Terms

Question 1

Cybersecurity (or security)

Answer 1

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Question 2

Personally identifiable information (PII)

Answer 2

Any information used to infer an individual’s identity

Question 3

Sensitive personally identifiable information (SPII

Answer 3

A specific type of PII that falls under stricter handling guidelines

Question 4

Threat actor

Answer 4

Any person or group who presents a security risk

Question 5

Compliance

Answer 5

Compliance is the process of adhering to internal standards and external regulations. It enables organizations to avoid fines and security breaches.

Question 6

Malware

Answer 6

A software designed to harm devices or networks

Question 7

Virus

Answer 7

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Question 8

Worm

Answer 8

Malware that self-replicates, spreading across the network and infecting computers

Question 9

Ransomware

Answer 9

A malicious attack during which threat actors encrypt an organization’s data and demand payment to restore access

Question 10

Spyware

Answer 10

Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data

Question 11

Phishing

Answer 11

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 12

Spear phishing

Answer 12

A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

Question 13

Whaling

Answer 13

A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

Question 14

Business email compromise (BEC)

Answer 14

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Question 15

Social media phishing

Answer 15

An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

Question 15

Social engineering

Answer 15

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data

Question 16

Watering hole attack

Answer 16

An attack in which a threat actor compromises a website frequently visited by a specific group of users

Question 17

Physical social engineering

Answer 17

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 18

USB baiting

Answer 18

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network

Question 19

Hacker

Answer 19

Any person who uses computers to gain access to computer systems, networks, or data

Question 20

Password attack

Answer 20

An attempt to access password-secured devices, systems, networks, or data

Question 21

Supply-chain attack

Answer 21

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Question 22

Security frameworks

Answer 22

Guidelines that are used for building plans to help mitigate risks and threats to data and privacy

Question 23

security controls

Answer 23

They are safeguards designed to reduce specific security risks

Question 24

Privacy protection

Answer 24

means safeguarding personal information from unauthorized use

Question 25

Laws

Answer 25

rules that are recognized by a community and enforced by a governing entity.

Question 26

National Institute of Standards and Technology (NIST) Cyber Security Framework
(CSF)

Answer 26

A voluntary framework that consists of standards, guidelines, and best
practices to manage cybersecurity risk

Question 27

Security information and event management (SIEM)

Answer 27

An application that collects
and analyzes log data to monitor critical activities in an organization