Domain 2.0
Domain 3.0
Domain 4.0
Domain 5.0
Potpourri
100

A type of attack that exploits vulnerabilities in a company's physical infrastructure that could harm systems and damage data or services.

Attacks: network, phishing, DNS

network attack

100

A disaster recovery strategy that balances minimal data loss, quick recovery, and budget considerations that won't be instant recovery but restores critical systems promptly.

Cold site, warm site, hot site

warm site

100
This access control model is used most often in systems that process classified information and enforces access based on predefined classifications attached to users and data.

Attribute-based access control (ABAC), Mandatory access control (MAC)


MAC

100

This is the most critical action a CISO of a multinational corporation should take to mitigate the consequences of a significant data breach exposing sensitive proprietary information. 

Disconnect the servers to stop the bleeding, Escalate internally and externally to bring in experts for investigation, Update your resume


Escalate internally and externally to bring in experts for investigation

100

VLAN

Virtual Local Area Network

200

This type of social engineering attack occurred when an employee clicked on a link in an email from a payment website asking them to update contact information but then received a page not found error after entering contact information. 

Brand Impersonation, pretexting, typosquatting, phishing

phishing

200

When setting up a VPN, the tunneling protocol that encrypts network connections at the packet level, supports mutual authentication, and low packet overhead. 

IPsec tunnel with Internet Key Exchange (IKE), IPsec tunnel with Secure Socket Layer (SSL), Transport Layer Security (TLS) tunnel with EAP

IPsec tunnel with IKE

200

To keep detailed records of the most valuable assets so that an organization can respond faster to security risks and identify vulnerabilities.

Antivirus Updates, Asset Management, Host-Based Firewalls

Asset Management

200

An agreement that identifies employees' rights to use company property such as Internet access or laptops for personal use.

Asset agreement, HDP, Acceptable Use Agreement

Acceptable Use Agreement

200

SSH

Secure Shell

300

This type of attack could cause intermitten downtime of a company website due to an influx of traffic to the server.

network, device, DDoS

DDoS

300

This type of framework is suitable for a segregated network structure for a factory to eliminate unauthorized or unintended interaction wtih other networks with the intention to supervise extensive, immediate processes. 

SCADA/ICS, Hybrid/Cloud, SDN

SCADA/ICS

300
This MFA philosophy incorporates using a smart card to support authentication.


something you know, something you have, something you are


something you have

300

In the scenario of a college transitioning to a new learning management system, this board ensures smooth and secure execution of this project. 

Change Management Board, College Board, Executive Board

Change Management Board (CMB)

300

SIEM

Security Information and Event Management

400

This type of malware conceals itself within an installer package for what seems to be legitimate software.

virus, trojan, worm

trojan

400

A protocol suite for securing IP communications that encrypts and authenticates all of the packets in a session between hosts or networks. 

SSL, TLS, IPSec, IPConfig

IPSec

400

The type of Network Intrusion Prevention/Detection System that detects attacks by comparing traffic against a baseline to find any anomalies.

Signature-based, heuristic/behavioral, anomaly

heuristic/behavioral

400

To make sure an organization is operating within the laws, regulations, standards, policies, and ethical requirements, this type of assessment evaluates the effectiveness of internal controls, identifies any noncompliance or risk areas, and communicates finds to internal stakeholders such as risk managers.

compliance assessment, risk assessment, asset assessment,

compliance assessment

400

PKI

Public Key Infrastructure

500

A type of attack that may encrypt files with a popup message demanding payment to decrypt.

Assymetric encryption, ransomware, network


ransomware

500

A reverse proxy that distributes network or application traffic across a number of servers designed to increase capacity of concurrent users and reliability of applications.

router, switch, access point, load balancer

load balancer

500

This type of authentication allows users to access accounts through a secure link sent to their verified email or through a trusted device without passwords, fingerprints, or multiple validation. 

password, biometric, passwordless

passwordless authentication

500

A strategy to respond to potential disasters and ensure the continuation of essential functions across various scenarios including budget constraints and prolonged disruptions.

Risk Management Strategy, Disaster Recovery, Continuity of Operations Plan

Continuity of Operations Plan (COOP)

500

FTP

File Transfer Protocol

M
e
n
u