Week 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

Physical social engineering:

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Computer virus:

Malicious code written to interfere with computer operations and cause damage to data and software

What were the key impacts of the Equifax breach? Select two answers. - The significant financial consequences of a breach became more apparent. - Millions of customers' PII was stolen. - Phishing became illegal due to significant public outcry. - Developers were able to track illegal copies of software and prevent pirated licenses.

The key impacts of the Equifax breach were that millions of customers' PII were stolen and that the significant financial consequences of a breach became more apparent.

Authentication:

The process of verifying who someone is

Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply. - Employees inadvertently revealing sensitive data - Theft of the organization's hardware - Malicious software being deployed - Overtaxing systems with too many internal emails

Employees inadvertently revealing sensitive data Malicious software being deployed

Fill in the blank: Examples of security _____ include security and risk management and security architecture and engineering. - assets - domains - data - networks

Examples of security domains include security and risk management and security architecture, and engineering

Virus:

refer to "computer virus"

Fill in the blank: A computer virus is malicious _____ that interferes with computer operations and causes damage. - code - sequencing - formatting - hardware

A computer virus is a malicious code that interferes with computer operations and causes damage. A virus is a type of malware.

Spear phishing:

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Social engineering:

A manipulation technique that exploits human error to gain private information, access, or valuables

Physical attack:

A security incident that affects not only digital but also physical environments where the incident is deployed

Adversarial artificial intelligence (AI):

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

USB baiting:

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Cryptographic attack:

An attack that affects secure forms of communication between a sender and intended recipient

Supply-chain attack:

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Password attack:

An attempt to access password secured devices, systems, networks, or data

Hacker:

Any person or group who uses computers to gain unauthorized access to data

Fill in the blank: A _____ is malicious code written to interfere with computer operations and cause damage to data. - software breach - spyware attack - computer virus - business disruption

Computer virus

Which of the following tasks may be part of the identity and access management domain? Select all that apply. - Controlling physical assets - Conducting security control testing - Ensuring users follow established policies - Setting up an employee's access keycard

Controlling physical assets Ensuring users follow established policies Setting up an employee's access keycard

What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers? - Morris worm - Equifax breach - Brain virus - LoveLetter attack

Equifax breach

Fill in the blank: Social engineering is a manipulation technique that exploits _____ error to gain access to private information. - network - human - computer - coding

Human

Which of the following tasks may be part of the asset security domain? Select all that apply. - Securing digital and physical assets - Proper disposal of digital assets - Ensuring users follow established policies - Data storage and maintenance

Securing digital and physical assets Proper disposal of digital assets Data storage and maintenance

A security professional receives an alert that an unknown device has connected to their organization's internal network. They follow policies and procedures to quickly stop the potential threat. Which domain does this scenario describe? - Security operations - Asset security - Security and risk management - Identity and access management

Security Operations

A security professional is researching compliance and the law in order to define security goals. Which domain does this scenario describe? - Identity and access management - Security assessment and testing - Security and risk management - Security architecture and engineering

Security and risk management

A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe? - Security architecture and engineering - Identity and access management - Communication and network security - Security and risk management

Security architecture and engineering

Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities? - Communication and network security - Identity and access management - Security and risk management - Security assessment and testing

Security assessment and testing

Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables. - True - False

Social engineering, such as phishing, is a manipulation technique that relies on human error (not computer error) to gain private information, access, or valuables.

Malware:

Software designed to harm devices or networks

Your supervisor asks you to audit the human resources management system at your organization. The objective of your audit is to ensure the system is granting appropriate access permissions to current human resources administrators. Which security domain is this audit related to? - Software development security - Security operations - Identity and access management - Security assessment and testing

This is related to security assessment and testing, which often involves regular audits of user permissions to ensure employees and teams have the correct level of access.

Why is it useful to understand the eight CISSP security domains? Select two answers. - To improve your communication skills - To develop programming skills - To better understand your role within an organization - To identify potential career opportunities

Understanding the eight CISSP security domains can help you identify potential career opportunities and better understand your organizational role.

Watering hole attack:

A type of attack when a threat actor compromises a website frequently visited by a specific group of user

Social media phishing:

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Business Email Compromise (BEC):

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

What is one way that the Morris worm helped shape the security industry? - It prevented the development of illegal copies of software. - It made organizations more aware of the significant financial impact of security incidents. - It led to the development of computer emergency response teams. - It inspired threat actors to develop new types of social engineering attacks.

The Morris worm helped shape the security industry because it led to the development of computer emergency response teams.

Vishing:

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Phishing:

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

A security professional is responsible for ensuring that company servers are configured to securely store, maintain, and retain SPII. These responsibilities belong to what security domain? - Asset security - Communication and network security - Security and risk management - Security architecture and engineering

These responsibilities are part of the asset security domain. This domain focuses on managing and securing digital and physical assets.


Conjuntos de estudio relacionados

Texas Govt. Unit 2 Test Review Chapters 6-9

View Set

EMT Chapter 18: Altered Mental Status, Stroke, and Headache

View Set

marketing chapter 11-pricing strategies

View Set

Parenting: The Role of Mothers and Fathers

View Set

Quantum Mechanics and Atomic Physics

View Set