Cybersecurity Flashcards

Question

Attack tree

Answer 1

A diagram that maps threats to assets

Answer 2

The pathways attackers use to penetrate security defenses

Answer 3

The process of verifying who someone is

Answer 4

The concept of granting access to specific resources in a system

Answer 5

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

Answer 6

The use of technology to reduce human and manual effort to perform common and repetitive tasks

Answer 7

The idea that data is accessible to those who are authorized to access it

Answer 8

A social engineering tactic that tempts people into compromising their security

Answer 9

The maximum data transmission capacity over a network, measured by bits per second

Answer 10

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

Answer 11

The default shell in most Linux distributions

Answer 12

The technology used to establish a user’s request to access a server

Answer 13

A microchip that contains loading instructions for the computer and is prevalent in older systems

Answer 14

The unique physical characteristics that can be used to verify a person’s identity

Answer 15

The smallest unit of data measurement on a computer

Answer 16

Data that can only be one of two values: either True or False

Answer 17

A software program that boots the operating system

Answer 18

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"

Answer 19

The indices placed in square brackets

Answer 20

Inconsistencies in the collection and logging of evidence in the chain of custody

Answer 21

The trial and error process of discovering private information

Answer 22

Programs that encourage freelance hackers to find and report vulnerabilities

Answer 23

A function that exists within Python and can be called directly

Answer 24

An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans

Answer 25

A document that outlines the procedures to sustain business operations during and after a significant disruption

Answer 26

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Answer 27

The second step of the NIST RMF that is used to develop risk management processes and tasks

Answer 28

An open-source distribution that is closely related to Red Hat

Answer 29

A computer’s main processor, which is used to perform general computing tasks on a computer

Answer 30

The process of documenting evidence possession and control during an incident lifecycle

Answer 31

A cloud-native tool designed to retain, analyze, and search data

Answer 32

An algorithm that encrypts information

Answer 33

Software firewalls that are hosted by the cloud service provider

Answer 34

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Answer 35

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Answer 36

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Answer 37

An instruction telling the computer to do something

Answer 38

The techniques used by malicious actors to maintain communications with compromised systems

Answer 39

A text-based user interface that uses commands to interact with the computer

Answer 40

A note programmers make about the intention behind their code

Answer 41

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Answer 42

An openly accessible dictionary of known vulnerabilities and exposures

Answer 43

A measurement system that scores the severity of a vulnerability

Answer 44

The process of adhering to internal standards and external regulations

Answer 45

A specialized group of security professionals that are trained in incident management and response

Answer 46

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 47

A statement that evaluates code to determine if it meets a specified set of conditions

Answer 48

The idea that only authorized users can access specific assets or data

Answer 49

Data that often has limits on the number of people who have access to it

Answer 50

A model that helps inform how organizations consider risk when setting up systems and security policies

Answer 51

A file used to configure the settings of an application

Answer 52

The act of limiting and preventing additional damage caused by an incident

Answer 53

A subnet that protects the internal network from the uncontrolled zone

Answer 54

An injection attack that inserts code into a vulnerable website or web application

Answer 55

The practice of gathering information using public input and collaboration

Answer 56

An attack that affects secure forms of communication between a sender and intended recipient

Answer 57

A mechanism that decrypts ciphertext

Answer 58

The process of transforming information into a form that unintended readers can’t understand

Answer 59

A form of malware that installs software to illegally mine cryptocurrencies

Answer 60

An organization that volunteers to analyze and distribute information on eligible CVEs

Answer 61

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Answer 62

Information that is translated, processed, or stored by a computer

Answer 63

Data not currently being accessed

Answer 64

An organized collection of information or data

Answer 65

A person that determines the procedure and purpose for processing data

Answer 66

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Answer 67

Unauthorized transmission of data from a system

Answer 68

Data traveling from one point to another

Answer 69

Data being accessed by one or more users

Answer 70

The person who decides who can access, edit, use, or destroy their information

Answer 71

A basic unit of information that travels from one device to another within a network

Answer 72

A specific piece of information

Answer 73

A person that is responsible for processing data on behalf of the data controller

Answer 74

An individual that is responsible for monitoring the compliance of an organization's data protection procedures

Answer 75

A category for a particular type of data item

Answer 76

Data representing a date and/or time

Answer 77

A software tool that helps to locate the source of an error and assess its causes

