Cyber midterm

studied byStudied by 0 people
0.0(0)
learn
LearnA personalized and smart learning plan
exam
Practice TestTake a test on your terms and definitions
spaced repetition
Spaced RepetitionScientifically backed study method
heart puzzle
Matching GameHow quick can you match all your cards?
flashcards
FlashcardsStudy terms and definitions

1 / 80

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

81 Terms

1

Inventory Assessment

Inventory Assessment is the comprehensive process of identifying and evaluating all assets within an organization, including hardware, software, and data, to ensure adequate security management and regulatory compliance, providing visibility into potential vulnerabilities.

New cards
2

Vulnerability scanning

Vulnerability scanning is a systematic approach to identifying known security weaknesses in systems and network devices. It utilizes automated tools like Nessus to perform thorough examinations, allowing organizations to pinpoint vulnerabilities before they can be exploited by attackers.

New cards
3

Minimum configuration standards

Minimum configuration standards refer to established baseline security requirements that all systems and applications must meet. These standards ensure essential protective measures are implemented, such as antivirus software, firewalls, and secure configurations, to safeguard organizational assets.

New cards
4

Documentation

Documentation encompasses detailed and organized records that articulate the systems, security policies, procedures, and configurations within an organization. This is crucial for ensuring consistency, regulatory compliance, and effective communication in security practices.

New cards
5

Deployment

Deployment includes the procedure of installing, configuring, and activating software and associated security measures across various environments. This ensures that security controls are not only implemented but also operational to protect organizational assets.

New cards
6

Ongoing management

Ongoing management involves the continuous oversight and active maintenance of security measures and resources in an organization. This process is essential to respond to emerging threats and to maintain optimal performance of security infrastructures.

New cards
7

ICS/SCADA Firmware updates

ICS/SCADA Firmware updates refer to the regular practice of updating the firmware for Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. This is crucial for closing security gaps, fixing vulnerabilities, and enhancing system functionality.

New cards
8

Embedded systems

Embedded systems are specialized computing systems integrated within larger systems to perform specific control functions. They often operate under real-time constraints and have particular security requirements, contributing to the efficiency of the systems they serve.

New cards
9

Real-time monitoring (RTO)

Real-time monitoring (RTO) is an essential security practice that involves the continuous tracking of operations and security events. This proactive measure allows for immediate responses to potential threats or incidents as they arise.

New cards
10

IoT Devices

IoT Devices, or Internet of Things devices, are interconnected devices that communicate over the Internet, allowing for remote monitoring and control. They present unique security challenges due to their variety and often minimal built-in security features.

New cards
11

Point-to-Multipoint Layout

A Point-to-Multipoint Layout is a specific network topology design where a central device communicates directly with multiple endpoints. This layout streamlines communication and data flow across the network, enhancing overall efficiency.

New cards
12

Multidevice Management (MDM) security feature concerns

Multidevice Management (MDM) security feature concerns address the challenges of managing and securing multiple mobile devices within an organization. This includes issues related to privacy, potential data leakage, and risks of unauthorized access to sensitive information.

New cards
13

Remote Wipe

A Remote Wipe is a critical security feature enabling the remote deletion of all data stored on a mobile device. This feature is predominantly utilized when devices are lost or stolen, protecting sensitive information from unauthorized access.

New cards
14

Geofencing

Geofencing is a technology that employs virtual boundaries around designated geographic areas, triggering alerts or automated actions when a device enters or exits these zones. This capability is widely used for location-based services and security applications.

New cards
15

Geolocation

Geolocation is the process of determining the physical location of a device in the real world. This technology underpins many applications, including geofencing and various location-based services, enhancing user experiences by providing relevant local information.

New cards
16

Screen locks

Screen locks are security mechanisms implemented on devices requiring users to input a password, PIN, or biometric information to unlock. This measure prevents unauthorized access and protects sensitive data on mobile devices.

New cards
17

BYOD (Bring Your Own Device)

BYOD, or Bring Your Own Device, is a policy that permits employees to utilize their personal devices, such as smartphones and laptops, for professional work. While it boosts flexibility and productivity, it also raises significant security concerns regarding data privacy and potential data loss.

New cards
18

CYOD (Choose Your Own Device)

CYOD, or Choose Your Own Device, is a policy allowing employees to select from a range of approved devices provided by the company for work purposes. This strategy aims to balance employee flexibility with enhanced security protocols.

New cards
19

COPE (Corporate-Owned, Personally Enabled)

COPE, or Corporate-Owned, Personally Enabled, is a device management approach in which the organization owns the device while permitting personal use. This strategy is designed to secure corporate data while allowing employees some flexibility in device usage.

