Threats and Vunerabilities

Question 1

Risk

Answer 1

Anything that can impact the confidentiality, integrity or availability of an asset

Question 2

Asset

Answer 2

an item perceived as having value to an organization.

Question 3

Threat

Answer 3

any circumstances or event that can negatively impact assets.

Question 4

Vulnerability

Answer 4

a weakness that can be exploited by a threat.

Question 5

Asset management

Answer 5

the process of tracking assets and risk that affect them

Question 6

asset inventory

Answer 6

a catalog of assets that need to be protected

Question 7

asset classification

Answer 7

the practice of labeling assets based on sensitivity and importance to organization

Question 8

level of asset classification

Answer 8

1. Public
2. Internal
3. Confidential
   4.Restricted

Question 9

Data

Answer 9

is information that is translated, processed, or stored by a computer.

Question 10

States of data

Answer 10

1. in use
2. In transit
3. At rest

Question 11

data in use

Answer 11

is data being accessed by one or more user

Question 12

data in transit

Answer 12

data traveling from one point to another

Question 13

data at rest

Answer 13

data not currently being accessed

Question 14

information security (infoSec)

Answer 14

The practice of keeping data in all states away from unauthorized users.

Question 15

Type of risk categories

Answer 15

1. Damage
2. Disclose
3. Loss of information

Question 16

Elements of a security plan

Answer 16

1.Polices
2. Standards
3. Procedures

Question 17

Policy

Answer 17

a set of rules that reduce risk and protect information

Question 18

Standards

Answer 18

references that inform how to set policies

Question 19

procedures

Answer 19

step by step instructions to perform a specific security task

Question 20

Ccompliance

Answer 20

the process of adhering to internal standards and external regulations

Question 21

regulations

Answer 21

rules set by a government or other authority to control the way something is done.

Question 22

NIST Cybersecurity Framework (CSF)

Answer 22

a voluntary framework that consist of standards, guidelines and best practices to manage cybersecurity risk.

Question 23

NIST CSF frameowkrs

Answer 23

1. Core
2. Tiers
3. Profiles

Question 24

Five functions of the NIST CSF

Answer 24

1. Identify
   2.Protect
2. Detect
3. Respond
4. Recover

Question 25

Security controls

Answer 25

safeguards designed to reduce specific security risk.

Question 26

Type of security controls

Answer 26

1. Technical 2. Operational 3.Managerial

Question 27

Information Privacy

Answer 27

the protection of unauthorized access and the distribution of data.

Question 28

principle of least privilege

Answer 28

the concept of granting only the minimal access and authorization required to complete a task or function.

Question 29

data owner

Answer 29

The person who decides who can access, edit, use or destroy their information.

Question 30

Data Life Cycle

Answer 30

1. Collect 2. Store 3. Use 4. Archive 5. Destroy

Question 31

Information privacy

Answer 31

refers to the protection of unauthorized access and distribution of data.

Question 32

Information security (InfoSec)

Answer 32

refers to the practice of keeping data in all states away from unauthorized users.

Question 33

Personally identifiable information (Pii)

Answer 33

Any information that can be used to infer and individual identity

Question 34

Cryptography

Answer 34

the process of transforming information into a form that unintended readers cant understand

Question 35

algorithm

Answer 35

a set of rules used to solve problems.

Question 36

cipher

Answer 36

an algorithm that encrypts information

Question 37

cryptographic key

Answer 37

a mechanism that decrypts cipher text

Question 38

Brute force attack

Answer 38

a trial and error process of discovering private information.

Question 39

Public Key Infrastructure (PKI)

Answer 39

an encryption framework that secures the exchange of information online

Question 40

Public key infrastructure process

Answer 40

1.exchange of encrypted information 2. establishing trust by using a system of digital certificates.

Question 41

asymmetric encryption

Answer 41

The use of public and private key pair for encryption and decryption of data

Question 42

symmetric encryption

Answer 42

the use of a single secret key to exchange information.

Question 43

digital certificates

Answer 43

a file that verifies the identity of a public key holder.

Question 44

hash function

Answer 44

an algorithm that produces a code that cant be decrypted

Question 45

non- repudiation

Answer 45

the concept that the authenticity of information can't be denied.

Question 46

access controls

Answer 46

security controls that manage access, authorization, and accountability of information.

Question 47

AAA framework

Answer 47

1. Authentication 2. Authorization 3. Accounting

Question 48

Factors of authentication

Answer 48

1.Knowledge:something the user knows 2.Ownership: something the user possesses 3.Characteristic: something the user is

Question 49

Single sign-on (SSO)

Answer 49

a technology that combines several different logins into one.

Question 50

Multi Factor Authentication

Answer 50

A security measure which requires a user to verify their identity in two or more ways to access a system or network

Question 51

Separation Of Duties

Answer 51

The principle that users should not be given levels of authorization that would allow them to misuse a system

Question 52

basic auth

Answer 52

The technology used to establish a user's request to access a server.

Question 53

OAuth

Answer 53

An open standard authorization protocol that shares designated access between applications

Question 54

API Token

Answer 54

A small block of encrypted code that contains information about a user.

Question 55

session

Answer 55

A sequence of network HTTP basic auth requests and responses associated with the same user.

Question 56

session ID

Answer 56

a unique token that identifies a user and device while accessing the system

Question 57

session cookie

Answer 57

a token that websites use to validate a session and determine how long that session should last

Question 58

session hijacking

Answer 58

An event when attackers obtain a legitimate user's session ID

Question 59

Exploit

Answer 59

A way of taking advantage of a vulnerability.

Question 60

Vulnerability Management

Answer 60

The process of finding and patching vulnerabilities

Question 61

What are the 4 steps of Vulnerability Management?

Answer 61

1. Identify Vulnerability 2. Consider potential exploits 3. Prepare defense against threats 4. Evaluate those defenses.

Question 62

Zero day exploit

Answer 62

An exploit that was previously unknown.

Question 63

Defense in depth

Answer 63

a layer approach to vulnerability management that reduce risk.

Question 64

defense in depth strategy

Answer 64

1. Perimeter layer 2. Network Layer 3. Endpoint Layer 4. Application Layer 5. Data Layer

Question 65

exposure

Answer 65

a mistake that can be exploited by a threat

Question 66

Common Vulnerabilities and Exposure List (CVE List)

Answer 66

An openly accessible dictionary of known vulnerabilities and exposure

Question 67

MITRE

Answer 67

A collection of non profit research and development centers.

Question 68

CVE numbering authority (CNA)

Answer 68

An organization that volunteers to analyze and distribute information on eligible CVEs

Question 69

CVE list criteria

Answer 69

1. Independent of other issues 2. Recognized as a potential security risk 3. Submitted with supporting evidence 4. Only effect one codebase

Question 70

Common Vulnerability Scoring system (CVSS)

Answer 70

A measurement system that scores the severity of a vulnerability

Question 71

Vulnerability Assessment

Answer 71

The internal review process of an organizations security system.

Question 72

Vulnerability assessment process

Answer 72

1. Identification 2. Vulnerability analysis 3.Risk assessments 4.Remediation

Question 73

What is a vulnerability scanner?

Answer 73

A vulnerability scanner is software that automatically compares known vulnerabilities and exposures against the technologies on the network. In general, these tools scan systems to find misconfigurations or programming flaws.