1
Q

___ is the most concerned matter as cyber threats and attacks are overgrowing.

A

Cyber security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Measures taken to protect a computer or computer system (on the internet) against unauthorized access or attack?

A

Cyber security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Sending emails that appear to be from legitimate companies requesting personal information.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An interruption in an authorized user’s access to a computer network, typically one caused with MALICIOUS INTENT.

A

DoS or Denial-of-Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Any type of malicious software is designed to harm or exploit any programmable device, service or network.

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____ is a method of gaining unauthorized access to a network or computer system.

A

Hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An individual who intends to gain unauthorized access to a network or computer system.

A

Hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The entirety of potential and identified cyberthreats affecting a particular sector, group of users, time period, and so forth.

A

Threat landscape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Give two examples of Treat landscape

A
  • ENISA (European Union Agency for Network and Information Security)
  • NIST (National Institute of Standards and Technology)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

____ defined as the collection of threats that are observed, information about threat agents, and the current trends of threats

A

Threat landscape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

___ are security incidents or circumstances with the potential to have a negative outcome for your network or other data management systems.

A

Cyber threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The three categories under cyber threats

A
  • Intentional threats
  • Unintentional threats
  • Natural threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

___ are the gaps or WEAKNESSES in a SYSTEM that MAKE threats possible and tempt threat actors to EXPLOIT them.

A

Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

___ is the POTENTIAL for LOSS, damage or destruction of assets or data caused by a cyber threat.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

___ is a process that magnifies the likelihood of a negative event, such as the exploit of a vulnerability.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

____ is a weakness in your infrastructure, networks or applications that potentially exposes you to threats

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

____ makes sure that only authorized personnel are given access or permission to modify data

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

___ helps maintain the trustworthiness of data by having it in the correct state and immune to any improper modifications

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

____ means that the authorized users should be able to access data whenever required

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Pros of the CIA triad

A
  • Simplicity
  • Balanced
  • Open-ended
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Cons of the CIA triad

A
  • Limited
  • Lack of specificity
  • Not holistic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Threat probability is multiplied by the POTENSIAL LOSS that may result, cyber security experts, refer to this as a ___

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Five common types of cyber attacks

A
  • DoS and DDoS
  • Malware
  • Man-in-the-middle (MITM)
  • Phishing
  • SQL Injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

