Cyber Security

    avatar
    Created by
    Scott MacDougall

    Cards (138)

    • Ransomware is a form of malicious software designed to block access to a computer system until a sum of money is paid.
    • Phishing is a type of cyber attack where attackers send fraudulent communications that appear to come from a reputable source, aiming to steal sensitive information.
    • What are common reasons for security vulnerabilities in an organization?
      Security patches/updates not installed and default credentials
      View source
    • What is the potential fallout to an organization if a threat is actuated?
      Monetary loss, reputation damage, and legal consequences
      View source
    • What are the monetary impacts of a security breach?
      Revenue loss and depleted savings
      View source
    • What types of reputation damage can occur from a security breach?
      Loss of customer trust and damage to brand image
      View source
    • What types of assets can be lost due to a security breach?
      Buildings, private data, and intellectual property
      View source
    • What types of financial records can be compromised in a security breach?
      Mergers/acquisitions and new product specifications
      View source
    • What are the legal consequences of a security breach?
      Imprisonment and fines
      View source
    • What is the principle of least privilege?
      Never giving more rights than necessary
      View source
    • How can you determine if you need Domain or Local Admin credentials for a task?
      By assessing the requirements of task X
      View source
    • What is the purpose of creating multiple accounts for users?
      To separate standard user access from administrative access
      View source
    • How should permissions be set based on roles?
      Sales personnel should not have access to finance data and vice versa
      View source
    • What is social engineering in the context of security?
      Hacking the human element using trickery to illicit sensitive information
      View source
    • What are common tactics used in social engineering?
      Pretending to be an authority or in an emergency
      View source
    • How can social engineering be executed?
      In person, over the phone, or through email
      View source
    • What is phishing?
      A method of tricking individuals into providing sensitive information
      View source
    • What is spear phishing?
      A targeted form of phishing aimed at specific individuals
      View source
    • What is attack surface analysis?

      Finding all the ways that a system/network could be attacked
      View source
    • What does threat modeling involve?
      Acting as a threat to look for weak spots in security
      View source
    • What does STRIDE stand for in threat modeling?
      Spoofing, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege
      View source
    • What are common physical security concepts and practices?
      • Access Controls
      • Multi-factor Authentication
      • Site Security
      • Mobile Device Security
      • Removable Drive/Device Security
      View source
    • What are examples of physical access controls?
      Keypads, RFID fobs/cards, and biometrics
      View source
    • What are logical access controls?
      File permissions, Access Control Lists (ACL), and passwords
      View source
    • What are the factors of Multi-factor Authentication (MFA)?
      Something you know, something you have, and something you are
      View source
    • What is an example of something you know in MFA?
      Username/password combo
      View source
    • What is an example of something you have in MFA?
      RFID fob/SmartCard
      View source
    • What is an example of something you are in MFA?
      Fingerprint
      View source
    • What are internal access controls?
      Locks, keypads, cameras, and motion sensors
      View source
    • What are external access controls?
      Fences, walls, barriers, and gates
      View source
    • What is the purpose of a mantrap in physical security?
      To control access and prevent unauthorized entry
      View source
    • What is the difference between a server and a workstation in terms of security?
      Servers are housed in secure areas, while workstations are more vulnerable to physical compromise
      View source
    • What is the principle of least privilege in server security?
      Those that don't need access don't get access
      View source
    • What is a Kensington lock?

      A physical security device used to secure workstations
      View source
    • What is full drive encryption?
      Encrypting the entire hard drive to protect data
      View source
    • What is BitLocker?

      A full disk encryption feature included with Windows
      View source
    • What are common security measures for mobile devices?
      Lock screens, PINs, and biometric authentication
      View source
    • What is the purpose of removable device security?

      To control whether removable devices can be used
      View source
    • How can removable devices be controlled in a Windows environment?
      Through Local Security Policy or Group Policy
      View source
    • What are keyloggers?

      Devices or software that record keystrokes
      View source