CYBRSCRTY-MODULE 1

Question 1

Advanced Persistent Threat (APT)

Answer 1

A class of attacks that use innovative attack tools to infect and silently extract data over an extended period of time

Question 2

Attack vector

Answer 2

A pathway or avenue used by a threat actor to penetrate a system

Question 3

Attributes

Answer 3

Characteristic features of the different groups of threat actors

Question 4

Authority

Answer 4

A social engineering principle that involves directing others by impersonating an authority figure or falsely citing their authority

Question 5

Availability loss

Answer 5

The loss that results from making systems inaccessible

Question 6

Black hat hackers

Answer 6

Threat actors who violate computer security for personal gain or to inflict malicious damage

Question 7

Cloud platforms

Answer 7

A pay-per-use computing model in which customers pay only for the online computing resources they need

Question 8

Competitors

Answer 8

Threat actors who launched attacks against an opponent’s system to steal classified information

Question 9

Consensus

Answer 9

A social engineering principle that involves being influenced by what others do

Question 10

Credential harvesting

Answer 10

Using the Internet and social media searches to perform reconnaissance

Question 11

Criminal syndicates

Answer 11

Threat actors who have moved from traditional criminal activities to more rewarding and less risky online attacks

Question 12

Data breach

Answer 12

Stealing data to disclose it in an unauthorized fashion

Question 13

Data exfiltration

Answer 13

Stealing data to distribute it to other parties

Question 14

Data loss

Answer 14

The destruction of data

Question 15

Data Storage

Answer 15

Third-party facilities used for storing important data

Question 16

Default settings

Answer 16

Settings that are predetermined by the vendor for usability and ease of use (but not security) so the user can immediately begin using the product

Question 17

Direct access

Answer 17

An attack vector in which a threat actor can gain direct physical access to the computer

Question 18

Dumpster diving

Answer 18

Digging through trash receptacles to find information that can be useful in an attack

Question 19

Eliciting information

Answer 19

Gathering data

Question 20

Errors

Answer 20

Human mistakes in selecting one setting over another without considering the security implications

Question 21

External

Answer 21

External entities outside of the organization

Question 22

Familiarity

Answer 22

A social engineering principle that portrays the victim as well known and well received

Question 23

Financial loss

Answer 23

The monetary loss as a result of lost productivity

Question 24

Firmware

Answer 24

Software that is embedded into hardware to provide low-level controls and instructions

Question 25

Gray hat hackers

Answer 25

Hackers who attempt to break into a computer system without the organization’s permission to publicly disclose the attack and shame the organization into taking action

Question 26

Hacker

Answer 26

A person who uses advanced computer skills to attack computers

Question 27

Hacktivists

Answer 27

A group of attackers that is strongly motivated by ideology

Question 28

Hoax

Answer 28

A false warning often contained in an email claiming to be from the IT department

Question 29

Hybrid warfare influence campaign

Answer 29

Influence campaigns used on social media and other sources

Question 30

Identity fraud/impersonation

Answer 30

Masquerading as a real or fictitious character and then playing out the role of that person with the victim

Question 31

Identity theft

Answer 31

Taking personally identifiable information to impersonate someone

Question 32

Influence campaigns

Answer 32

Using social engineering to sway attention and sympathy in a particular direction

Question 33

Insider threat

Answer 33

Attackers who manipulate data from the position of a trusted employee

Question 34

Intent/motivation

Answer 34

Reasons for an attack by threat actors

Question 35

Internal

Answer 35

Threat actors who work inside the enterprise

Question 36

Intimidation

Answer 36

To frighten and coerce by threat

Question 37

Invoice scam

Answer 37

A fictitious overdue invoice that demands immediate payment

Question 38

Lack of vendor support

Answer 38

A lack of expertise to handle system integration

Question 39

Legacy platform

Answer 39

A platform that is no longer in widespread use, often because it has been supplanted or replaced by an updated version of that earlier technology

Question 40

level of capability/sophistication

Answer 40

Power and complexity capabilities of threat actors

Question 41

On-premises platform

Answer 41

Software and technology located within the physical confines of an enterprise, which is usually consolidated in the company’s data center

