ap cybersecurity writing vocab down
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/46
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
47 Terms
social engineering
manipulating a recipient into sending confidential information using psychological tactics
phishing
a type of cyberattack where the attacker impersonates a known person/organization in order to trick a user into clicking on a malicious link or disclosing sensitive information
intimidation
tricking a user into believing that theyll endure a negative consequence if they dont act upon the hacker’s request
urgency
provoking a user to participate in immediate action by setting a time constraint
evil twin
an attack on a public wifi where the hacker creates a separate access point with a similar name to the official one
jamming
when a hacker floods an area with an electromagnetic signal which blocks legitimate traffic between the access point and its users
war driving
a hacker suspiciously walking or driving around an area in order to gain insight on a network and its access point so that they could eventually misuse that information in the future
service set identifier (SSID)
technical name for a wifi network that is used to identify and connect devices (vulnerable to the evil twin attack)
MFA
a second step after a user successfully inputs the correct password which asks for further information like an email verification or a phone code
zero day
software vulnerability that is unknown to the developers which makes them unable to fix it
voice cloning
using AI software in order to copy the voice of a person so that a hacker takes advantage of their identity
deepfake
using AI software to create a fake video or image of an actual human being for impersonation purposes
LLM
language learning model or AI, used by both hackers and cybersecurity professionals
DoS
malicious attempt to disrupt a network by flooding traffic, thereby making it inaccessible to legitimate users
CIA triad
the three essential factors that companies have to consider before implementing a cybersecurity policy
confidentiality
when information is accessed by an unauthorized user
integrity
when data is modified by an unauthorized user
availability
when data is unable to get accessed by an authorized user
defense in depth
adding multiple layers of defense in order to enhance security
risk assessment
data-driven process that identifies, analyzes, and evaluates threats to an organization’s digital assets in order to mitigate their effects
residual risk
the portion of threat exposure that remains after security measures, controls, or countermeasures have been applied
pretexting
social engineering tactic where the hacker fabricates a plausible or realistic scenario in order to solicit personal information
authority
a person pretending to be someone of power in order to convince a user to give out confidential info
consensus
psychological tactic where the user is encouraged to engage in behavior just because theyre convinced that a lot of other people are doing the same
scarcity
psychological technique where the user is convinced that resources are limited which creates a sense of urgency
familiarity
social engineering tactic where the hacker impersonates as someone that the victim knows personally
script kiddie
a low skilled adversary who primarily relies on tools already developed by others and thereby cannot make their own
hacktivist
a hacker who develops an attack usually for a political social or ideological cause
insider threat
a cyberattack that originates from an authorized user or a trusted figure who already had access to confidential information within an organization
cyberterrorist
an individual or group who uses computer technology, the internet, and telecommunications to launch attacks that cause or threaten to cause widespread disruption, fear, or physical harm. they often target critical infrastructures like banking systems and government networks
OSINT
using AI in order to collect public data from social media as a way of developing profiles of people and gauging vulnerabilities
reconnaissance
initial phase of an attack where hackers attempt to obtain as much information as possible to determine vulnerabilities, can be amplified by the use of AI
persistence
cyberattackers developing plans in order to ensure that they still maintain long term access to confidential information even after the organization attempts to respond (by making registry keys, backdoors, etc)
C2
the infrastructure and communication channels used by attackers to remotely manage and send instructions to malware-infected systems
RAT
a type of malicious software that creates a hidden backdoor, allowing attackers to gain full administrative control over a victim’s device remotely (often disguised as legitimate software)
lateral movement
the ability of hackers to move between defense layers easily with little to no restraint as they accumulate more privileges
piggybacking
a hacker using social engineering techniques in order to convince an employee that theyre authorized to enter a building
tailgating
a hacker taking advantage of an employee’s access to a physical structure without their knowledge
shoulder surfing
a hacker deliberately peering through a person’s activity in order to discover whether theyre inputting any confidential information
dumpster diving
the act of searching through trash, recycling, or electronic waste to retrieve discarded, sensitive information
card cloning
illegal act of copying data from a legitimate payment card (debit, credit, or gift card) to create a counterfeit duplicate
UPS
crucial physical defense that allows infrastructures to maintain power even during an outage which prevents data loss
IRP
documented, structured approach that helps organizations detect, contain, and recover from security incidents like data breaches or ransomware
ARP poisoning
malicious cyberattack where an attacker sends forged Address Resolution Protocol (ARP) messages onto a local area network (LAN). this maps the attacker’s MAC address to a legitimate IP address (usually the default gateway), enabling them to intercept, modify, or block traffic
MAC flooding
cybersecurity attack that overwhelms a network switch’s Content Addressable Memory (CAM) table with thousands of fake, spoofed MAC addresses. this fills the switch's memory, forcing it into "fail-open mode" where it acts like a hub, broadcasting all traffic to every port, allowing attackers to sniff sensitive data
DNS poisoning
cyberattack where corrupted domain name system (DNS) data is introduced into a DNS resolver's cache, redirecting traffic from legitimate websites to malicious ones
smurf attack
attack that overwhelms a target network by flooding it with forged Internet Control Message Protocol (ICMP) echo requests, or "pings"