Governance, Risk, and Compliance
This is the likelihood and impact of a threat.
What is risk?
This type of malware locks files and demands payment.
What is ransomware?
This network design principle limits access to only what's necessary.
What is least privilege?
This principle ensures users only access what they need.
What is least privilege?
This is the first step in the incident response process.
What is preparation?
This document outlines acceptable use of company resources.
What is an AUP (Acceptable Use Policy)?
This social engineering attack involves pretending to be someone trustworthy via Phone.
Vishing
This cloud model provides hardware resources only.
What is IaaS (Infrastructure as a Service)?
This encryption method uses the same key for encryption and decryption.
What is symmetric encryption?
This type of evidence is collected from volatile memory.
What is RAM?
This law protects health information in the U.S.
What is HIPAA?
This type of scan identifies weaknesses without exploiting them.
What is a vulnerability scan?
This technology allows multiple OSes to run on one physical machine.
What is virtualization?
This wireless security protocol replaced WEP.
What is WPA2?
This tool aggregates logs and alerts.
What is a SIEM?
This principle ensures data is only accessible to authorized users.
What is confidentiality?
These actors are typically motivated by ideology or political agendas.
What are hacktivists?
This zone separates internal networks from external ones.
What is a DMZ (Demilitarized Zone)?
This protocol secures web traffic.
What is HTTPS?
This technique isolates infected systems.
What is containment?
This framework is used for cybersecurity in U.S. critical infrastructure.
What is the NIST Cybersecurity Framework?
This type of test simulates a real-world attack without prior knowledge.
What is a black-box penetration test?
These systems are built into hardware and often lack security updates.
What are embedded systems?
This authentication method uses something you are.
What is biometric authentication?
This tool detects malicious activity on a network.
What is an IDS (Intrusion Detection System)?