Authentication & Access Control
Physical Security
Events
The Enemy
Internet
100

This is the most common method used to verify a user's identity online.

What is a password?

100
Overlapping layers of protection put in place so that if one layer fails other layers succeed in protecting is known as....
What is Defense in Depth?
100

This major retailer didn’t quite ‘hit the mark’ in 2013 when a massive data breach exposed 40 million credit card details.

What is Target?

100
They are people who traditionally tried to gain access to computers remotely to learn more and for intellectual curiosity. Currently, they only make up 17% of computer intrusions.
Who are hackers?
100

A program that is designed only to read Hyper Text Markup Language (HTML) web pages downloaded from Internet websites. 

What is a browser? (or web browser)

200

This authentication method requires two or more verification factors, such as a password and a fingerprint.

What is Multi-Factor Authentication (MFA)?

200
The list of computers, laptops, software, equipment owned by an organization.
What is Inventory?
200

In January 2025, this AI company accidentally exposed over a million lines of sensitive data, including chat histories and secret keys.

What is DeepSeek?

200
Is the risk presented to an organization by current or past employees who have knowledge of how the organization works and what and where the most valuable (damaging) information might reside.
What is Insider threat?
200
Easily readable programs that automate or provide extra function on a computer system or in an application or browser. ActiveX and JavaScript are examples of this type of language.
What is Scripting? (or Scripting Code or Scripting Language)
300

This access control model grants users the minimum level of access needed to perform their job.

What is the Principle of Least Privilege?

300

The use of personality, knowledge of human nature and social skills to steal passwords, keys tokens or other credentials to gain access to systems.

What is Social Engineering?

300

In December 2024, the Biden administration proposed new cybersecurity regulations targeting this sector to prevent significant data breaches.

What is the healthcare sector? - updates to HIPAA

300
These are well run groups of crooks who methodically look for computer vulnerabilities to steal large numbers of financial or credit card accounts for financial profit.
Who are organized crime groups?
300
A type of a program that takes scripting language and reads it so it can be acted on by a browser or an application. These are found in almost all operating systems, web browsers and many commercial off the shelf application programs.
What is an Interpreter?
400

This authentication factor is something the user has, such as a security token or smart card.

What is a possession factor? - Something you have

400
30-50% of all data loss due to the people already within the organization.
What is Insider Threat?
400

In late 2024, Russian hackers impersonated remote IT support staff on this platform to gain unauthorized access and deploy ransomware.

What is Microsoft Teams?

400
They are structured groups funded by other governments and dedicated to mapping out the internet addresses for the purpose of espionage and possible computer attacks.
What is state sponsored hacking?
400

This attack tricks users into entering sensitive information on a fake website that looks legitimate.

What is phishing?

500

This centralized authentication protocol allows users to log in once and gain access to multiple systems.

What is Single Sign-On (SSO)?

500
A necessary process to limit the kinds of hardware and software which minimizes the number of different vulnerabilities and reduces exposure to security weaknesses.
What is Standardization?
500

In July 2024, a flawed update from this cybersecurity firm caused widespread system crashes, leading to significant global disruptions. What is the company?

What is CrowdStrike?

500
The weakest link in every computer system. The one person who can through thoughtlessness, unawareness or accident, cause loss of work products through deletion, corruption or improperly safeguarding data.
Who are you? (Who am I?)
500

This type of malware hijacks internet traffic, injecting malicious code into legitimate websites.

What is a man-in-the-middle attack?

M
e
n
u