Foundation of cybersecurity module 2
Which of the following tasks are part of the security and risk management domain? SELECT all that apply.
-Business continuity -compliance -defining security goals and objectives
Which of the following threats are most likely to occur in the event of a phishing attack? Select all that apply.
-Employees inadvertently revealing sensitive data - malicious software being deployed
Which of the following tasks may be part of the security operations domain? Select all that apply.
-conducting investigations -investigating an unknown device that has connected to an internal network -implementing preventive measures
Spear phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Physical attack
A security incident that affects not only digital but also physical environments where the incident is deployed
Adversarial artificial intelligence (AI)
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Watering hole attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Social media phishing
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Business Email Compromise (BEC)
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
Physical social engineering
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
USB baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Cryptographic attack
An attack that affects secure forms of communication between a sender and intended recipient
Supply-chain attack
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Password attack
An attempt to access password secured devices, systems, networks, or data
Hacker
Any person who uses computers to gain access to computer systems, networks, or data
What historical event resulted in one of the largest known thefts of sensitive data, including social security numbers and credit card numbers?
Equifax breach
A security professional is auditing user permission at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?
Identity access management
A security professional is setting up access keycards for new employees. Which domain does this scenario describe?
Identity and access management
What is the brain virus?
In 1986, the Alvi brothers created the Brain virus, although the intention of the virus was to track illegal copies of medical software and prevent pirated licenses, what the virus actually did was unexpected. Once a person used a pirated copy of the software, the virus-infected that computer. Then, any disk that was inserted into the computer was also infected. The virus spread to a new computer every time someone used one of the infected disks. Undetected, the virus spread globally within a couple of months. Although the intention was not to destroy data or hardware, the virus slowed down productivity and significantly impacted business operations.
What is the Morris Worm?
In 1988, Robert Morris developed a program to assess the size of the internet. The program crawled the web and installed itself onto other computers to tally the number of computers that were connected to the internet. Sounds simple, right? The program, however, failed to keep track of the computers it had already compromised and continued to re-install itself until the computers ran out of memory and crashed. About 6,000 computers were affected, representing 10% of the internet at the time.
What is the equifax breach?
In 2017,attackers successfully infiltrated the credit reporting agency, Equifax.This resulted in one of the largest known data breaches of sensitive information. Over 143 million customer records were stolen, and the breach affected approximately 40% of all Americans.
Computer virus
Malicious code written to interfere with computer operations and cause damage to data and software
Which domain involves defining security goals and objectives, risk mitigation, compliance, business continuity, and the law?
Security and risk management
A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?
Security architecture and engineering
Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
Security architecture and engineering
Malware
Software designed to harm devices or networks
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Which of the following threats are examples of malware? SELECT TWO ANSWERS
Worms and Viruses
Which domain involves securing digital and physical assets, as well as managing the storage,maintenance, retention, and destruction of data?
asset security
First domain of CISSP: Security and risk management
focuses on defining security goals and objectives, risk mitigations, compliance, business, continuity, and the law.
Fourth domain of CISSP: Communicate and network security
focuses on managing and securing physical networks and wireless communications.
Third domain of CISSP: security architecture and engineering
focuses on optimizing data security by ensuring effective tools, systems, and processes are in place.
Second domain of CISSP: asset security
focuses on securing digital and physical assets. It's also related to the storage, maintenance, retention, and destruction of data.
Fill in the blank: Social Engineering is a manipulation technique that exploits ____error to gain access to private information
human
