Cybersecurity 1B Midterm and Final Study guide
Just as the hunters and gatherers of long ago knew how to read their landscape for danger, we too must observe our online surroundings with the same degree of caution and good judgment.
True
collision
a situation where two inputs have the same output
attack signature
a unique of digital information left behind, like a fingerprint
attack tree
a visual tree-like design illustrating the stages of an attack
internal threats
breaches coming from inside security perimeters
vectors
directions providing information about the profile of a system's vulnerabilities
black hats
hackers looking to crack a locked system and gain illegal entry
When the term ethics is applied to online behavior and etiquette, the correct or acceptable way of communicating is known as what?
netiquette
subnetworks
networks divided into two or more
attack vectors
paths by which a system can be threatened
The Ten Commandments of Computer Ethics was created by the Computer Ethics Institute, a forum dedicated to doing what?
providing a moral compass for information technology
Advanced training in the area of computer forensics is still not part of the core education for most police academies, which means the practice of collecting digital evidence is what?
still a work in progress
Why were protocols using cryptography like Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) developed?
to keep web browsing safe when moving between websites
About how much money is lost in productivity each year due to the time people spend deleting unwanted spam emails?
$2 billion
When did security experts begin using red team/blue team simulation exercises as a way to test IT systems more effectively?
1990s
According to experts, what percentage of the online information stored on the internet is actually accessible through search engines serving the general public?
4%
The number of sexual predators and online offenses has more than doubled in the last three years, with more than what percentage of that crime originating from social networking sites?
82 percent
What feature found in most modern-day cars has the potential to allow hackers to remotely gain control of a person's car when they are driving it?
Bluetooth and other internet-connected features
What U.S. government agency is tasked with keeping the public safe through anti-terrorism measures, border security, immigration, disaster prevention, and cybersecurity?
Department of Homeland Security (DHS)
A serious breach in online security can have a major impact on all areas of life, but only online, not in the real world.
False
Artificial intelligence has made spotting potential insider threats much more difficult.
False
Authentication measures the number of times an attacker successfully proves their identity to a target in order to protect their vulnerabilities.
False
Black hats find vulnerabilities that someone with bad intentions might try to exploit, and they report these back to the company rather than stealing data right then and there.
False
Computer incidents are always intentional and are never the product of human error or natural disaster.
False
Even though technology and the internet are growing, it is unnecessary for us to sacrifice any of our personal information in order to partake in what's happening online.
False
Evidence of any special skills like writing, public speaking, or leadership are irrelevant and should be left out of your portfolio and should not be included on your resume.
False
Hackers and cybercriminals who commit crimes almost always wear masks and carry guns, very similar to an old-fashioned bandit.
False
Hacking for the purpose of leaking data found in private systems is harmless and incapable of creating chaos.
False
In order to work as an ethical hacker, you must receive a formal education like a Master's degree in Ethical Hacking.
False
It is not necessary to take a virtual look around and assess what you see when entering a new domain in cyberspace.
False
Now more than ever, laws have nothing to do with what you do online.
False
One infected computer, somewhere thousands of miles from your own, does not have the power to negatively affect everyone's shared digital ecosphere.
False
People may take out insurance for information systems in order to transfer risk to a third party, rather than bearing it entirely on their own which makes the risk a bit more significant.
False
Steganography methods are never used together with encryption because making a user find the well-hidden information and then try to figure out what it means would be far too complicated.
False
Steve Jobs allegedly dabbled in both black and white hat activities during his time behind the screen, which is ultimately why he was arrested in 2017 at an IT conference.
False
The initial step part of developing your cybersecurity plan involves tracking progress and accurately identifying the strengths and weaknesses of your plan.
False
The reason why Aaron's Law and many others have not yet been enacted is a clear sign of just how slowly the problem of cybercrime is growing.
False
Things like authentication, integrity, and access are just cyber ideas floating out in the virtual world; they are not legitimate tools for fighting back against cyberattacks.
False
Very few to no white hats live in fear that their contributions to cybersecurity's well-being might somehow be misinterpreted by authorities investigating any unrelated criminal activity.
False
When developing an IRP, it's not important to define exactly what different words mean when describing a breach in security.
