Google Cybersecurity
The steps in Risk Management Framework are:
1. Prepare 2. Organize 3. Select 4. Implement 5. Asses
Network protocol analyzer (packet sniffer)
A tool designed to capture and analyze data traffic within a network
Security Architecture
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
Physical social engineering
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
USB baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network
asset
An item perceived as having value to an organization
Linux
An open-source operating system
Security posture
An organization's ability to manage its defense of critical assets and data and react to change
Database
An organized collection of information or data
Threat
Any circumstance or event that can negatively impact assets
Separation of Duties
Critical actions should rely on multiple people, each of whom follow the principle of least privilege.
A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?
Defense in depth
Which of the following statements accurately describe risk? Select all that apply.
Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved. Assets with SPII, PII, or intellectual property are examples of high-risk assets.
Fill in the blank: _____ identify, analyze, and preserve criminal evidence within networks, computers, and electronic devices.
Digital Forensics Investigators
True or False: Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.
False. It relies on human error.
A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?
Financial
Security Ethics
Guidelines for making appropriate decisions as a security professional
What are the key impacts of threats, risk and vulnerabilities?
Identity Theft, Financial damage, and Damage to reputation
A security analyst verifies users and monitors employees' login attempts. The goal is to keep the business's assets secure. Which security domain does this scenario describe?
Identity and Access Management
What are examples of sensitive personally identifiable information (SPII) that cybersecurity professionals need to protect?
Medical Records and Bank Account #'s
Protecting and Perserving Evidence
The process of properly working with fragile and volatile digital evidence
Health Insurance Portability and Accountability Act (HIPAA)
A U.S. federal law established to protect patients' health information
Internal threat
A current or former employee, external vendor, or trusted partner who poses a security risk
Whaling
A form of spear phishing during which threat actors target executives in order to gain access to sensitive data
Ransomware
A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access
Spear Phishing
A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source
Virus
A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data
Social engineering
A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data
Confidentiality, Integrity and Availability CIA TRIAD
A model that helps inform how organizations consider risk when setting up systems and security policies
Hacktivist
A person who uses hacking to achieve a political goal
Programming
A process that can be used to create a specific set of instructions for a computer to execute tasks
SQL (Structured Query Language)
A programming language used to create, interact with, and request information from a database
Log
A record of events that occur within an organization's system
Order of Volatitlity
A sequence outlining the order of data that must be preserved from first to last
Malware
A software designed to harm devices or networks
antivirus software
A software program used to prevent, detect, and eliminate malware and viruses
Data Point
A specific piece of information
Sensative Personal Identifiable Information (SPII)
A specific type of PII that falls under stricter handling guidelines
Sensitive personally identifiable information (SPII)
A specific type of PII that falls under stricter handling guidelines
What is a vulnerability?
A weakness that can be exploited by a threat
Security Information and Event Management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
Intrusion Detection System
An application that monitors system activity and alerts on possible intrusions
Social media phishing
An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack
Watering hole attack
An attack in which a threat actor compromises a website frequently visited by a specific group of users
Business email compromise (BEC)
An attack in which a threat actor impersonates a known source to obtain a financial advantage
Personally identifiable information (PII)
Any information used to infer an individual's identity
Threat actor
Any person or group who presents a security risk
How do organizations use security frameworks to develop an effective security posture?
As a guide to reduce risk and protect data and privacy
Minimize attack surface area
Attack surface refers to all the potential vulnerabilities a threat actor could exploit.
In the Risk Management Framework (RMF), which step notes the importance of being accountable for potential risks and may involve generating reports or developing plans of action?
Authorize
You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them?
Availability
What are some of the primary objectives of an internal security audit? Select three answers.
Avoid fines due to a lack of compliance, Help security teams identify organizational risks, Improve security posture
Keep Security Simple
Avoid unnecessarily complicated solutions. Complexity makes security difficult.
Which of the following examples are key focus areas of the security and risk management domain? Select three answers.
Be in compliance, Define security goals and objectives, Mitigate risk
Security posture refers to an organization's ability to react to _____ and manage its defense of critical assets and data.
