Module 4 - 01-2 Flashcards
Core Cybersecurity Knowledge and Skills
What are two commonly used types of Programming Languages?
1) Python
2) SQL
What does OS stand for?
Operating System
Define operating system (OS)
The interface between computer hardware and the user.
What are three examples of an Operating System?
1) Linux
2) MacOS
3) Windows
Define Programming
Used to create a specific set of instructions for a computer to execute tasks
How does programming benefit security analysts?
Programming allows analysts to complete repetitive tasks and processes with a high degree of accuracy and efficiency.
It also helps reduce the risk of human error, and can save hours or days compared to performing the work manually.
Define Linux
An open-source, or publicly available, operating system
Define Open Source
The code is available to the public and allows people to make contributions to improve the software
What does Linux rely on as the primary user interface?
Linux relies on a command line as the primary user interface.
Linux itself is not a programming language, but it does allow for the use of text-based commands between the user and the operating system.
Define Command
An instruction telling the computer to do something
What doe CLI stand for?
Command Line Interface (CLI)
Define Command-Line Interface
A text-based user interface that uses commands to interact with the computer
What does GUI stand for?
Graphical User Interface (GUI)
Explain how Linux, in the past and now, interacts with common computer systems?
Linux traditionally relied on the CLI, but modern distributions typically come with a graphical user interface (GUI), which allows users to interact with the system using windows, icons, and menus, similar to Windows or macOS.
What does SQL stand for?
Structured Query Language (SQL)
Define SQL
A programming language used to create, interact with, and request information from a database
Define Database
An organized collection of information or data
Define Data Point
A specific piece of information
Define Python
Used to perform tasks that are repetitive and time-consuming and that require a high level of detail and accuracy
Which of the following can be used to perform repetitive, time-consuming tasks and/or request information from a database? Select two answers.
- SQL
- Python
- Linux
- CIA
- SQL
- Python
Python and SQL can be used to perform repetitive, time-consuming tasks and/or request information from a database.
Define Automation
The use of technology to reduce human and manual effort in performing common and repetitive tasks.
Automation also helps reduce the risk of human error.
Define Web Vulnerability
A unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment
What does OWASP stand for?
Open Web Application Security Project (OWASP)
Define OWASP
A non-profit organization focused on improving software security
What is another name for Antivirus Software?
Anti-Malware
Define Antivirus Software (Anti-Malware)
A software program used to prevent, detect, and eliminate malware and viruses
What does IDS stand for?
Intrusion Detection System (IDS)
Define IDS
An application that monitors system activity and alerts on possible intrusions
Explain how an IDS works
The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.
Define Encryption
The process of converting data from a readable format to a cryptographically encoded format
Define Cryptographic Encoding
Converting plaintext into secure ciphertext
Define Plaintext
Unencrypted information
Define Secure Ciphertext
The result of encryption
Define Encoding
The use of a public conversion algorithm to enable systems that use different data representations to share information
What is another name for Penetration Testing?
Pen Testing
Define Penetration Testing (Pen Testing)
The act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes
It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses
What do security professionals use to interact with and request information from a database?
- Linux
- Confidentiality, integrity, availability (CIA) triad
- Python
- Structured Query Language (SQL)
Structured Query Language (SQL)
Security professionals use Structured Query Language (SQL) to interact with and request information from a database.
What is programming typically used for? Select two answers.
- Record events that occur within an organization’s systems
- Complete repetitive tasks and processes
- Enable open-source operations
- Create a specific set of instructions for a computer to execute tasks
- Complete repetitive tasks and processes
- Create a specific set of instructions for a computer to execute tasks
Programming is typically used to complete repetitive tasks and processes and create a specific set of instructions for a computer to execute tasks.
Linux is an open-source _____ that can be used to examine logs.
- algorithm
- database
- programming language
- operating system
operating system
Linux is an open-source operating system that can be used to examine logs.
True or False?
A playbook is a manual that only provides details about how to respond to an incident.
False
A playbook is a manual that provides details about any operational action, including incident response, security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.
What is a portfolio?
Cybersecurity professionals use portfolios to demonstrate their security education, skills, and knowledge.
Why is a portfolio necessary?
Professionals typically use portfolios when they apply for jobs to show potential employers that they are passionate about their work and can do the job they are applying for. Portfolios are more in depth than a resume, which is typically a one-to-two page summary of relevant education, work experience, and accomplishments.
What may be included but not limited in a portfolio?
- Drafting a professional statement
- Conducting a security audit
- Analyzing network structure and security
- Using Linux commands to manage file permissions
- Applying filters to SQL queries
- Identifying vulnerabilities for a small business
- Documenting incidents with an incident handler’s journal
- Importing and parsing a text file in a security-related scenario
- Creating or revising a resume
Define Professional Statement
An introduction to prospective employers that briefly describes who you are as a person and potential employee, and it allows them to understand what you care about and the value you can bring to the organization.
Example 1 of a Professional Statement
My name is Daniel. I am driven and passionate about safeguarding people’s security, including their financial well being. I enjoy working with technology and analyzing and solving complex problems.
Example 2 of a Professional Statement
I am a highly motivated and detail-oriented cybersecurity analyst. I actively work to identify and analyze potential risks, threats, and vulnerabilities to security and ensure the confidentiality, integrity, and availability of assets, to help safeguard organizations and people alike.
Example 3 of a Professional Statement
I am enthusiastic about information security and enjoy finding solutions that can positively impact an organization and the people it serves. I place a high value on maintaining a strong security posture to help protect sensitive information and mitigate risk.