Answer 78

The practice of identifying and fixing errors in code

Answer 79

A layered approach to vulnerability management that reduces risk

Answer 80

An attack that targets a network or server and floods it with network traffic

Answer 81

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Answer 82

The prompt discovery of security events

Answer 83

Data that consists of one or more key-value pairs

Answer 84

A file that verifies the identity of a public key holder

Answer 85

The practice of collecting and analyzing data to determine what has happened after an attack

Answer 86

A file that organizes where other files are stored

Answer 87

A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident

Answer 88

A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic

Answer 89

The different versions of Linux

Answer 90

Any form of recorded content that is used for a specific purpose

Answer 91

An instance when malicious script exists in the webpage a browser loads

Answer 92

A networking protocol that translates internet domain names into IP addresses

Answer 93

A type of malware that comes packed with malicious code which is delivered and installed onto a target system

Answer 94

A brief summary of your experience, skills, and background

Answer 95

A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

Answer 96

The process of converting data from a readable format to an encoded format

Answer 97

Any device connected on a network

Answer 98

An application that monitors an endpoint for malicious activity

Answer 99

The complete removal of the incident elements from all affected systems

Answer 100

A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled

Answer 101

An observable occurrence on a network, system, or device

Answer 102

An error that involves code that cannot be executed even though it is syntactically correct

Answer 103

An operator that does not include the value of comparison

Answer 104

A way of taking advantage of a vulnerability

Answer 105

A mistake that can be exploited by a threat

Answer 106

Anything outside the organization that has the potential to harm organizational assets

Answer 107

A state where the presence of a threat is not detected

Answer 108

An alert that incorrectly detects the presence of a threat

Answer 109

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

Answer 110

The location of a file or directory

Answer 111

The component of the Linux OS that organizes data

Answer 112

Selecting data that match a certain condition

Answer 113

Documentation that provides a comprehensive review of an incident

Answer 114

A network security device that monitors traffic to or from a network

Answer 115

Data consisting of a number with a decimal point

Answer 116

A column in a table that is a primary key in another table

Answer 117

A server that regulates and restricts a person’s access to the internet

Answer 118

A section of code that can be reused in a program

Answer 119

A variable that is available through the entire program

Answer 120

A user interface that uses icons on the screen to manage different tasks on the computer

Answer 121

Any person who uses computers to gain access to computer systems, networks, or data

Answer 122

A person who uses hacking to achieve a political goal

Answer 123

A hardware component used for long-term memory

Answer 124

The physical components of a computer

Answer 125

An instance when different inputs produce the same hash value

Answer 126

An algorithm that produces a code that can’t be decrypted

Answer 127

A data structure that's used to store and reference hash values

Answer 128

A U.S. federal law established to protect patients’ health information

Answer 129

A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders

Answer 130

An application that monitors the activity of the host on which it’s installed

Answer 131

A network device that broadcasts information to every device on the network

Answer 132

An application layer protocol that provides a method of communication between clients and website servers

Answer 133

A network protocol that provides a secure method of communication between clients and website servers

Answer 134

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Answer 135

A collection of processes and technologies that helps organizations manage digital identities in their environment

Answer 136

A set of standards that define communication for wireless LANs

Answer 137

An object that cannot be changed after it is created and assigned a value

Answer 138

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Answer 139

An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies

Answer 140

An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies

Answer 141

The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member

Answer 142

A form of documentation used in incident response

Answer 143

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Answer 144

A document that outlines the procedures to take in each step of incident response

Answer 145

An operator that includes the value of comparison

Answer 146

Space added at the beginning of a line of code

Answer 147

A number assigned to every element in a sequence that indicates its position

Answer 148

The series of observed events that indicate a real-time incident

Answer 149

Observable evidence that suggests signs of a potential security incident

Answer 150

The protection of unauthorized access and distribution of data

Answer 151

The practice of keeping data in all states away from unauthorized users

Answer 152

Malicious code inserted into a vulnerable application

Answer 153

Programming that validates inputs from users and other programs

Answer 154

Data consisting of a number that does not include a decimal point

Answer 155

A software application for writing code that provides editing assistance and error correction tools

Answer 156

The idea that the data is correct, authentic, and reliable

Answer 157

The components required to run the computer

Answer 158

A current or former employee, external vendor, or trusted partner who poses a security risk

Answer 159

An internet protocol used by devices to tell each other about data transmission errors across the network

Answer 160

A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server

Answer 161

A set of standards used for routing and addressing data packets as they travel between devices on a network

Answer 162

A unique string of characters that identifies the location of a device on the internet

