CSS 310 Quiz 3 Core Concepts
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/39
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
40 Terms
What is cloud computing?
On-demand access to remote infrastructure, platforms, and software over the internet.
What is SaaS?
Software as a Service — ready-to-use cloud applications.
SaaS examples?
Gmail, Canvas, Dropbox.
What is PaaS?
Platform as a Service — cloud platform used to build/deploy applications.
PaaS examples?
AWS Elastic Beanstalk, MongoDB Atlas.
What is IaaS?
Infrastructure as a Service — virtual servers, networking, and computing resources
IaaS examples?
AWS, Azure, Google Cloud.
What is the shared responsibility model?
Cloud provider secures the infrastructure; customer secures data/apps.
Biggest cloud security risks?
Misconfiguration, identity compromise, software vulnerabilities.
What is multi-tenancy?
Multiple customers sharing the same cloud infrastructure.
Main idea of Zero Trust?
Never trust, always verify.
What is least privilege?
Giving users only the minimum access needed.
Why is ZTNA better than VPNs?
Limits access and prevents lateral movement.
Why is Castle-and-Moat security outdated?
Attackers can bypass the perimeter through phishing, cloud access, and remote work.
What is lateral movement?
Attackers moving through a network after gaining access.
What is segmentation?
Dividing a network into smaller isolated zones.
What is micro-segmentation?
Security segmentation down to the workload/system level.
What is offensive security?
Authorized simulation of cyberattacks to test security.
What is penetration testing?
Ethical hacking used to identify vulnerabilities.
What are the 5 phases of ethical hacking?
Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks.
What is reconnaissance?
Gathering information about a target before attacking.
Difference between active and passive reconnaissance?
Active interacts with the target; passive gathers public information.
What is scanning?
Identifying systems, ports, services, and vulnerabilities.
What is gaining access?
Obtaining unauthorized access to systems/data.
What is maintaining access?
Keeping persistent access through methods like backdoors.
What is clearing tracks?
Hiding evidence of an attack.
What is the Cyber Kill Chain?
Framework describing stages of a cyberattack.
Why is the Kill Chain useful?
Attacks can be stopped at multiple stages.
What is MITRE ATT&CK?
Framework mapping real attacker techniques and behaviors.
Difference between MITRE ATT&CK and Kill Chain?
MITRE is detailed techniques; Kill Chain is broad attack stages.
What is cybersecurity governance?
Oversight and accountability for cybersecurity decisions.
Main purpose of governance?
Direction, oversight, and accountability.
Difference between compliance and risk management?
Compliance asks “Are we following rules?” while risk management asks “What could go wrong?”
Does compliance automatically mean security?
No.
Most ignored cybersecurity risk?
Human error.
What does PCI-DSS protect?
Payment card/cardholder data.
What does HIPAA protect?
PHI/ePHI healthcare data.
What does GLBA apply to?
Financial institutions.
What is NIST 800-53?
Security framework for federal/government organizations.
Why was SOX created?
Response to financial fraud scandals.