Module 2

Question 1

Phishing

Answer 1

use of digital communications to trick people into revealing sensitive data

Question 2

Malware

Answer 2

software designed to harm devices or networks

Question 2

Viruses

Answer 2

Malicious code written to interfere with computer operations and cause damage to data and software

Question 3

Worms

Answer 3

Malware that can duplicate and spread itself across systems on its own - doesn’t need to be downloaded (same network)

Question 4

Ransomware

Answer 4

Malicious attack where threat actors encrypt an organisations data and demand payment to restore access

Question 5

Spywhere

Answer 5

Malware used to gather and sell information without consent

Question 6

Social engineering

Answer 6

Manipulation technique that exploits human error - gain info, access, valuables

Question 7

Social media phishing

Answer 7

Threat actor collects detailed information about their target from social media sites, then initiate an attack

Question 8

Watering hole attack

Answer 8

Threat actor collects details information about their target from social media sites, then initiate an attack

Question 9

USB baiting

Answer 9

Threat actor attacks website frequently visited by specific group of users

Question 10

Physical social engineering

Answer 10

Threat actor impersonates employee, customer, vendor to obtain unauthorized access to a physical location

Question 11

Social engineering principles

Answer 11

Authority, intimidation, consensus/social proof, scarcity, familiarity, trust, urgency

Question 12

Authority

Answer 12

Threat actors impersonate individuals with power

Question 13

Intimidation

Answer 13

Threat actors use bullying tactics

Question 14

Consensus/social proof

Answer 14

People do things they believe others are doing, threat actors use others’ trust to pretend they are legitimate

Question 15

Scarcity

Answer 15

Tactic used to imply goods or services are in limited supply

Question 16

Familiarity

Answer 16

Threat actors establish fake emotional connection with users that can be exploited

Question 17

Trust

Answer 17

Threat actors establish an emotional relationship with users that can be exploited over time

Question 18

Urgency

Answer 18

Threat actor persuades others to respond quickly and without questioning

Question 19

CISSP

Answer 19

Certified Information Systems Security Professional

Question 20

CISSP domain - Security and Risk Management

Answer 20

Defines security goals and objectives, risk mitigation, compliance, business continuity and the law

Question 21

CISSP domain - Asset Security

Answer 21

Secures digital and physical assets. Also related to the storage, maintenance, retention, and destruction of data

Question 22

CISSP domain - Security Architecture and Engineering

Answer 22

Optimises data security by ensuring effective tools, systems, and processes are in place

Question 23

CISSP domain - Communication and Network Security

Answer 23

Manage and secure physical networks and wireless communications

Question 24

CISSP domain - Identity and Access Management

Answer 24

Keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications

Question 25

CISSP domain - Security Assessment and Testing

Answer 25

Conducting security control testing, collecting and analysing data, and conducting security audits to monitor for risks, threats, and vulnerabilities

Question 26

CISSP domain - Security Operations

Answer 26

Conducting investigations and implementing preventative measures

Question 27

CISSP domain - Software Development Security

Answer 27

Uses secure coding practices which are a set of recommended guidelines that are used to create secure applications and services

Question 28

Attack types

Answer 28

Password attack, social engineering, physical attack, adversarial artificial intelligence, supply chain attack, cryptographic attack

Question 29

Password attack

Answer 29

Attempt to access password-secured devices, systems, networks, or data

Question 30

Social engineering

Answer 30

Manipulation technique that exploits human error to gain private information, access, or valuables

Question 31

Physical attack

Answer 31

Security incident that affects not only digital but also physical environments where the incident is deployed

Question 32

Adversarial artificial intelligence

Answer 32

Technique that manipulates AI and machine learning tech to conduct attacks more efficiently

Question 33

Supply chain attack

Answer 33

Targets systems, applications, hardware and software to locate a vulnerability where malware can be deployed

Question 34

Cryptographic attack

Answer 34

Affects secure forms of communication between a sender and intended recipient

Question 35

Threat actor types

Answer 35

Advanced persistent threats (APTs), insider threats, hacktivists

Question 36

Advanced Persistent Threats (APTs)

Answer 36

Significant expertise accessing organisations networks without authorisation. Tend to research targets

Question 37

Insider threats

Answer 37

Abuse their authorised access to obtain data that may harm an organisation

Question 38

Hacktivists

Answer 38

Threat actors that are driven by a political agenda

Question 39

Hacker types

Answer 39

Authorised (ethical) hackers, semi-authorised hackers (researchers), unauthorised (unethical) hackers

Question 40

Authorised (ethical) hackers

Answer 40

Follow a code of ethics and adhere to the law to conduct organisational risk evaluations

Question 41

Semi-authorised hackers (researchers)

Answer 41

Search for vulnerabilities but don’t take advantage of the vulnerabilities they find

Question 42

Unauthorised (unethical) hackers

Answer 42

Are malicious threat actors who do not follow or respect the law - primary goal to collect and sell confidential data for financial gain

Question 43

Vigilantes

Answer 43

Not motivated by any particular agenda other than completing the job they were contracted to do - main goal to protect from unethical hackers