Module 2 Flashcards

(44 cards)

1
Q

Phishing

A

use of digital communications to trick people into revealing sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware

A

software designed to harm devices or networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Viruses

A

Malicious code written to interfere with computer operations and cause damage to data and software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Worms

A

Malware that can duplicate and spread itself across systems on its own - doesn’t need to be downloaded (same network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ransomware

A

Malicious attack where threat actors encrypt an organisations data and demand payment to restore access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spywhere

A

Malware used to gather and sell information without consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Social engineering

A

Manipulation technique that exploits human error - gain info, access, valuables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Social media phishing

A

Threat actor collects detailed information about their target from social media sites, then initiate an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Watering hole attack

A

Threat actor collects details information about their target from social media sites, then initiate an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

USB baiting

A

Threat actor attacks website frequently visited by specific group of users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Physical social engineering

A

Threat actor impersonates employee, customer, vendor to obtain unauthorized access to a physical location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Social engineering principles

A

Authority, intimidation, consensus/social proof, scarcity, familiarity, trust, urgency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Authority

A

Threat actors impersonate individuals with power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intimidation

A

Threat actors use bullying tactics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Consensus/social proof

A

People do things they believe others are doing, threat actors use others’ trust to pretend they are legitimate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Scarcity

A

Tactic used to imply goods or services are in limited supply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Familiarity

A

Threat actors establish fake emotional connection with users that can be exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Trust

A

Threat actors establish an emotional relationship with users that can be exploited over time

18
Q

Urgency

A

Threat actor persuades others to respond quickly and without questioning

19
Q

CISSP

A

Certified Information Systems Security Professional

20
Q

CISSP domain - Security and Risk Management

A

Defines security goals and objectives, risk mitigation, compliance, business continuity and the law

21
Q

CISSP domain - Asset Security

A

Secures digital and physical assets. Also related to the storage, maintenance, retention, and destruction of data

22
Q

CISSP domain - Security Architecture and Engineering

A

Optimises data security by ensuring effective tools, systems, and processes are in place

23
Q

CISSP domain - Communication and Network Security

A

Manage and secure physical networks and wireless communications

24
CISSP domain - Identity and Access Management
Keeps data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications
25
CISSP domain - Security Assessment and Testing
Conducting security control testing, collecting and analysing data, and conducting security audits to monitor for risks, threats, and vulnerabilities
26
CISSP domain - Security Operations
Conducting investigations and implementing preventative measures
27
CISSP domain - Software Development Security
Uses secure coding practices which are a set of recommended guidelines that are used to create secure applications and services
28
Attack types
Password attack, social engineering, physical attack, adversarial artificial intelligence, supply chain attack, cryptographic attack
29
Password attack
Attempt to access password-secured devices, systems, networks, or data
30
Social engineering
Manipulation technique that exploits human error to gain private information, access, or valuables
31
Physical attack
Security incident that affects not only digital but also physical environments where the incident is deployed
32
Adversarial artificial intelligence
Technique that manipulates AI and machine learning tech to conduct attacks more efficiently
33
Supply chain attack
Targets systems, applications, hardware and software to locate a vulnerability where malware can be deployed
34
Cryptographic attack
Affects secure forms of communication between a sender and intended recipient
35
Threat actor types
Advanced persistent threats (APTs), insider threats, hacktivists
36
Advanced Persistent Threats (APTs)
Significant expertise accessing organisations networks without authorisation. Tend to research targets
37
Insider threats
Abuse their authorised access to obtain data that may harm an organisation
38
Hacktivists
Threat actors that are driven by a political agenda
39
Hacker types
Authorised (ethical) hackers, semi-authorised hackers (researchers), unauthorised (unethical) hackers
40
Authorised (ethical) hackers
Follow a code of ethics and adhere to the law to conduct organisational risk evaluations
41
Semi-authorised hackers (researchers)
Search for vulnerabilities but don't take advantage of the vulnerabilities they find
42
Unauthorised (unethical) hackers
Are malicious threat actors who do not follow or respect the law - primary goal to collect and sell confidential data for financial gain
43
Vigilantes
Not motivated by any particular agenda other than completing the job they were contracted to do - main goal to protect from unethical hackers