A non-technical attack where an individual tries to manipulate people into giving them access to sensitive information.
What is Social Engineering
100
Also known as an update, this is a fix to a particular problem in software that is not required to be applied immediately because it is not as great of a security risk.
What is a patch
100
The first layer in the OSI Reference Model. Provides the hardware to send and receive data.
What is the Physical Layer
100
A network device that forwards data packets between computer networks.
What is a Router
100
A document signed by employees, contractors, and management stating that they will not share company sensitive information they have access to while working for the company
What is a Nondisclosure Agreement
200
Involves physically looking through an organizations trash to try and find usernames, passwords, or other sensitive data.
What is Dumpster Diving
200
The concept of removing unnecessary software and features from a system.
What is System Hardening
200
Layer three of the OSI model which provides switching, routing, and logical paths for transporting data from node to node
What is the Network Layer
200
A cable that carries data in the form of pulses of light
What is Fiber-Optic Cabling.
200
A contract or agreement between an organization and a provider of a service that sets the maximum amount of downtime allowed for services and assets
What is a Service Level Agreement
300
An attack where the attacker intercepts data between two parties on a network and can inject code in either direction.
What is a Man-in-the-Middle attack.
300
A standard configuration that has been approved by the company for a specific type of system or device as being secure
What is a Security Baseline
300
This layer is usually part of an operating system and converts incoming and outgoing data from one presentation format to another.
What is the Presentation Layer
300
A coaxial cable known as RG-8 which is about a half inch thick and has a maximum cable length of 500 meters
What is Thicknet
300
The highest classification level. Public disclosure of which would cause grave damage to national security.
What is Top Secret
400
An attack, usually an inside job, where malicious code is triggered by a certain trigger.
What is a Logic Bomb
400
A device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported to an administrator
What is an Intrusion Detection System (IDS)
400
This layer is divided into two sub-layers: Media Access Control and Logical Link Control.
What is the Data Link Layer
400
A device designed to split the load between components such as servers or routers
What is a Load Balancer
400
Policy which ensures that employees are always assigned the minimum permissions or privileges needed to perform their job and nothing more.
What is Least Privilege
500
A specific kind of attack in which a maliciously crafted packet is sent to a server which exceeds its holding size resulting in corrupted data, crashes or execution of malicious code.
What is a Buffer Overflow
500
The principle of training developers to consider security from the beginning of the software life cycle through the use of automation, continuous integration, infrastructure as code, etc.
What is Secure DevOps
500
An Application layer protocol for distributed, collaborative, and hypermedia information systems. It is the foundation of data communication for the World Wide Web.
What is Hypertext Transfer Protocol
500
A networking device used to connect systems together where a received signal from one system is sent to all ports.
What is a Hub
500
A policy delivery method in which employees use self study tools such as training sessions played from a CD or a site to learn about security