Foundation of cybersecurity module 2

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following tasks are part of the security and risk management domain? SELECT all that apply.

-Business continuity -compliance -defining security goals and objectives

Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.

-Employees inadvertently revealing sensitive data - malicious software being deployed

Which of the following tasks may be part of the security operations domain? Select all that apply.

-conducting investigations -investigating an unknown device that has connected to an internal network -implementing preventive measures

Spear phishing

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

Physical attack

A security incident that affects not only digital but also physical environments where the incident is deployed

Adversarial artificial intelligence (AI)

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Watering hole attack

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Social media phishing

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Business Email Compromise (BEC)

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

USB baiting

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Cryptographic attack

An attack that affects secure forms of communication between a sender and intended recipient

Supply-chain attack

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Password attack

An attempt to access password secured devices, systems, networks, or data

Hacker

Any person who uses computers to gain access to computer systems, networks, or data

What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers?

Equifax breach

A security professional is auditing user permission at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?

Identity access management

A security professional is setting up access keycards for new employees. Which domain does this scenario describe?

Identity and access management

What is the brain virus?

In 1986, the Alvi brothers created the Brain virus, although the intention of the virus was to track illegal copies of medical software and prevent pirated licenses, what the virus actually did was unexpected. Once a person used a pirated copy of the software, the virus-infected that computer. Then, any disk that was inserted into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks. Undetected, the virus spread globally within a couple of months. Although the intention was not to destroy data or hardware, the virus slowed down productivity and significantly impacted business operations.

What is the Morris Worm?

In 1988, Robert Morris developed a program to assess the size of the internet. The program crawled the web and installed itself onto other computers to tally the number of computers that were connected to the internet. Sounds simple, right? The program, however, failed to keep track of the computers it had already compromised and continued to re-install itself until the computers ran out of memory and crashed. About 6,000 computers were affected, representing 10% of the internet at the time.

What is the equifax breach?

In 2017,attackers successfully infiltrated the credit reporting agency, Equifax.This resulted in one of the largest known data breaches of sensitive information. Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans.

Computer virus

Malicious code written to interfere with computer operations and cause damage to data and software

Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?

Security and risk management

A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?

Security architecture and engineering

Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?

Security architecture and engineering

Malware

Software designed to harm devices or networks

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Which of the following threats are examples of malware? SELECT TWO ANSWERS

Worms and Viruses

Which domain involves securing digital and physical assets, as well as managing the storage,maintenance, retention, and destruction of data?

asset security

First domain of CISSP: Security and risk management

focuses on defining security goals and objectives, risk mitigations, compliance, business, continuity, and the law.

Fourth domain of CISSP: Communicate and network security

focuses on managing and securing physical networks and wireless communications.

Third domain of CISSP: security architecture and engineering

focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.

Second domain of CISSP: asset security

focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.

Fill in the blank: Social Engineering is a manipulation technique that exploits ____error to gain access to private information

human


Kaugnay na mga set ng pag-aaral

Chapter 1: The TCP/IP and OSI Networking Models

View Set

Brunner and Suddarth's Textbook of Medical-surgical Nursing- Chapter 38, 39, 40, 41, 43,44

View Set

Sleep and Dreams - Chapter 5, Section 2 - Psych

View Set

class NCLEX questions & prep u: GU med surg

View Set

NCLEX EAQ module 7 nursing roles and attributes

View Set