Basic Cybersecurity Concepts
Social Engineering
Incident Response
Malware and Threats
Protecting Yourself
Devices
100

This software is designed to detect, prevent, and remove malicious software from a computer.

What is antivirus software?

100

This type of social engineering attack involves sending fraudulent emails to trick individuals into revealing personal information.

What is phishing?


100

This term refers to a documented plan outlining procedures for detecting, responding to, and recovering from cybersecurity incidents.

What is an Incident Response Plan?


100

This type of malware encrypts the victim's files, demanding payment for the decryption key.

What is ransomware?


100

Using a combination of letters, numbers, and special characters in your passwords is an example of this security practice.

What is creating a strong password?


100

This network security system monitors and controls incoming and outgoing network traffic based on predetermined security rules.

What is a firewall?



200

This is a security measure that requires two different types of authentication before access is granted.

What is two-factor authentication?


200

This term describes a scam where attackers pose as a trusted individual or organization over the phone to obtain sensitive information.

What is vishing?


200

This phase of incident response involves isolating affected systems to prevent further damage and spread of the incident.

What is containment?


200

This malware grants unauthorized access to a computer system, often bypassing normal authentication mechanisms.

What is a backdoor?


200

Regularly updating this software helps protect your computer from new threats and vulnerabilities.

What is updating your antivirus software?


200

This device monitors and analyzes network traffic for suspicious activities and potential threats, often providing real-time alerts.

What is an Intrusion Detection System (IDS)?

300

This term describes the unauthorized copying, use, or distribution of software.

What is software piracy?


300

This social engineering tactic uses immediate threats or urgent requests to pressure individuals into taking hasty actions.

What is pretexting?


300

In this stage of incident response, actions are taken to remove the immediate threat

What is eradication and recovery?


300

This type of malware disguises itself as a legitimate program to gain unauthorized access to a system.

What is a Trojan horse?


300

This security feature encrypts your internet connection, making it more difficult for attackers to intercept your data.

What is using a Virtual Private Network (VPN)?


300

This type of network device connects multiple networks together and routes data packets between them based on their IP addresses.

What is a router?

400

This is the act of verifying the identity of a user, device, or other entity in a computer system.

What is authentication?


400

This type of attack occurs when an attacker physically follows someone into a restricted area without authorization.

What is tailgating?


400

After an incident, this step involves reviewing what happened and how it was handled to improve future response efforts.

What is a post-incident analysis or post-mortem?


400

This self-replicating malware spreads without any user interaction, often exploiting network vulnerabilities.

What is a worm?


400

This practice involves making regular copies of your important files to protect against data loss.

What is backing up your data?


400

This portable device generates one-time passwords (OTPs) for two-factor authentication, enhancing login security.

What is a hardware token or key fob?

500

This term refers to a weakness or flaw in a system that can be exploited to gain unauthorized access.

What is a vulnerability?

500

This social engineering technique involves leaving infected USB drives in public places to entice individuals to pick them up and use them.

What is a USB drop attack?


500

This incident response phase involves notifying stakeholders, including customers and regulatory bodies, about the incident.

What is notification and communication?


500

This type of malicious software records keystrokes to capture sensitive information like passwords and credit card numbers.

What is a keylogger?


500

This feature helps protect your mobile device by requiring a code or biometric data to unlock it.

What is setting a screen lock?


500

This network appliance detects and prevents identified threats in real-time, often used in conjunction with firewalls.

What is an Intrusion Prevention System (IPS)?

600

This term refers to the process of converting data into a coded format to prevent unauthorized access.

What is encryption?

600

In this attack, malicious software is installed on a system when a user is tricked into opening a seemingly harmless file or link.

What is baiting?


600

This refers to the process of simulating potential incidents to test the effectiveness of an organization's incident response capabilities.

What is an incident response drill or tabletop exercise?



600

This term refers to a collection of compromised computers that are controlled by a single attacker or group.

What is a botnet?


600

This tool can generate and store complex, unique passwords for each of your accounts.

What is a password manager?


600

This network appliance detects and prevents identified threats in real-time, often used in conjunction with firewalls.

What is an Intrusion Prevention System (IPS)?


700

This security model restricts access to data based on the identity of the user and the resources they need to perform their job.

What is the principle of least privilege?

700

This attack involves sending text messages that appear to be from legitimate sources to deceive individuals into revealing sensitive information.

What is smishing?



700
The framework developed by the federal goverment for managing cybersecurity.

What is the NIST CyberSecurity Framework

700

This form of malware can modify its code to evade detection by antivirus programs.

What is a polymorphic virus?


700

You should do this when disposing of old devices to ensure your personal data cannot be recovered.

What is securely wipe the device?



700

This hardware component stores cryptographic keys and performs encryption and decryption operations securely.

What is a Hardware Security Module (HSM)?

M
e
n
u