Cybersecurity Course 1 Module 2 Questions

Ace your homework & exams now with Quizwiz!

Goals of hackers

-To learn and enhance their hacking skills -To seek revenge -To exploit security weaknesses by using existing malware, programming scripts, and other tactics

Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables. True or False

False; relies on user error

What are the 5 most common Malware attacks

Viruses Worms Ransomware Spyware

What domain does Social engineering attacks fall under

security and risk management domain.

What are the 5 most common phishing attacks

Business Email Compromise (BEC) Spear phishing Whaling Vishing Smishing

What are the the 3 types of social engineering attacks

Malicious USB cable Malicious flash drive Card cloning and skimming Physical attacks fall under the asset security domain.

What are the intentions and motives of inside threats

Sabotage Corruption Espionage Unauthorized data access or leaks

What were the key impacts of the Equifax breach?

The key impacts of the Equifax breach were the fact that millions of customers' PII was stolen and that the significant financial consequences of a breach became more apparent.

What domain does password attacks fall under

the communication and network security domain

A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?

Asset security

What domain does physical attacks fall under

Asset security domain

Asset Security

Focused on securing digital and physical assets. Related to the storage, maintenance, retention and destruction of data

Identity and access management

Keep data secure by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications Ex: giving keycard access

Communication and network security

Manage and secure physical networks and wireless communications

Software developing security

Uses secure coding practices, which are recommended guidelines that are used to create secure applications and services

Security Operations

conducting investigations and implementing preventative measures

Examples of security _____ include security and risk management and security architecture and engineering.

domains

What are two types of password attacks that are common.

Brute force Rainbow tableterm-20

A computer virus is malicious _____ that interferes with computer operations and causes damage.

code

Why are social engineering attacks so effective

Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures. Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they're told. Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others' trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past. Scarcity: A tactic used to imply that goods or services are in limited supply. Familiarity: Threat actors establish a fake emotional connection with users that can be exploited. Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information. Urgency: A thr

What are the 3 main categories of hackers

Authorized hacker unauthorized hacker Semi-authorized hacker

Security assessment and testing

Conducting security control testing, collecting and analyzing data and conducting security audits to monitor for risks, threats and vulnerabilities

Security and risk management

Defines security goals and objectives, risk reduction, compliance, business continuity and the law

Security Architecture and engineering

Optimizes data security by ensuring effective tools, systems and processes are in place

What are the the 10 types of social engineering attacks

Phishing Smishing Vishing Spear phishing Whaling Social media phishing Business Email Compromise (BEC) Watering hole attack USB (Universal Serial Bus) baiting Physical social engineering

What are the intentions and motives of Hactivists

They abuse digital technology to accomplish their goals, which may include: Demonstrations Propaganda Social change campaigns Fame

What are the 8 domains of CISSP security

Security & Risk management Asset security Software & development Security Operations Security Architecture & engineering Identify Access management Security assessment management Security Assessment & testing

Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?

Security assessment and testing

You are asked to investigate an alert related to an unknown device that is connected to the company's internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?

Security operations

What are the 5 most common Social engineering attacks

Social media Phishing Watering hole attack USB baiting Physical Social engineering

What type of manipulation technique was the LoveLetter attack?

The Love Letter attack was an example of social engineering. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.

What is one way that the Morris worm helped shape the security industry?

The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).

What are the intentions and motives of Advanced persistent threats

Their intentions and motivations can include: Damaging critical infrastructure, such as the power grid and natural resources Gaining access to intellectual property, such as trade secrets or patents


Related study sets

Chapter 44: Assessment of Digestive and Gastrointestinal Function

View Set

Ch 6: Cell Function / Ch 7: Cell Growth & Development

View Set

1. MBJ 1: cranium development, triangles of the neck

View Set

ITN Giraffe Species September 17

View Set

40 Hour RBT Training: (Review 1-4)

View Set

Lifespan growth and development: Chapters 3 & 4

View Set