Security_Plus_Complete_Guide Flashcards
(199 cards)
1
Q
What is the CIA triad in cybersecurity?
A
Confidentiality, Integrity, and Availability.
2
Q
Define ‘Confidentiality’ in the CIA triad.
A
Limiting information access to authorized users.
3
Q
Define ‘Integrity’ in the CIA triad.
A
Ensuring accuracy and reliability of data.
4
Q
Define ‘Availability’ in the CIA triad.
A
Ensuring resources are accessible when needed.
5
Q
What does AAA stand for in cybersecurity?
A
Authentication, Authorization, and Accounting.
6
Q
Describe ‘Authentication’ in AAA.
A
Verifying identity of a user or device.
7
Q
Describe ‘Authorization’ in AAA.
A
Granting permissions to authenticated users.
8
Q
Describe ‘Accounting’ in AAA.
A
Tracking user actions for audit purposes.
9
Q
What is the purpose of the CIA triad?
A
To provide a foundational model for security policies to protect data.
10
Q
What is ‘Risk Management’ in cybersecurity?
A
Identifying, assessing, and mitigating risks to information security.
11
Q
What is a ‘risk assessment’?
A
Evaluating potential threats to determine their impact and likelihood.
12
Q
Define ‘least privilege’ in access control.
A
Restricting user access to only what is necessary for their role.
13
Q
What is ‘non-repudiation’ in information security?
A
Ensuring a user cannot deny having performed an action.
14
Q
What is a ‘security policy’?
A
A set of rules and practices that dictate how data is protected.
15
Q
What is ‘multi-factor authentication’?
A
Using more than one method of verification to authenticate users.
16
Q
What is a ‘digital signature’?
A
An electronic method to verify the authenticity of a document or message.
17
Q
Explain ‘defense in depth’.
A
Using multiple layers of security to protect resources.
18
Q
What does ‘risk tolerance’ mean in risk management?
A
The level of risk an organization is willing to accept.
19
Q
Define ‘threat’ in risk management.
A
Any potential event or action that could cause harm to information.
20
Q
What is a ‘vulnerability’?
A
A weakness in a system that could be exploited by a threat.
21
Q
What is malware?
A
Malicious software designed to harm or exploit devices, networks, or systems.
22
Q
Define phishing.
A
Deceptive attempts to steal sensitive information via email or other forms of communication.
23
Q
What is ransomware?
A
Malware that encrypts files and demands payment for their release.
24
Q
What is a Trojan?
A
Malware disguised as legitimate software.
25
What is a worm?
Self-replicating malware that spreads across networks without user intervention.
26
Define a zero-day vulnerability.
A software flaw unknown to the vendor, without a patch, making it susceptible to attacks.
27
Describe a DDoS attack.
An attack that overwhelms a system with traffic to make it unavailable to legitimate users.
28
What is SQL injection?
An attack that injects malicious SQL code to manipulate or access a database.
29
Define an insider threat.
A threat posed by individuals within an organization, such as employees misusing access.
30
What is cross-site scripting (XSS)?
Injecting malicious scripts into trusted websites to manipulate data or steal information.
31
What is the purpose of a firewall?
To monitor and control incoming and outgoing network traffic based on security rules.
32
Describe a brute-force attack.
An attack that systematically tries all possible combinations to crack a password.
33
What is vulnerability management?
The process of identifying, prioritizing, and resolving vulnerabilities in systems.
34
What is social engineering?
Manipulating individuals to disclose confidential information or perform actions.
35
What is pharming?
Redirecting users from legitimate websites to malicious websites.
36
What is MAC address filtering?
Restricting network access based on device MAC addresses.
37
Describe a man-in-the-middle attack.
An attack where communication between two parties is intercepted by an unauthorized party.
38
What is spear phishing?
A targeted phishing attempt to steal sensitive information from specific individuals.
39
What is an advanced persistent threat (APT)?
A prolonged, targeted attack intended to steal data without detection.
40
Define privilege escalation.
Gaining elevated access within a system to perform unauthorized actions.
41
What is a buffer overflow?
An exploit where excess data overflows into adjacent memory locations.
42
What is encryption?
Encoding data to protect it from unauthorized access.
43
What does an Intrusion Detection System (IDS) do?
Detects and alerts on suspicious network activities.
44
What is session hijacking?
Taking control of an active session between a user and a server to gain unauthorized access.
45
What is banner grabbing?
Collecting information about a server’s software and version by connecting to it.
46
What is a vulnerability scan?
A scan that identifies security weaknesses in a system.