False
While older people are usually motivated to behave out of a fear of punishment, younger kids must connect personally to the rewards of ethical behavior and grasp the importance of making good choices in a more authentic way.
False
With encrypted message sending, devices on both ends will always have very different public and private keys; these always change between messages.
False
You should always be very commercial and generic in your depiction of yourself on your resume.
False
Your actions as a user are happening inside of the OS in the real, tangible world, while the digital actions happening behind your screen are taking place outside the OS.
False
What do we call a standard that enables public key encryption to protect emails and enables the Standard Mail Transfer Protocol (SMTP) to accept non-plain text attachments, such as images or audio files in email messages?
Secure Multipurpose Internet Mail Extension (S/MIME)
Pamela works in InfoSec, detecting and preventing cyber threats for her organization by finding infrastructure weaknesses, including software, hardware, and networks, and then protecting them through a variety of security measures. Pamela is a highly valued expert who is also tasked with planning and implementing all security approaches, establishing clear protocols to protect data, maintaining secure access only, and performing vulnerability testing and risk analyses. What is Pamela's job title?
Security Analyst
Charlotte works in InfoSec as a senior level employee. She is responsible for building and caring for the entire computer and network security through the design of an effective infrastructure. Essentially, Charlotte works to form a picture of her organization's IT needs, so they can create the right structure to house and protect it. What is Charlotte's job title?
Security Architect
Michael works in a senior-level InfoSec position where he tries to enhance the security of his organization by overseeing how IT measures are put into place and handled, as well as directing the way various resources are designed, managed, and shared, making sure everyone involved has the appropriate level of understanding and ability. What is the title of Michael's position?
Security Director
Although the fundamental theory of exchange was first applied to crimes of humanity, its basic principles can also be applied to technology and the investigation of cybercrime.
True
Approximately 71 percent of cyberattacks these days come from outside forces.
True
By identifying up front which files are corrupted and which are not, the data pool is reduced considerably.
True
By placing a system - like a firewall, switch, network device, server, workstation, or application - under a microscope and looking at it in every possible way, including how it interacts with its digital environment, all attack vectors become clearer.
True
Cyberattacks have recently become so sophisticated, they often combine many traditional exploits to create newer, better ones.
True
Cybercriminals often send out spam emails to obtain passwords, credit card numbers, or bank account details through the information they receive in an email.
True
Emails, texts, instant messages, transactions, images, and internet histories are examples of information that can be gathered and used effectively as evidence.
True
Ethical hacking is most commonly seen in the federal government and in large companies where information security can mean the difference between peaceful operations and a full-blown crisis.
True
Everything you share online, even if it is just among "friends," can easily become public in some way or another.
True
Hackers use software, data, or special commands in the form of code to attack these security holes and gain control over a computer system, access private information, create a denial of service situation, or some other similarly-styled attack.
True
If you are not conscious of the information you are sharing day after day after day, you could very well be giving a complete stranger all the tools they need to engineer the perfect social exploit, tailor-made just for you.
True
Just like the days of old, when enemies were defeated through awareness and skill, concerned users must continue their search for new ways to protect themselves using the resources, expertise, and knowledge available in the digital world today.
True
Many bits of smaller data can be put together to craft a larger understanding of more important and valuable information.
True
Paired with a VPN, Tor provides anonymity for the user whose data is encrypted and cannot be monitored by an external observer.
True
Salting the password brings back the uniqueness, just like table salt brings back flavor.
True
Source code is a collection of computer instructions written in readable programming language.
True
The baiting method should serve as a reminder that security is always about knowing who and what to trust.
True
The practice of CF collects, analyzes, and safeguards digital data involved in a security breach, as well as reports on any evidence it finds.
True
The process of trail obfuscation seeks to confuse or divert a forensic examination, so it loses the trail of the criminal.
True
The truth is that "unbreakable" security gets broken all the time, so perhaps the term "security" really means "secure until it's not."
True
The values, ideals, virtues, and standards we uphold as people dictate a lot of who we are, what we do, and why we do it.
True
Today, we can drop bombs from thousands of feet in the air and launch attacks on whole nations through the use of a computer keyboard.
