AI
GRC
Technical Measures
APT &Ransomware Groups
Cyber Acronyms
100
This type of program can simulate conversation with humans, like ChatGPT.
CHATBOT
100
In the GRC framework, this letter stands for the system of rules and oversight that guides an organization.
Governance
100
💡 This type of software safeguards your computer against malicious programs.
🛡️ What is ANTI-VIRUS?
(Also acceptable: What is Antivirus Software, What is AV)
(Also acceptable: What is Antivirus Software, What is AV)
100
⚡ DAILY DOUBLE
💡 This tactic locks your files and demands money to unlock them. Used by groups like DarkSide and REvil.💰 What is RANSOMWARE?
(Also acceptable: What is Crypto Malware, What is File-Encrypting Malware)
(Also acceptable: What is Crypto Malware, What is File-Encrypting Malware)
100
💡 This acronym is used for a common method of securing websites and encrypting data in transit
🔒 What is HTTPS?
(Also acceptable: What is TLS, What is SSL, What is Secure Sockets Layer)
(Also acceptable: What is TLS, What is SSL, What is Secure Sockets Layer)
200
This is the information that AI systems learn from during training.
Training Data
200
This is the formal rule or guideline that a company establishes for its employees to follow.
Policy
200
⚡ DAILY DOUBLE
💡 This process encodes information so only authorized parties can read it. 💡 Power-Up Note: Daily Double — points for this question will be doubled!
🔐 What is ENCRYPTION?
(Also acceptable: What is Data Encryption, What is Cryptography)
(Also acceptable: What is Data Encryption, What is Cryptography)
200
💡 This is the first phase in an APT attack, used by groups like APT28 and Lazarus.
🛰️ What is RECONNAISSANCE?
(Also acceptable: What is Recon, What is Initial Reconnaissance, What is Footprinting, What is OSINT)
(Also acceptable: What is Recon, What is Initial Reconnaissance, What is Footprinting, What is OSINT)
200
💡 This acronym refers to a method of verifying identity using multiple factors.
🔑 What is MFA?
(Also acceptable: What is Multi-Factor Authentication)
(Also acceptable: What is Multi-Factor Authentication)
300
This branch of AI learns patterns by analyzing large sets of examples.
Machine Learning
300
⚡ DAILY DOUBLE
💡 This common GRC activity involves checking whether company rules are being followed.AUDIT
300
💡 This security measure verifies the identity of users before granting access.
🔐 What is AUTHENTICATION?
(Also acceptable: What is User Authentication, What is Identity Verification)
(Also acceptable: What is User Authentication, What is Identity Verification)
300
💡 This ransomware group uses a double extortion tactic and was behind the Colonial Pipeline attack.
🏭 What is DARKSIDE?
(Also acceptable: What is DarkSide Ransomware, What is DarkSide Group)
(Also acceptable: What is DarkSide Ransomware, What is DarkSide Group)
300
💡 This acronym is used for a type of attack that floods a system with traffic.
🌐 What is DDoS?
(Also acceptable: What is Distributed Denial of Service)
(Also acceptable: What is Distributed Denial of Service)
400
This AI structure, inspired by the human brain, uses layers to process data.
Neural Network
400
This is a possible event or condition that could negatively impact a company.
Risk 
400
💡 This device or software filters network traffic to block unwanted or harmful connections.
🛡️ What is FIREWALL?
(Also acceptable: What is Network Firewall, What is Perimeter Firewall)
(Also acceptable: What is Network Firewall, What is Perimeter Firewall)
400
💡 This tactic involves hacking trusted software providers to reach many victims. Used in the SolarWinds attack.
💻 What is a SUPPLY CHAIN ATTACK?
(Also acceptable: What is Software Supply Chain Attack, What is Compromised Software Attack)
(Also acceptable: What is Software Supply Chain Attack, What is Compromised Software Attack)
400
⚡ THREAT REDIRECT
💡 This acronym refers to a security model that limits access to only what's necessary.💡 Power-Up Note: This is a Threat Redirect — Force another team to answer the next clue instead of your team.
🔐 What is RBAC?
(Also acceptable: What is Role-Based Access Control)
(Also acceptable: What is Role-Based Access Control)
600
This field of AI enables machines to identify and interpret images, such as recognizing faces in photos.
Computer Vision
600
🛡️ INCIDENT OVERRIDE
💡 This common GRC activity involves checking whether company rules are being followed.💡 Power-Up Note: This is an Incident Override — a wrong answer will not deduct points!
Risk Register
600
💡 This intermediary server conceals internal IP addresses when browsing online.
🖥️ What is PROXY SERVER?
(Also acceptable: What is Web Proxy, What is Forward Proxy, What is HTTP Proxy)
(Also acceptable: What is Web Proxy, What is Forward Proxy, What is HTTP Proxy)
600
💡 This North Korean group used ransomware to steal money from banks and crypto.
What is LAZARUS GROUP?
(Also acceptable: What is Hidden Cobra, What is Lazarus)
(Also acceptable: What is Hidden Cobra, What is Lazarus)
600
💡 This acronym refers to a security solution that monitors and responds to threats on endpoints.
🖥️ What is EDR?
(Also acceptable: What is Endpoint Detection and Response, What is Endpoint Security)
(Also acceptable: What is Endpoint Detection and Response, What is Endpoint Security)