47
What is data leakage?
Unintentional transfer of data from within an organization to an external entity.
48
What is a rogue access point?
An unauthorized Wi-Fi access point set up to intercept traffic on a network.
49
What is an account lockout policy?
A policy that temporarily disables an account after several failed login attempts to prevent brute-force attacks.
50
What is whaling?
A phishing attack targeting high-profile individuals within an organization.
51
What is a botnet?
A network of compromised devices controlled remotely by an attacker.
52
What is IP spoofing?
Forging the IP address of a device to impersonate another device on the network.
53
What is a vulnerability assessment?
An assessment to identify and prioritize system weaknesses.
54
What is port scanning?
Scanning for open ports on a network to identify running services and potential vulnerabilities.
55
What is password spraying?
Attempting common passwords across many accounts in an organization.
56
What is a keylogger?
Malware that records keystrokes to capture sensitive information like passwords.
57
What is DNS poisoning?
Corrupting DNS records to redirect traffic to malicious sites.
58
What is spimming?
Spam directed at instant messaging users.
59
What is a SYN flood attack?
A type of DDoS that overwhelms a server by sending multiple SYN requests without completing the handshake.
60
What is ARP poisoning?
An attack that tricks devices on a network into sending data to an attacker by spoofing MAC addresses.
61
What is a denial of service (DoS) attack?
An attack that attempts to make a system or network resource unavailable to its users.
62
What is a drive-by download attack?
Malicious software is downloaded to a user's device without their knowledge when visiting a compromised website.
63
What is directory traversal?
An attack that gains unauthorized access to restricted directories on a server.
64
What is a distributed denial of service (DDoS) attack?
A DoS attack that uses multiple devices to flood a target with traffic.
65
Define malware.
Software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
66
What is an exploit?
Code or techniques used to take advantage of a vulnerability in a system.
67
What is defense in depth?
A layered security approach where multiple defenses are in place to protect resources.
68
What is network segmentation?
Dividing a network into smaller segments to limit access and enhance security.
69
What is the Zero Trust model?
A security model that assumes no network traffic is trusted, regardless of location.
70
Define microsegmentation in network security.
Dividing a network into very small segments to limit lateral movement of threats.
71
What is a demilitarized zone (DMZ)?
A network segment that acts as a buffer between internal and external networks.
72
What is cloud security?
Practices and technologies used to protect cloud-based assets and data.
73
What does SaaS stand for in cloud computing?
Software as a Service.
74
What does PaaS stand for in cloud computing?
Platform as a Service.
75
What does IaaS stand for in cloud computing?
Infrastructure as a Service.
76
What is virtualization?
Creating virtual versions of resources like servers and storage for efficient use.
77
What is a hypervisor?
Software that creates and manages virtual machines on a host system.
78
Define containerization.
A lightweight form of virtualization where applications run in isolated containers.
79
What is application isolation in cloud environments?
Ensuring that applications run in separate environments to prevent interference.
80
What is multi-tenancy in cloud computing?
Allowing multiple users to share the same physical infrastructure securely.
81
What is endpoint security?
Securing devices like laptops, desktops, and mobile devices that connect to a network.
82
What is a virtual private cloud (VPC)?
A private network segment within a public cloud provider.
83
Define secure access service edge (SASE).
A cloud architecture that combines WAN and network security functions.
84
What is network access control (NAC)?
A security measure that restricts network access based on policies.
85
What is an intrusion prevention system (IPS)?
A device that monitors network traffic to detect and prevent attacks.
86
What is an intrusion detection system (IDS)?
A system that monitors network traffic and alerts on suspicious activities.
87
What is an access control list (ACL)?
A set of rules that control network traffic based on IP address or protocol.
88
What is a firewall?
A device or software that monitors and controls incoming and outgoing network traffic.
89
Define endpoint detection and response (EDR).
A system to detect, investigate, and respond to suspicious activities on endpoints.
90
What is serverless computing?
A cloud model where application code runs on demand without managing servers.
91
What is encryption in transit?
Encrypting data as it moves between locations to protect it from interception.
92
What is encryption at rest?
Encrypting data stored on a device to protect it from unauthorized access.
93
What is a web application firewall (WAF)?
A firewall that filters, monitors, and blocks HTTP traffic to and from a web application.
94
What is a VPN concentrator?
A device that provides secure VPN connections for remote users.
95
What is the purpose of a load balancer?
To distribute network traffic across multiple servers for better performance and reliability.
96
Define application whitelisting.
Allowing only authorized applications to run on a network or device.
