Vocabulary 1

Question 1

Security framework

Answer 1

Guidelines used for building plans to help mitigate risks and threats to data and privacy

Question 2

Security controls

Answer 2

Safeguards designed to reduce specific security risks

Question 3

Network security

Answer 3

The process of ensuring that assets stored in the cloud are properly configured and access is limited to authorized users

Question 4

The cloud

Answer 4

A network made up of a collection of servers or computers, that stores resources and data in a remote, physical location known as data centers that can be accessed via the Internet

Question 5

Programming

Answer 5

A process that creates a specific set of instructions for a computer to execute tasks

Question 6

Phishing

Answer 6

The use of digital communications to trick people into revealing sensitive data

Question 7

Business email compromise (BEC)

Answer 7

A threat actor sent an email that seems to be from a known source to make a similar legitimate request of information

Question 8

Spear Phishing

Answer 8

Hey, malicious email attacked that targets a specific user or group of users

Question 9

Whaling

Answer 9

A form of spear phishing, targeting company executives

Question 10

Vishing

Answer 10

The exploitation of an electronic voice communication

Question 11

Smishing

Answer 11

The use of texts to trick users

Question 12

What does SMS stand for?

Answer 12

Short message service

Question 13

Virus

Answer 13

Code written to interfere with computer operations and caused damage to data and software

Question 14

Worms

Answer 14

Mower that can duplicate and spread itself across systems on its own

Question 15

What are the seven social engineering principles?

Answer 15

-Authority
-Intimidation
-Consensus/ social proof
-scarcity
-Familiarity
-Trust
-Urgency

Question 16

Watering hole attack

Answer 16

Attack on a website frequently visited by a specific group of people

Question 17

Physical social engineering

Answer 17

Impersonating an employee customer or vendor to gain authorized access to a physical location

Question 18

Social media phising

Answer 18

Collecting detailed information about the target from social media and initiating an attack

Question 19

Adversarial artificial intelligence

Answer 19

A technique that manipulates AI and ML to conduct attacks more efficiently

Question 20

Supply chain attack

Answer 20

Targets systems applications, hardware and software to locate a vulnerability where malware can be the point. Because the item goes through several third parties the bridge can occur at any point.

Question 21

Advanced persistent threat

Answer 21

They have significant expertise accessing an organizations network without authorization. They research in advance and can remain detected for an extended period of time

Question 22

What to two CISSP domains apply to adversity, artificial intelligence attacks?

Answer 22

• Communication and network security
  -Identity and access management

Question 23

What is three CISSP domains apply to a supply chain attack?

Answer 23

-security and risk management
-Security architecture and engineering
-Security operations

Question 24

Crypto attack

Answer 24

Affects secure forms of communication between center and intended recipient

Question 25

What domain do crypto attacks fall under?

Answer 25

Communication and network security

Question 26

What are the four components of security frameworks?

Answer 26

1) identifying and documenting security goals
2) setting guidelines to achieve security goals
3) implementing strong, security processes
4) monitoring and communicating results

Question 27

What are the three sides of the CIA triad?

Answer 27

-confidentiality
-integrity
-Availability

Question 28

What is the CIA triad?

Answer 28

Hey, foundational model that helps inform how organizations consider risk when setting up systems and security policies

Question 29

Confidentiality

Answer 29

Only authorized users can access specific assets or data

Question 30

Integrity

Answer 30

That is correct authentic and reliable

Question 31

Availability

Answer 31

Data is accessible to those who are authorized to access it

Question 32

What is the NIST cyber security framework? (CSF)

Answer 32

A voluntary framework that consists of standards guidelines and best practices to manage manage cyber security risk

Question 33

What does NIST stand for?

Answer 33

The national Institute of standards and technology

Question 34

The national Institute of standards and technology (NIST)

Answer 34

A US based agency that develops multiple voluntary compliance framework that organizations worldwide can use to help manage cyber security risk

Question 35

What does FERC-NERC STAND FOR?

Answer 35

The federal energy regulatory commission- north American electric reliability corporation

Question 36

The federal energy regulatory commission- North American, electric reliability corporation (FERC-NERC)

Answer 36

Irregular elation that applies to organizations that work with electricity or are involved with the US and north American power grid. These types of organizations have an obligation to prepare for mitigate and report any potential security incident that can negatively affect the power grid.

Question 37

What does CIP stand for?

Answer 37

Critical infrastructure protection

Question 38

Who is legally required to adhere to the critical infrastructure protection (CIP) standards defined by FERC?

Answer 38

Any organization involved with the US or north American power grid.

Question 39

What does FedRAMP stand for??

Answer 39

Federal risk and authorization management program

Question 40

What is the federal risk and authorization management program (FedRAMP)?

Answer 40

A US federal government program that standardizes security assessment, authorization monitoring and handling of cloud services and product offerings. Its purpose is to provide consistency under the government sector and third-party cloud providers.

Question 41

Center for Internet security (CIS)

Answer 41

A nonprofit of multiple areas of emphasis. It provides a certain amount of controls that can be used to safeguard systems and networks. Also provides actionable controls that security professionals may follow if a security incident occurs.

Question 42

General data protection regulation (GDPR)

Answer 42

European Union general data regulation that protects the processing of EU residence and their right to privacy in and out of EU territory.

Question 43

Payment card, industry, data security standard (PC IDSS)

Answer 43

An international security standard meant to ensure that we organization storing accepting processing and transmitting credit card information due so in a secure environment. The objective is to reduce credit card fraud.

Question 44

The health insurance portability, and accountability act (HIPPA)

Answer 44

A federal law established in 1996 to protect patient’s health information. This law prohibits patient information from being shared without consent.

Question 45

What does HIPAA stand for?

Answer 45

The health insurance portability, and accountability act

Question 46

Protected health information( PHI)

Answer 46

Includes past future and present health information, including plan of care and payment

Question 47

Health information trust alliance (HITRUST)

Answer 47

A security framework and assurance program that helps institutions meet HIPAA compliance

Question 48

International organization for standardization (ISO)

Answer 48

Create a two establish international standards related to technology manufacturing and management across borders. It helps organizations improve their processes, procedures for staff retention ,planning and waste services.

Question 49

Log

Answer 49

A record of events that occur within an organizations systems

Question 50

What does SIEM stand for?

Answer 50

Security information and event management

Question 51

SIEM Tool

Answer 51

An application that collects an analyzes log data to monitor critical activities in an organization

Question 52

Playbook

Answer 52

Emmanuel that provides details about any operational action

Question 53

A network protocol analyzer is also known as

Answer 53

A packet snipper

Question 54

Network protocol analyzer/ package snipper

Answer 54

A tool designed to capture and analyze data traffic within a network

Question 55

Chain of custody

Answer 55

The process of documenting evidence possession and control during an incident lifecycle

Question 56

Order of volatility

Answer 56

A sequence outlining the order of data that must be preserved from first to last

Question 57

What data does the order of volatility prioritize?

Answer 57

Volatile data, which may be lost if the device and question powers off

Question 58

How can you preserve data?

Answer 58

By making copies and conducting investigations using the copies

Question 59

How can you preserve data?

Answer 59

By making copies and conducting investigations using the copies

Question 60

What does SQL stand for?

Answer 60

Structured query language

Question 61

(SQL ) structured query language

Answer 61

A programming language used to create interact with and request information from database

Question 62

Python

Answer 62

Used to perform tasks that are repetitive and time-consuming and require a high level of detail and accuracy