Module 2 Flashcards

1
Q

What is a computer virus?

A

Malicious code written to interfere with computer operations and cause damage to data and software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Social Engineering?

A

A manipulation technique that exploits human error to gain private information, access, or valuables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Phishing?

A

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is BEC?

A

“Business Email Compromise”
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain financial advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Spearphishing?

A

A malicious email attack that targets a specific group of users. The email seems to originate from a trusted source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Whaling?

A

A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Vishing?

A

The exploitation of voice communication to obtain sensitive information or to impersonate a known source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain the Security and Risk Management domain

A

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which domain defines security goals and objectives, risk mitigation, compliance, business continuity, and the law

A

Security and Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the Asset Security domain

A

Secures digital and physical assets. It is also related to the storage, maintenance, retention, and destruction of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which security domain secures digital and physical assets. It is also related to the storage, maintenance, retention, and destruction of data

A

Asset Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain the security architecture and engineering domain

A

Optimizes data security by ensuring effective tools, systems, and processes are in place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which security domain Optimizes data security by ensuring effective tools, systems, and processes are in place

A

Security Architecture and Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explain the Communication and Network Security domain

A

Manages and secures physical networks and wireless communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which security domain Manages and secures physical networks and wireless communications

A

Communication and Network Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Explain the Identity and Access Management domain

A

Keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces and logical assets, such as network applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which security domain keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces and logical assets, such as network applications

A

Identity and Access Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Explain the Security Assessment and Testing domain

A

Responsible for:
- conducting security control testing
- collecting and analysing data
- conducting security audits
to monitor for risks, threats, and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which security domain is responsible for conducting security control testing, collecting and analysing data, and conducting security audits to monitor for risks, threats and vulnerabilities

A

Security Assessment and Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explain the Security Operations domain

A

Responsible for conducting investigations and implementing preventative measures

21
Q

Which security domain is responsible for conducting investigations and implementing preventative measures

A

Security Operations

22
Q

Explain the Software Development Security domain

A

Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services

23
Q

Which security domain Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services

A

Software Devopment Security

24
Q

What are the 8 CISSP security domains

A
  1. Security and Risk Management
  2. Asset Security
  3. Security and Architecture Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security
25
Q

What is a “password attack”?

A

An attempt to access password-secured devices, systems, networks, or data.

26
Q

What are some forms of Password Attack?

A

Brute force
Rainbow Table

27
Q

What security domain do Password attacks fall under?

A

Communication and Network Security

28
Q

What are some forms of Social Engineering attack?

A
  • Phishing
  • Smishing
  • Vishing
  • Spear fishing
  • Whaling
  • Social media fishing
  • Business Email Compromise (BEC)
  • Watering hole attack
  • USB (Universal Serial Bus) baiting
  • Physical social engineering
29
Q

What security domain do social engineering attacks fall under?

A

Security and Risk Management

30
Q

What is a Physical Attack?

A

A security incident that affects not only digital but also physical environments where the incident is deployed.

31
Q

What are some forms of Physical Attack?

A
  • Malicious USB cable
  • Malicious flash drive
  • Card cloning and skimming
32
Q

What security domain do physical attacks fall under?

A

Communication and Network Security

33
Q

What is Adversarial Artificial Intelligence?

A

A technique that manipulates AI and machine learning technology to conduct attacks more efficiently.

34
Q

Which security domain do Adversarial AI Attacks fall under?

A

Both the Communication and Network Security and the Identity and Access Management domains.

35
Q

What is a Supply-Chain Attack?

A

Targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.

36
Q

Why can Supply-Chain Attacks be costly?

A

Security breaches can occur at any point of the supply-chain so they can affect multiple organisations and individuals.

37
Q

What is a Cryptographic Attack?

A

Affects secure forms of communication between sender and intended recipient.

38
Q

What are some forms of Cryptographic Attack?

A
  • Birthday
  • Collision
  • Downgrade
39
Q

Which security domain do Cryptographic Attacks fall under?

A

Communication and Network Security

40
Q

What are “APTs”?

A

Advanced Persistent Threats

41
Q

What are some characteristics of Advanced Persistent Threats?

A
  • Have significant expertise accessing an organisation’s network without authorisation.
  • Tend to research their targets in advance and can remain undetected for an extended period of time.
42
Q

What are some motivations and intentions of APTs?

A
  • Damaging critical infrastructure, such as the power grid and natural resources
  • Gaining access to intellectual property
43
Q

What are Insider Threats?

A

Individuals abuse their authorised access to obtain data that may harm an organisation.

44
Q

What are some motivations and intentions of Insider Threats?

A
  • Sabotage
  • Corruption
  • Espionage
  • Unauthorised data access or leaks
45
Q

What is a Hacker?

A

Any person who uses computers to gain access to computer systems, networks, or data.

46
Q

What are the three main categories of Hackers?

A
  • Authorised Hackers (Ethical Hackers)
  • Semi-authorised Hackers
  • Unauthorised Hackers (Unethical Hackers)
47
Q

What is an Ethical Hacker (Authorised Hacker)?

A

They follow a code of ethics and adhere to the law to conduct organisational risk evaluations. Motivated to safeguard people and organisations from malicious threat actors.

48
Q

What is a Semi-Authorised Hacker?

A

Considered researchers. Search for vulnerabilities, but don’t take advantage of the ones they find.

49
Q

What is an Unauthorised Hacker (Unethical Hacker)?

A

Malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.