Module 2

Question 1

Computer Virus

Answer 1

Malicious code written to interfere with computer operations and cause damage to data and software.

Question 2

Malware

Answer 2

Software designed to harm devices or networks.

Question 3

Social Engineering

Answer 3

A manipulation technique that exploits human error to gain private information, access, or valuables.

Question 4

Phishing

Answer 4

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Question 5

Common Types of Phishing Attacks

Answer 5

Business Email Compromise (BEC)

Spear Phishing

Whaling

Vishing

Smishing

Question 6

Business Email Compromise(BEC)

Answer 6

A threat actor sends an email message that seems to be from unknown source to make a seemingly legitimate request for information, in order to obtain a financial advantage.

Question 7

Spear Phishing

Answer 7

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

Question 8

Whaling

Answer 8

A form of spear phishing. Threat actors target company executives to gain access to sensitive data.

Question 9

Vishing

Answer 9

Exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.

Question 10

Smishing

Answer 10

The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Question 11

Common Types of Malware Attacks

Answer 11

Viruses

Worms

Ransomware

Spyware

Question 12

Viruses

Answer 12

Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat factor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself and other files and now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Question 13

Worms

Answer 13

Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.

Question 14

Ransomware

Answer 14

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.

Question 15

Spyware

Answer 15

Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows thread actors to collect personal data, such as private emails, text, voice and image recordings, and locations.

Question 16

Why Social Engineering Attacks are Effective

Answer 16

Authority

Intimidation

Consensus/Social Proof

Scarcity

Familiarity

Trust

Urgency

Question 17

USB Baiting

Answer 17

An attack in which a threat actor strategically leaves a malware USB stick for an employee to defined an unknowingly infected network.

Question 18

CISSP Domains

Answer 18

Security and Risk Management

Asset Security

Security Architecture and Engineering

Communications and Network Security

Identify and Access Management

Security Assessment and Testing

Security Operations

Software Development Security

Question 19

Security and Risk Management

Answer 19

Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law.

Question 20

Asset Security

Answer 20

Secure his digital and physical assets. It’s also related to storage, maintenance, retention, and destruction of data.

Question 21

Security Architecture and Engineering

Answer 21

Optimize his data security by ensuring effective tools, systems, and processes are in place.

Question 22

Communication and Network Security

Answer 22

Manage and secure physical networks and wireless communications.

Question 23

Identify and Access Management

Answer 23

Keep data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

Question 24

Security Assessment and Testing

Answer 24

Conducting security control testing, collecting an analyzing data, and conducting security audits to monitor for risk, threats, and vulnerabilities.

Question 25

Security Operations

Answer 25

Conducting investigations and implementing preventative measures.

Question 26

Software Development Security

Answer 26

Used secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.

Question 27

Password Attack

Answer 27

Falls under the communication and network security domain of CISSP

Question 28

Social Engineering Attack

Answer 28

Falls under the security and risk management domain of CISSP

Question 29

Physical Attack

Answer 29

Falls under the asset security domain of CISSP

Question 30

Adversarial Artificial Intelligence Attack

Answer 30

Falls under both the communication and network security and the identity and access management domains of CISSP

Question 31

Supply-Chain Attack

Answer 31

Fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains of CISSP.

Question 32

Cryptographic Attack

Answer 32

Falls under the communication and network security domain of CISSP

Question 33

Threat Actor Types

Answer 33

Advanced Persistent Threats

Insider Threats

Hacktivists

Question 34

Advanced Persistent Threats (APTs)

Answer 34

Have significant expertise accessing an organizations network without authorization. APTs tend to research their targets in advance and can remain undetected for an extended period of time.

Question 35

Insider Threats

Answer 35

Abuse their authorized access to obtain data that may harm an organization.

Question 36

Hacktivist

Answer 36

Threat actors that are driven by a political agenda.

Question 37

Hacker

Answer 37

Any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons.

Question 38

Hacker Types

Answer 38

Authorized Hackers (Ethical Hackers)

Semi-Authorized Hackers (Researchers)

Unauthorized Hackers (Unethical Hackers)

Question 39

Authorized Hackers (Ethical Hackers)

Answer 39

Follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.

Question 40

Semi-Authorized Hackers (Researchers)

Answer 40

Search for vulnerabilities but don’t take advantage of the vulnerabilities they find.

Question 41

Unauthorized Hackers (Unethical Hackers)

Answer 41

They are malicious threat actors who do not follow or respect the law. Their goal is to collect self confidential data for financial gain.