Luck based studying

Question 1

HACKTIVIST:

Answer 1

Grey hat hackers who rally and protest different political and social ideas.

Question 2

An example of a vulnerability database?

Answer 2

The National Common Vulnerabilities and Exposures (EVE) database.
Publicly available database of all known vulnerabilities.

Question 3

An example of an early warning system?

Answer 3

Honeynet project creates a warning when someone accesses your data.

Question 4

An example of a company that shares cyber intelligence?

Answer 4

InfraGard, partnership of the FBI and private sector

Question 5

ISM Standards?

Answer 5

ISO/IEC 27000 standards are an example of Information Security Management standards.

Question 6

What group tracks laws enacted to cyber security?

Answer 6

ISACA

Question 7

Example of an attack that successfully destroyed infrastructure.

Answer 7

Stuxnet

Question 8

What is scada used for?

Answer 8

Supervisory Control and Data Acquisition

used to control and monitor industrial processes.

Question 9

BYOD?

Answer 9

Bring Your Own Device

Using a mobile device for company purposes.

Question 10

What is IoT?

Answer 10

Internet of Things

The collection of technologies that enable the connection of various devices to the Internet.

Question 11

What is an APT

Answer 11

Advanced Persistent Threat

Continuous computer hack that occurs under the radar against a specific object.

Question 12

Algorithm attacks?

Answer 12

Can track system self-reporting data, like how much energy a computer is using, and use that information to select targets or trigger false alerts.

Question 13

Federated identity?

Answer 13

A federated identity links a subject’s electronic identity across separate identity management systems. Exe, using google account ot log into Yahoo.

The most common way to protect federated identity is to tie login ability to an authorized
device.

Question 14

TDoS

Answer 14

Telephone denial of service attack uses phone calls to tie up a system while not letting any calls get through.

Question 15

National Institute of Standards and Technologies?

Answer 15

NIST

created a framework for companies and organizations in need of cybersecurity professionals

Question 16

National Cybersecurity Workforce Framework

includes providing support, administration, and maintenance

Answer 16

Operate and Maintain

Question 17

National Cybersecurity Workforce Framework

includes the identification, analysis, and mitigation of threats.

Answer 17

Protect and Defend

Question 18

National Cybersecurity Workforce Framework

Examine cyber events and/or crimes of IT systems

Answer 18

Investigate

Question 19

National Cybersecurity Workforce Framework

includes specialized denial and deception operations.

Answer 19

Collect and Operate

Question 20

National Cybersecurity Workforce Framework

review and evaluation of incoming cybersecurity information.

Answer 20

Analyze

Question 21

National Cybersecurity Workforce Framework

provides for leadership, management, and development

Answer 21

Oversight and Development

Question 22

National Cybersecurity Workforce Framework

includes conceptualizing, designing, and building secure IT systems.

Answer 22

Securely Provision

Question 23

DNS, HTTP. and online databases?

Answer 23

Prime targets for cybercriminals and packet sniffing.

Question 24

Packet forgery?

Answer 24

also called interferes with an established network communication by constructing packets to appear as if they are part of a communication.

Question 25

Internal security threats?

Answer 25

Improper handling of confidential information, abuse of administrator privileges, knowledge of security countermeasures.

Question 26

External security threats?

Answer 26

Amaterur or skilled hackers, cna use vulnerabilities in netowkr devices, social engineering.

Question 27

Impact of Big Data

Answer 27

Big data is the result of datasets that are large and complex, making traditional
data processing applications inadequate.

Question 28

▪ ISACA Certified Information Security Manager (CISM)

Answer 28

– Cybersecurity specialists
responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM.

Question 29

The first dimension of the cybersecurity cube?

Answer 29

Identifies the goals to
protect the cyber world.

Confidentiality, integrity, and availability.

Question 30

The second dimension of the cybersecurity cube?

Answer 30

protecting all of the states of data in the cyber world.

Data at rest or in storage, data in transit, data in process.

Question 31

The third dimension of the cybersecurity cube?

Answer 31

defines the types of powers used to protect the cyber world.

Technologies- devices, and products available to protect information systems and fend off cyber criminals.

Policies and Practices -procedures, and guidelines that enable the citizens of the cyber world to stay safe and follow good practices

People - Aware and knowledgeable about their
world and the dangers that threaten their
world.

Question 32

Confidentiality?

Answer 32

prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy.

Question 33

Integrity?

Answer 33

▪ Integrity is the accuracy, consistency, and trustworthiness of data during its entire life
cycle.
Another term for integrity is quality.

Question 34

Availability?

Answer 34

used to describe the need to maintain availability
of information systems and services at all times.

Methods for ensuring availability include system redundancy, system
backups, increased system resiliency, equipment maintenance, up-to-date
operating systems and software, and plans in place to recover quickly from
unforeseen disasters.

Question 35

Accounting?

Answer 35

keeps track of what users do, including what they access, the amount of time
they access resources, and any changes made.

Question 36

Integrity check?

Answer 36

is a way to measure the consistency of a collection of data (a file, a
picture, or a record)

Does a hash function to take a snapshot of data at an instant in time.

Question 37

Data at rest?

Answer 37

a type of storage

device retains the data when no user or process is using it.

Question 38

Direct attached storage- DAS

Answer 38

Direct-attached storage is connected to a computer.

Question 39

RAID?

Answer 39

Redundant array of independent disks

RAID provides improved
performance and fault tolerance.

Question 40

Network attached storage device NAS

Answer 40

A network attached storage device is a storage device connected to
a network that allows storage and retrieval of data from a centralized
location by authorized network users

Question 41

Storage area netowrk SAN

Answer 41

Storage area network is a network-based storage

system.

