Unit 9

Question 1

This is the protection of computer systems and information from harm, theft, and unauthorized use.

Answer 1

Computer Security

Question 2

This is the act of protecting yourself and others from attacks that are carried out primarily with computers.

Answer 2

Cybersecurity

Question 3

This is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.

Answer 3

Network Security

Question 4

This focuses on keeping software and devices free of threats.

Answer 4

Application security

Question 5

This protects the integrity and privacy of data, both in storage and in transit.

Answer 5

Information security

Question 6

This includes the processes and decisions for handling and protecting data assets.

Answer 6

Operational Security

Question 7

This define how an organization responds to a cybersecurity incident.

Answer 7

Disaster recovery and business continuity

Question 8

These policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event.

Answer 8

Disaster recovery policies

Question 9

This is the plan for when the organization falls back on while trying to operate without certain resources.

Answer 9

Business continuity

Question 10

This addresses the most unpredictable cyber-security factor: people.

Answer 10

End-user education

Question 11

What are the main principles of information security?

Answer 11

Confidentiality
Integrity
Availability

Question 14

This means that data should only be able to be seen by the people in the organization that need to see it in order to do their jobs.

Answer 14

Confidentiality

Question 15

This is protecting information from being modified by unauthorized parties. It involves maintaining the accuracy, consistency and trustworthiness of data by implementing security measures.

Answer 15

Integrity

Question 16

This is protecting information from being modified by unauthorized parties.

Answer 16

Availability

Question 16

This is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Answer 16

Firewall

Question 16

This is a person who breaks into a computer system.

Answer 16

Hacker

Question 17

This is anything that can compromise the confidentiality, integrity, or availability of an information system.

Answer 17

Threat

Question 18

This is any weakness in the information technology (IT) infrastructure that hackers can exploit to gain unauthorized access to data.

Answer 18

Vulnerability

Question 19

This refers to malicious software

Answer 19

Malware

Question 20

This is the practice of sending fake emails or messages that appear to come from a trustworthy source

Answer 20

Phishing

Question 21

This is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key.

Answer 21

Ransomware

Question 22

These are attacks that overload a website or online service with traffic, making it inaccessible to users.

Answer 22

Distributed Denial of Service (DDoS) attacks

Question 23

These are threats by current or former employees, business partners, contractors, or anyone who has had access to any systems or networks in the past can be considered an insider threat if they abuse their access permissions.

Answer 23

Insider threats

Question 24

This is an eavesdropping attack, where a hacker/intruder intercepts and relays messages between two parties in order to steal data.

Answer 24

Man-in-the-middle attack

Question 24

Here, an intruder or group of intruders sneak into a system and remain undetected for an extended period.

Answer 24

Advanced persistent threats (APTs)

Question 25

This involves manipulating people into divulging confidential information that compromise security.

Answer 25

Social Engineering

Question 26

This is designed to trick users into revealing sensitive information as they appear to be legitimate sources

Answer 26

Phishing

Question 26

This is a method used to record the keystrokes made by a user on a computer or mobile device.

Answer 26

Key Logging

Question 27

This is also known as packet sniffing or network sniffing. This is the practice of intercepting and analyzing data packets transmitted over a wireless network.

Answer 27

Wireless Sniffing

Question 30

This is a straightforward method to crack passwords by trying every possible combination until the correct one is found.

Answer 30

Brute Force Guessing

Question 30

This is a a type of password cracking by trying all the words in a predefined list known as a “dictionary”

Answer 30

Dictionary Attacks

Question 31

This is also known as challenge questions or Knowledge-based authentication that verifies a user's identity by asking questions to recover the user's password.

Answer 31

Security questions

Question 32

This is the act of secretly listening to private conversations.

Answer 32

Eavesdropping

Question 33

This is a deceptive practice where which an attacker falsifies information or identity to impersonate someone or something else.

Answer 33

Spoofing

Question 34

These are files or documents sent with the intent to compromise the security of the recipient’s computer, steal information, or deliver malware.

Answer 34

malicious Email Attachments

Question 35

This is designed to replicate itself and infect other computer programs, files, or systems.

Answer 35

Virus

Question 36

This can self-replicate and spread independently, typically without user interaction.

Answer 36

Worms

Question 37

This disguises itself as a legitimate or benign program to deceive users into executing it. These rely on social engineering and user interaction to spread.

Answer 37

Trojan Horses

Question 38

These are software applications or scripts designed to perform automated tasks. Used for both legitimate and malicious activities.

Answer 38

Bots

Question 39

This is short for advertising-supported software

Answer 39

Adware

Question 40

This is a type of malware that collects information about the user’s activities without their consent.

Answer 40

Spyware

Question 41

This is a type of malware that encrypts a victim’s files or entire system, rendering them inaccessible.

Answer 41

Ransomware

Question 42

This is a type of malware that provides unauthorized access and control over a computer system or network.

Answer 42

Backdoor

Question 43

This is short for robot network, is a collection of internet-connected devices or computers that are compromised by malicious software enrolled by a single entity.

Answer 43

Botnet

Question 44

This is a subset of cybersecurity that specifically focuses on protecting the confidentiality, integrity, and availability of sensitive information and data. It involves the application of policies and procedures to ensure that data remains secure.

Answer 44

Information Security