Course 1

Ace your homework & exams now with Quizwiz!

Internal Threats

A current or former employee, external vendor, or trusted partner who poses a security risk

Whaling

A form of spear phishing that attempts to target executives in order to gain access to sensitive data

Randsomware

A malicious attack which threat actors encrypt an organizations data and demand payment to restore access

spear phishing

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Virus

A malware program that modifies other computer programs by inserting its own code to damage or destroy data

Social Engineering

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and valuable data

Sensitive personally identifiable information (SPII)

A specific type of PII that falls under stricter handling guidelines

Adversarial artificial intelligence (AI)

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Social media phishing

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Business Email Compromise (BEC)

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

An employee receives an email that they believe is legitimate. They click on a compromised link within the email. What type of internal threat does this describe?

Accidental

Watering whole attack

An attack in which a threat actor compromises a website frequently used by a specific group of users

Business Email Compromise (BEC)

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Cryptographic attack

An attack that affects secure forms of communication between a sender and intended recipient

Supply-chain attacks

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Password attack

An attempt to access password secured devices, systems, networks, or data

Security Posture

An organization's ability to manage its defense of critical assets and data and react to change

threat

Any circumstance or event that can negatively impact assets

Personally Identifiable Information (PII)

Any information used to infer an individuals identity

Threat actor

Any person or group who presents a security risk

hacker

Any person who uses computers to gain access to computer systems, networks, or data

What are examples of technical skills?

Applying computer forensics and automating tasks with programming

Which domain involves securing digital and physical assets as well as managing the storage; maintenance, retention, and destruction of data?

Asset Security

USB baiting

Attack where a threat actor leaves a malware USB stick to infect a network

Which of the following tasks is part of the security architecture and engineering domain?

Building a firewall

A computer virus is malicious ___ that interferes with computer operations and causes damage

Code

The purpose of ___ is to protect networks, devices, people, and data from unauthorized access or criminal exploitation

Cybersecurity

Which security event related to the successful infiltration of a credit reporting agency?

Equifax breach

Security information and blank management tools enable security professionals to identify and analyze threats, risks, and vulnerabilities

Event

What do security professionals typically do with SIEM tools?

Identify and analyze security threats, risks, and vulnerabilities

A security professional is asked to issue a keycard to a new employee. What domain is this?

Identity and access management

A security professional collaborates with information technology teams to deploy an application that helps identify risks and vulnerabilities. What does this scenario describe?

Installing detection software

What is one way that the Morris worm helped shape the security industry

It led to the development of computer response teams.

computer virus

Malicious code written to interfere with computer operations and cause damage to data and software

Spyware

Malicious software installed on a users computer without their permission which is used to spy on and steal user data

worm

Malware that self replicates, spreading across the network and infecting computers

Social engineering is a blank technique that exploits human error

Manipulation technique

What were they key aspects of the Equifax breach?

Millions of customers PII was stolen, and the significant financial consequences of breaches became apparent

Identity theft is the act of stealing ____ to commit fraud while impersonating a victim

Personal information

What are some key benefits associated with an organization meeting regulatory compliance?

Recruiting employees and upholding ethical obligations

A security professional is researching compliance and the law in order to define security goals, what domain is this?

Security and risk management

A security professional is auditing the user permissions to ensure employees have correct access levels. Which domain is this?

Security assessment and testing

transferable skills

Skills from other areas that can apply to different careers

Technical skills

Skills that require knowledge of specific tools, procedures, and policies

Malware

Software designed to harm devices or networks

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Cybersecurity

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Network Security

The practice of keeping an organization's network infrastructure secure from unauthorized access

Cloud Security

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

What is true about PII and SPII

They both are vulnerable to identity theft, PII is someone's dafe of birth, SPII is someone's financial information

Which of the following threats are examples of malware?

Viruses and worms


Related study sets

Chapter 13 Universal Gravitation

View Set

Pediatric Neuromuscular/Muscular

View Set

Vocabulary Unit 1 1 bachillerato

View Set

Virginia life insurance exam 0000

View Set

Ch4 - Equilibrium, Where supply meets demand

View Set

NUR 102 Chapter 16 (Documenting, Reporting, Conferring, and Using Informatics) Key Terms

View Set

Nutrition Unit 1: Review questions

View Set