Term
| Why is Security Important? |
|
Definition
| Increasing computer crime |
|
|
Term
| Effective security is as much about what as it is about technology? |
|
Definition
|
|
Term
| What are examples of Increasing Computer Crime? |
|
Definition
|
|
Term
What are the following?:
•Tangible
•Intangible
•Employees
•Market value
•Liabilities |
|
Definition
|
|
Term
| What are examples of Liabilities? |
|
Definition
oBusiness continuity
oLegal |
|
|
Term
What are these the element of?:
•Confidentiality
•Integrity
•Availability |
|
Definition
|
|
Term
| What is something that confirms that you completed an action, so that you cannot deny completing said action? |
|
Definition
|
|
Term
| What is a commitment to secure working practices in the form of tested, documented procedures and security controls? |
|
Definition
|
|
Term
What are the following?:
•Overall responsibility
•Managerial
•Technical
•Non-technical
•Legal / regulatory |
|
Definition
| Important Roles and Responsibilities |
|
|
Term
| What is having a number of different people doing different parts of a job? |
|
Definition
|
|
Term
| National Institute of Standards and Technology) |
|
Definition
|
|
Term
| Federal Information Processing Standards |
|
Definition
|
|
Term
| What is a weakness that could be triggered accidentally or exploited intentionally to cause a security breach? |
|
Definition
|
|
Term
| What is the potential for a threat agent or threat actor to "exercise" a vulnerability or the path or tool used by the threat actor can be referred to as the threat vector? |
|
Definition
|
|
Term
| What is the likelihood and impact (or consequence) of a actor exercising a vulnerability? |
|
Definition
|
|
Term
| What is a system or procedure put in place to mitigate risk? |
|
Definition
|
|
Term
| What is a threat from someone who has authorized access? |
|
Definition
|
|
Term
| What is the reduction of risk? |
|
Definition
|
|
Term
| What is the use of an exploit to obtain a pivot point using a Command and Control (C2 or C&C) network and involves installing tools to maintain covert access? |
|
Definition
|
|
Term
| Who is someone that builds tools that can be used to work their way into a system? |
|
Definition
|
|
Term
| Who is someone who specifically works to find passwords and other information? |
|
Definition
|
|
Term
| What is a benevolent hacker? |
|
Definition
|
|
Term
| What is a malevolent hacker? |
|
Definition
|
|
Term
| What is a neutral hacker? |
|
Definition
|
|
Term
| What is a Penetration Test? |
|
Definition
| A test of a system done by a White Hat, as if they were a Black Hat. |
|
|
Term
| What is a type of Penetration Test completed without any knowledge of the system? |
|
Definition
|
|
Term
| What is a type of Penetration Test completed with knowledge of the system? |
|
Definition
|
|
Term
| What is a person who acts as a hacker but doesn't have the technical knowledge to create their own tools? |
|
Definition
|
|
Term
| What is only allowing employees enough privileges to complete their tasks? |
|
Definition
|
|
Term
What are the following?:
•Planning / scoping
•Reconnaissance / discovery •Weaponization
•Post-exploitation
•Action on objectives
•Retreat |
|
Definition
| The Steps Of The Kill Chain |
|
|
Term
|
Definition
|
|
Term
| What is a system used for Pivoting? |
|
Definition
|
|
Term
| What is attacking one system to then gain information to allow you to then attack another system? |
|
Definition
|
|
Term
What are the following?:
•Observable
•Indicator
•Incident
•Tactics, Techniques, and Procedures (TTP)
•Campaign and Threat Actor
•Exploit Target
•Course of Action (CoA) |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Tactics, Techniques and Procedures |
|
Definition
|
|
Term
| What is dominating or charming targets into revealing information or providing access that exploits “weak authentication” over telephone / IM / email? |
|
Definition
|
|
Term
| What is the search of information for an attack through a target's trash? |
|
Definition
|
|
Term
| What is the secret and direct observation of a target's information? |
|
Definition
|
|
Term
| What is an attack completed by simply accessing an insecure system while the system user is away? |
|
Definition
|
|
Term
| What is evading security by simply walking in behind those with proper clearance? |
|
Definition
|
|
Term
What is a widely targeted attack at grabbing information?
It normally involves using spoofed electronic communications to trick a user into providing confidential information. |
|
Definition
|
|
Term
| What is a focused attack on a specific group for grabbing information? |
|
Definition
|
|
Term
| What is an extremely focused attack on a specific individual for grabbing information? |
|
Definition
|
|
Term
| What is a telephone, IM, Social Media type of Phishing attack? |
|
Definition
|
|
Term
| What is a redirect attack? |
|
Definition
|
|
Term
| What is an attack that presents itself as something true, in order to encourage spreading? |
|
Definition
|
|
Term
| What is malware that relies on a host file and contains a payload? |
|
Definition
|
|
Term
| What propagates in memory over network links, consumes bandwidth and may be able to compromise application or OS to deliver payload? |
|
Definition
|
|
Term
| What is a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects? |
|
Definition
|
|
Term
| What is a malicious program concealed within a benign one? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| What allows an attacker to record system configuration and user actions? |
|
Definition
|
|
Term
| What records some user activity but to lesser extent than spyware and uses cookies to deliver targeted adverts? |
|
Definition
|
|
Term
| What malware replaces key system files and utilities? |
|
Definition
|
|
Term
| What is malware that locks out a system that is simply a nuisance? |
|
Definition
|
|
Term
| What is malware that locks out a system and encrypts the information it locks out? |
|
Definition
|
|
Term
| What is Phishing that targets a third-party site? |
|
Definition
|
|
Term
| What is locating information that the target may not regard as exploitable or may not even know they have disclosed? |
|
Definition
|
|
Term
| What is getting a list of valid email recipients at a target domain to use as a Pivot Point? |
|
Definition
|
|
Term
| What is scanning corporate social media accounts and feeds to then use as a Pivot Point? |
|
Definition
|
|
Term
| What are parts of WWW not indexed by or accessible to search engines? |
|
Definition
|
|
Term
| What is a network established over the Internet (overlay) but that requires client software to access (TOR, Freenet, I2P)? |
|
Definition
|
|
Term
| What are sites and content hosted on dark nets? |
|
Definition
|
|
