Vocabulary 1 Flashcards

1
Q

Security framework

A

Guidelines used for building plans to help mitigate risks and threats to data and privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security controls

A

Safeguards designed to reduce specific security risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network security

A

The process of ensuring that assets stored in the cloud are properly configured and access is limited to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The cloud

A

A network made up of a collection of servers or computers, that stores resources and data in a remote, physical location known as data centers that can be accessed via the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Programming

A

A process that creates a specific set of instructions for a computer to execute tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Phishing

A

The use of digital communications to trick people into revealing sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Business email compromise (BEC)

A

A threat actor sent an email that seems to be from a known source to make a similar legitimate request of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Spear Phishing

A

Hey, malicious email attacked that targets a specific user or group of users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whaling

A

A form of spear phishing, targeting company executives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vishing

A

The exploitation of an electronic voice communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Smishing

A

The use of texts to trick users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does SMS stand for?

A

Short message service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virus

A

Code written to interfere with computer operations and caused damage to data and software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Worms

A

Mower that can duplicate and spread itself across systems on its own

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the seven social engineering principles?

A

-Authority
-Intimidation
-Consensus/ social proof
-scarcity
-Familiarity
-Trust
-Urgency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Watering hole attack

A

Attack on a website frequently visited by a specific group of people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Physical social engineering

A

Impersonating an employee customer or vendor to gain authorized access to a physical location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Social media phising

A

Collecting detailed information about the target from social media and initiating an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Adversarial artificial intelligence

A

A technique that manipulates AI and ML to conduct attacks more efficiently

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Supply chain attack

A

Targets systems applications, hardware and software to locate a vulnerability where malware can be the point. Because the item goes through several third parties the bridge can occur at any point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Advanced persistent threat

A

They have significant expertise accessing an organizations network without authorization. They research in advance and can remain detected for an extended period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What to two CISSP domains apply to adversity, artificial intelligence attacks?

A
  • Communication and network security
    -Identity and access management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is three CISSP domains apply to a supply chain attack?

A

-security and risk management
-Security architecture and engineering
-Security operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Crypto attack

A

Affects secure forms of communication between center and intended recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What domain do crypto attacks fall under?

A

Communication and network security

26
Q

What are the four components of security frameworks?

A

1) identifying and documenting security goals
2) setting guidelines to achieve security goals
3) implementing strong, security processes
4) monitoring and communicating results

27
Q

What are the three sides of the CIA triad?

A

-confidentiality
-integrity
-Availability

28
Q

What is the CIA triad?

A

Hey, foundational model that helps inform how organizations consider risk when setting up systems and security policies

29
Q

Confidentiality

A

Only authorized users can access specific assets or data

30
Q

Integrity

A

That is correct authentic and reliable

31
Q

Availability

A

Data is accessible to those who are authorized to access it

32
Q

What is the NIST cyber security framework? (CSF)

A

A voluntary framework that consists of standards guidelines and best practices to manage manage cyber security risk

33
Q

What does NIST stand for?

A

The national Institute of standards and technology

34
Q

The national Institute of standards and technology (NIST)

A

A US based agency that develops multiple voluntary compliance framework that organizations worldwide can use to help manage cyber security risk

35
Q

What does FERC-NERC STAND FOR?

A

The federal energy regulatory commission- north American electric reliability corporation

36
Q

The federal energy regulatory commission- North American, electric reliability corporation (FERC-NERC)

A

Irregular elation that applies to organizations that work with electricity or are involved with the US and north American power grid. These types of organizations have an obligation to prepare for mitigate and report any potential security incident that can negatively affect the power grid.

37
Q

What does CIP stand for?

A

Critical infrastructure protection

38
Q

Who is legally required to adhere to the critical infrastructure protection (CIP) standards defined by FERC?

A

Any organization involved with the US or north American power grid.

39
Q

What does FedRAMP stand for??

A

Federal risk and authorization management program

40
Q

What is the federal risk and authorization management program (FedRAMP)?

A

A US federal government program that standardizes security assessment, authorization monitoring and handling of cloud services and product offerings. Its purpose is to provide consistency under the government sector and third-party cloud providers.

41
Q

Center for Internet security (CIS)

A

A nonprofit of multiple areas of emphasis. It provides a certain amount of controls that can be used to safeguard systems and networks. Also provides actionable controls that security professionals may follow if a security incident occurs.

42
Q

General data protection regulation (GDPR)

A

European Union general data regulation that protects the processing of EU residence and their right to privacy in and out of EU territory.

43
Q

Payment card, industry, data security standard (PC IDSS)

A

An international security standard meant to ensure that we organization storing accepting processing and transmitting credit card information due so in a secure environment. The objective is to reduce credit card fraud.

44
Q

The health insurance portability, and accountability act (HIPPA)

A

A federal law established in 1996 to protect patient’s health information. This law prohibits patient information from being shared without consent.

45
Q

What does HIPAA stand for?

A

The health insurance portability, and accountability act

46
Q

Protected health information( PHI)

A

Includes past future and present health information, including plan of care and payment

47
Q

Health information trust alliance (HITRUST)

A

A security framework and assurance program that helps institutions meet HIPAA compliance

48
Q

International organization for standardization (ISO)

A

Create a two establish international standards related to technology manufacturing and management across borders. It helps organizations improve their processes, procedures for staff retention ,planning and waste services.

49
Q

Log

A

A record of events that occur within an organizations systems

50
Q

What does SIEM stand for?

A

Security information and event management

51
Q

SIEM Tool

A

An application that collects an analyzes log data to monitor critical activities in an organization

52
Q

Playbook

A

Emmanuel that provides details about any operational action

53
Q

A network protocol analyzer is also known as

A

A packet snipper

54
Q

Network protocol analyzer/ package snipper

A

A tool designed to capture and analyze data traffic within a network

55
Q

Chain of custody

A

The process of documenting evidence possession and control during an incident lifecycle

56
Q

Order of volatility

A

A sequence outlining the order of data that must be preserved from first to last

57
Q

What data does the order of volatility prioritize?

A

Volatile data, which may be lost if the device and question powers off

58
Q

How can you preserve data?

A

By making copies and conducting investigations using the copies

59
Q

How can you preserve data?

A

By making copies and conducting investigations using the copies

60
Q

What does SQL stand for?

A

Structured query language

61
Q

(SQL ) structured query language

A

A programming language used to create interact with and request information from database

62
Q

Python

A

Used to perform tasks that are repetitive and time-consuming and require a high level of detail and accuracy