IST 254 Review Jeopardy Template

Threats & Attacks

Network Security

Cryptography

Identity & Access Management

Risk Management

Tools & Tech

100

This type of attack tricks users into revealing sensitive information through fake emails.

What is Phishing?

100

This device filters traffic based on rules and protects networks.

What is a firewall?

100

This type of encryption uses the same key to encrypt and decrypt data.

What is symmetric encryption?

100

This verifies who you are before granting access.

What is authentication?

100

This is the likelihood of a threat exploiting a vulnerability.

What is risk?

100

This tool scans systems for known vulnerabilities.

What is a vulnerability scanner?

200

Malware that locks files and demands payment.

What is ransomware?

200

This protocol securely encrypts web traffic.

What is HTTPS?

200

This ensures data has not been altered.

What is integrity?

200

Using two or more authentication methods is called this.

What is MFA (multi-factor authentication)?

200

Accepting a risk without mitigation is called this.

What is risk acceptance?

200

This tool captures and analyzes network traffic.

What is a packet sniffer?

300

An attack that overwhelms a system with traffic.

What is a Dos/DDoS attack?

300

A network designed to securely connect remote users?

What is a VPN?

300

This uses a public and private key pair.

What is asymmetric encryption?

300

Granting only necessary access is called this principle.

What is least privilege?

300

Transferring risk to another party is called this.

What is risk transfer?

300

This tool tests defenses by simulating attacks.

What is a penetration testing tool?

400

Malware that spreads without user interaction.

What is a worm?

400

This separates internal networks from external ones.

What is a DMZ?

400

A digital fingerprint of data is called this.

What is a hash?

400

Matching a fingerprint or face scan is this type of factor.

What is biometric authentication?

400

This identifies and evaluates risks.

What is risk assessment?

400

This monitors and logs system activity for analysis.

What is SIEM?

500

An attacker intercepting communication between two parties.

What is a man-in-the-middle attack?

500

This detects and prevents malicious activity in real time.

What is an IPS (Intrusion Prevention System)?

500

This verifies the sender and ensures non-repudiation.

What is a digital signature?

500

Granting access based on roles is called this model.

What is RBAC (Role-Based Access Control)?

500

Eliminating a risk completely is called this.

What is risk avoidance?

500

This isolates suspicious files to analyze behavior.

What is a sandbox?