10 Questions
Which type of attack is meant to make a server or network resource unavailable to the users?
Denial of Service
What type of attack involves intercepting the connection between client and server and acting as a bridge between them?
Man in the middle attacks
What type of attack uses a trial and error method to generate a large number of guesses and validate them to obtain actual data like user password and personal identification number?
Dictionary attacks
Which attack introduces data into a DNS resolver's cache causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer?
DNS Spoofing
What type of attack uses malicious web links, malicious attachments, and fraudulent data-entry forms to steal information?
Phishing
What are the three security objectives for information and information systems according to the NIST standard?
Confidentiality, integrity, and availability
Which category of cyber-attacks involves the injection of data into a web application to manipulate it and fetch required information?
Web-based attacks
What is the primary purpose of the NIST cybersecurity framework?
To improve cybersecurity posture
What is the main characteristic of a cyber-attack?
Exploitation of computer systems and networks using malicious code
What does the NIST standard consider to be necessary for information to be secured?
Hidden from unauthorized access, protected from unauthorized change, and available only when needed
Study Notes
Types of Attacks
- A Denial of Service (DoS) attack is meant to make a server or network resource unavailable to users.
- A Man-in-the-Middle (MitM) attack involves intercepting the connection between client and server and acting as a bridge between them.
Guessing Attacks
- A Brute Force attack uses a trial and error method to generate a large number of guesses and validate them to obtain actual data like user passwords and personal identification numbers.
DNS Attacks
- A DNS Cache Poisoning attack introduces data into a DNS resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer.
Social Engineering
- A Phishing attack uses malicious web links, malicious attachments, and fraudulent data-entry forms to steal information.
NIST Security Objectives
- The three security objectives for information and information systems according to the NIST standard are:
- Confidentiality
- Integrity
- Availability
Injection Attacks
- An SQL Injection attack involves injecting data into a web application to manipulate it and fetch required information.
NIST Cybersecurity Framework
- The primary purpose of the NIST cybersecurity framework is to provide a structured approach to managing and reducing cybersecurity risk.
Cyber-Attacks
- The main characteristic of a cyber-attack is that it is a deliberate exploitation of computer systems or networks.
NIST Standard
- According to the NIST standard, information is secured if it is protected from unauthorized access, use, disclosure, disruption, modification, or destruction.
Test your knowledge of the NIST cybersecurity framework with this quiz. Learn about the guidelines, best practices, and standards for improving cybersecurity posture and responding to cyber incidents.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