Question 42

Open permissions

Answer 42

User access over files that should have been restricted

Question 43

Open ports and services

Answer 43

Devices and services that are often configured to allow the most access so that the user can then close those ports that are specific to that organization

Question 44

Outsourced code development

Answer 44

Contracting with third parties to assist the organization in the development and writing of a software program or app

Question 45

Patch

Answer 45

An officially released software security update intended to repair a vulnerability

Question 46

Pharming

Answer 46

Exploiting how a URL is converted into its corresponding IP address to redirect traffic away from its intended target to a fake website instead

Question 47

Phishing

Answer 47

Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action

Question 48

Prepending

Answer 48

Influencing a subject before an event occurs

Question 49

Pretexting

Answer 49

Using impersonation to obtain private information

Question 50

Reconnaissance

Answer 50

Learning as much about a person as possible in order to appear as genuine while acting as an imposter

Question 51

Reputation

Answer 51

Public perception

Question 52

Resources and funding

Answer 52

Financial capabilities of threat actors

Question 53

Scarcity

Answer 53

When something is short in supply

Question 54

Script kiddies

Answer 54

Individuals who want to perform attacks yet lack the technical knowledge to carry them out

Question 55

Shadow IT

Answer 55

Employees who become frustrated with the slow pace of acquiring technology, so they purchase and install their own equipment or resources in violation of company policies

Question 56

Shoulder surfing

Answer 56

Watching an individual enter a security code on a keypad

Question 57

Smishing

Answer 57

Using short message service (SMS) text messages to perform phishing

Question 58

Social engineering

Answer 58

Gathering data by relying on the weaknesses of individuals

Question 59

Social media influence campaign

Answer 59

An influence campaign exclusively used on social media

Question 60

Spam

Answer 60

Unsolicited email that is sent to a large number of recipients

Question 61

Spear phishing

Answer 61

Targeting specific users

Question 62

Spim

Answer 62

Spam delivered through instant messaging (IM) instead of email

Question 63

State actors

Answer 63

Government-sponsored attackers who launch cyber-attacks against the foes of the state

Question 64

Supply chain

Answer 64

A network that moves a product from the supplier to the customer and is made up of vendors that supply raw material, manufacturers who convert the material into products, warehouses that store products, distribution centers that deliver them to the retailers, and retailers who bring the product to the customers

Question 65

System integration

Answer 65

Connectivity between the systems of an organization and its third parties

Question 66

Tailgating

Answer 66

Following an authorized user through the door

Question 67

Third parties

Answer 67

External entities outside of the organization

Question 68

Threat actor

Answer 68

Individuals or entities who are responsible for cyber incidents against the technology equipment of enterprises and users

Question 69

Trust

Answer 69

A social engineering principle to inspire confidence in a victim

Question 70

Typo squatting

Answer 70

Purchasing the domain names of sites that are spelled similarly to actual sites

Question 71

Unsecure protocols

Answer 71

Using protocols for telecommunications that do not provide adequate protections

Question 72

Unsecured root accounts

Answer 72

Unprotected accounts that give unfettered access to all resources

Question 73

Urgency

Answer 73

A social engineering principle that demands immediate action

Question 74

Vendor management

Answer 74

The process organizations use to monitor and manage the interactions with all external third parties with which they have a relationship

Question 75

Vishing

Answer 75

Using a telephone call to perform phishing

Question 76

Watering hole attack

Answer 76

An attack, directed toward a smaller group of specific individuals, such as the major executives working for a manufacturing company

Question 77

Weak configuration

Answer 77

Configuration settings that are not properly implemented, resulting in vulnerabilities

Question 78

Weak encryption

Answer 78

Choosing a known vulnerable encryption mechanism

Question 79

Whaling

Answer 79

Targeting wealthy individuals or senior executives within a business through phishing

Question 80

White hat hackers

Answer 80

Also known as ethical attackers; A class of hackers taht probe a system with an organization’s permission for weaknesses and then privately provide that information to the organization

Question 81

Zero day

Answer 81

A vulnerability that is exploited by attackers before anyone else even knows it exists