Assets, Threats, and Vulnerabilities

Question 1

What are Access Controls?

Answer 1

Security controls that manage access, authorization, and accountability of information

Question 2

What is Adware?

Answer 2

A type of legitimate software that is sometimes used to display digital advertisements in applications

Question 3

What is APT?

Answer 3

Advanced Persistent Threat - An instance when a threat actor maintains unauthorized access to a system for an extended period of time

Question 4

What is Algorithm?

Answer 4

A set of rules used to solve a problem

Question 5

What is Angler Phising?

Answer 5

A technique where attackers impersonate customer service representatives on social media

Question 6

What is a API token?

Answer 6

Application Programming Interface -A small block of encrypted code that contains information about a user

Question 7

What is an Asset?

Answer 7

An item perceived as having value to an organization

Question 8

What is Asset Classification?

Answer 8

The practice of labeling assets based on sensitivity and importance to an organization

Question 9

What is Asset Inventory?

Answer 9

A catalog of assets that need to be protected

Question 10

What is Asset Management?

Answer 10

The process of tracking assets and the risks that affect them

Question 11

What is Asymmetric Encryption?

Answer 11

The use of a public and private key pair for encryption and decryption of data

Question 12

What is a Attack Surface?

Answer 12

The characteristics and features of the areas where an attack can come from

Question 13

What is a Attack Tree?

Answer 13

A diagram that maps threats to assets

Question 14

What is a Attack Vector?

Answer 14

The pathways attackers use to penetrate security defenses

Question 15

What is Baiting?

Answer 15

A social engineering tactic that tempts people into compromising their security

Question 16

What is Basic Auth?

Answer 16

The technology used to establish a user’s request to access a server

Question 17

What is a Bit?

Answer 17

The smallest unit of data measurement on a computer

Question 18

What is Botnet

Answer 18

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder”

Question 19

What is a Brute Force Attack?

Answer 19

The trial and error process of discovering private information

Question 20

What is a Bug Bounty?

Answer 20

Programs that encourage freelance hackers to find and report vulnerabilities

Question 21

What is a Cypher?

Answer 21

An algorithm that encrypts information

Question 22

What is a CVE list?

Answer 22

An openly accessible dictionary of known vulnerabilities and exposures

Question 23

What is CVSS?

Answer 23

A measurement system that scores the severity of a vulnerability

Question 24

What is Compliance?

Answer 24

The process of adhering to internal standards and external regulations

Question 25

What is XSS?

Answer 25

An injection attack that inserts code into a vulnerable website or web application

Question 26

What is Cryptojacking?

Answer 26

A form of malware that installs software to illegally mine cryptocurrencies

Question 27

What is a Cryptographic Key?

Answer 27

A mechanism that decrypts ciphertext

Question 28

What us Cryptography?

Answer 28

The process of transforming information into a form that unintended readers can’t understand

Question 29

What is the CNA?

Answer 29

An organization that volunteers to analyze and distribute information on eligible CVEs

Question 30

What is Data?

Answer 30

Information that is translated, processed, or stored by a computer

Question 31

What is Data at Rest?

Answer 31

Data not currently being accessed

Question 32

What is Data in Transit?

Answer 32

Data traveling from one point to another

Question 33

What is Data in Use?

Answer 33

Data being accessed by one or more users

Question 34

What is a Data Custodian?

Answer 34

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Question 35

What is a Data Owner?

Answer 35

The person that decides who can access, edit, use, or destroy their information

Question 36

What is Defense in Depth?

Answer 36

A layered approach to vulnerability management that reduces risk

Question 37

What is a DOM-based XSS Attack?

Answer 37

An instance when malicious script exists in the webpage a browser loads

Question 38

What is a Digital Certificate?

Answer 38

A file that verifies the identity of a public key holder

Question 39

What is a Dropper?

Answer 39

A type of malware that comes packed with malicious code which is delivered and installed onto a target system

Question 40

What is Encryption?

Answer 40

The process of converting data from a readable format to an encoded format

Question 41

What is a Exploit?

Answer 41

A way of taking advantage of a vulnerability

Question 42

What is Exposure?

Answer 42

A mistake that can be exploited by a threat

Question 43

What is Fileless Malware?

Answer 43

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

Question 44

What is a Hacker?

Answer 44

Any person who uses computers to gain access to computer systems, networks, or data

Question 45

What is Hash Collision?

Answer 45

An instance when different inputs produce the same hash value

Question 46

What is a Hash Function?

Answer 46

An algorithm that produces a code that can’t be decrypted

Question 47

What is a Hash Function?

Answer 47

A data structure that's used to store and reference hash values

Question 48

What is IAM?

Answer 48

Identity and Access Management - A collection of processes and technologies that helps organizations manage digital identities in their environment

Question 49

What is Information Privacy?

Answer 49

The protection of unauthorized access and distribution of data

Question 50

What is InfoSec?