97
What is tokenization in data security?
Replacing sensitive data with unique identification symbols or tokens.
98
What is the role of identity and access management (IAM) in security?
Controlling user access and managing identities to secure systems.
99
What is data loss prevention (DLP)?
A technology to prevent unauthorized data exfiltration.
100
What is a reverse proxy?
A server that directs client requests to the appropriate backend server.
101
What is a network perimeter?
The boundary that separates an internal network from an external network.
102
What is the first phase in the incident response process?
Preparation.
103
What does the identification phase in incident response involve?
Detecting and identifying potential security incidents.
104
What is the purpose of the containment phase in incident response?
Isolating affected systems to prevent further damage.
105
What does the eradication phase entail in incident response?
Removing the cause of the incident and restoring systems.
106
What is the final phase of incident response?
Lessons Learned.
107
What is digital forensics?
The practice of collecting, analyzing, and preserving digital evidence for legal cases.
108
What is a Security Information and Event Management (SIEM) system?
A platform that aggregates and analyzes security event data in real time.
109
Define 'vulnerability management'.
The process of identifying, assessing, and mitigating security vulnerabilities.
110
What is a full backup?
A complete copy of all data, capturing everything in a system.
111
What is an incremental backup?
A backup that only includes data that has changed since the last backup.
112
What is a differential backup?
A backup that captures data changed since the last full backup.
113
What is forensic imaging?
Creating a copy of digital evidence that preserves its integrity for analysis.
114
What is chain of custody?
The documentation of the handling and storage of evidence from collection to court presentation.
115
What does log analysis in SIEM involve?
Reviewing system logs to detect and investigate suspicious activities.
116
What is vulnerability scanning?
Automated process of identifying security weaknesses in a system.
117
What is patch management?
The process of applying updates to software to fix vulnerabilities.
118
What is a recovery point objective (RPO)?
The maximum tolerable amount of data loss measured in time.
119
What is a recovery time objective (RTO)?
The maximum tolerable time to restore a system after an incident.
120
What is mean time to recovery (MTTR)?
The average time required to restore a system after a failure.
121
What does 'data retention policy' mean?
A policy that outlines how long data should be kept before deletion.
122
What is a honeypot?
A decoy system designed to attract and monitor potential attackers.
123
What is a security incident?
An event that may indicate a breach or threat to information security.
124
What is malware analysis?
The process of understanding the behavior and origin of a malware sample.
125
What is data integrity in backup and recovery?
Ensuring that data remains accurate and unaltered after backup and restore.
126
What is a forensic toolkit?
A collection of tools used in digital forensics to analyze evidence.
127
What is the purpose of a SIEM?
To monitor, analyze, and respond to security events across an organization.
128
What is privilege management?
Controlling and limiting user access levels within a system.
129
What is event correlation in SIEM?
Connecting events from multiple sources to identify suspicious patterns.
130
What is endpoint detection and response (EDR)?
A security solution focused on detecting and responding to threats on endpoints.
131
What is a hot site in disaster recovery?
A fully operational off-site location ready for immediate use.
132
What is a warm site?
A partially equipped site that can be made operational with some setup.
133
What is a cold site?
A backup site with infrastructure but no operational resources ready.
134
What is root cause analysis?
The process of identifying the underlying reason for a problem.
135
What is mean time between failures (MTBF)?
The average time between system or component failures.
136
What is threat hunting?
The proactive search for threats within a network.
137
What is a forensic investigator?
A specialist trained to analyze digital evidence in legal cases.
138
What is continuous monitoring?
Regular observation of network security to identify new risks.
139
What is a business continuity plan (BCP)?
A plan to ensure critical functions continue during and after a disruption.
140
What is an intrusion prevention system (IPS)?
A system that detects and blocks malicious activity in real-time.
141
What is vulnerability assessment?
A systematic review of security weaknesses in an information system.
142
What is an intrusion detection system (IDS)?
A system that monitors for and alerts on suspicious activities.
143
What is a security operations center (SOC)?
A centralized function that monitors, detects, and responds to security incidents.
144
What is data recovery?
The process of restoring data from a backup after a data loss event.
145
What is a playbook in incident response?
A set of instructions and guidelines for handling specific security incidents.
146
What is a penetration test?
An authorized simulated attack to identify vulnerabilities.
147
What is data exfiltration?
The unauthorized transfer of data from a system.
148
What is a kill chain?
A model that describes the stages of a cyber attack from planning to execution.
149
What is endpoint security?
Securing end-user devices such as laptops and mobile devices.
