Vocab Drill

Question 1

App

Answer 1

Software that allows you to do specific tasks.

Question 2

Commuter

Answer 2

Someone who travels to work.

Question 3

Examples of apps

Answer 3

Tasks and activities like web browser, picture viewers, games.

Question 4

Applications

Answer 4

A type of software that allows a user to perform specific tasks and activities.

Question 5

Utilities

Answer 5

Applications designed to help analyze, configure, optimize, or maintain a computer. Unlike application software (which focuses on benefiting the user), utilities are used to support the computer.

Question 6

Operating System (OS)

Answer 6

Software that manages the computer hardware and software. It’s a system that sits between the applications and hardware. MS Windows is an example of an operating system.

Question 7

Platform

Answer 7

The environment in which a piece of software is executed. It may be the hardware, operating system, a web browser, or other underlying software. F.e. MS Windows is a platform for MS Word.

Question 8

Platform 2

Answer 8

Platform: Mac Computer. Game: software running on the Mac

Question 9

Feature

Answer 9

A distinctive characteristic of software or hardware. FE facial recognition is a feature of the Iphone X

Question 10

Plugin

Answer 10

component that adds a specific feature to software. also referred to as an extension. FE you can add a plugin to your web browser that allows you to change the theme colors.

Question 11

SaaS

Answer 11

Software licensed on a subscription basis. The software is stored centrally on a server. Itś sometimes referred to as ‘on demand’ software FE Google Apps are SaaS

Question 12

API (Application program interface)

Answer 12

A set of clearly defined methods of communication between software

Question 13

Console

Answer 13

User interface that manages and controls software and/or hardware. KB4 customers access our products through a console.

Question 14

Dashboard

Answer 14

At-a-glance views of key info, relevant to a particular goal or business objective. The’re often displayed as charts and/of other geographical images on a web page. KB4 dashboards to display sales on monitors placed around the company.

Question 15

Server

Answer 15

Computer or program that manages access to centralized resources. FE a file server would store and manage all the user files for a group of computers and users.

Question 16

Domain

Answer 16

Short for ‘domain name’, a unique name that identifies a website.

Question 17

Directory

Answer 17

1 like physical folders, a directory organizaes files or data on a hard drive or in a program. Directories can contain other directories, which are then called sub-directories.
2 Software that stores all resources on a netwerk. FE users, groups, permissions, devices and management policies. A directory is also called a directory service.

Question 18

AD Active Directory

Answer 18

A directory service developed by MS for use on MS OS’s. If you were in charge of all the users and computers on a network that are using a MS server, you would use AD to set up users, their passwords and what devices they could access.

Question 19

Protocol

Answer 19

A specific set of communication rules between computers.

Question 20

HTTP (Hypertext Transfer Protocol)

Answer 20

One of the protocols used to transfer information (like a webpage) over the Internet.

Question 21

HTTPS (Hypertext Transfer Protocol Secure)

Answer 21

The same as HTTP but secure. This protocol secures the data by changing it to special code that requires special translation. If you were inputting credit card data on a website, you would want that data to transmit securely, using HTTPS.

Question 22

White Paper

Answer 22

A report that describes how a technology of product solves a problem. It’s a marketing and technical document that doesn’t go too far in either direction.

Question 23

Whitelist

Answer 23

A list of trusted email adresses, domains and/or internet adressed that are permitted to pass through a system or filter.

Question 24

Phishing is…

Answer 24

the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. It’s done by masquerading as a trustworthy entity on bulk email , which tries to evade spam filters. Emails claiming to be from popular social websites, bank, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

Question 25

Spear phishing

Answer 25

A small, focused, targeted phishing attack on a specific person of organization, with the goal to penetrate their defenses. The attack is done after research has been done on the target, and has a specific personalized component designed to make the target do something against his or her own interest.

Question 26

Phishing attack surface

Answer 26

The quantity of emails exposed on the internet. The more email addresses exposed, the bigger the attack footprint is and the higher the risk for phishing attacks

Question 27

Phish-prone Precentage

Answer 27

A term coined by KB4 that indicates the percentage of employees that are prone to click on phishing links. (The customer starts with a baseline ((a starting point used for comparison)) percentage, which is the percentage of users who click on phishing links before being trained. Once trained, the test is done again 12 months later, to see the improvement.

Question 28

Social engineering

Answer 28

The act of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery of deception for the purpose of information gathering, fraud, computer system access.

Question 29

CEO Fraud

Answer 29

A spear phishing attack that targets high-risk users -people in Accounting, HR, of executive assistants- in which the hacker claims to be the CEO (of another executive) and urges an employee to do something that would not be authorized by the legitimate sender.

Question 30

Vishing (voice phishing)

Answer 30

A phising attack conducted by phone. Is the phone equivalent of a phishing attack. 2 forms of this: human and automated. Scam artist pretends to be a representative.

Question 31

Smishing

Answer 31

Phishing conducted via Short Message Service (SMS), a telephone-based test messaging service.

Question 32

Email spoofing

Answer 32

Spoofing (tricking or deceiving) computer systems or ther computer users. Involves sending messages from a bogus email address of faking the email address of another user. Spoofing is a common tactic in CEO Fraud attacks.