Answer 50

Information Security - The practice of keeping data in all states away from unauthorized users

Question 51

What is a Injection Attack?

Answer 51

Malicious code inserted into a vulnerable application

Question 52

What is a Input Validation?

Answer 52

Programming that validates inputs from users and other programs

Question 53

What is IDS?

Answer 53

Intrusion Detection System - An application that monitors system activity and alerts on possible intrusions

Question 54

What is a Loader?

Answer 54

A type of malware that downloads strains of malicious code from an external source and installs them onto a target system

Question 55

What is Malware?

Answer 55

Software designed to harm devices or networks

Question 56

What is MITRE?

Answer 56

A collection of non-profit research and development centers

Question 57

What is MFA?

Answer 57

Multi-Factor Authentication - A technology that requires at least two distinct forms of identification

Question 58

What is the NIST CSF?

Answer 58

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 59

What is Non-Repudiation?

Answer 59

The concept that the authenticity of information can’t be denied

Question 60

What is OAuth?

Answer 60

An open-standard authorization protocol that shares designated access between applications

Question 61

What is PASTA?

Answer 61

Process of Simulation and Threat Analysis - A popular threat modeling framework that’s used across many industries

Question 62

What are PCI DSS?

Answer 62

Payment Card Data Security Standards - A set of security standards formed by major organizations in the financial industry

Question 63

What is a Phishing Kit?

Answer 63

A collection of software tools needed to launch a phishing campaign

Question 64

What is PUA?

Answer 64

Potentially Unwanted Application - A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

Question 65

What is a Prepared Statement?

Answer 65

A coding technique that executes SQL statements before passing them onto the database

Question 66

What is a Principle of Least Privilege?

Answer 66

The concept of granting only the minimal access and authorization required to complete a task or function

Question 66

What are Procedures?

Answer 66

Step-by-step instructions to perform a specific security task

Question 67

What is PHI?

Answer 67

Protected Health Information - Information that relates to the past, present, or future physical or mental health or condition of an individual

Question 68

What is PKI?

Answer 68

Public Key Infrastructure - An an encryption framework that secures the exchange of online information

Question 69

What is Quid Pro Quo?

Answer 69

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

Question 70

What is a Rainbow Table?

Answer 70

A file of pre-generated hash values and their associated plaintext

Question 71

What is Ransomeware?

Answer 71

Type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access

Question 72

What are Regulations?

Answer 72

Rules set by a government or other authority to control the way something is done

Question 73

What is a Reflected XSS attack?

Answer 73

An instance when malicious script is sent to a server and activated during the server’s response

Question 74

What is Risk?

Answer 74

Anything that can impact confidentiality, integrity, or availability of an asset

Question 75

What is a Rootkit?

Answer 75

Malware that provides remote, administrative access to a computer

Question 76

What is Salting?

Answer 76

An additional safeguard that’s used to strengthen hash functions

Question 77

What is Scareware?

Answer 77

Malware that employs tactics to frighten users into infecting their device

Question 78

What is a Security Assessment?

Answer 78

A check to determined how resilient current security implementations against threats

Question 79

What is a Security Audit?

Answer 79

A review of an organization's security controls, policies, and procedures against a set of expectations

Question 80

What are Security Controls?

Answer 80

Safeguards designed to reduce specific security risks

Question 81

What is Security Hardening?

Answer 81

The process of strengthening a system to reduce its vulnerability and attack surface

Question 82

What is Separation of Duties?

Answer 82

The principle that users should not be given levels of authorization that would allow them to misuse a system

Question 83

What is a session?

Answer 83

A sequence of network HTTP basic auth requests and responses associated with the same user

Question 84

What is a Session Cookie?

Answer 84

A token that websites use to validate a session and determine how long that session should last

Question 85

What is Session Hijacking?

Answer 85

An event when attackers obtain a legitimate user’s session ID

Question 86

What is a Session ID?

Answer 86

A unique token that identifies a user and their device while accessing a system

Question 87

What is SSO?

Answer 87

Single Sign-on - A technology that combines several different logins into one

Question 88

What is Smishing?

Answer 88

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

Question 89

What is Spyware?

Answer 89

Malware that’s used to gather and sell information without consent

Question 90

What is a SQL Injection?

Answer 90

An attack that executes unexpected queries on a database

Question 91

What are Standards?

Answer 91

References that inform how to set policies

Question 92

What are Stored XSS Attacks?

Answer 92

An instance when a malicious script is injected directly on the server

Question 93

What us Symmetric Encryption?

Answer 93

The use of a single secret key to exchange information

Question 94

What is Tailgating?

Answer 94

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

Question 95

What is Threat Modeling?

Answer 95

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

Question 96

What is a Trojan Horse?

Answer 96

Malware that looks like a legitimate file or program

Question 97

What is User Provisioning?

Answer 97

The process of creating and maintaining a user's digital identity