True
Secret Service
U.S. agency focuses on identifying and locating international cyber criminals connected to varous online attacks around the world
Department of Homeland Security (DHS)
U.S. government agency tasked with keeping the public safe through anti-terrorism measures, border security, immigration, disaster prevention, and cybersecurity
After being the victim of a smishing incident, Terrell has decided to take some mobile precautions. What type of mobile precautions might Terrell take in order to secure and encrypt any communications transmitted between his mobile device and the internet?
VPNs and Wi-Fi Privacy
Future Business Leaders of America (FBLA)
a U.S. student-run career organization that connects business ad education to nation programming
To protect from rainbow table attacks and other brute force techniques, passwords are often 'salted' after they are hashed; what is salt?
a bit of randomized data inserted into a password so that the password is more likely to create a unique hash
computer forensics (CF)
a branch of science relating to devices, such as computers
shareware
a brand or propriety software which is initially free to users
What happens when a hacker uses a computer program to systematically run through a list of potential passwords until it can log in?
a brute force attack
darknet
a computer network with restricted access used mainly for underground activity
scanner
a device for examining, reading, or monitoring something
U.S. Computer Emergency Readiness Team
a federal department specifically dedicated to analyzing and reducing cyber threats and weakness
smishing
a form a phishing that happens over a text message
birthday attacks
a function that allows hackers to work out just how many options they need in a set to find collision
incident
a malicious event caused by something a person has done, leading to a disruption of services
handle
a nickname
Jamal is working on tracking, capturing, and examining data as part of a forensic investigation. While Jamal works with this problematic data, he needs to use an approved forensic toolkit and work on this data in what kind of system?
a non-infected system
alert
a notification that a particular event, or series of events, has occurred
What type of attack happens when a system is monitored or scanned for vulnerabilities by sitting back and gathering information before launching an exploit and is often used to plan an upcoming active attack?
a passive attack
portfolio
a personalized collection of materials used to market professional capabilities and illustrate job readiness
packet sniffer
a program that detects passwords and other sensitive information
What must the sending device generate in order to send an encrypted message?
a random encryption key that can only be used once for that specific message
Once a threat is set up to exploit your vulnerability, what develops as a result?
a risk
When a breach of some kind is detected (or occurs), what will the operations department of the DHS create?
a specially-made product outlining the problem and a viable solution
Secure Multipurpose Internet Mail Extension (S/MIME)
a standard that enables public key encryption to protect emails
rainbow table
a table with a huge set of precomputed hash function inputs and corresponding outputs
botnet
a whole network of compromised computers under the control of malicious actors=
resume
a written document containing the summary of your educational background and relative work experience
Even though it may feel like every single thing in this world can be found on the internet, in reality, Google has only indexed how much data?
about 200 terabytes of data, which translates into a mere 0.004 percent of the total internet
Sharing your personal computer or other electronic device with someone else, even a friend, has risks; that person might be able to access or modify some of your personal data. When you decide to go ahead and loan them your device, what approach are you taking to the perceived risk?
accepting it
What does free software like Tor provide for users?
access to an open network that exists outside of the world wide web
What metric shows you how a vulnerability is exploited through physical proximity?
access vector
During pentesting, once automated tools have identified a target, the user can switch to manual assessment in order to do what?
actively exploit the vulnerability
Darryl is using an attack tree to illustrate an attack that he is formulating with the ultimate goal of the attack being breaking into a bank safe. He places this goal at the top of the attack tree and uses the rest of the tree to illustrate what?
all of the possible ways his goal might be achieved
What does electromagnetic shielding use to isolate and protect electrical devices from outside currents and waves?
alloy materials like sheet metal, screens, or metal foam
zero-day exploit
an attack facilitated by undiscovered flaw in computer software that can be exploited quickly before the user has a chance to apply a patch
remote exploit
an attack that connects to the machine through an off-site network
local exploit
an attack that requires prior access to the system
certification
an official document attesting to your level of study and achievement
incident response plan (IRP)
an organized and already established approach to handling the fallout of a security breach or attack
In February 2017, during a project on game theory, AI showed aggression when it came close to losing, showing that AI has the ability to get what?
angry
What term refers to "anti" efforts that attempt to ruin and negate any electronic evidence that may exist, making these the natural enemy of crime-solving CF?