Change
A security analyst performs an internal security audit. They review their company's existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?
Completing a control assessment
Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.
Conducting a risk assessment
Fill in the blank: A security professional uses _____ to convert data from a readable format to an encoded format.
Encryption
What were the key impacts of the Equifax breach?
Equifax breach: peoples credit information out there. Led to: The significant financial consequences of a breach became more apparent. Millions of customers' PII was stolen.
Fail Securely
Fail securely means that when a control fails or stops, it should do so by defaulting to its most secure option. For example, when a firewall fails it should simply close all connections and block all new ones, rather than start accepting everything
Security Frameworks
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Information that is protected by regulations or laws isa ___. If it is compromised there is likely to be a severe negative impact on a organizations finances, operations or reputation
High- risk asset
What is the goal of business continuity?
Maintain everyday productivity
Spyware
Malicious software installed on a user's computer without their permission, which is used to spy on and steal user data
Worm
Malware that self-replicates, spreading across the network and infecting computers
Don't Trust Services
Many organizations work with third-party partners. These outside partners often have different security policies than the organization does. And the organization shouldn't explicitly trust that their partners' systems are secure. For example, if a third-party vendor tracks reward points for airline customers, the airline should ensure that the balance is accurate before sharing that information with their customers.
. What are the primary responsibilities of an entry-level security analyst? Three answers.
Monitory systems, search for weaknesses, protect information
What is one way that the Morris worm helped shape the security industry?
Morris worm: speed to computer to computer to count how many people were using the internet. It led to the development of computer response teams.
Defense In Depth
Organizations should have varying security controls that mitigate risks and threats.
Which of the following characteristics are examples of biometrics? Select all that apply.
Palm scan, Fingerprint, Eye scan
When working in the software development security domain, which of the following are tasks that security team members may complete during various phases of the software development lifecycle? Select three answers
Perform penetration testing, Conducting secure code reviews, Initiating a secure design review
What are the key areas of focus in the security assessment and testing domain? Select three answers.
Perform security audits, Conduct security control testing, Collect and analyze data
Security Governance
Practices that help support, define, and direct security efforts of an organization
Security Controls
Safeguards designed to reduce specific security risks
Fill in the blank: Performing _____ enables security professionals to review an organization's security records, activities, and related documents.
Security audits
Which log source records events related to websites, emails, and file shares, as well as password and username requests?
Server
What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?
Shared responsibility
Transferable skills
Skills from other areas that can apply to different careers
Technical skills
Skills that require knowledge of specific tools, procedures, and policies
What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.
Strategies for improving security postures, Compliance regulations to adhere to, Results and Recommendation
Which of the following statements accurately describe the CSF? Select all that apply.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
Privacy Protection
The act of safeguarding personal information from unauthorized use
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Availability
The idea that data is accessible to those who are authorized to access it
Confidentiality
The idea that only authorized users can access specific assets or data
Integrity
The idea that the data is correct, authentic, and reliable
Cybersecurity (or security)
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Network security
The practice of keeping an organization's network infrastructure secure from unauthorized access
Compliance
The process of adhering to internal standards and external regulations
Cloud security
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Avoid Security by Obscurity
The security of key systems should not rely on keeping details hidden. Consider the following example from OWASP (2016): The security of an application should not rely on keeping the source code secret. Its security should rely upon many other factors, including reasonable password policies, defense in depth, business transaction limits, solid network architecture, and fraud and audit controls.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Establish Secure Defaults
This principle means that the optimal security state of an application is also its default state for users; it should take extra work to make the application insecure.
Principle of least privilege
Users have the least amount of access required to perform their everyday tasks.
Fix Security Issues Correctly
When security incidents occur, identify the root cause, contain the impact, identify vulnerabilities, and conduct tests to ensure that remediation is successful.
Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage.
code
Fill in the blank: Cybersecurity is the practice of ensuring _____ by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.
confidentiality, integrity, and availability of information
Protected Health Information (PHI)
nformation that relates to the past, present, or future physical or mental health or condition of an individual