Answer 163

A computer program that translates Python code into runnable instructions line by line

Answer 164

An application that monitors system activity and alerts on possible intrusions

Answer 165

An application that monitors system activity for intrusive activity and takes action to stop the activity

Answer 166

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

Answer 167

Code that repeatedly executes a set of instructions

Answer 168

An open-source distribution of Linux that is widely used in the security industry

Answer 169

The component of the Linux OS that manages processes and memory

Answer 170

A set of data that represents two linked items: a key, and its corresponding value

Answer 171

An operating system that is outdated but still being used

Answer 172

A meeting that includes all involved parties after a major incident

Answer 173

A collection of modules that provide code users can access in their programs

Answer 174

An open-source operating system

Answer 175

The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list

Answer 176

Data structure that consists of a collection of data in sequential form

Answer 177

A type of malware that downloads strains of malicious code from an external source and installs them onto a target system

Answer 178

A network that spans small areas like an office building, a school, or a home

Answer 179

A variable assigned within a function

Answer 180

A record of events that occur within an organization’s systems

Answer 181

The process of examining logs to identify events of interest

Answer 182

The recording of events occurring on computer systems and networks

Answer 183

An error that results when the logic used in code produces unintended results

Answer 184

The process of collecting, storing, analyzing, and disposing of log data

Answer 185

The part of a loop that determines when the loop terminates

Answer 186

A variable that is used to control the iterations of a loop

Answer 187

Software designed to harm devices or networks

Answer 188

An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network

Answer 189

A unique alphanumeric identifier that is assigned to each physical device on a network

Answer 190

A function that belongs to a specific data type

Answer 191

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Answer 192

A collection of non-profit research and development centers

Answer 193

A device that connects your router to the internet and brings internet access to the LAN

Answer 194

A Python file that contains additional functions, variables, classes, and any kind of runnable code

Answer 195

The seventh step of the NIST RMF that means be aware of how systems are operating

Answer 196

A security measure that requires a user to verify their identity in two or more ways to access a system or network

Answer 197

A command-line file editor that is available by default in many Linux distributions

Answer 198

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Answer 199

A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity

Answer 200

A unified framework for protecting the security of information systems within the U.S. federal government

Answer 201

A group of connected devices

Answer 202

An application that collects and monitors network traffic and network data

Answer 203

The data that’s transmitted between devices on a network

Answer 204

Hardware that connects computers to a network

Answer 205

The process of examining network logs to identify events of interest

Answer 206

A tool designed to capture and analyze data traffic within a network

Answer 207

A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data

Answer 208

The practice of keeping an organization's network infrastructure secure from unauthorized access

Answer 209

A security technique that divides the network into segments

Answer 210

The amount of data that moves across a network

Answer 211

The concept that the authenticity of information can’t be denied

Answer 212

An online interface for writing, storing, and running code

Answer 213

Data consisting of numbers

Answer 214

An open-standard authorization protocol that shares designated access between applications

Answer 215

A data type that stores data in a comma-separated list of key-value pairs

Answer 216

An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit

Answer 217

The collection and analysis of information from publicly available sources to generate usable intelligence

Answer 218

A standardized concept that describes the seven layers computers use to communicate and send data over the network

Answer 219

A non-profit organization focused on improving software security

Answer 220

The interface between computer hardware and the user

Answer 221

A symbol or keyword that represents an operation

Answer 222

Input that modifies the behavior of a command

Answer 223

A sequence outlining the order of data that must be preserved from first to last

Answer 224

A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications

Answer 225

A piece of software that can be combined with other packages to form an application

Answer 226

A tool that helps users install, manage, and remove packages or applications

Answer 227

A file containing data packets intercepted from an interface or network

Answer 228

The practice of capturing and inspecting data packets across a network

Answer 229

An object that is included in a function definition for use in that function

Answer 230

An open-source distribution that is commonly used for security

Answer 231

The process of converting data into a more readable format

Answer 232

A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

Answer 233

An attempt to access password secured devices, systems, networks, or data

Answer 234

A software and operating system update that addresses security vulnerabilities within a program or product

Answer 235

A set of security standards formed by major organizations in the financial industry

Answer 236

A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes

Answer 237

A resource that provides stylistic guidelines for programmers working in Python

Answer 238

Hardware components that are attached and controlled by the computer system

Answer 239

The type of access granted for a file or directory

Answer 240

Any information used to infer an individual's identity

Answer 241

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Answer 242

A collection of software tools needed to launch a phishing campaign

Answer 243

A security incident that affects not only digital but also physical environments where the incident is deployed

