DEFINITIONS

Question 1

Software Development Security

Answer 1

uses secure coding practices, which are set of recommended guidelines that are used to create secure applications and services

Question 2

security architecture and engineering

Answer 2

optimizes data security by ensuring effective tools, systems and processes are in

Question 3

security and risk management

Answer 3

defines security goals and objectives, risk mitigation, compliance, business continuity and the law

Question 4

security operations

Answer 4

conducting investigations and implementing preventative measures

Question 5

security assessment and testing

Answer 5

conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats and vulnerabilities

Question 6

identitity and access management

Answer 6

keeps data secure, by ensuring users follow established polices to control and manage physical assets

Question 7

communication and network security

Answer 7

manage and secure physical networks and wireless communications

Question 8

Threat Actor

Answer 8

Any person or group that presents a security risk

Question 9

Social media phishing

Answer 9

A threat actor collects detailed information about their target from social media sites. Then, initiates an attack

Question 10

Social engineering

Answer 10

is a manipulation technique that exploits human error to gain access to sensitive, private and valuable information

Question 11

Physical social engineering

Answer 11

A threat actor impersonates a employer, customer or vendor to gain unauthorized access to a physical location

Question 12

Spear phishing

Answer 12

a malicious email attach that targets a specific user or group of users. The email seems to originate from a trusted source

Question 13

Malware

Answer 13

Software designed to harm devices and networks

Question 14

Virus

Answer 14

a malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Question 15

Phishing

Answer 15

the us of digital communication to trick a user or a group of users into revealing sensitive data or deploying a malicious software

Question 16

USB baiting

Answer 16

A threat actor strategically leaves a malware usbstick for an employee to find and install, Unknowingly infect a network

Question 17

Ransomeware

Answer 17

-A malicious attack where a threat actor encrypts a organizations data and demands payment to restore access

Question 18

Vishing

Answer 18

The use of digital voice communication to gain access to sensitive information or to impersonate a known source

Question 19

Spyware

Answer 19

A malicious software installed on a users computer without their permission which is used to spy on or steal user data

Question 20

Worm

Answer 20

A malware that self–replicates, spreading across networks and infecting computers

Question 21

Business email compromise (BEC)

Answer 21

An attack in which a threat actor impersonated a know source to obtain financial advantage

Question 22

Watering hole attack

Answer 22

A threat actor targets a website that is frequently visited by a specific group of users

Question 23

Whaling

Answer 23

A threat actor targets a companies executive to gain access to sensitive data

Question 24

Adversarial artificial intelligence (AI

Answer 24

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Question 25

Cryptographic attack

Answer 25

An attack that affects secure forms of communication between a sender and intended recipient