Security Principles
The three underlying principles of data protection that are recognized by cybersecurity professionals
What is the CIA Triad?
This type of malware disguises itself as legitimate software to trick users into installing it.
What is a Trojan Horse?
IoT stands for this, referring to physical devices connected to the internet that collect and share data.
What is Internet of Things?
AAA stands for Authentication, Authorization, and this third "A."
What is Accounting?
This is the process of converting readable data into an unreadable, coded format using a key.
What is encryption?
Keeping sensitive information private and restricted to only authorized people is called this.
What is confidentiality?
The main difference between a virus and a worm is that a worm can do this without needing a host file.
What is self-replicate/spread automatically?
This social engineering technique involves following an authorized person into a restricted area without proper credentials.
What is tailgating or piggybacking?
Something you know, something you have, and something you are are all examples of these.
What are authentication factors?
Data that is stored on a device and not being transmitted is called data at this location.
What is data at rest?
This is the process of strengthening a system by removing unnecessary features and applying security patches.
What is hardening?
This attack floods a target system from multiple sources or compromised computers simultaneously.
What is a DDoS (Distributed Denial of Service)?
Provide three (3) examples of IoT devices.
Any IoT/smart devices will be accepted, but all 3 answers must be IoT.
This principle states that users should have only the minimum access needed to perform their job duties.
What is the Principle of Least Privilege (PoLP)?
This type of cryptography uses the same key to encrypt and decrypt data but is faster than asymmetrical methods.
What is symmetrical cryptography?
An intentional, malicious action taken by an attacker to compromise or damage a computer system is called this.
What is a cyberattack?
This social engineering attack involves sending fake emails that look legitimate to trick users into revealing passwords.
What is phishing?
The name for creating a false scenario or identity to manipulate someone into sharing PII or other sensitive data.
What is pretexting?
MFA is more secure than two-step authentication because it uses factors from different categories and uses this number or more factors.
What is two or more?
This method adds random data to passwords before hashing, like a seasoning.
What is salting?
This is a tool or technique that takes advantage of a vulnerability to gain unauthorized access or cause harm.
What is an exploit?
This is a sophisticated, long-term cyberattack where an attacker remains hidden while stealing data.
What is Advanced Persistent Threat (APT)?
This layered security strategy uses multiple controls to protect against advanced threats like APTs.
What is defense-in-depth?
This network protocol provides centralized authentication and authorization for users accessing network resources remotely.
What is RADIUS?
This system manages the creation, distribution, and verification of digital certificates to ensure secure communication.
What is PKI (Public Key Infrastructure)?