OTHER type of cyber attacks

A
  • DNS Spoofing
  • Session Hijacking
  • Brute force
  • Dictionary attacks
  • URL Interpretation
  • File Inclusion attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
____ stands for "Malicious Software"
Malware
26
___ it is designed to gain access or be installed into the computer without the consent of the user
Malware
27
Types of Malware
- Adware - Spyware - Browser hijacking software - Virus - Worms - Trojan Horse - Scareware
28
It represents threats that are result of a harmful decision. For example computer crimes, or when someone purposely damages property or information. Computer crimes include espionage, identity theft, child pornography, and credit card crime.
Intentional threats
29
_____are acts performed without malicious intent that nevertheless represent a serious threat to information security. _____are often attributed to human error.
Unintentional threats
30
While acts of nature aren’t typically associated with cybersecurity, they are unpredictable and have the potential to damage your assets.
Natural threats
31
When AUTHENTICATION credentials are compromised, user sessions and identities can be hijacked by malicious actors to pose as the original user.
Broken Authentication
32
to gain access to database content via malicious code injection
SQL Injection
33
also injects malicious code into a website. targets website users
Cross-Site Scripting
34
to trick an authenticated user into performing an action that they DO NOT intend to do
Cross-Site Request Forgery
35
Any component of a security system that can be leveraged by attackers due to a configuration error can be considered a __________
Security Misconfiguration
36
Five most common examples of Security Vulnerabilities
- Broken Authentication - SQL Injection - Cross-Site Scripting - Cross-Site Request Forgery - Security Misconfiguration
37
is “an attack initiated from a computer against a website, computer system or individual computer ... that compromises the confidentiality, integrity or availability of the computer or information stored on it.
Cyber Attack
38
The seven layers of cyber security
- Mission Critical Assets - Data Layer - Application Layer - End Point Layer - Network Layer - Perimeter Layer - Human Layer
39
___is designed to stop your networks from working. They can’t pull the plug on your systems, so instead they bombard them with requests and data.
denial-of-service attack
40
Once inside your system, malware can do some or all of the following: Block access to key components of your network Covertly obtain information by transmitting data out of your network Disrupt components and render your system inoperable
Malware
41
___ occur when attackers insert themselves into a data transaction. Between you and your online bank, for example. Once the attacker interrupts the traffic, they can filter and steal data.
Man-in-the-middle (MitM) attacks
42
comes from the word “fishing” and deploys the same tactics. Using the right kind of bait, an unsuspecting target can be caught.
Phishing
43
An attacker can force a server to reveal information you would rather have safe by injecting queries using __________
Structured Query Language (SQL)
44
____ can go on for a lOng periOd of time without being detected and can cause serious security issues
DNS Spoofing
45
It is a security attack on a user SESSION over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data
Session Hijacking
46
It is a type of attack which uses a trial-and-error method. This attack generates a large number of guesses and validates them to obtain actual data like user passwords and personal identification numbers. This attack may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.
Brute force
47
This type of attack stored the LIST of a commonly used passwords and validated them to get original password
Dictionary attacks
48
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse.
URL Interpretation
49
It is a type of attack that allows an attacker to access unauthorized or ESSENTIAL files which is available on the web server or to execute malicious files on the web server by making use of the include functionality.
File Inclusion attacks
50
It is a special type of malware which is used for forced ADvertising.
Adware
51
It is a special type of which is installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine.
Spyware
52
There is some malicious software which are downloaded along with the free software offered over the internet and installed in the host computer without the knowledge of the user. This software modifies the browsers setting and redirect links to other unintentional sites.
Browser hijacking software
53
___ is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc.
Virus
54
They are a class of viruses which can REPLICATE themselves.
Worms
55
____is a malicious code that is installed in the HOST machine by pretending to be useful software. The user clicks on the link or download the file which pretends to be a useful file or software from legitimate source.
Trojan Horse
56
While surfing the Internet, suddenly a pop-up alert | appears in the screen which warns the presence of dangerous virus, spywares, etc.
Scareware
57
Operational cyber security risks arise from | Three types of actions
1. Inadvertent actions 2. Deliberate actions 3. Inaction actions
58
Three categories of motivation when deliberate
1. Political motivations 2. Economic motivations 3. Socio-cultural motivations
59
Categories of Attacks
- Active | - Passive
60
____are a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target
Active attacks
61
Types of Active attacks
- Masquerade - Session replay - Message modification
62
_____ are relatively scarce from a classification perspective, but can be carried out with relative ease, particularly if the traffic is not encrypted
Passive attacks
63
Types of PassivE aTtackS
- Eavesdropping (tapping) - Traffic analysis - Software Attacks
64
Decide which of the CIA | Alice and Bob are students. Alice copies Bob’s homework.
Confidentiality
65
Decide which of the CIA Alice and Bob play computer games. Right as Alice is about to slay Bob's character with a +10 spell, Bob yanks her Ethernet cable.
Availability
66
Decide which of the CIA Alice writes a private note in her diary and then locks it. Unfortunately, Bob finds the key and is able to open Alice's diary and read her private note.
Confidentiality
67
Decide which of the CIA Bob sends Alice a check for $10. She then adds a "0" to the amount so now Bob has sent Alice a check for $100.
Integrity
68
Decide which of the CIA Alice has online homework due at 2:00 PM and she is rushing to finish it. Right before she is about to submit, her power cuts out and Alice is no longer able to submit her homework by the due date.
Availability