Podcast
Questions and Answers
Which of the following is not a term that is part of the history of cybersecurity?
Which of the following is not a term that is part of the history of cybersecurity?
- computer security
- whizbanger (correct)
- information security
- IT security
Which of the following is the best definition of cybersecurity?
Which of the following is the best definition of cybersecurity?
- The protection of information when it is used on a computer system or cybernetic network through the application of good security practices.
- The application of improved security practices to protect information on cyber-related systems.
- The protection of information in all of its forms, wherever it may exist, through the application of good security practices. (correct)
- The protection of computer systems through the application of good security practices.
Which of the following is not one of the identified good security practices?
Which of the following is not one of the identified good security practices?
- cybersecurity programming (correct)
- cybersecurity technology
- cybersecurity training and awareness
- cybersecurity policy
What are events or circumstances that have the potential to adversely affect operations and assets?
What are events or circumstances that have the potential to adversely affect operations and assets?
A person who accesses systems and information without authorization and often illegally is called a(n) _______.
A person who accesses systems and information without authorization and often illegally is called a(n) _______.
Which of the following is not one of the three core characteristics of information that give it value?
Which of the following is not one of the three core characteristics of information that give it value?
What is the term for a threat that represents a situation where we must rely on technology that cannot be easily replaced?
What is the term for a threat that represents a situation where we must rely on technology that cannot be easily replaced?
What is the aspect of controlling data access that is NOT one of the four main aspects?
What is the aspect of controlling data access that is NOT one of the four main aspects?
Who is responsible for storing, maintaining, and protecting information?
Who is responsible for storing, maintaining, and protecting information?
What type of control is intended to discourage or suppress a possible incident?
What type of control is intended to discourage or suppress a possible incident?
What type of device regulates the movement of information across networks from the outside world?
What type of device regulates the movement of information across networks from the outside world?
What is a false alarm triggered by an IDPS called?
What is a false alarm triggered by an IDPS called?
What is a software program or hardware appliance that can intercept, copy, and interpret network traffic?
What is a software program or hardware appliance that can intercept, copy, and interpret network traffic?
What is the strategy where an organization decides that an asset is not worth fixing or protecting and removes it?
What is the strategy where an organization decides that an asset is not worth fixing or protecting and removes it?
When a vendor delivers a fix for something that’s not working as it should, it is called a(n) _____.
When a vendor delivers a fix for something that’s not working as it should, it is called a(n) _____.
Who has primary responsibility for the assessment, management, and implementation of information security in the organization?
Who has primary responsibility for the assessment, management, and implementation of information security in the organization?
What type of social engineering attack involves emails or phone calls to trick individuals out of information?
What type of social engineering attack involves emails or phone calls to trick individuals out of information?
What is the term for when an adversary steals information and then tries to blackmail the victim into paying for its return?
What is the term for when an adversary steals information and then tries to blackmail the victim into paying for its return?
What is a senior executive who promotes a project and ensures its support, both financially and administratively, at the highest levels of the organization?
What is a senior executive who promotes a project and ensures its support, both financially and administratively, at the highest levels of the organization?
A good cybersecurity program maintains a careful balance between _____.
A good cybersecurity program maintains a careful balance between _____.
What type of threat includes malware such as viruses, worms, and macros, as well as denial of service attacks and script injections?
What type of threat includes malware such as viruses, worms, and macros, as well as denial of service attacks and script injections?
What is the term for malicious software elements designed to infect a user’s computer and either steal information or damage the computer?
What is the term for malicious software elements designed to infect a user’s computer and either steal information or damage the computer?
What is the term for an attack that attempts to overwhelm a computer target’s ability to handle incoming communications?
What is the term for an attack that attempts to overwhelm a computer target’s ability to handle incoming communications?
What is the term for an attack in which an attacker intercepts a communications stream between two users or systems and inserts himself in the conversation?
What is the term for an attack in which an attacker intercepts a communications stream between two users or systems and inserts himself in the conversation?
What is the term for a situation where technology equipment fails due to various reasons?
What is the term for a situation where technology equipment fails due to various reasons?
What is the term for a situation where programming or operating systems fail due to various reasons?
What is the term for a situation where programming or operating systems fail due to various reasons?
What is the term for a situation where we must rely on technology that cannot be easily replaced?
What is the term for a situation where we must rely on technology that cannot be easily replaced?
What is the principle of limiting users' access to only the specific information required to perform their assigned jobs?
What is the principle of limiting users' access to only the specific information required to perform their assigned jobs?
What is the principle of limiting users' access so that authorized individuals should only have the minimum data access and use rights necessary?
What is the principle of limiting users' access so that authorized individuals should only have the minimum data access and use rights necessary?
Who is/are the individual or group that creates or is responsible for a set of information?
Who is/are the individual or group that creates or is responsible for a set of information?
Flashcards are hidden until you start studying
Study Notes
Cybersecurity Terms and Concepts
- Cybersecurity is the practice of protecting systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction.
- Threat represents a situation that could adversely affect operations and assets.
- Hacker is a person who accesses systems and information without authorization and often illegally.
- Confidentiality, Integrity, and Availability are the three core characteristics that give information value
- Single Point of Failure is a technology that cannot be easily replaced.
- Data Access Control is about restricting access to data based on specific requirements.
- Data Custodian is responsible for storing, maintaining, and protecting information.
- Deterrent Controls are intended to discourage or suppress a possible incident.
- Firewall regulates the movement of information across networks from the outside world.
- False Positive is a false alarm triggered by an Intrusion Detection and Prevention System (IDPS).
- Packet Sniffer is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
- Decommissioning is a strategy where an organization decides that an asset is not worth fixing or protecting and removes it.
- Patch is a vendor-delivered fix for something that's not working correctly.
- Chief Information Security Officer (CISO) has the primary responsibility for the assessment, management, and implementation of information security within an organization.
- Phishing is a social engineering attack that involves emails or phone calls to trick individuals out of information.
- Extortion is an attack where a perpetrator steals information and uses it to blackmail their victim.
- Sponsor is a senior executive that supports and promotes a project, ensuring its financial and administrative backing.
- Security Programs must maintain a balance between security and usability.
- Malware includes viruses, worms, macros, denial of service attacks, and script injections.
- Malware is a malicious element that infects a user’s computer to steal information or damage the computer.
- Denial of Service Attack overwhelms a computer target’s ability to handle incoming communications.
- Man-in-the-Middle Attack intercepts communication between users or systems and inserts itself in the conversation.
- Hardware Failure is when technology equipment fails due to various reasons.
- Software Failure is when programming or operating systems fail due to various reasons.
- Principle of Least Privilege limits users' access to only the information needed to perform their jobs.
- Data Minimization ensures that authorized individuals only have access to the minimum amount of data required.
- Data Owner is the individual or group responsible for creating or managing a set of information.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
