Module 2 Flashcards
What is a computer virus?
Malicious code written to interfere with computer operations and cause damage to data and software.
What is Social Engineering?
A manipulation technique that exploits human error to gain private information, access, or valuables.
What is Phishing?
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
What is BEC?
“Business Email Compromise”
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain financial advantage.
What is Spearphishing?
A malicious email attack that targets a specific group of users. The email seems to originate from a trusted source.
What is Whaling?
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
What is Vishing?
The exploitation of voice communication to obtain sensitive information or to impersonate a known source.
Explain the Security and Risk Management domain
Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law
Which domain defines security goals and objectives, risk mitigation, compliance, business continuity, and the law
Security and Risk Management
Explain the Asset Security domain
Secures digital and physical assets. It is also related to the storage, maintenance, retention, and destruction of data
Which security domain secures digital and physical assets. It is also related to the storage, maintenance, retention, and destruction of data
Asset Security
Explain the security architecture and engineering domain
Optimizes data security by ensuring effective tools, systems, and processes are in place
Which security domain Optimizes data security by ensuring effective tools, systems, and processes are in place
Security Architecture and Engineering
Explain the Communication and Network Security domain
Manages and secures physical networks and wireless communications
Which security domain Manages and secures physical networks and wireless communications
Communication and Network Security
Explain the Identity and Access Management domain
Keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces and logical assets, such as network applications
Which security domain keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces and logical assets, such as network applications
Identity and Access Management
Explain the Security Assessment and Testing domain
Responsible for:
- conducting security control testing
- collecting and analysing data
- conducting security audits
to monitor for risks, threats, and vulnerabilities
Which security domain is responsible for conducting security control testing, collecting and analysing data, and conducting security audits to monitor for risks, threats and vulnerabilities
Security Assessment and Testing