials
Any network resources the user consumes during their session is logged. What is this process called?
Accounting
What’s defined as presenting information about yourself to a system?
Identification
What protocol does DIAMETER use to send and secure data during transmission?
Transmission Control Protocol (TCP)
What AAA protocol gives less reliable/secure service through User Datagram Protocol (UDP)?
Remote Authentication Dial-In User Service (RADIUS)
The code is checked for functionality in what stage of the SDLC?
Testing
Which software development life cycle requires completion of each development phase before moving to the next phase?
Waterfall
During the Agile SDLC process, when can developers backtrack or repeat steps?
Anytime
In what attack is malicious code injected into a web application via a script?
Cross Site Scripting (XSS)
Websites store cookies containing user preferences and _________ information.
logon
What risk is posed by enabling the “Remember Me” feature with internet browsers?
cross-site forgery
What provides web filtering?
Proxy server
Network administrators implement permissions on files and folders to build what?
Access Control List (ACL)
Which NTFS permission gives a user all permission possible?
Full Control
Group policy can be centrally configured for the network through _____________.
Active Directory
When creating a firewall plan, you will typically create all of the following zones EXCEPT what?
communal zone
What should be placed in a private zone?
Local Area Network (LAN)
What security zone contains the internet?
public zone
In what security zone would you put a limited-access server?
extranet zone
In what security zone would you put a Wi-Fi network?
wireless zone
By having secure network user habits, the cyber _________ of the network is ensured.
hygiene
True or False: To ensure antivirus definitions are kept up to date, users should allow their software to perform automatic updates.
True
How often should antivirus software be set up to automatically perform security scans?
Regularly
Before you dispose of a computer you should use a wipe utility program to _________ the entire hard drive.
overwrite
What incident response team role has technical expertise to assess and identify the scale of the security incident?
Technical Specialist
What document should define each team member’s roles and responsibilities?
Incident Response Plan
How would the following incident/event be categorized: normal functionality is denied.
CAT 4 - Denial of Service
How would the following incident/event be categorized: authorized user breaches AF policy.
CAT 5 - Non-Compliance Activity
How would the following incident/event be categorized: event that is a false alarm.
CAT 9 - Explained Anomaly
How would the following incident/event be categorized: event undergoing further review.
CAT 8 - Investigating
A/an _________ is an observable occurance in a system and/or network.
event
A/an _________ is an assessed occurance in a system and/or network that jeopardizes the information system.
incident
If a virus is discovered on a system, who should isolate the computer from the network?
first responder
Cyber Incident Response: What’s the first incident response phase where the AF detects activity with a variety of means and capabilities?
Detection & Reporting Events
During an incident, what must the incident handling staff do with the data to allow for further incident analysis?
preserve integrity of data
The goal of a network incident first responder is to _________ the incident.
contain
What is the starting point for all future configuration assessments?
Baseline
True or False: Baselining will require updating to make it current with a desired configuration.
True
When creating a baseline, what metric will change the perspective of your data?
time span and starting point
It’s necessary to maintain a/an _________ to revert the system after changes if needed.
baseline
Which backup method backs up files that were altered since the last backup and clears the archive flag after?
Incremental Backup
Disaster Recovery Plan: In which step would you form a team to assist in the entire disaster recovery operation?
Assemble a Disaster Recovery Team
In which step would you gather and document equipment, policies, telephone numbers, and other valuable documents?
data collection
When should gathering information take place during root cause analysis?
first step
Root Cause Analysis: During which phase should personnel continuously review the incident to ensure accuracy?
Validate the Incident
What part of post-incident analysis captures lessons learned, initial root cause, and other problems?
postmortem
Name the all-source report that focuses on individuals, groups, or organizations ID’d as threats to DoD networks.
Network Intelligence Report (NIR)
All involved personnel should ID and ______ all relevant information about a network incident for future analysis.
collect
What document identifies potential foreign threats to Department of Defense networks?
Network Intelligence Report (NIR)
Having the goals of Confidentiality, Integrity, and Availability best describes which security program?
COMPUSEC (Computer Security)
TEMPEST is a security program that identifies compromising _________ in information systems
emanations
What level of classification, if disclosed, could cause exceptionally grave damage to national security?
Top Secret (TS)
OPSEC reduces mission vulnerabilities by eliminating or reducing adversary collection of _______.
critical information
Cryptography is the use of coding systems to _________ information.
encrypt & decrypt
TRANSEC results from all measures designed to protect intentional transmissions by means other than what?
crypto analysis
What security program focuses on end-point security, ports, protocols, and service management within the Air Force?
COMPUSEC
_________ vulnerabilities come from unintentionally emitted signals or compromising emanations.
TEMPEST
Which of the following would be considered the LEAST classified compared to the others?
Confidential (C)
Which security program is a continuous process and an inherent part of military culture?
OPSEC
We aim to defeat our enemy’s crypto analysis efforts with our _________ systems.
cryptographic
_______ is applying cryptosecurity techniques to each situation so our intercepted signals will be unintelligible.
TRANSEC