anti-computer forensics
Law enforcement agencies around the country (and the world) do their part to safeguard cyberspace through investigating what?
any reported computer crimes
Before the incredible level of access and connectivity that we have today with the internet, how would people generally find information?
at the library
Jennifer is developing a preventative strategy to help protect her online assets. She is currently working on considering all of the paths by which her system could be threatened so that she can properly defend these paths. What term describes what Jennifer is currently considering?
attack vectors
programmable logic controllers (PLCs)
automated actions for systems like assembly lines or robotic devices
What type of testing does not need human expertise, can be overseen by a person with minimal knowledge of the field, and is faster, more efficient, and less reliable because it is conducted by a computer?
automatic pentesting
You want to download a game app that looks really fun, but it's not in the official App Store. When you start to click through the download process, you realize it is also asking you to accept to give it access to contact information and other potentially personal data on your phone. You decide against downloading the game. What response to risk is described in this situation?
avoiding it
Applications that allow for remote access to computers are particularly susceptible to what kind of attacks due to the fact that they enable hackers to leverage undiscovered or secret methods with the goal of bypassing normal authentication systems?
backdoor attacks
The United States rolled out a $25 million dollar grant to support increased educational efforts in cybersecurity in 2015. Why was this a pivotal moment for virtual crime-fighters?
because it acknowledged the government's commitment to fighting cyberattacks with solid financial investment
As the internet continued to evolve into Web 2.0, why did perpetrators begin to view web applications as high-priority targets?
because the complexity of their source codes made locating vulnerabilities easier
Why did researchers from the U.S. Naval Laboratory originally create Tor?
because they needed to find ways to communicate freely without fear of detection
Why are behaviors and responses, like when we act on impulse or out of instinct, considered "bugs" or weaknesses in the human system?
because we can't necessarily control them
What type of testing method investigates areas of the internal structure, design, and implementation that have not been clearly identified?
black box testing
What are people looking to exploit the system for personal gain referred to as?
black hats
Even if the application you are using to protect yourself is basically secure, poor or irresponsible stewardship of your information can lead to what?
breaches in the increased security you are trying to foster
When including work samples in your portfolio, you should make sure that each sample includes a what?
brief description
Toby has been working on collecting tidbits over the past year from a financial firm's trash in an effort to eventually break into their system. Even though the financial firm has strict restrictions on access to their trash, Toby has been able to bypass these restrictions. How has Toby most likely done this?
by posing as a waste management collector looking to fix the dumpster or collect the debris
How does Tor aim to protect users?
by separating identification and routing and randomly bouncing communications through from hub to hub
How might time during the initial step of developing your new cybersecurity routine feel?
chaotic and unclear
hierarchy
classification according to importance and effect
chain of evidence
clues gathered through the forensic process to be presented in a legal setting
source code
collection of computer instructions written in readable programming language
Given the potential for a real career, there are plenty of organizations who encourage young hackers to learn more through what?
competitions, special educational programs, and online challenges
cybersecurity bootcamps
comprehensive, practical programs for launching a career in the field
ethical hackers
computer experts who use their vast knowledge and skill to beat black hats at their own game
terms of use
conditions under which someone can utilize the aspects of a product or service
risk assessment
considering the methods available for breaching a system
Jannah is a member of a special cyber incident response team (CIRT). Her team is currently working on a step in incidence response that involves disconnecting all affected systems and devices, thereby minimizing the damage. What step is Jannah's team currently working on in incidence response?
containment
payload
contents of a communication
netiquette
core rules regarding acceptable online behavior
If the rules surrounding online privacy were strictly maintained and observed, there would be no need for what?
cybersecurity
bug bounty programs
cybersecurity competitions used to earn money and a reputation
automated penetration testing (pentesting)
data collection, vulnerability assessment, actual target exploit, and report preparation all performed by computers
manual pentesting
data collection, vulnerability assessment, actual target exploiting, and report preparation all performed by humans
What process tries to make information hard to find but easy to retrieve and is used as a method of concealment by people who are typically trying to bog down a forensic investigation?
