Cyber Security Exam

Ace your homework & exams now with Quizwiz!

CIA triad

Confidentiality, Integrity, Availability

In what way are zombies used in security attacks?

They are infected machines that carry out a DDoS attack

nmap

Which tool is used to provide a list of open ports on network devices?

password cracking

Which type of attack allows an attacker to use a brute force approach?

firewall

Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer

kill chain

a conceptual outline of the stages of an information systems attack

International Multilateral Partnership Against Cyber Threats (IMPACT)

a global partnership of world governments, industries, and academia dedicated to improving global capabilities when dealing with cyber threats

spear fishing

a highly targeted attack in which emails that appear to be sent from a legitimate source are customized for specific persons

stuxnet

a malware program designed to damage the nuclear enrichment plant of Iran, a program which is an example of a state-sponsored attack

Advanced Persistent Threat (APT)

a multi-phase, long term, stealthy, and advanced attack against a specific target

botnet

a network of distributed infected hosts that is used to launch a DDoS attack

exploit

a program written to take advantage of a known security vulnerability

buffer overflow

a software vulnerability that occurs when data is written beyond the limits of memory areas that are allocated to an application

Man-in-the-middle (MITM) attack

a technique in which a an attacker can take control of a device without the owner's knowledge

NetFlow

a tool used to gather information about data flowing through a network

ransomeware

a type of malware that holds a computer system captive, frequently by encrypting essential data, until a payment is made to the attacker

tailgating

a type of social engineering attack in which an attacker follows an authorized person into a secure location

something for something

a type of social engineering attack in which an attacker requests personal information in exchange for something such as a free gift

denial of service

an attack that interrupts network services to users, devices, or applications

vpn

an encrypted connection between a computer and a secure server to prevent data interception

oauth

an open standard protocol that allows an end user to access third party applications without exposing the password of the user

malware

any computer code that can be used to steal data, bypass access controls, or harm or compromise a system

external security threats

attacks originating from outside of an organization

intrusion prevention system (IPS)

blocks or denies traffic based on a positive rule or signature match

Next Generation Firewall

can do everything an integrated services router can do, as well as advanced network management and analytics

integrated services router (ISR)

combines routing functions with traffic filtering, intrusion prevention, encryption, and VPN capabilities

privacy

confidentiality of information

methods to ensure confidentiality

data encryption, username ID and password, two factor authentication, etc.

ethics or morality

difference between a white hat and a black hat hacker

secure wireless communication

enable wireless security and use WPA2 encryption feature

methods to ensure integrity

file permissions, user access control, version control, and checksums

IoT

global network of machines and devices capable of interacting with each other

Which two characteristics describe a worm?

is self-replicating travels to new computers without any intervention or knowledge of the user

virus

malicious executable code that can be attached to legitimate programs

bot

malware designed to automatically perform actions over the Internet

spyware

malware designed to track the actions of users and capture data

trojan horse

malware that carries out malicious operations while appearing to have a desired function

data backup

protects against the loss of irreplaceable data through a local or cloud storage solution

Intrusion Detection System (IDS)

scans data against a database of rules or attack signatures looking for malicious traffic, logs any findings, and creates an alert for a network administrator

adware

software that automatically delivers advertisements

motivation of black hat hacker

taking advantage of any vulnerability for illegal personal gain

cyber attack

the act of using an exploit against a vulnerability with the goal of breaking into the target system

ethics

the principles of right and wrong that guide an individual in making decisions

encryption

the process of converting information into a form where an unauthorized party cannot read it

availability

the term that describes the services and data being well maintained and able to be be accessed all the time

integrity

the term that indicates accuracy, consistency, and trustworthiness of the data

brute force attack

the use of a software program to challenge a password repeatedly with all the possible values that could be used for a password, or with a list of words that are commonly used in passwords

network sniffing

the use of software to capture packets on a wireless network

What is the purpose of a rootkit?

to gain privileged access to a device while concealing itself

What is the most common goal of search engine optimization (SEO) poisoning?

to increase web traffic to malicious sites

What is the primary goal of a Denial of Service (DoS) attack?

to prevent the target server from being able to handle additional requests


Related study sets

Chapter 8: Common Health Problems of the Newborn

View Set

Unit 7.3 Economic Indicators (Series 65)

View Set