New cards
20

Secure Cookies

Secure Cookies are types of cookies that are transmitted using secure protocols such as HTTPS and can include specific flags that restrict their access. This mechanism is vital for reducing the risks associated with cross-site attacks.

New cards
21

Code Signing

Code Signing is the procedure where developers digitally sign software to assure its authenticity and integrity, confirming that the software has not been tampered with or corrupted. This practice builds trust with users and enhances security.

New cards
22

Sandboxing

Sandboxing is a security strategy that isolates applications within a controlled environment (sandbox) to prevent them from interacting with the host system directly or accessing sensitive resources. This helps mitigate risks from potentially harmful applications.

New cards
23

Monitoring

Monitoring refers to the continuous observation and analysis of security events and system activities in real-time. This proactive approach is essential for detecting potential security incidents and facilitating timely responses.

New cards
24

SIEM tool (Security Information and Event Management)

A SIEM tool is a sophisticated software application that aggregates and analyzes security data across an entire IT environment. This aggregation helps identify security threats and facilitates appropriate responses, enhancing overall security posture.

New cards
25

IAAA (Identification, Authentication, Authorization, Accountability)

IAAA is an essential framework that encompasses the processes of identifying users, verifying their identities, granting access based on authorization, and holding users accountable for their actions within an information system.

New cards
26

MFA (Multifactor Authentication)

MFA, or Multifactor Authentication, is a robust security method that requires users to present two or more separate forms of verification when logging into a system, enhancing security by combining something the user knows (like a password) with something they possess (like a mobile device).

New cards
27

RBAC (Role-Based Access Control)

RBAC, or Role-Based Access Control, is a security strategy that limits system access to authorized users based on their defined roles within the organization. This approach minimizes the risk of unauthorized access and data breaches.

New cards
28

Least Privilege Principle

The Least Privilege Principle is a foundational concept in cybersecurity that mandates users be granted only the minimum access necessary to perform their job functions. This principle limits exposure to potential risks and the impact of security incidents.

New cards
29

Nonrepudiation

Nonrepudiation is a crucial security principle that ensures a sender cannot deny having sent a message, nor can the recipient deny receiving it. This is commonly achieved through mechanisms such as digital signatures that establish a verifiable record of transactions.

New cards
30

Mirror Access

Mirror Access refers to a contingency method for providing access to a backup or replicated system immediately following the failure of a primary system. This process enhances availability and ensures redundancy in critical operational environments.

New cards
31

Phishing

Phishing is a deceptive cyber attack technique aimed at tricking individuals into divulging sensitive information, such as passwords or credit card details, typically through fraudulent emails or counterfeit websites.

New cards
32

Brute Force Attacks

Brute Force Attacks are a form of attack where encrypted data or system passwords are compromised by systematically attempting all possible combinations until the correct one is identified. This method can be time-consuming but ultimately successful against poorly protected systems.

New cards
33

Session Hijacking

Session Hijacking is a malicious attack where an unauthorized individual takes control of a user's active online session without needing their password, typically by stealing session tokens. This allows the attacker to bypass typical authentication measures.

New cards
34

Privilege Escalation

Privilege Escalation is a security vulnerability that allows an attacker to gain elevated access to restricted resources, often exploiting system weaknesses to gain higher privileges than intended, which can lead to further breaches.

New cards
35

Zero-Day Exploits

Zero-Day Exploits refer to attacks that target previously unknown vulnerabilities in software or hardware, taking advantage of the lack of patches or security measures at the time of the attack, making them particularly dangerous.

New cards
36

Write, Input, Encoding, Use

Write, Input, Encoding, Use are best practices in secure coding that emphasize careful handling of user input to prevent common vulnerabilities such as SQL injection and cross-site scripting, ensuring applications remain secure against exploits.

New cards
37

SQL Injection (SQLI)

SQL Injection (SQLI) is a critical security vulnerability that occurs when attackers manipulate input fields of a web application to execute arbitrary SQL queries against the database. This can result in unauthorized access to sensitive data.

New cards
38

Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a prevalent vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users. This often leads to data theft, session hijacking, or propagation of malware.

New cards
39

WEB Application Firewall (WAF)

A Web Application Firewall (WAF) serves as a protective layer designed to filter and monitor HTTP traffic directed at web applications. Its primary purpose is to block common attacks such as SQL injection and cross-site scripting, safeguarding application integrity.

New cards
40

Application Sandboxing

Application Sandboxing is a security technique that isolates applications in a controlled environment (sandbox), reducing the risk of those applications affecting the host system or accessing sensitive resources. This is particularly useful for testing untrusted software.

New cards
41

Patch management

Patch management involves a systematic strategy for managing software updates, including the timely application of patches to fix vulnerabilities, enhance functionality, and ensure systems remain secure against evolving threats.