Answer 244

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Answer 245

A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

Answer 246

A manual that provides details about any operational action

Answer 247

A set of rules that reduce risk and protect information

Answer 248

A software-based location that organizes the sending and receiving of data between devices on a network

Answer 249

A firewall function that blocks or allows certain port numbers to limit unwanted communication

Answer 250

The process of reviewing an incident to identify areas for improvement during incident handling

Answer 251

A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

Answer 252

Information that should be kept from the public

Answer 253

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Answer 254

A coding technique that executes SQL statements before passing them on to a database

Answer 255

A column where every row has a unique entry

Answer 256

The concept of granting only the minimal access and authorization required to complete a task or function

Answer 257

The act of safeguarding personal information from unauthorized use

Answer 258

Step-by-step instructions to perform a specific security task

Answer 259

A popular threat modeling framework that’s used across many industries

Answer 260

A process that can be used to create a specific set of instructions for a computer to execute tasks

Answer 261

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Answer 262

Information that relates to the past, present, or future physical or mental health or condition of an individual

Answer 263

The process of properly working with fragile and volatile digital evidence

Answer 264

A server that fulfills the requests of its clients by forwarding them to other servers

Answer 265

Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others

Answer 266

An encryption framework that secures the exchange of online information

Answer 267

An extensive collection of Python code that often comes packaged with Python

Answer 268

A request for data from a database table or a combination of tables

Answer 269

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

Answer 270

A file of pre-generated hash values and their associated plaintext

Answer 271

A hardware component used for short-term memory

Answer 272

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Answer 273

A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other

Answer 274

A NIST core function related to returning affected systems back to normal operation

Answer 275

The process of returning affected systems back to normal operations

Answer 276

A subscription-based distribution of Linux built for enterprise use

Answer 277

An instance when malicious script is sent to a server and activated during the server’s response

Answer 278

A sequence of characters that forms a pattern

Answer 279

Rules set by a government or other authority to control the way something is done

Answer 280

A structured database containing tables that are related to each other

Answer 281

A file path that starts from the user's current directory

Answer 282

A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time

Answer 283

The ability to prepare for, respond to, and recover from disruptions

Answer 284

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Answer 285

A Python statement that executes inside a function and sends information back to the function call

Answer 286

A server that regulates and restricts the internet's access to an internal server

Answer 287

Anything that can impact the confidentiality, integrity, or availability of an asset

Answer 288

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Answer 289

The highest-level directory in Linux

Answer 290

Malware that provides remote, administrative access to a computer

Answer 291

A user with elevated privileges to modify the system

Answer 292

A network device that connects multiple networks together

Answer 293

An additional safeguard that’s used to strengthen hash functions

Answer 294

Malware that employs tactics to frighten users into infecting their device

Answer 295

Splunk’s query language

Answer 296

A secure protocol used to transfer files from one device to another over a network

Answer 297

A security protocol used to create a shell with a remote system

Answer 298

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Answer 299

A review of an organization's security controls, policies, and procedures against a set of expectations

Answer 300

Safeguards designed to reduce specific security risks

Answer 301

Guidelines for making appropriate decisions as a security professional

Answer 302

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Answer 303

Practices that help support, define, and direct security efforts of an organization

Answer 304

The process of strengthening a system to reduce its vulnerabilities and attack surface

Answer 305

An application that collects and analyzes log data to monitor critical activities in an organization

Answer 306

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data

Answer 307

An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks

Answer 308

A collection of applications, tools, and workflows that use automation to respond to security events

Answer 309

An organization’s ability to manage its defense of critical assets and data and react to change

Answer 310

A segment of a company’s network that protects the internal network from the internet

Answer 311

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Answer 312

A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)

Answer 313

A specific type of PII that falls under stricter handling guidelines

Answer 314

The principle that users should not be given levels of authorization that would allow them to misuse a system

Answer 315

a sequence of network HTTP requests and responses associated with the same user

Answer 316

A token that websites use to validate a session and determine how long that session should last

Answer 317

An event when attackers obtain a legitimate user’s session ID

Answer 318

A unique token that identifies a user and their device while accessing a system

Answer 319

Data that consists of an unordered collection of unique values

Answer 320

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Answer 321

The command-line interpreter

Answer 322

A pattern that is associated with malicious activity

Answer 323

A detection method used to find events of interest

Answer 324

A network protocol used for monitoring and managing devices on a network

Answer 325

A technology that combines several different logins into one

Answer 326

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

Answer 327

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets

Answer 328

A manipulation technique that exploits human error to gain private information, access, or valuables

