NOCTI Cybersecurity Certification Exam

Phishing

The fraudulent practice of sending email claiming to be from reputable companies in order to induce people to reveal personal information, such as passwords and credit card numbers.

Identity theft

Thieves steal your personal information such as social security and credit card numbers to take over or open new accounts, file fake tax returns, or do other criminal things in your name.

Ransomware

A type of malicious software designed to block access to a computer system until a sum of money is paid.

Hacking

The act of shutting down or misusing websites or computer networks.

Backing up log files

Communicate incident handling and the response process. Also, an important part of evidence gathering.

Breach

Occurs when a hacker successfully exploits a vulnerability to gain access files on a computer or network.

Security incident

A violation of a company security policy.

Make a bit-level copy

First step in digital forensics is to ___ of the computer's hard drive.

One-to-one copy

All files is an important aspect of evidence gathering. This important first step of digital forensics to ensure that the data is not changed.

Restore and repair any damage

After an intrusion has occurred and the intruder has been removed from the system the next step is to __

Log forensics

Refers to the process of analyzing log data to identify the time a security incident was initiated, who initiated it, the sequence of actions, and the impact it had on the business. It also helps to identify the data that has been affected by an attack and to identify the attack pattern.

Data redundancy

Multiple copies of the data across multiple storage solutions, such as the in cloud

Risk categorization

Identifying risks and ranking them with the most critical risks listed first.

Risk mitigation

Company implements protective measures to prevent a risk, such as immediately applying software updates.

Risk acceptance

Making the decision to assume the risk.

Deferred risks

Deciding not to take actions to mitigate a risk.

Risk is low and the risk damage is low

An organization can choose to accept and defer risk.

Virtual Private Network (VPN)

Allow remote users to access corporate applications and resources via a secure encrypted connection. Users to remain anonymous on the internet by masking the location and encrypting traffic.

IP Address

A numerical label assigned to each device connected to a computer network or the internet.

Malware

Broad term that includes viruses, trojans, worms, and ransomware.

Trojan Horse

A program that looks like a legitimate or harmless program but is actually a malicious program that tricks users into running it. Also, create a backdoor into a computer system.

Worm

Malicious software that spreads on its own through computer networks.

Virus

Malicious software code that is unleashed and attempts to perform its destructive content when it is opened or accessed.

Distributed Denial of Service (DDoS)

Shuts down a website by flooding it with traffic or data from multiple sources.

Advanced Persistent Threat (APT)

Uses sophisticated expertise and multiple attack vectors such as cyber, physical, and deception to achieve its objectives.

Blacklisting

Restricting access to a website for a specific user group.

Whitelisting

Allowing a website to be accessed by an individual or user group.

Cryptography

The practice of creating secure messages.

Substitution Cipher

Each letter represents a different letter.

Transposition Cipher

Rearranges the letters in a message.

Pigpen Cipher

Geometric substitution cipher that exchanges letters for symbols that are contained within grid fragments.

Caesar Cipher

Oldest and simplest substitution cipher

Font Code (Steganography)

Making small changes to characters to mark them in a manner that is invisible to the unaided human eye.

One Time Pad

Cipher that is used only one time.

Encryption

The process of converting plain text (data) into symbols or codes to prevent unauthorized access to information and safeguard it.

Symmetric Encryption

Uses the same key for encryption and decryption.

Offset

The number of positive or negative spaces to move in order to encrypt a message.

Asymmetric encryption

Uses two keys, a public key and a private key, to encrypt or decrypt.

Clickjacking

A user selects a hyperlink and accidentally installs malware.

Dictionary Attack

Compares passwords against a list of words and their hash values.

Plaintext

Ordinary readable text before it is encrypted into ciphertext.

Known Plaintext Attack

Occurs when a hacker has the ciphertext and knows the plaintext.

Chosen Plaintext Attack

Plaintext message is generated by the attacker from which the ciphertext can be obtained from the same key.

Vulnerability

A security flaw, glitch or weakness found in an application or operating system.

Use a different password for each account

Prevent a hacker from gaining access to all of a user's account.

.exe

File extensions that increase the risk of exploitation attacks. They should never be allowed into the network.

Remove the compromised computer

To prevent a threat from spreading across a network.

Run an antivirus program with the latest virus definitions

If computer that appears to be infected.

Antivirus Software

Detects, blocks, and removes viruses, spam and spyware to protect the computer from the risks associated with unwanted emails and other attacks.

Virus Signatures

File or multiple files that are downloaded by a security program to identify a computer virus.