data hiding
Michael is an experienced hacker who utilizes a variety of attack methods to target his cyber victims. One of his favorite methods of attack is to try and log in by using a computer program to run through lists of common words. What is this attack method called?
dictionary attack
active attack
directly threatening a computer through overt action
What cyberattack approach takes helpful tidbits from the real world like sticky notes, calendars, mail, or phone lists found in the garbage and uses them to create virtual threats?
dumpster diving
open relays
email server that allows third-party sending of messages
When applying for a cybersecurity position, what does it mean to tailor your resume to meet the requirements of a particular position, as your experience will appear more applicable that way?
emphasizing what cyber-related things you have done in each of your past positions
When an event occurs, it can refer to something as simple as a user clicking a mouse or pressing a key, and it is tracked by a routine known as a what?
event handler
What term refers to the final phase of an attack when hackers finally get their hands on the data they want and take it, and if they're skilled enough, backing quietly out of the exploit without leaving a trace?
exfiltration
flaming
expressing strong opinion online without holding back any emotion
National Security Agency (NSA)
federal agency responsible for monitoring, collecting, and processing all the information and data for foreign intelligence and counterintelligence to protect the digital security of the U.S. communications networks and IT systems
Remembering that bullies are typically people who are in great pain and are trying to bring others down with them, and that person who is bothering you is likely in need of some serious help, has to do with what method of dealing with cyberbullies?
finding compassion
Evan works in digital or cyber forensics, examining and analyzing digital evidence associated with various cases. What are some examples of evidence that would most likely be examined in digital or cyber forensics?
flash drives, smartphones, digital cameras, or hard drives
How long does a copyright last?
for the life of the creator plus an additional 70 years
open-source software
free software with an open source code
Pretty Good Privacy (PGP)
freeware that provides encrypted email services to store files and send undetectable communications
Where does a trade secret get its value from?
from being kept a secret
If two different message inputs generate the same hash, they collide, and this collision is where a hacker can do what?
gain entry into a system
mind sports
games and challenges for the mind
white hats
hackers who identify security flaws in order to help companies
gray hats
hackers who sometimes violate laws or ethical boundaries without malicious intent
external threats
hacking campaigns exploiting outside security measures
advanced persistent threat
hacking effort typically arranged by several people looking to target one specific organization, entity or business for personal or political reasons
Mathis is an accomplished hacker who up until recently, has always hacked as a hobby. However, he was recently hired by the U.S. Department of Justice to assess international threats, spy on foreign governments, and occasionally undermine "enemy" systems. What is the motivation behind Milan's current hacking?
hacking with political motive
What kind of markers does file carving use to identify parts of a file, in addition to special algorithms designed to improve file recovery?
headers and footers
Hackers can be arranged into a what in order to classify them according to their importance and effect?
hierarchy
Technology is neutral; it can bring about our oppression or our liberation - the outcome depends on what?
how we, as humans, use the technology
intellectual property
ideas or inventions that need legal protection
hackers
individuals who use computers to gain access to unauthorized data
reconnaissance
information gathering through passive active methods to identify where an attack vector can be established
Inventions, literary and artistic works, symbols, names, and images used in different realms of business that require legal protection are referred to collectively as what?
intellectual property
black box testing
investigations of a system's internal structure, design, and implementation that have not been clearly identified
When sending encrypted messages, what happens to the randomly generated key produced by the sending device?
it is thrown away once the message is decrypted
Shondra recently experienced something online that made her feel very uncomfortable and concerned. How might referring to the Ten Commandments of Computer Ethics help Shondra?
it may help her verbalize and understand exactly how her rights, her work, or her information has been violated
How does the National Institute of Standards and Technology (NIST) and the SANS Institute's investigatory process differ from that of CIRT's?
it tends to be far more extensive and focuses not just on recovery and learning but on establishing the exact method and identity of the perpetrator
Jaleel lives in San Francisco where he is using a VPN to go online. How will this impact his cyber identity?
it will be hidden and appear to be coming from any number of global gateway cities
While the constitutional right to free speech protects much of what you say online, committing acts of cyberbullying can lead to what kind of criminal penalties?
jail time and fines of up to $2,500, based on the severity of the situation
Authorities can learn a lot about a person's movements and locations by tracking down what information from their cell phone?
