Cyber Security Exam
CIA triad
Confidentiality, Integrity, Availability
In what way are zombies used in security attacks?
They are infected machines that carry out a DDoS attack
nmap
Which tool is used to provide a list of open ports on network devices?
password cracking
Which type of attack allows an attacker to use a brute force approach?
firewall
Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer
kill chain
a conceptual outline of the stages of an information systems attack
International Multilateral Partnership Against Cyber Threats (IMPACT)
a global partnership of world governments, industries, and academia dedicated to improving global capabilities when dealing with cyber threats
spear fishing
a highly targeted attack in which emails that appear to be sent from a legitimate source are customized for specific persons
stuxnet
a malware program designed to damage the nuclear enrichment plant of Iran, a program which is an example of a state-sponsored attack
Advanced Persistent Threat (APT)
a multi-phase, long term, stealthy, and advanced attack against a specific target
botnet
a network of distributed infected hosts that is used to launch a DDoS attack
exploit
a program written to take advantage of a known security vulnerability
buffer overflow
a software vulnerability that occurs when data is written beyond the limits of memory areas that are allocated to an application
Man-in-the-middle (MITM) attack
a technique in which a an attacker can take control of a device without the owner's knowledge
NetFlow
a tool used to gather information about data flowing through a network
ransomeware
a type of malware that holds a computer system captive, frequently by encrypting essential data, until a payment is made to the attacker
tailgating
a type of social engineering attack in which an attacker follows an authorized person into a secure location
something for something
a type of social engineering attack in which an attacker requests personal information in exchange for something such as a free gift
denial of service
an attack that interrupts network services to users, devices, or applications
vpn
an encrypted connection between a computer and a secure server to prevent data interception
oauth
an open standard protocol that allows an end user to access third party applications without exposing the password of the user
malware
any computer code that can be used to steal data, bypass access controls, or harm or compromise a system
external security threats
attacks originating from outside of an organization
intrusion prevention system (IPS)
blocks or denies traffic based on a positive rule or signature match
Next Generation Firewall
can do everything an integrated services router can do, as well as advanced network management and analytics
integrated services router (ISR)
combines routing functions with traffic filtering, intrusion prevention, encryption, and VPN capabilities
privacy
confidentiality of information
methods to ensure confidentiality
data encryption, username ID and password, two factor authentication, etc.
ethics or morality
difference between a white hat and a black hat hacker
secure wireless communication
enable wireless security and use WPA2 encryption feature
methods to ensure integrity
file permissions, user access control, version control, and checksums
IoT
global network of machines and devices capable of interacting with each other
Which two characteristics describe a worm?
is self-replicating travels to new computers without any intervention or knowledge of the user
virus
malicious executable code that can be attached to legitimate programs
bot
malware designed to automatically perform actions over the Internet
spyware
malware designed to track the actions of users and capture data
trojan horse
malware that carries out malicious operations while appearing to have a desired function
data backup
protects against the loss of irreplaceable data through a local or cloud storage solution
Intrusion Detection System (IDS)
scans data against a database of rules or attack signatures looking for malicious traffic, logs any findings, and creates an alert for a network administrator
adware
software that automatically delivers advertisements
motivation of black hat hacker
taking advantage of any vulnerability for illegal personal gain
cyber attack
the act of using an exploit against a vulnerability with the goal of breaking into the target system
ethics
the principles of right and wrong that guide an individual in making decisions
encryption
the process of converting information into a form where an unauthorized party cannot read it
availability
the term that describes the services and data being well maintained and able to be be accessed all the time
integrity
the term that indicates accuracy, consistency, and trustworthiness of the data
brute force attack
the use of a software program to challenge a password repeatedly with all the possible values that could be used for a password, or with a list of words that are commonly used in passwords
network sniffing
the use of software to capture packets on a wireless network
What is the purpose of a rootkit?
to gain privileged access to a device while concealing itself
What is the most common goal of search engine optimization (SEO) poisoning?
to increase web traffic to malicious sites
What is the primary goal of a Denial of Service (DoS) attack?
to prevent the target server from being able to handle additional requests
