Foundations of Cybersecurity - Module 2
physical attack
A security incident that affects not only digital but also physical environments where the incident is deployed
Business Email Compromise (BEC)
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
What is the term for software that is designed to harm devices or networks?
Malware
What were the key impacts of the Equifax breach? Select two answers.
The significant financial consequences of a breach became more apparent. Millions of customers' PII was stolen.
Social media phishing
A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
Physical social engineering
A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
Urgency
A threat actor persuades others to respond quickly and without questioning.
USB baiting
A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?
Asset security
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables.
False
What historical event used a malware attachment to steal user information and passwords?
LoveLetter attack
Authority
Threat actors impersonate individuals with power
Intimidation
Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they're told.
Viruses
Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
Worms
Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
Spyware
Malware that's used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recording, and locations.
Familiarity
Threat actors establish a fake emotional connection with users that can be exploited.
Trust
Threat actors establish an emotional relationship wit users that can be exploited over time. They use this relationship to develop trust and gain personal information.
Fill in the blank: A computer virus is a malicious _____ that interferes with computer operations and causes damage.
code
Fill in the blank: Examples of security ______ include security and risk management and security architecture and engineering.
domains
Watering hole attack
A threat actor attacks a website frequently visited by a specific group of users.
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Ransomware
A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.
Spear phishing
A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Social Engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Social Engineering
A manipulation technique that exploits human error to gain private information, access, or valuables.
Scarcity
A tactic used to imply that goods or services are in limited supply
Cryptographic Attack
An attack that affects secure forms of communication between a sender and intended recipient
supply-chain attack
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
password attack
An attempt to access password secured devices, systems, networks, or data
Consensus/Social proof
Because people sometimes do things that they believe many others are doing, threat actors use others' trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.
What is one way that the Morris worm helped shape the security industry?
It led to the development of computer response teams.
Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?
Security assessment and testing
You are asked to investigate an alert reated to an unknown device that is connected to the company's internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domains is this scenario related to?
Security operations
Malware
Software designed to harm devices or networks
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Smishing
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
Adversarial Artificial Intelligence
a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently.