CyberSecurity Basics

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/17

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 2:03 AM on 7/11/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

18 Terms

1
New cards

SIEM

Collects log and event data from servers, network devices, firewalls, and applications. It uses rules and logic to link isolated events together (e.g., matching a failed login attempt with a subsequent file download) to identify malicious patterns or anomalous behavior. It then flags these patterns for further investigation and helps in incident response.

2
New cards

EDR

A cybersecurity tool that continuously monitors computers, laptops, and servers to detect and neutralize threats like ransomware and malware. Unlike traditional antivirus, which only blocks known threats, EDR uses behavioral analysis to spot suspicious activities in real-time and provides tools for detailed forensic investigation. It’s used for automation and continuous monitoring. It collects data on process executions, file changes, and network connections

3
New cards

Threat, Vulnerability, Risk

A threat is a potential harmful event or actor, a vulnerability is a weakness in a system or asset that can be exploited, and risk is the potential for loss or damage when a threat successfully exploits that vulnerability.

4
New cards

Operating System

AN operating system is the foundation of a computer. It is the intermediary between computer hardware and the user. The OS creates, schedules, and terminates processes (programs in execution). It allocates CPU time to multiple active processes efficiently. It manages memory, file management, and user interface.

5
New cards

Malware Analysis

The process of dissecting malicious software to understand its functionality, origin, and impact.

6
New cards

Black Hat, White Hat, Grey Hat

Black Hat are malicious and illegal, white hat are ethical hackers who have the owners permission. Grey hat is illegal and without the permission of the owner, but they do not have malicious intent.

7
New cards

Ticket

A digital file or record created to document a security event. Can be made automatically by systems or an employee.

8
New cards

Triage

The systematic process of evaluating, categorizing, and prioritizing security alerts to determine which threats require immediate intervention and which are false alarms

9
New cards

Red Team vs Blue Team

Red Teams play offense, acting as ethical hackers to simulate real-world attacks and uncover vulnerabilities. Blue Teams play defense, consisting of security professionals who monitor networks, detect threats, and respond to breaches in real-time to protect the organization.

10
New cards

CIA Triad

Foundational cybersecurity model made up of three core principles: Confidentiality, Integrity, and Availability. Confidentiality ensures that sensitive information is kept private and accessed only by authorized individuals. Integrity guarantees that data and systems remain accurate, authentic, and completely unaltered during storage or transmission. Availability ensures that authorized users have reliable and timely access to systems, networks, and data whenever they need them.

11
New cards

What is AAA?

Foundational security framework that stands for Authentication, Authorization, and Accounting. Authentication verifies a user's identity (e.g., checking an ID or using a password, smart card, or fingerprint scanner). Authorization determines what an authenticated user is allowed to do or see within the system (e.g., standard user vs. full administrator access). Accounting tracks and logs user activity, session duration, and resource consumption for auditing and security analysis

12
New cards

Explain True Positive and False Positive.

A true positive is a correct detection where a test or model correctly identifies an existing condition or target. A false positive (or "false alarm") is an incorrect detection where the test flags a condition or target that isn't actually there

13
New cards

IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)

An Intrusion Detection System (IDS) is a passive monitoring tool that analyzes network traffic and alerts administrators to suspicious activities. An Intrusion Prevention System (IPS) acts as an active security mechanism, sitting directly in the traffic flow to automatically block, drop, or mitigate threats in real time

14
New cards

What's the difference between hashing, encoding, and encryption?

Encoding: transforms data from one format to another for interoperability with no security intent; it's reversible using public algorithms.

Encryption: makes data unreadable to unauthorized users, ensuring confidentiality with reversible, key-based algorithms.

Hashing: generates an irreversible fixed-length string unique to the input data. It's mostly used to ensure data integrity by comparing the result with the known valid hash.

15
New cards

Zero Trust

The main concept behind the zero trust security model is "never trust, always verify", which means that users and devices should not be trusted by default. This requires continuous verification of their legitimacy before granting access. This model uses robust identity verification, device compliance validation, and least privilege access to enhance security across IT systems. It's designed to adapt to modern corporate networks' complex and interconnected nature, including cloud services, remote environments, and IoT devices

16
New cards

What is SQL Injection?

SQL Injection is a web security vulnerability that allows attackers to interfere with the queries that an application makes to its database. It lets attackers view data they are not normally able to retrieve, including data belonging to other users or any other data the application can access. In some cases, it allows attackers to modify or delete this data, causing persistent changes to the application's content or behavior.

17
New cards

What to do if an employee cannot log into their account

Ask for the user's name, employee ID, and manager to verify who you are talking to. Ask which specific system or application they are trying to access and if they are working from the office, home, or traveling. Remind the user to double-check for typos, ensure Caps Lock is off, and verify they are using the correct username format. Check your IAM tool (like Active Directory, Okta, or Entra ID) to see if the account is locked out, disabled, or has an expired password. Query your SIEM or Identity provider logs, look for Error codes, Rapid, consecutive failed login attempts indicating a potential brute-force attack. If it is a simple forgotten password or lockout, follow your company policy for password resets. Otherwise escalte to tier 2.

18
New cards

Why is MFA important?

It blocks account takeovers by requiring multiple forms of verification (e.g., a password plus a fingerprint or code). This ensures that even if a password is stolen in a data breach, cybercriminals cannot access your data