Security Concepts Flashcards

Threat types

1
Q

What is a virus(es)?

A

Malware that replicates by modifying other programs with its own code. Can harm system functionality or corrupt/delete data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a worm(s)?

A

Self-replicating malware spreading across networks without human intervention. Exploits vulnerabilities in operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are trojans?

A

Malicious programs disguised as legitimate software. They perform destructive actions or create backdoors for malicious access once executed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is spyware?

A

Software that covertly gathers user information through the user’s Internet connection without their knowledge, often for advertising purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ransomware?

A

Malware that encrypts user data and demands payment for the decryption key. Payment does not guarantee recovery of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Phishing?

A

A form of cyberattack where a deceptive email is used to trick the recipient into believing it contains information they want or need, leading to the theft of personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are rootkits?

A

A set of software tools that enable unauthorized access to a computer, often hiding the existence of other malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is adware?

A

Unwanted software designed to show advertisements on your screen, often within a web browser. While not always malicious, it can undermine security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Man-in-the-Middle (MitM) Attacks?

A

Occurs when attackers intercept communication between two parties to steal data. Common in unsecured Wi-Fi networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are DDoS Attacks?

A

An attempt to make an online service or network unavailable by overwhelming it with traffic from multiple sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Zero-Day Exploits?

A

Attacks that occur when vulnerabilities are targeted before developers have had the chance to address them. “Zero-day” refers to the amount of time developers have known about it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the CIA Triad?

A

An essential concept in cybersecurity, forms the foundation for designing and implementing security measures. It comprises three core principles: Confidentiality, Integrity, and Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does confidentiality mean in the CIA Triad?

A

It is concerned with ensuring that the right people have access to secure information and that the wrong people do not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does Integrity mean in the CIA Triad?

A

Ensuring that information or data has not been changed or corrupted. Maintaining data integrity means that you can rely on the data as a source of truth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does availability mean in the CIA Triad?

A

It is focused on maintaining access to information or data for any user who is authorized to access it. While it may sound basic, ensuring 24/7 availability worldwide for all authorized users can become challenging rapidly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does authentication mean in The AAA Model?

A

It’s the process of requiring you to prove you are who you say you are before allowing you to access some resource.

17
Q

What does authorization mean in The AAA Model?

A

It is the provisioning of the correct level of access based on the user requesting access.

18
Q

What does accounting mean in The AAA Model?

A

Also sometimes referred to as Auditing, is the third A in the model. As the name implies, accounting in cybersecurity requires keeping track of three things:
1) What the users are accessing.
2) When they are accessing this information.
3) A full accounting of everything the user does.

19
Q

What is the purpose of a Gap Analysis?

A

It provides an overview of your current security operations and points out weaknesses when compared to industry standards. A gap analysis serves as a valuable tool in various fields, including business, project management, and cybersecurity.

20
Q

What is NIST CSF?

A

“National Institute of Standards and Technology Cybersecurity Framework,” which is a set of voluntary guidelines and best practices created by the U.S. government to help organizations manage and reduce their cybersecurity risks by providing a structured approach to identify, assess, and mitigate cyber threats; essentially acting as a roadmap for improving cybersecurity posture across an organization.

21
Q

What is ISO 27001?

A

An international standard intended for an Information Security Management System (ISMS). It provides a framework and guidelines for organizations to establish, implement, maintain, and continually improve their information security practices.

22
Q

What are the five core NIST CSF functions?

A

Identify, Protect, Detect, Respond, Recover