Question 33

Botnet

Answer 33

Short for ‘robot network’, it is a collection of software robots of ‘bots’ that live on infected computers and are controlled by bad guys. Botnets do many bad things like spew out spam, attack other computers, or send back confidential data to the botnet controller.

Question 34

Keylogger

Answer 34

Malware of hardware that observes what someone types on their keyboard, which is then sent back to the bad guys.

Question 35

Bitcoin

Answer 35

Digital currency in which encryption (the process of converting information or data into a code) techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Question 36

Money mule

Answer 36

person recruited by a criminal of criminal organization to quickly receive and turnaround funds involved in scams. The person is often unaware of their role in the criminal act.

Question 37

Trojan

Answer 37

Malicious software that seems to perform a desirable function for the user but instead facilitates unauthorized access to the user’s computer system. Example: email with news that installs software to slow the computer down and any other computers it connects with.

Question 38

Worm

Answer 38

A self-replicating computer program. it sends copies of itself to other computers, and may do so without any user intervention. Unlike a virus, it doesn’t need to attach itself to an existing file. Worms almost always cause at least some harm to the network. FE email love letter when opened changes files on a computer and sends itself to all email adresses in user’s contact list.

Question 39

Virus

Answer 39

Malicious computer program that infects a file. The wordk is incorrectly used as an umbrella term for many flavors of viruses, worms and trojans. Can only spread when its host is sent to the target computer.

Question 40

Malware

Answer 40

Short for malicious software. an umbrella term for various types of viruses, worms and trojans.

Question 41

Ransomware

Answer 41

Vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Also known as cryptoware.

Question 42

Rootkit

Answer 42

Malicious code that loads into the early loading stages of a computer. The codes hides itself from the OS and other applications that load in the later stages, like antivirus and system utilities. Giving full access to alter the system.

Question 43

Data breach

Answer 43

Intentional or unintentional release of secure information to an untrusted environment. Information disclosure, data leak, data spill.

Question 44

DoS attack

Answer 44

Denial-of-service attack: attackers seek to make a computer or network unavailable to its intended user(s) by temporarily or indefinitely disrupting service. Done by flooding the system with service requests. When it comes from multiple sources, it is called DDoS (distributed denial-of-service). Analogy”people crowding the entryway of store making it hard to enter.

Question 45

Security vulnerability

Answer 45

Weakness on a network, computer, or software which allows the bad guys to gain access. It has 3 elements: a flaw, access to the flaw, capability to exploit that flaw. FE computer with outdated security updates, so you can easily bypass the plogin password.

Question 46

Exploit

Answer 46

Software or code -usually malicious- that takes advantage of a flaw or vulnerability. The purpose is to cause unintended or unanticipated behavior to occur with the software or hardware.

Question 47

Zero-day

Answer 47

The name of a vulnerabilty UNKNOWN to those who would be interested in securing it, which includes the software vendor or user (good guys). The BGs use these vulnerabilties to launch an attack. Why is it called this way? because it was discovered before the GGs could fix it. And the GGs had no warning (they had zero-days to do something about it.

Question 48

Zero-day exploit

Answer 48

AKA zero-day attack, an exploit that takes advantage of a zero-day vulnerability on its first day of release, before the vendor knows about it.

Question 49

Advanced persistent threat

Answer 49

AKA APT, is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The BGs goal is to go undetected and steal data, rather than cause damage to the netwrok or organization

Question 50

Tailgating

Answer 50

AKA piggybacking, tailgating is a method used by BGs to gain access to a building or other protected areas. To follow right behind after a authorized user opened and passed through a secure entry.

Question 51

Firewall

Answer 51

HW or SW designed to block unauthorized network access while permitting authorized communications.

Question 52

Cloud Computing

Answer 52

The practice of using remote servers in the Internet to store, manage, process data, rather than a local server or a pc. Cloud servers get all the latest software and securiy updates, making them less vulnarable to attack

Question 53

Security awareness training (SAT)

Answer 53

Any training that raises the awareness of a user to potential threats and how to avoid them. Goal is to get users to make smarter security decisions and help theri organization manage the ongoing problem of social engineering. User = last line of defense by the BGs.

Question 54

Kevin Mitnick

Answer 54

Mid-ninties the worlds most wanted hacker. Today the Worlds most famous hacker. A very succesfull Fortune 500 security consultant. part owner and CHO of KB4. Based on his 30 year+ first-hand experience for KMSAT. His experience.

Question 55

LMS

Answer 55

System for administraing, documentation, tracking, reporting and delivery of e-learning education courses or training programs = Bridge.

Question 56

ROI

Answer 56

Measusres the amount of return of an investment relative to the investorś cost. In IT SEC ROI is ‘reduction of risk’ not as a concrete financial gain. Without proper security awarenes training a company can experience a loss of reputation, productivity, and revenue.

Question 57

Risk for a company

Answer 57

Without proper security awarenes training a company can experience a loss of reputation, productivity, and revenue.

Question 58

Shareable Content Object Reference Model (SCORM)

Answer 58

Technical standard that governs how online content and LMS communicate with each other. Our customer access our security training thourgh an LMS. those modules are following the SCORM standard.