Foundations of Cyber Security

Question 1

Cybersecurity

Answer 1

_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Question 2

Cloud Security

Answer 2

_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Question 3

Internal threat

Answer 3

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 4

Network Security

Answer 4

The practice of keeping an organization’s network infrastructure secure from unauthorized access

Question 5

Personally identifiable information (PII)

Answer 5

Any information used to infer an individual’s identity

Question 6

Security posture

Answer 6

An organization’s ability to manage its defense of critical assets and data and react to change

Question 7

Sensitive personally identifiable information (SPII)

Answer 7

A specific type of PII that falls under stricter handling guidelines

Question 8

Technical skills

Answer 8

Skills that require knowledge of specific tools, procedures, and policies

Question 9

Threat

Answer 9

Any circumstance or event that can negatively impact assets

Question 10

Threat actor

Answer 10

Any person or group who presents a security risk

Question 11

Transferable skills

Answer 11

Skills from other areas that can apply to different careers

Question 12

Adversarial artificial intelligence (AI):

Answer 12

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Question 13

Business Email Compromise (BEC):

Answer 13

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Question 14

CISSP

Answer 14

Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

Question 15

Computer Virus

Answer 15

Malicious code written to interfere with computer operations and cause damage to data and software

Question 16

Cryptographic attack

Answer 16

An attack that affects secure forms of communication between a sender and intended recipient

Question 17

Hacker

Answer 17

Any person who uses computers to gain access to computer systems, networks, or data

Question 18

Malware

Answer 18

Software designed to harm devices or networks

Question 19

Password attack

Answer 19

An attempt to access password secured devices, systems, networks, or data

Question 20

Phishing

Answer 20

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 21

Physical attack

Answer 21

A security incident that affects not only digital but also physical environments where the incident is deployed

Question 22

Physical social engineering

Answer 22

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 23

Social engineering

Answer 23

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 24

Social Media Phishing

Answer 24

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Question 25

Spear Phishing

Answer 25

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Question 26

Supply-Chain attack

Answer 26

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Question 27

USB baiting

Answer 27

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Question 28

Virus

Answer 28

refer to “computer virus”

Question 29

Vishing

Answer 29

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 30

Watering hole attack

Answer 30

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Question 31

Asset

Answer 31

An item perceived as having value to an organization

Question 32

Availability

Answer 32

The idea that data is accessible to those who are authorized to access it

Question 33

Compliance

Answer 33

The process of adhering to internal standards and external regulations

Question 34

Confidentiality

Answer 34

The idea that only authorized users can access specific assets or data

Question 35

Confidentiality, integrity, availability (CIA) triad

Answer 35

A model that helps inform how organizations consider risk when setting up systems and security policies

Question 36

Hacktivist

Answer 36

A person who uses hacking to achieve a political goal

Question 37

Health Insurance Portability and Accountability Act (HIPPA)

Answer 37

A U.S. federal law established to protect patients’ health information

Question 38

Integrity

Answer 38

The idea that the data is correct, authentic, and reliable

Question 39

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Answer 39

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 40

Privacy Protection

Answer 40

The act of safeguarding personal information from unauthorized use

Question 41

Security architecture

Answer 41

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Question 41

Security ethics

Answer 41

Guidelines for making appropriate decisions as a security professional

Question 41

Security controls

Answer 41

Safeguards designed to reduce specific security risks

Question 41

Protected health information (PHI)

Answer 41

Information that relates to the past, present, or future physical or mental health or condition of an individual

Question 42

Security frameworks

Answer 42

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 43

Security governance

Answer 43

Practices that help support, define, and direct security efforts of an organization

Question 44

Sensitive personally identifiable information (SPII)

Answer 44

A specific type of PII that falls under stricter handling guidelines

Question 45

Antivirus software

Answer 45

A software program used to prevent, detect, and eliminate malware and viruses

Question 46

Database

Answer 46

An organized collection of information or data

Question 47

Data point

Answer 47

A specific piece of information

Question 48

Intrusion detection system (IDS)

Answer 48

An application that monitors system activity and alerts on possible intrusions

Question 49

Linux

Answer 49

An open-source operating system

Question 50

Log

Answer 50

A record of events that occur within an organization’s systems

Question 51

Network protocol analyzer (packet sniffer)

Answer 51

A tool designed to capture and analyze data traffic within a network

Question 52

Order of volatility

Answer 52

A sequence outlining the order of data that must be preserved from first to last

Question 53

Programming

Answer 53

A process that can be used to create a specific set of instructions for a computer to execute tasks

Question 54

Protecting and preserving evidence

Answer 54

The process of properly working with fragile and volatile digital evidence

Question 55

Security information and event management (SIEM)

Answer 55

An application that collects and analyzes log data to monitor critical activities in an organization

Question 56

SQL (Structured Query Language)

Answer 56

A query language used to create, interact with, and request information from a database