New cards
42

Denial-of-Service (DoS) & Distributed DoS (DDoS)

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks aim to overwhelm a network service with an excessive volume of traffic, rendering it unavailable to legitimate users. The difference lies in the scale, with DDoS utilizing multiple compromised systems to execute the attack.

New cards
43

Rate limiting & Firewalls

Rate limiting is a security technique that controls the number of requests a user can make to a service within a certain timeframe. This method is often complemented by firewalls, which block unauthorized access and monitor network traffic for suspicious activities.

New cards
44

Mobile device management (MDM)

Mobile Device Management (MDM) encompasses software solutions designed to secure, manage, and enforce security policies across mobile devices used within an organization. This protects corporate data and maintains compliance with data protection regulations.

New cards
45

Endpoint detection and response (EDR)

Endpoint Detection and Response (EDR) are security solutions focused on identifying and responding to threats on endpoint devices, such as laptops and smartphones. EDR systems provide real-time monitoring and investigation capabilities to improve threat containment.

New cards
46

Extended detection and response (XDR)

Extended Detection and Response (XDR) is an advanced security strategy that integrates data from a variety of sources, such as networks, endpoints, and servers, enabling a coordinated and comprehensive approach to threat detection and response.

New cards
47

Security teams must Detect, Contain, and Mitigate threats quickly

Security teams are tasked with essential actions that involve swiftly identifying potential threats, containing them to prevent further spread, and implementing mitigative measures to neutralize any security incidents effectively.

New cards
48

Penetration Testing

Penetration Testing involves simulating a cyber attack on a system or network to assess its security posture, detect vulnerabilities, and evaluate the effectiveness of existing security controls, thereby enhancing overall security.

New cards
49

Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) are tools or software solutions that monitor network traffic for signs of suspicious activities, generating alerts to inform security personnel about potential breaches or security incidents.

New cards
50

Plan of Action & Milestones (POAM)

The Plan of Action & Milestones (POAM) is a management document that outlines specific security weaknesses, details corrective actions required, and sets deadlines for their implementation to enhance security posture.

New cards
51

NIST Cybersecurity Framework (NIST CSF)

The NIST Cybersecurity Framework (NIST CSF) is a voluntarily adopted framework that provides organizations with structured guidelines to manage and improve their cybersecurity risk management practices effectively.

New cards
52

ISO 27001

ISO 27001 is an internationally recognized standard specifying requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS), ensuring information security is effectively managed.

New cards
53

Risk Matrix

A Risk Matrix is a strategic tool utilized to visually categorize and prioritize risks based on their potential likelihood of occurrence and the possible impact they could have on organizational operations.

New cards
54

Gap Analysis

Gap Analysis is the method of assessing current security measures against desired standards or best practices, enabling organizations to identify existing deficiencies and areas requiring improvement for enhanced security.

New cards
55

VirtualBox

VirtualBox is a free and open-source virtualization software that enables users to run multiple operating systems concurrently on a single physical machine. This allows for flexibility in testing and development environments.

New cards
56

Client

In the context of computing, a Client refers to the end-user device, such as a personal computer or smartphone, that connects to and interacts with remote services or applications, facilitating user access to resources.

New cards
57

A company requires employees to log in with a password and a one-time code sent to their mobile phone. What authentication method is this?

This scenario exemplifies Multifactor Authentication (MFA), which combines two authentication factors: something the user knows (their password) and something they possess (the one-time code sent to their phone) for enhanced security.

New cards
58

A financial services company wants to ensure that only authorized employees can access financial records. They must put in username and password and a OTP (One time password) sent to phone. Which IAM component is that?

This implementation falls under the Authentication component within Identity and Access Management (IAM), requiring multiple forms of verification to grant access to sensitive financial records.

New cards
59

A hacker steals a session token from a user and gains access to their banking website without knowing the password. What attack is this?

This incident is categorized as Session Hijacking, where an unauthorized individual exploits a valid session token to gain illicit access to a user’s online account.

New cards
60

A hacker discovers a previously unknown vulnerability in a popular web browser and launches an attack before the developer releases a fix. What is this?

This situation exemplifies a Zero-Day Exploit, where an attacker takes advantage of an unpatched security vulnerability before the software developers are aware or able to provide a fix.

New cards
61

Which method is the best defense against SQL Injection?

The best defense against SQL Injection is the use of prepared statements and parameterized queries in application code, which properly validate and handle user input, preventing malicious alterations to database queries.

New cards
62

A company's web app allows users to log in using username and password. The hacker inputs ‘ OR 1=1-- in the username field and gains unauthorized access. What did they use?

The hacker employed a SQL Injection (SQLI) attack, manipulating unvalidated input fields to execute arbitrary SQL commands against the database for unauthorized access.