Question 42

Data in Transit?

Answer 42

involves sending information from one device to another

Question 43

Ways to transmit data

Answer 43

Sneaker net (USB), wired network, and wireless networks.

Question 44

Data in process?

Answer 44

data during initial input,

modification, computation, or output.

Question 45

The ISO Model?

Answer 45

International Organization for Standardization

developed a comprehensive framework to guide information security management.

Question 46

Virus?

Answer 46

• A virus is malicious executable code attached to

another executable file, such as a legitimate program

Question 47

Worms?

Answer 47

• Worms are malicious code that replicates by

independently exploiting vulnerabilities in networks.

Question 48

Trojan horse?

Answer 48

• A Trojan horse is malware that carries out
  malicious operations under the guise of a desired operation such
  as playing an online game.

Question 49

Logic bomb?

Answer 49

A logic bomb is a malicious program that

uses a trigger to awaken the malicious code.

Question 50

Ransomware?

Answer 50

Ransomware holds a computer system, or
the data it contains, captive until the target makes a
payment.

Question 51

Backdoors and Rootkits?

Answer 51

• A backdoor or rootkit refers to the program or code introduced by a criminal who has compromised a system.

Question 52

Spam?

Answer 52

Spam, also known as junk mail, is unsolicited

email.

Question 53

Spyware?

Answer 53

• Spyware is software that enables a criminal to

obtain information about a user’s computer activities.

Question 54

Adware?

Answer 54

• Adware typically displays annoying pop-ups

to generate revenue for its authors.

Question 55

Scareware?

Answer 55

Scareware persuades the user to take a

specific action based on fear.

Question 56

Phishing?

Answer 56

using email, instant messaging, or other
social media to try to gather information such as
login credentials or account information by
masquerading as a reputable entity or person.

Question 57

Spear phishing?

Answer 57

Spear phishing is a highly

targeted phishing attack.

Question 58

Vishing?

Answer 58

Vishing is phishing using voice communication technology.

Question 59

Pharming?

Answer 59

Pharming is the impersonation of a
legitimate website in an effort to deceive users into
entering their credentials.

Question 60

Whaling?

Answer 60

Whaling is a phishing attack that targets
high profile targets within an organization such as
senior executives.

Question 61

SEO Poisoning?

Answer 61

SEO poisoning uses SEO to make a malicious website appear higher in search
results

Question 62

Browser hijacker

Answer 62

A browser hijacker is malware that alters a computer’s
browser settings to redirect the user to websites paid for by the cyber criminals’
customers.

Question 63

Pretexting?

Answer 63

• This is when an attacker calls an individual and

lies to them in an attempt to gain access to privileged data.

Question 64

Quid pro quo?

Answer 64

This is when an
attacker requests personal information from a party in
exchange for something, like a gift.

Question 65

Shoulder Surfing and Dumpster Diving?

Answer 65

refers to picking

up PINs, access codes or credit card numbers.

Question 66

Impersonation and Hoaxes?

Answer 66

Impersonation is the action

of pretending to be someone else.

Question 67

Piggybacking and Tailgating?

Answer 67

Piggybacking occurs when

a criminal tags along with an authorized person to gain entry into a secure location or a restricted area.

Question 68

Symmetric algorithms?

Answer 68

These algorithms use the same pre-shared key,
sometimes called a secret key pair, to encrypt and decrypt data. Both the
sender and receiver know the pre-shared key

Question 69

Asymmetric algorithms?

Answer 69

Asymmetrical encryption algorithms use one key to

encrypt data and a different key to decrypt data.

Question 70

3DES?

Answer 70

Triple Digital Encryption Standard, symmetric block cipher with 64-bit block 56-bit key.

Encrypts data three times and uses a different key for at least one

Question 71

IDEA?

Answer 71

International Data Encryption Algorithm
64-bit blocks and 128-bit keys

Performs eight rounds of transformations of each of the 16 blocks

Question 72

AES?

Answer 72

Advanced Encryption Standard 128-bit, a key size of 128,192, or 256. U.S government uses this.

Question 73

Physical Access Controls?

Answer 73

Barriers to prevent direct contacts with system.

Question 74

Logical Access Controls?

Answer 74

hardware and software solutions

Question 75

Administrative Access Controls?

Answer 75

Policies and procedures

Question 76

MAC?

Answer 76

Mandatory access control - restricts the actions that a subject can
perform on an object. User cannot access _____

Question 77

DAC?

Answer 77

Discreitionay access control grants or restricts object access determined by the object’s owner.

Owner of a .doc file chooses who to share it with.

Question 78

RBAC?

Answer 78

is based on the role of the subject.

Accountants do not have access to IT files.

Question 79

Rule-based access control?

Answer 79

Rules determine access

Staff cannot look at payroll after hours on weekends.

Question 80

What You Know

Answer 80

passwords, passphrases, pins

Question 81

What You Have

Answer 81

smart cards and security key fobs

Question 82

Who You Are

Answer 82

fingerprint, retina

Question 83

Multi-factor authentication

Answer 83

Two ways to confirm identity,

password and phone.

Question 84

Data masking?

Answer 84

Data masking is a technology that secures data by replacing sensitive information with a non-sensitive version.

Question 85

Substitution?

Answer 85

replaces data with authentic looking values to apply

anonymity to the data records.

Question 86

Shuffling?

Answer 86

makes up a substitution set from the same column of data that a user wants to mask.

Question 87

Steganography?

Answer 87

Conceals data in another file like a graphic, audio, or other text file.

Question 88

Data obfuscation?

Answer 88

The use and practice of data masking and steganography in cybersecurity and cyber intelligence.