last known cell towers pinged by the phone
enumeration
laying out each finding one by one
baiting
leaving an infected physical device around so someone will pick it up and use it to infect their own computer
José is a paid employee at a very popular apparel brand. Unfortunately, José has recently displayed a lack of netiquette with his online activity and as a result, he has not only suffered ethical and professional consequences, but because his company is pressing charges, he has also suffered from what other kind of consequences?
legal
What type of exploit requires prior access to the system meaning that it's usually performed by a hacker who has privileged information or existing access?
local exploit
When it comes to cybersecurity, what does the first step in self-protection involve?
looking critically at your own behavior and lifestyle
shoulder surfing
looking over someone's shoulder to find data for online exploits
dumpster diving
looking through someone's trash to find data for online exploits
optimize
making something (in this case, software) better and more effective
file carving
method to recover digital information without using the help of metadata or other guidance
damages
money paid in apology for some violation
When we assume particular privileges, or enjoy the benefits of certain things, what are examples of the price that we must (sometimes) pay for that convenience and pleasure, both online and offline?
money, time, effort, or privacy
Social media platforms can be powerful vehicles for what positive things?
news, education, and human connections
Black-box testing assumes that you have what kind of knowledge about the application you are testing?
no knowledge
In a recent 2017 survey of young internet users (ages 10-17), how many reported receiving unwanted sexual solicitations while online, ranging anywhere from lewd comments to requests for nude images to invitations for face-to-face meetings?
one in five
What are some of the skills taught at cybersecurity boot camps to create, express, and interpret different information and ideas, all of which can enhance any work environment?
oral and written communications
system description
part of the computer forensics process in which a step-by-step illustration of what the breach system does and how it factors into the overall organization is drawn up
media and artifact analysis
part of the computer forensics process where investigators identify which data has direct bearing on a case
collision domain
part of the network connected by a shared medium, where data packers might run into one another
What term refers to a grant from the government that gives exclusive rights to the person who created the invention and provides protection for a certain amount of time, during which no one can copy, sell, or use the product in any way?
patents
The primary goal of what phase in ethical hacking is to own the network, or at least to own it in as many different ways as possible with the intent of highlighting system flaws?
penetration testing
The Department of Defense (DOD), Central Intelligence Agency (CIA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) all have a high demand for what type of people?
people with technical skills and cybersecurity experience
defense posture
position of readiness protection
Information Security (infosec)
professional realm using electronic strategies to protect data from unauthorized use or attack
A great way to envision the notion of intellectual property is to consider the role of what in computing?
proprietary software
What allows an attacker to gather information through passive and active methods to identify where security penetration is possible, like how some traffic gets through the firewall, what hosts are on the network, and what services they have running?
reconnaissance
In order to protect yourself from the theft of valuable online assets, you must consider the methods available for breaching a system, otherwise known as what?
risk assessment
What term describes the act of deliberately destroying, damaging, or obstructing something?
sabotage
Faraday bag
safe storage for devices involved in a digital investigation because it blocks remote access and makes in impossible for hackers to destroy evidence
When an attack, exploit, or general incident occurs on a device, specific tests or techniques must be used to unravel the crime through a combination of what?
science, technology, and investigation
What type of things does the international non-profit organization WikiLeaks publish?
secret information, news leaks, and classified media from anonymous sources
web application security
security measures addressing the safety of websites and systems
Lominda is currently studying computer science in college and really wants to participate in a cybersecurity boot camp, but after doing some research, she has learned that they are very expensive, and she simply can't afford any of them. What would be the best option for Lominda to explore in order to attend a cybersecurity boot camp?
she could ask her college because many colleges offer free or affordable boot camps geared towards students
What term refers to a security breach that happens the old-fashioned way - by looking over someone's shoulder using keen observational skills and the right surroundings?
shoulder surfing
The way that people feel emboldened to curse at others or make obscene gestures while driving in a car is an example of how it feels more "doable" to act inappropriately in what situations?
situations when you're not physically close to your target
What is a form of phishing that is sent over a text message and has gained strength by being somewhat unexpected because most people tend to trust a text more than an email?