150
What is a SIEM log aggregation?
The process of collecting logs from various sources for analysis.
151
What is the goal of risk assessment?
To identify, assess, and prioritize risks to the organization.
152
What is a backup window?
A specific time period during which a backup operation is performed.
153
What is a differential backup?
A backup that captures all changes since the last full backup.
154
What is forensics in incident response?
The process of analyzing digital evidence to understand and contain an incident.
155
What is a forensic image?
A complete, exact copy of a drive or device, used for analysis.
156
What is log retention in SIEM?
The policy for how long logs should be stored before deletion.
157
What is a tabletop exercise in incident response?
A discussion-based drill to test the response plan against hypothetical scenarios.
158
What is threat intelligence?
Information about threats used to improve security posture.
159
What is information security governance?
The framework and processes to ensure effective information security management.
160
What is ISO/IEC 27001?
An international standard for managing information security.
161
What does PCI-DSS stand for?
Payment Card Industry Data Security Standard.
162
What is GDPR?
General Data Protection Regulation, a law for data protection and privacy in the EU.
163
What is the purpose of a business continuity plan (BCP)?
To ensure essential business functions continue during and after a disaster.
164
What is a disaster recovery plan (DRP)?
A plan for restoring systems and operations after a disaster.
165
What is risk assessment?
The process of identifying, assessing, and mitigating risks to information security.
166
What is risk assessment?
The process of identifying, analyzing, and evaluating risks to minimize impact.
167
Define compliance in cybersecurity.
Adhering to laws, regulations, and guidelines to protect data.
168
What is NIST?
National Institute of Standards and Technology, which provides security frameworks.
169
What is a risk management framework (RMF)?
A structured approach to manage security risks systematically.
170
What is the purpose of incident management?
To identify, manage, and resolve security incidents efficiently.
171
What is data classification?
Organizing data based on its sensitivity and impact if disclosed.
172
What does HIPAA regulate?
Health Insurance Portability and Accountability Act regulates health data privacy.
173
What is a data retention policy?
A policy specifying how long data should be stored and when it should be deleted.
174
Define access control policy.
A policy that determines who can access resources and under what conditions.
175
What is a security audit?
An examination of a system to ensure it meets security policies and standards.
176
What does SOX stand for in compliance?
Sarbanes-Oxley Act, regulating financial reporting and data security for companies.
177
What is a vulnerability assessment?
A process to identify, quantify, and prioritize security weaknesses.
178
What is a control in risk management?
A measure implemented to reduce or manage security risks.
179
What does CCPA stand for?
California Consumer Privacy Act, focused on data privacy rights for residents of California.
180
Define a data breach notification policy.
A policy outlining the steps to inform affected individuals in case of a data breach.
181
What is the role of a CISO?
Chief Information Security Officer responsible for managing an organization’s information security.
182
What is an acceptable use policy?
A policy defining acceptable behaviors and usage of IT resources.
183
What is change management?
A systematic approach to managing changes in an organization to minimize security risks.
184
What is IT governance?
A framework for aligning IT strategy with business goals while managing risks.
185
What is the COBIT framework?
A framework for managing and governing enterprise IT.
186
What is a risk register?
A document listing identified risks, their severity, and mitigation measures.
187
What is the purpose of a compliance audit?
To verify adherence to regulatory requirements and standards.
188
What is a Service Level Agreement (SLA)?
A contract that defines service expectations and responsibilities between a provider and client.
189
What is business impact analysis (BIA)?
A process to identify critical functions and evaluate the impact of disruptions.
190
What is a privacy impact assessment (PIA)?
An analysis to identify privacy risks associated with a project or system.
191
Define incident response policy.
Guidelines that outline how to detect, report, and manage security incidents.
192
What does the Sarbanes-Oxley Act (SOX) ensure?
It ensures accuracy in financial reporting and mandates data protection.
193
What is the function of ISO 27002?
It provides best practice guidelines for information security controls.
194
What is due diligence in security?
The legal obligation to take reasonable measures to protect data.
195
What is a Memorandum of Understanding (MOU)?
An agreement between parties outlining terms but without legal enforceability.
196
What is the COSO framework?
A framework for enterprise risk management, focusing on internal control.
197
What does continuous improvement entail in governance?
An ongoing effort to enhance security policies and risk management practices.
198
What is a third-party risk assessment?
Evaluating the security practices of vendors to ensure they meet compliance standards.
199
What is the purpose of internal audits?
To assess the effectiveness of security controls and identify areas for improvement.
