1/17
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
SIEM
Collects log and event data from servers, network devices, firewalls, and applications. It uses rules and logic to link isolated events together (e.g., matching a failed login attempt with a subsequent file download) to identify malicious patterns or anomalous behavior. It then flags these patterns for further investigation and helps in incident response.
EDR
A cybersecurity tool that continuously monitors computers, laptops, and servers to detect and neutralize threats like ransomware and malware. Unlike traditional antivirus, which only blocks known threats, EDR uses behavioral analysis to spot suspicious activities in real-time and provides tools for detailed forensic investigation. It’s used for automation and continuous monitoring. It collects data on process executions, file changes, and network connections
Threat, Vulnerability, Risk
A threat is a potential harmful event or actor, a vulnerability is a weakness in a system or asset that can be exploited, and risk is the potential for loss or damage when a threat successfully exploits that vulnerability.
Operating System
AN operating system is the foundation of a computer. It is the intermediary between computer hardware and the user. The OS creates, schedules, and terminates processes (programs in execution). It allocates CPU time to multiple active processes efficiently. It manages memory, file management, and user interface.
Malware Analysis
The process of dissecting malicious software to understand its functionality, origin, and impact.
Black Hat, White Hat, Grey Hat
Black Hat are malicious and illegal, white hat are ethical hackers who have the owners permission. Grey hat is illegal and without the permission of the owner, but they do not have malicious intent.
Ticket
A digital file or record created to document a security event. Can be made automatically by systems or an employee.
Triage
The systematic process of evaluating, categorizing, and prioritizing security alerts to determine which threats require immediate intervention and which are false alarms
Red Team vs Blue Team
Red Teams play offense, acting as ethical hackers to simulate real-world attacks and uncover vulnerabilities. Blue Teams play defense, consisting of security professionals who monitor networks, detect threats, and respond to breaches in real-time to protect the organization.
CIA Triad
Foundational cybersecurity model made up of three core principles: Confidentiality, Integrity, and Availability. Confidentiality ensures that sensitive information is kept private and accessed only by authorized individuals. Integrity guarantees that data and systems remain accurate, authentic, and completely unaltered during storage or transmission. Availability ensures that authorized users have reliable and timely access to systems, networks, and data whenever they need them.
What is AAA?
Foundational security framework that stands for Authentication, Authorization, and Accounting. Authentication verifies a user's identity (e.g., checking an ID or using a password, smart card, or fingerprint scanner). Authorization determines what an authenticated user is allowed to do or see within the system (e.g., standard user vs. full administrator access). Accounting tracks and logs user activity, session duration, and resource consumption for auditing and security analysis
Explain True Positive and False Positive.
A true positive is a correct detection where a test or model correctly identifies an existing condition or target. A false positive (or "false alarm") is an incorrect detection where the test flags a condition or target that isn't actually there
IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)
An Intrusion Detection System (IDS) is a passive monitoring tool that analyzes network traffic and alerts administrators to suspicious activities. An Intrusion Prevention System (IPS) acts as an active security mechanism, sitting directly in the traffic flow to automatically block, drop, or mitigate threats in real time
What's the difference between hashing, encoding, and encryption?
Encoding: transforms data from one format to another for interoperability with no security intent; it's reversible using public algorithms.
Encryption: makes data unreadable to unauthorized users, ensuring confidentiality with reversible, key-based algorithms.
Hashing: generates an irreversible fixed-length string unique to the input data. It's mostly used to ensure data integrity by comparing the result with the known valid hash.
Zero Trust
The main concept behind the zero trust security model is "never trust, always verify", which means that users and devices should not be trusted by default. This requires continuous verification of their legitimacy before granting access. This model uses robust identity verification, device compliance validation, and least privilege access to enhance security across IT systems. It's designed to adapt to modern corporate networks' complex and interconnected nature, including cloud services, remote environments, and IoT devices
What is SQL Injection?
SQL Injection is a web security vulnerability that allows attackers to interfere with the queries that an application makes to its database. It lets attackers view data they are not normally able to retrieve, including data belonging to other users or any other data the application can access. In some cases, it allows attackers to modify or delete this data, causing persistent changes to the application's content or behavior.
What to do if an employee cannot log into their account
Ask for the user's name, employee ID, and manager to verify who you are talking to. Ask which specific system or application they are trying to access and if they are working from the office, home, or traveling. Remind the user to double-check for typos, ensure Caps Lock is off, and verify they are using the correct username format. Check your IAM tool (like Active Directory, Okta, or Entra ID) to see if the account is locked out, disabled, or has an expired password. Query your SIEM or Identity provider logs, look for Error codes, Rapid, consecutive failed login attempts indicating a potential brute-force attack. If it is a simple forgotten password or lockout, follow your company policy for password resets. Otherwise escalte to tier 2.
Why is MFA important?
It blocks account takeovers by requiring multiple forms of verification (e.g., a password plus a fingerprint or code). This ensures that even if a password is stolen in a data breach, cybercriminals cannot access your data