smishing
web application security scanners
software programs performs automatic testing on a web application to identify its weak points
propriety software
software with its own intellectual property rights
freeware
software with no available source code
phreak
someone who breaks into telephone networks illegally to tap phone lines or make free calls
event
something happening in the normal behavior of a system, process, or environment
What products can be copyrighted?
songs, photos, paintings, writings, sculptures, or even a performance of some kind
What email security method blocks spam by scanning messages for patterns or word sequences that come up again and again but is only partly effective and can result in some spammy leakage and "false positives" of valid messages being erroneously marked as unwanted?
spam filtering software
Even though a computer incident is defined a little differently based on the rules of an organization, what will it always warrant?
special attention and a timely response
cybersecurity framework
standards, guidelines, and best practices to manage inherent cyber-related risk
During step one of the investigatory process, verification, a step-by-step illustration of what the breached system does and how it factors into the overall organization must be written. What is this illustration called?
system description
pretexting
taking advantage of a user's trust through lying and misrepresentation
STEM education
teaching science, technology, engineering, and mathematics as an interdisciplinary approach to learning
social media
technology with the ability to share information, ideas, and interests with others via virtual communities
We know a vulnerability is just a weakness, and a threat is the exploitation of what?
that weakness
The DHS has many important branches that allow them to combat cybercrime in a united, effective way. What are two examples of these important branches that help fight cybercrime?
the US Secret Service and US Immigration and Customs Enforcement (ICE)
artificial intelligence (AI)
the ability of machines to make smart choices normally reserved for humans
hacktivism
the act of breaking into a computer system for politically or socially motivated reasons
sabotage
the act of deliberately destroying damaging, or obstructing something
anti-computer forensics
the attempt to ruin and negate any electronic evidence that may exist
What type of attack involves a function that allows hackers to work out just how many options they need in a set to find a match?
the birthday attack
What type of system provides a way to store and access thousands of past communications and pictures, allowing digital evidence to provide considerable scope and sequence to any investigation?
the cloud system
When a message first arrives at its destination, the encryption keeps it from being read, so what does the device do to read the message?
the device must detach the coded key from the payload, decrypt the key using its own private one, and then decipher the communication using the newly minted key
chain of custody
the documentation of a process to certify that evidence under investigation has not been tampered
What makes the internet a great equalizer, capable of bringing people together under the guise of information and communication?
the fact that no one is judged by the color of their skin, their age, their weight, or how much money they have
Federal Bureau of Investigation (FBI)
the federal agency that takes the lead on the investigation of cybercrimes and their offenders, both domestically and abroad
exfiltration
the final phase of the attack used to achieve the intended objective and back out of the exploit without leaving any trace
Security awareness training
the formal educational process of digital protection
When you think about a smartphone (or any device) as a closed container, it is easier to understand what?
the legal boundaries surrounding it
Computer Fraud and Abuse Act(CFAA)
the main law currently in place to criminalize computer-related actions
electromagnetic shielding
the method of reducing EMFs by putting up barriers made of magnetic or conductive material
ethics
the moral principles that govern human behavior
While the typical security analyst has a bachelor's degree in fields like computer science, programming, or engineering, what may cause this educational requirement to be reduced, making it possible for people without a bachelor's degree to nab a job in the field simply with the right amount of training and experience?
the new demand for cyber specialists
deep web
the part of the internet where data cannot be accessed by a search engine
When a computer alert occurs, who is the message sent to?
the party responsible for starting the action or to the user who will benefit from the information
After a sending device generates a random encryption key, it will then encipher the contents of that communication, otherwise known as what?
the payload
In terms of internal threats, who has the power to breach the computing system?
the president and CEO of the company
What does our level of ethical thinking primarily rely on?
the principles we have learned from the people and events around us
The need for highly trained and competent experts has become so fierce that the government often finds itself competing with who in order to find and keep qualified employees?
the private sector
trail obfuscation
the process of confusing or diverting a forensic examination so it loses the trail of the criminal
steganography
the process of hiding encrypted information or files within another file to keep them out of plain sight
data hiding
the process of making information hard to find but easy to achieve
remediation
the process of making something better
butterfly effect
the scientific theory asserting that a single occurrence-no matter how small or seemingly insignificant-can change the course of the universe forever
In a digital scenario, the red team takes on the role of someone like a former employee or black hat who is challenging what?