Answer 329

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Answer 330

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Answer 331

The rate at which a device sends and receives data, measured by bits per second

Answer 332

A cloud-hosted tool used to collect, search, and monitor log data

Answer 333

A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time

Answer 334

Malware that’s used to gather and sell information without consent

Answer 335

A programming language used to create, interact with, and request information from a database

Answer 336

An attack that executes unexpected queries on a database

Answer 337

An individual or group that has an interest in any decision or activity of an organization

Answer 338

An error message returned by the OS through the shell

Answer 339

Information received by the OS via the command line

Answer 340

Information returned by the OS through the shell

Answer 341

References that inform how to set policies

Answer 342

An interview technique used to answer behavioral and situational questions

Answer 343

A class of firewall that keeps track of information passing through it and proactively filters out threats

Answer 344

A class of firewall that operates based on predefined rules and that does not keep track of information from data packets

Answer 345

An instance when malicious script is injected directly on the server

Answer 346

The process of joining two strings together

Answer 347

Data consisting of an ordered sequence of characters

Answer 348

A manual that informs the writing, formatting, and design of documents

Answer 349

The subdivision of a network into logical groups called subnets

Answer 350

A continuous sequence of characters within a string

Answer 351

A command that temporarily grants elevated permissions to specific users

Answer 352

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Answer 353

An open-source intrusion detection system, intrusion prevention system, and network analysis tool

Answer 354

A device that makes connections between specific devices on a network by sending and receiving data between them

Answer 355

The use of a single secret key to exchange information

Answer 356

A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

Answer 357

The rules that determine what is correctly structured in a computing language

Answer 358

An error that involves invalid usage of a programming language

Answer 359

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

Answer 360

A framework used to visualize how data is organized and transmitted across a network

Answer 361

A command-line network protocol analyzer

Answer 362

Skills that require knowledge of specific tools, procedures, and policies

Answer 363

The collection and transmission of data for analysis

Answer 364

Any circumstance or event that can negatively impact assets

Answer 365

Any person or group who presents a security risk

Answer 366

The proactive search for threats on a network

Answer 367

Evidence-based threat information that provides context about existing or emerging threats

Answer 368

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

Answer 369

Skills from other areas that can apply to different careers

Answer 370

An internet communication protocol that allows two devices to form a connection and stream data

Answer 371

The prioritizing of incidents according to their level of importance or urgency

Answer 372

Malware that looks like a legitimate file or program

Answer 373

A state where there is no detection of malicious activity

Answer 374

An alert that correctly detects the presence of an attack

Answer 375

Data structure that consists of a collection of data that cannot be changed

Answer 376

An error that results from using the wrong data type

Answer 377

An open-source, user-friendly distribution that is widely used in security and other industries

Answer 378

An incident type that occurs when an individual gains digital or physical access to a system or application without permission

Answer 379

Any network outside your organization's control

Answer 380

A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems

Answer 381

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Answer 382

The person interacting with a computer

Answer 383

A connectionless protocol that does not establish a connection between devices before transmissions

Answer 384

A function that programmers design for their specific needs

Answer 385

A program that allows the user to control the functions of the operating system

Answer 386

The process of creating and maintaining a user's digital identity

Answer 387

A container that stores data

Answer 388

A virtual version of a physical computer

Answer 389

A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet

Answer 390

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 391

A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content

Answer 392

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Answer 393

A way of displaying various types of data quickly in one place

Answer 394

A weakness that can be exploited by a threat

Answer 395

The internal review process of an organization's security systems

Answer 396

The process of finding and patching vulnerabilities

Answer 397

Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network

Answer 398

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Answer 399

Malicious code or behavior that’s used to take advantage of coding flaws in a web application

Answer 400

A category of spear phishing attempts that are aimed at high-ranking executives in an organization

Answer 401

A network that spans a large geographic area like a city, state, or country

Answer 402

A wireless security protocol for devices to connect to the internet

Answer 403

A special character that can be substituted with any other character

Answer 404

An open-source network protocol analyzer

Answer 405

A file that can be altered by anyone in the world

Answer 406

Malware that can duplicate and spread itself across systems on its own

Answer 407

A computer language used to create rules for searching through ingested log data

Answer 408

An exploit that was previously unknown

Cybersecurity Flashcards

(432 cards)