Module 2

Question 1

Malware

Answer 1

A software designed to harm devices or networks.

Question 2

Virus

Answer 2

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Question 3

Worm

Answer 3

Malware that self-replicates, spreading across the network and infecting computers

Question 4

Ransomware

Answer 4

A malicious attack during which threat actors encrypt an organization’s data and demand payment to restore access

Question 5

Spyware

Answer 5

Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data

Question 6

Phishing

Answer 6

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 7

Spear phishing

Answer 7

A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

Question 8

Whaling

Answer 8

A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

Question 9

Business email compromise (BEC)

Answer 9

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Question 10

Vishing

Answer 10

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 11

Social Engineering

Answer 11

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data

Question 12

Social media phishing

Answer 12

An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

Question 13

Watering hole attack

Answer 13

An attack in which a threat actor compromises a website frequently visited by a specific group of users

Question 14

Physical social engineering

Answer 14

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 15

USB baiting

Answer 15

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network

Question 16

Certified Information Systems Security Professional (CISSP)

Answer 16

The Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of information security. It’s designed for experienced security practitioners, managers, and executives. The certification is offered by the International Information System Security Certification Consortium, commonly known as (ISC)².