the security posture of the system
rules of engagement (ROE)
the set of guidelines and limitations by which an ethical hacker will conduct their testing
neuroscience
the study of the brain
Stephen recently discovered a security hole in his system and worked quickly to get it patched up, though it took several days before the security hole was fully patched. What is the time between when Stephen found the security hole and fully patched it called?
the window of vulnerability
Tyrone is posting pictures from his recent birthday party to all of his various social media accounts. Several of his good friends are in the pictures as well as several people that he doesn't know that well. If Tyrone is making good ethical decisions, he will get what from the people in his pictures before posting them?
their consent
While netiquette doesn't forbid flaming, it does ask users to think about what?
their motivations and how to best control their outburst
By stepping into the criminal's shoes, adopting their mindset, and considering all the different ways they might attack, you will be able to better model what?
threats against computer systems
Bug bounty programs are offered by many websites and software developers who want to offer individuals a way to what?
to be recognized and paid for reporting bugs they find in other systems
What is the goal of an effective incidence response plan (IRP)?
to handle troubling situations in a way that limits overall damage and reduces recovery time and costs
What do commandments such as thou shalt not use a computer to harm other people, thou shalt not interfere with other people's computer work, or thou shalt not snoop around in other people's computer files, in addition to the other seven commandments, seek to do for everyone on the internet?
to keep everyone on the internet safe, happy, and on their best behavior
The CFAA creates a private right of action for individuals and companies to do what to anyone who acts in violation of the Act?
to sue and/or recover damages
The things that criminals leave behind or take away from a crime scene through physical contact like DNA, body fluids, fibers, skin cells, and more, are often referred to as what?
trace evidence
brute force attack
trail and error method used to access information
If you have incredibly strong Wi-Fi, what can you do so the signal doesn't reach areas outside the house where it's not needed?
turn down the Transmit Power Control
Meredith has been working at a technology company for several years and has always been satisfied with her job. However, after a serious internal security breach, the company has moved to a "zero trust" atmosphere. While this change has been positive in terms of security, how has it likely impacted the employees and their progress?
unhappy employees, frustrated users, and hampered progress
spam
unwanted and unsolicited email messages
While packet sniffers can help network managers predict and solve problems, they can also provide a hacker with a lot of what?
useful information about user traffic
cyberbullying
using electronic communication to send intimidating, threatening, or harmful messages to someone else
What term refers to a weakness or gap in the effort to protect ourselves and is also exactly what hackers are looking to exploit?
vulnerability
Gabe is an ethical hacker who is just starting a new hacking endeavor. He is currently in the initial phase where he is looking for weaknesses within the boundaries provided. What is this phase called?
vulnerability assessment
Assessing your what will give you the tools to construct a personal cybersecurity framework?
web connectivity
infiltration
when a hacker gains control of a host on the target's network
dictionary attacks
when a hacker tries to log in by using a computer program to tun through lists of common words
buffer overflow
when a program tries to put more data in the physical memory storage than it is able to hold, the overflowing data might overwrite values in memory that is adjacent to the storage instead
backdoor attacks
when hackers leverage undiscovered or secret methods to bypass normal authentication systems and launch attacks
passive attacks
when hackers monitor and/or scan a system for vulnerabilities to be used in an upcoming active attack
public domain
when protective rights can expire or be forfeited over time and fall to public use
independent contracting
where work is established and run under special terms
Serena logged into several of her social media accounts from a school computer even though she wasn't supposed to. And unfortunately, after she was done, she forgot to log out. What negative thing might happen due to Serena's forgetfulness?
whoever jumps on the computer next has full access to her profile and can post and communicate with her friends
threat modeling
working through various digital scenarios as a way to tighten security
The amount of technology that you're exposed to at school has a lot to do with what?
your district's financial ability and its willingness to adopt new technologies
When answering online questionnaires or entering free giveaway contests, you should never enter more personal information than what?
your name and email address
What type of exploit is described as an attack facilitated by an undiscovered flaw in computer software that can be exploited quickly before the user has a chance to apply a patch?
zero-day exploit