Introduction And Cybersecurity Fundamentals

Question 1

What is the practice of protecting information by mitigating information risk? it also involves safeguard data from unauthorized access disclosure, alteration, and destruction.

Answer 1

Information security

Question 2

What does the CIA try stand for?

Answer 2

Confidentiality, integrity, availability

Question 3

This ensures that sensitive information is only accessible to those who are authorized to view

Answer 3

Confidentiality

Question 4

This maintains the accuracy and consistency of data throughout its life. Cycle data should be stored and transferred as intended.

Answer 4

Integrity

Question 5

This ensures that information and resources are available to authorize users whenever they are needed. This includes maintaining system of time preventing disruption to access.

Answer 5

Availability

Question 6

This refers to the overall security status and readiness of an organization

Answer 6

Security Posturing

Question 7

What are the main components of security posturing?

Answer 7

Assessment, planning, implementation , monitoring, adaptation

Question 8

This position overseas the entire security strategy of the organization, ensuring that all aspects of security are learned with business objectives

Answer 8

Chief security officer (CSO)

Question 9

This position focuses on the protection of information, assets, developing and implementing information, security policies, and practices

Answer 9

Chief information security officer (CISO)

Question 10

These positions primarily focus on handling policy enforcement

Answer 10

Managerial, technical, operational

Question 11

Vulnerability

Answer 11

A weakness or flaw in the system software process that can be exploited by the actor

Question 12

Threat

Answer 12

Any potential danger that can exploit a vulnerability to cause harm

Question 13

Risk

Answer 13

The combination of likelihood that a threat will exploit a vulnerability and the impact it would have a measure of a potential harm to the organization

Question 14

Threats can be classified as?

Answer 14

Internal, external, malicious, unintentional

Question 15

This component within security posturing involves developing strategies and policies to address identified risk and improve security

Answer 15

Planning

Question 16

This component of security posturing deploy security measures such as firewalls, encryption, and access measures

Answer 16

Implementation

Question 17

This key component of security posturing evaluate the current security measures and identifies potential

Answer 17

Assessment

Question 18

This component within security posturing updates and refines security measures based on new interest, technical advancements, and changes in organizations need

Answer 18

Adaptation

Question 19

——— is about how prepared and protected an organization is against cyber threats and involves assessing current security planning improvements, implementing protective measures modeling for threats and adapting to new risks and changes. This approach helps keep the organization, data system, and infrastructure safe.

Answer 19

Security posture

Question 20

————— are malicious hackers who illegally exploit vulnerabilities for personal gain or to cause harm

Answer 20

Black Hat

Question 21

These ethical hackers work to strengthen the organization’s security (internal threat with positive intentions)

Answer 21

White hat

Question 22

What does APTs stand for?

Answer 22

Advanced Persistent Threats

Question 23

These are highly skilled and well funded cyber threats often lead to government agencies. These targeted attacks are aimed at espionage or gaining strategic advantages, such as stealing sensitive information or disrupting rivals

Answer 23

APTs

Question 24

The route through which threat actors gain unauthorized access to systems or data

Answer 24

Attack vectors

Question 25

———- is crucial for understanding and improving the security of a network Helps check and improve network security by setting a baseline of secure configurations and settings for devices

Answer 25

Vulnerability assessment

Question 26

This aspect ensures that people cannot deny their actions related to data, helping maintain accountability

Answer 26

Non-repudiation

Question 27

Individuals or groups that pose a danger to cyber security with varying motivations and capabilities

Answer 27

Threat actors

Question 28

These groups are often associated with government agencies, such as military or intelligence services. They are well funded, and highly skilled.

Answer 28

State-backed groups

Question 29

Gathering sensitive information often for national security or economic advantage

Answer 29

Espionage

Question 30

Hackers who may assist an organization but operate without official authorization, sometimes crossing legal boundaries

Answer 30

Grey Hat

Question 31

Inexperienced individuals who use existing tools and scripts to launch basic cyberattacks to promote their agenda

Answer 31

Script Kiddies

Question 32

Group of hackers united by a common cause, often political or social, to promote their agenda

Answer 32

Hacktivists

Question 33

Ethical hackers working to strengthen the organization’s security/ positive intentions

Answer 33

White Hat

Question 34

Groups who operate across multiple legal jurisdictions, making them difficult to prosecute l. Motivated by profit through illegal activities such as ransomware, fraud and data theft

Answer 34

Criminal groups

Question 35

Engage in cyber espionage to gain a competitive edge

Answer 35

Competitors

Question 36

Threats that originate from within the organization that are particularly dangerous

Answer 36

Insider threats

Question 37

What types of insider threat actors are there and the difference between them?

Answer 37

Malicious Insider Threat- motivated by sabotage, financial gain or gaining business advantage. Individuals who have or have had authorized access Unintentional Insider Threat- occurs when employees accidentally compromise security, often due to weak policies and procedures, weak adherence, lack of training and shadow IT

Question 38

Common attack vectors

Answer 38

Physical access to device Infected USB drives or portable devices Phishing emails Attacking wireless networks Compromising third-party vendors Exploiting web applications or social media Targeting cloud services with weak security

Question 39

Vulnerability Assessment check….

Answer 39

Users Device Status Network Settings Outside Connections

Question 40

What does SLA and NDA stand for

Answer 40

Service level agreement Non-disclosure agreements