Cyber Security Basics
What does the CIA triad in cybersecurity stand for?
Confidentiality, Integrity, Availability.
What is the term for voice calls designed to trick a user into revealing sensitive information?
Vishing call.
What kind of malware locks files and demands payment to unlock them?
Ransomware.
What is a two-step verification process to enhance security called?
Two-Factor Authentication (2FA).
This 2022 breach exposed the sensitive data of nearly 10 million Australians.
Optus data breach
What is the name of the process of converting cleartext data into a secure code to prevent unauthorized access?
Encryption
What is a social engineering tactic that involves creating a fake scenario to obtain information?
Pretexting
When a highly skilled, well-funded group conducts prolonged and stealthy cyber intrusions, what is this known as?
Advanced Persistent Threat (APT).
This model assumes no user or device can be trusted by default. What is it called?
Zero Trust Security Model.
In 2017, this company experienced a data breach affecting 147 million people.
Equifax
This type of attack aims to make a service unavailable by overwhelming it with traffic. What is it called?
Denial-of-Service (DoS)
This type of phishing targets specific individuals or organizations with personalized messages. What is it called?
Spear phishing.
What type of vulnerability allows attackers to intercept and alter communications between two parties without their knowledge?
Man-in-the-Middle (MITM) attack.
What is the practice of simulating cyber attacks to test an organization's defenses?
Penetration testing.
What cybercriminal group is known for hacktivist activities like Operation Payback?
Anonymous.
What type of malware disguises itself as a legitimate program to trick users into installing it?
Trojan Horse
What social engineering tactic exploits human greed (such as a free prize) or curiosity (such as a USB lying around) to trick someone into revealing information?
Baiting
This technique involves repeatedly attempting different combinations of passwords until the correct one is found.
Brute Forcing.
This practice involves dividing a network into isolated segments to limit the spread of a potential attack.
Network Segmentation.
What was the root cause of the Australian Red Cross Blood Service data breach?
An unsecured backup database managed by a third-party vendor.
What is a zero-day vulnerability?
A previously unknown vulnerability in software that has not yet been patched.
What is the process of confirming a person's identity using a different communication method, such as calling a known number or using a secure app, to verify a suspicious request?
Out-of-band verification
When attackers manipulate input fields on a website to execute commands on the backend server, what is this attack called?
SQL Injection.
This advanced method uses machine learning algorithms to detect anomalies in user behavior that may indicate a breach.
User and Entity Behavior Analytics (UEBA).
What type of vulnerability allowed attackers to breach Medibank in 2022?
Unsecure APIs.