Threats, Attack, And Vulnerabilities

Question 1

What is Prepending?

Answer 1

Prepending is when a domain name purposely has an extra character in the beginning.

Question 2

What is Identity Fraud?

Answer 2

Identity Fraud is when someone steals a person’s identity for financial gain or to gain information.

Question 3

What is an Invoice Scam?

Answer 3

An invoice scam is when an attacker sends an invoice to a company so they may receive money for a product they did not order.

Question 4

What is Credential Harvesting?

Answer 4

It is when an attacker uses an attack Vector (ex. DNS poisoning, MITM, Phishing, etc) to amass a large number of credentials (username/password)

Question 5

What is Reconnaissance?

Answer 5

Reconnaissance is when someone is covertly gathering information on a system.

Question 6

What is a Hoax?

Answer 6

A hoax is when an attacker tricks the user into believing something, so that they may gain information or allow an attacker to gain access to the system.

Question 7

Impersonation

Answer 7

Impersonation is the act of pretending to be someone else for either financial gain or jokes.

Question 8

Watering hole

Answer 8

A watering hole attack is an act of identifying a site that many employees from an organization visit and uses that and uses that site infects the employee’s devices with malware.

Question 9

Diagram

Answer 9

The diagram is a schematic representation of the structure, the way something works, or even a plan.

Question 10

Data Loss Prevention (DLP)

Answer 10

Data Loss Prevention is a solution that detects and prevents data breaches

Question 11

What is Masking?

Answer 11

Masking is using characters or numbers in place of sensitive data. This is to make it unreadable by anyone who is not authorized to view it.

Question 12

What is Encrypt?

Answer 12

Encrypt is the act of converting readable data into an encoded format. The only way to view it is through the process that decrypts the data.

Question 13

What is “At rest”?

Answer 13

Data at rest is data that has reached its destination and is not being accessed or used.

Question 14

What is “in Transit”?

Answer 14

Data in transit also known as data in motion is just data moving from one location to another.

Question 15

What is Tokenization?

Answer 15

Tokenization is the process of replacing a piece of sensitive data with surrogate values known as a token.

Question 16

What are Rights Management?

Answer 16

This is a term for control systems that allow rights owners to exert control over information immediately.

Question 17

What is Incident Response?

Answer 17

It is an organized way of addressing the aftermath of a security breach or cyberattack.

Question 18

What is TLS/SSL?

Answer 18

TLS/SSL verifies a website’s digital certificate is signed by an authority trusted by the client.

Question 19

What is Hashing?

Answer 19

Hashing is the process of transforming a key or a string of characters into another value.

Question 20

What are Hot sites?

Answer 20

Hot sites back up data in real-time and are quickly operable in any disaster.

Question 21

What are cold sites?

Answer 21

Cold site customer provides the hardware, the office space, and data storage which is a technical requirement

Question 22

What is a warm site?

Answer 22

Warm sites have network connectivity and the hardware pre-installed.

Question 23

What is a honeypot?

Answer 23

A honeypot is a security mechanism that lures attackers to a virtual trap. The virtual system is exploited by the attackers and is studied to find solutions for bettering the security policies.

Question 24

What is a honey file?

Answer 24

Honey files are used as bait for attackers when attackers access the files there is an alarm that is triggered.

Question 25

What is a honey net?

Answer 25

It is a network set up as a decoy on a server to lure in attackers.

Question 26

What is a DNS sinkhole?

Answer 26

A DNS sinkhole is a mechanism aimed at protecting users who attempt to connect to a malicious site by redirecting them to a controlled IP address.