Course 001 Glossary

Question 1

Adversarial artificial intelligence

Answer 1

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Question 2

Antivirus software

Answer 2

A software program used to prevent, detect, and eliminate malware and viruses

Question 3

Asset

Answer 3

An item perceived as having value to an organization

Question 4

Availability

Answer 4

The idea that data is accessible to those who are authorized to access it

Question 5

Business Email Compromise (BEC)

Answer 5

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Question 6

Compliance

Answer 6

The process of adhering to internal standards and external regulations

Question 7

Cloud security

Answer 7

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 8

Computer virus

Answer 8

Malicious code written to interfere with computer operations and cause damage to data and software

Question 9

Confidentiality, integrity, availability (CIA) triad

Answer 9

A model that helps inform how organizations consider risk when setting up systems and security policies

Question 10

Confidentiality

Answer 10

Only authorized users can access specific assets or data

Question 11

Cryptographic attack

Answer 11

An attack that affects secure forms of communication between a sender and intended recipient

Question 12

Cybersecurity (or security)

Answer 12

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Question 13

Database

Answer 13

An organized collection of information or data

Question 14

Data point

Answer 14

A specific piece of information

Question 15

Hacker

Answer 15

Any person who uses computers to gain access to computer systems, networks, or data

Question 16

Hacktivist

Answer 16

A person who uses hacking to achieve a political goal

Question 17

Health Insurance Portability and Accountability Act (HIPAA)

Answer 17

A U.S. federal law established to protect patients’ health information

Question 18

Integrity

Answer 18

The idea that the data is correct, authentic, and reliable

Question 19

Internal threat

Answer 19

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 20

Intrusion detection system (IDS)

Answer 20

An application that monitors system activity and alerts on possible intrusions

Question 21

Linux

Answer 21

An open-source operating system

Question 22

Log

Answer 22

A record of events that occur within an organization’s systems

Question 23

Malware

Answer 23

Software designed to harm devices or networks

Question 24

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Answer 24

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 25

Network protocol analyzer (packet sniffer)

Answer 25

A tool designed to capture and analyze data traffic within a network

Question 26

Network security

Answer 26

The practice of keeping an organization's network infrastructure secure from unauthorized access

Question 27

Open Web Application Security Project (OWASP)

Answer 27

A non-profit organization focused on improving software security

Question 28

Order of volatility

Answer 28

A sequence outlining the order of data that must be preserved from first to last

Question 29

Password attack

Answer 29

An attempt to access password secured devices, systems, networks, or data

Question 30

Personally identifiable information (PII)

Answer 30

Any information used to infer an individual’s identity

Question 31

Phishing

Answer 31

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 32

Physical attack

Answer 32

A security incident that affects not only digital but also physical environments where the incident is deployed

Question 33

Physical social engineering

Answer 33

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 34

Privacy protection

Answer 34

The act of safeguarding personal information from unauthorized use

Question 35

Programming

Answer 35

A process that can be used to create a specific set of instructions for a computer to execute tasks

Question 36

Protected health information (PHI)

Answer 36

Information that relates to the past, present, or future physical or mental health or condition of an individual

Question 37

Protecting and preserving evidence

Answer 37

The process of properly working with fragile and volatile digital evidence

Question 38

Security architecture

Answer 38

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Question 39

Security controls

Answer 39

Safeguards designed to reduce specific security risks

Question 40

Security ethics

Answer 40

Guidelines for making appropriate decisions as a security professional

Question 41

Security frameworks

Answer 41

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 42

Security governance

Answer 42

Practices that help support, define, and direct security efforts of an organization

Question 43

Security information and event management (SIEM)

Answer 43

An application that collects and analyzes log data to monitor critical activities in an organization

Question 44

Security posture

Answer 44

An organization’s ability to manage its defense of critical assets and data and react to change

Question 45

Sensitive personally identifiable information (SPII)

Answer 45

A specific type of PII that falls under stricter handling guidelines

Question 46

Social engineering

Answer 46

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 47

Social media phishing

Answer 47

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Question 48

Spear phishing

Answer 48

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Question 49

SQL (Structured Query Language)

Answer 49

A programming language used to create, interact with, and request information from a database

Question 50

Supply-chain attack

Answer 50

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Question 51

Technical skills

Answer 51

Skills that require knowledge of specific tools, procedures, and policies

Question 52

Threat

Answer 52

Any circumstance or event that can negatively impact assets

Question 53

Threat actor

Answer 53

Any person or group who presents a security risk

Question 54

Transferable skills

Answer 54

Skills from other areas that can apply to different careers

Question 55

USB baiting

Answer 55

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Question 56

Virus

Answer 56

refer to “computer virus” Malicious code written to interfere with computer operations and cause damage to data and software

Question 57

Vishing

Answer 57

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 58

Watering hole attack

Answer 58

A type of attack when a threat actor compromises a website frequently visited by a specific group of users