Question 57

_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Answer 57

Cybersecurity

Question 58

_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Answer 58

Cloud Security

Question 59

A current or former employee, external vendor, or trusted partner who poses a security risk

Answer 59

Internal threat

Question 60

The practice of keeping an organization’s network infrastructure secure from unauthorized access

Answer 60

Network Security

Question 61

Any information used to infer an individual’s identity

Answer 61

Personally identifiable information (PII)

Question 62

An organization’s ability to manage its defense of critical assets and data and react to change

Answer 62

Security posture

Question 63

A specific type of PII that falls under stricter handling guidelines

Answer 63

Sensitive personally identifiable information (SPII)

Question 64

Skills that require knowledge of specific tools, procedures, and policies

Answer 64

Technical skills

Question 65

Any circumstance or event that can negatively impact assets

Answer 65

Threat

Question 66

Any person or group who presents a security risk

Answer 66

Threat actor

Question 67

Skills from other areas that can apply to different careers

Answer 67

Transferable skills

Question 68

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Answer 68

Adversarial artificial intelligence (AI):

Question 69

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Answer 69

Business Email Compromise (BEC):

Question 70

Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

Answer 70

CISSP

Question 71

Malicious code written to interfere with computer operations and cause damage to data and software

Answer 71

Computer Virus

Question 72

An attack that affects secure forms of communication between a sender and intended recipient

Answer 72

Cryptographic attack

Question 73

Any person who uses computers to gain access to computer systems, networks, or data

Answer 73

Hacker

Question 74

Software designed to harm devices or networks

Answer 74

Malware

Question 75

An attempt to access password secured devices, systems, networks, or data

Answer 75

Password attack

Question 76

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Answer 76

Phishing

Question 77

A security incident that affects not only digital but also physical environments where the incident is deployed

Answer 77

Physical attack

Question 78

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Answer 78

Physical social engineering

Question 79

A manipulation technique that exploits human error to gain private information, access, or valuables

Answer 79

Social engineering

Question 80

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Answer 80

Social Media Phishing

Question 81

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Answer 81

Spear Phishing

Question 82

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Answer 82

Supply-Chain attack

Question 83

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Answer 83

USB baiting

Question 84

refer to “computer virus”

Answer 84

Virus

Question 85

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Answer 85

Vishing

Question 86

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Answer 86

Watering hole attack

Question 87

An item perceived as having value to an organization

Answer 87

Asset

Question 88

The idea that data is accessible to those who are authorized to access it

Answer 88

Availability

Question 89

The process of adhering to internal standards and external regulations

Answer 89

Compliance

Question 90

The idea that only authorized users can access specific assets or data

Answer 90

Confidentiality

Question 91

A model that helps inform how organizations consider risk when setting up systems and security policies

Answer 91

Confidentiality, integrity, availability (CIA) triad

Question 92

A person who uses hacking to achieve a political goal

Answer 92

Hacktivist

Question 93

A U.S. federal law established to protect patients’ health information

Answer 93

Health Insurance Portability and Accountability Act (HIPPA)

Question 94

The idea that the data is correct, authentic, and reliable

Answer 94

Integrity

Question 95

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Answer 95

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

Question 96

The act of safeguarding personal information from unauthorized use

Answer 96

Privacy Protection

Question 97

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Answer 97

Security architecture

Question 98

Guidelines for making appropriate decisions as a security professional

Answer 98

Security ethics

Question 99

Safeguards designed to reduce specific security risks

Answer 99

Security controls

Question 100

Information that relates to the past, present, or future physical or mental health or condition of an individual

Answer 100

Protected health information (PHI)

Question 101

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Answer 101

Security frameworks

Question 102

Practices that help support, define, and direct security efforts of an organization

Answer 102

Security governance

Question 103

A specific type of PII that falls under stricter handling guidelines

Answer 103

Sensitive personally identifiable information (SPII)

Question 104

A software program used to prevent, detect, and eliminate malware and viruses

Answer 104

Antivirus software

Question 105

An organized collection of information or data

Answer 105

Database

Question 106

A specific piece of information

Answer 106

Data point

Question 107

An application that monitors system activity and alerts on possible intrusions

Answer 107

Intrusion detection system (IDS)

Question 108

An open-source operating system

Answer 108

Linux

Question 109

A record of events that occur within an organization’s systems

Answer 109

Log

Question 110

A tool designed to capture and analyze data traffic within a network

Answer 110

Network protocol analyzer (packet sniffer)

Question 111

A sequence outlining the order of data that must be preserved from first to last

Answer 111

Order of volatility

Question 112

A process that can be used to create a specific set of instructions for a computer to execute tasks

Answer 112

Programming

Question 113

The process of properly working with fragile and volatile digital evidence

Answer 113

Protecting and preserving evidence

Question 114

An application that collects and analyzes log data to monitor critical activities in an organization

Answer 114

Security information and event management (SIEM)

Question 115

A query language used to create, interact with, and request information from a database

Answer 115

SQL (Structured Query Language)