New cards
63

A company’s website is under attack by automated bots trying to inject malicious SQL queries. What security tool can help?

To fend off such automated attacks, a Web Application Firewall (WAF) can be deployed to filter and monitor HTTP requests, enhancing the security of web applications.

New cards
64

What is the main difference between EDR and XDR?

The primary distinction between EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) is that EDR focuses specifically on endpoint security, while XDR offers a comprehensive approach by integrating data across various security layers, including networks and servers.

New cards
65

A company provides employees with corporate smartphones but wants to ensure they can remotely wipe data if the device is lost or stolen. What feature is this?

This capability is characterized by the Remote Wipe feature, which empowers IT departments to erase all data remotely from a device to protect sensitive corporate information.

New cards
66

A financial services company is about to launch a new online banking system. To ensure no security vulnerabilities exist, they hire ethical hackers to try exploiting the system's defenses. What security practice is being conducted?

This process is known as Penetration Testing, wherein security professionals simulate cyber attacks to identify vulnerabilities and assess the resilience of the system's defenses prior to its launch.

New cards
67

A company creates a document listing security weaknesses and assigns deadlines for fixing them. What is this document called?

This document is referred to as a Plan of Action and Milestones (POAM), outlining identified security weaknesses, proposed corrective actions, and projected timelines for remediation.

New cards
68

A security team identifies all critical digital assets before implementing controls. Which NIST CSF function does this align with?

This activity aligns with the 'Identify' function of the NIST Cybersecurity Framework, which emphasizes understanding and managing organizational assets for effective security controls.

New cards
69

A retail company follows the NIST CSF to improve its cybersecurity strategy. The first step they take is to identify all digital assets including databases, servers, and customer records. Which function are they performing?

They are engaged in the 'Identify' function of the NIST Cybersecurity Framework, which is focused on recognizing and understanding the assets that require protection.

New cards
70

A company compares its existing security controls against the ISO 27001 requirements to find missing security measures. What process is this?

This process is called Gap Analysis, through which an organization evaluates its current security implementations against established standards to identify areas needing improvement.

New cards
71

A software developer needs to test an app on 3 OS with one computer. What is the best solution?

The ideal solution is to utilize Virtualization software, such as VirtualBox, allowing the developer to run multiple operating systems simultaneously on a single physical machine.

New cards
72

A Linux user wants to view the last 20 lines of a log file named error.log, but they do not want to edit the file. Which command should they use?

The user should execute the command tail -n 20 error.log to display the last 20 lines of the log file without modifying it.

New cards
73

A system admin wants to organize project files and needs to create a directory called ‘project x’ inside their var/www/html folder and then move that folder to another directory. What commands should they use?

To create the directory, the admin should use mkdir /var/www/html/project_x and to transfer it to another directory, they would use mv /var/www/html/project_x /path/to/target/directory.

New cards
74

A user is experiencing network issues and wants to check if their computer can reach google.com. Which command should they use?

To verify connectivity, the user should execute the command ping google.com, which tests the network connection to the Google server.

New cards
75

A system admin wants to install a package called ‘They Not Like Us’ on an Ubuntu system. Which command should they use?

The admin should utilize the command sudo apt install 'They Not Like Us' to properly install the specified package on their Ubuntu system.

New cards
76

A developer has a text file and they want to be able to execute the text file. Which command should they use to change permissions?

The developer must use the command chmod +x filename to alter the file's permissions, making it executable.

New cards
77

A security researcher is testing malware in a VM and wants to quickly revert to a clean state after running the malware. Which VirtualBox feature should they use?

In this case, the researcher should leverage the Snapshot feature in VirtualBox, allowing them to restore the VM to a clean state quickly after malware testing.

New cards
78

A company wants to reduce hardware costs by running multiple independent environments on a single high-performance server. What benefit of virtualization addresses this need?

Virtualization addresses this need by providing resource efficiency, enabling multiple virtual machines to co-exist on a single physical server, which reduces overall hardware expenditures.

New cards
79

A company notices hundreds of failed login attempts on an admin account within a short time. Which security measure would be most effective in preventing this attack?

Implementing Rate Limiting is an effective security measure to mitigate excessive login attempts, thereby protecting against potential brute force attacks.

New cards
80

What does LAMP in LAMP Stack stand for?

LAMP stands for Linux, Apache, MySQL, and PHP, representing an open-source technology stack utilized for modern web development.

New cards
81

A user modifies their smartphone OS to remove security restrictions, allowing them to install unauthorized third-party applications. What is this practice called?

This practice is referred to as Jailbreaking (for iOS) or Rooting (for Android), wherein users remove manufacturer-imposed security restrictions to gain additional control over their devices.

New cards
robot