Proxy Server Configuration

Allows technicians to check the web browsing settings to see why a hyperlink is being automatically redirected to a malicious website.

Laws and procedures

Used for cellphone and cybersecurity are hard to enforce because emerging technologies are ongoing and updated information changes the process.

Role-Based Access Control (RBAC)

Assigning permissions to users based on their role/job within an organization.

Discretionary Access Control (DAC)

The principle of restricting access to objects based on the identity of the subject. It is the least restrictive method.

CIA Triad

Confidentiality, Integrity, and Availability

Least Privilege

Assign only the rights and privileges necessary to do his/her job.

Confidential

Term used by government agencies as a security label.

Integrity

Ensuring data is accurate, complete, and hasn't been altered or destroyed without authorization.

Availability

Ensuring that information and systems are accessible to authorized users when needed, preventing unauthorized access or disruption.

Zero Day

An exploit that is found or used before it is known to exist by the software maker, before the software is able to be patched or repaired. It is has not known fix yet.

Man-in-the-middle

A hacker intercepts the data transmitted between the client and the wireless access point.

Man Trap

A type of access control that does not require a computer; it contains a trespasser between two locked doors.

Applying OS updates and patches

This should be done as one of the first steps after the installation of a new operating system.

Updating / patching to the latest versions of antivirus software.

Regular preventive maintenance.

Validated periodically

Host systems and servers should be _

according to the company security policy.

Disable non-essential services

Running on a computer to help mitigate exploits.

Service Pack

Corrects operating system problems and addresses security vulnerabilities.

Patch

Fixes for specific security vulnerabilities or bugs in a software program.

Test and validate software updates

Patches on one computer before updating all of the computers on the network.

Firmware updates

Cause router settings to reset to the default. Check the router settings if problems occur afterwards.

Tailgating

Closely following an authorized person into a secure area.

Shoulder Surfing

Unauthorized viewing of a display to gain information.

Whaling

Phishing attack that targets a high-profile employee to obtain information.

Spear fishing

Phishing attack targeting specific individuals.

Access Control Lists (ACL)

Used to restrict a user's or group's ability to read, write, and execute files in an operating system.

Preventing an Internet Control Message Protocol (ICMP) flood DDoS attack

accomplished by disabling the functionality of the targeted router, computer or other device. By setting your perimeter firewall to block pings, you can effectively prevent attacks launched from outside your network.

Authentication

Allows a user access to a computer system using credentials such as a password. The process of verifying the identity of the user.

Secure passwords

UPPERCASE & lowercase letters, numbers, and special characters / symbols.

Multi-factor authentication

Uses a combination of two or more authentication methods.

Authorization

The process of enforcing policies after the user has been authenticated.

Secure Sockets Layer (SSL)

An encryption method used to encode credit card numbers to prevent theft.

Single Sign-On

Using one authentication to gain access to all network resources.

Biometrics

Authentication method using measurement and analysis of a biological feature.

Physical Biometric Technology

Focuses on physical traits such as fingerprints, facial recognition, and retinal scans.

Eye Recognition

Verified identification based on iris patterns and retinal recognition.

Behavioral Biometric Technology

Authentication method identifying measurable patterns in human activities; such as keystrokes, signatures, and voice recognition.

Secure servers in a data center

Provide the best physical security options for critical systems

Time clocks

Badges and smart cards are often used.

False Negative

Occurs when a biometric device reports that an authentic user is not recognized.

Hash

Mathematical function (algorithm) that creates a value based on the data. It is a one-way process uniquely identifying data. Also, used to substantiate the integrity of digital evidence.

Cyber espionage

A form of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity.

Secure evidence container

Where the evidence collected by investigators is stored. It should be kept confidential.

Chain of Custody

Records where, when, and who collected the evidence. It must show access to, storage, and transportation of evidence from the crime scene to the courtroom. Evidence collected from a crime scene must be secured during transportation and storage.

Windows Registry

Contains information that Windows continually references during operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet settings for folders and application icons, what hardware exists on the system, and the ports that are being used.

Log analysis

The process of reviewing computer-generated event logs to proactively identify bugs, security threats or other risks.

Intrusion detection systems

Create log files that can be used to detect breaches.

Making a bit-to-bit ratio copy

All files is an important aspect of evidence gathering. This is an important first step of digital forensics to ensure that the data is not changed

Certified Digital Forensic Examiner

An investigator with the training and experience to properly analyze sensitive evidence.

Digital Forensic Analysis Steps

Procedure development, evidence assessment,