Acronyms
The Weakest Part of Security
Malware
Threats
Misc
100
Known as the CIA Triad

What is Confidentiality, Integrity, and Accountability?

100

Phony email campaign targeted at a general audience, intended to either fool users into giving information, spending money on fake items, or other scams.

What is Phishing?

100

Retains a log of keyboard inputs (and sometimes mouse movements) to be read by a potentially malicious actor at a later time

What is a keylogger?

100

An attacker sends a structured command into an input field on a website and gets an output that would not have occurred with input validation

What is an SQL injection?

100

Methods that use manipulation and deceit to gather information or gain unauthorized access from users without force.

What is social engineering?

200

This list defines what a firewall lets in and out

What is Access Control List ACL?

200

You closed the door behind you because a sign reminded you to prevent occurrences of this due to people sneaking in behind others.

What is Tailgaiting?

200

Poses as a legitimate application while delivering a malicious payload in the background

What is a Trojan?

200

An attacker places a script for users to unknowingly run on their machines when visiting the comments on a social media post

What is Cross Site Scripting?

200

Physical barrier to protect entrances of buildings or restrict entry to driving paths

What are Bollards?

300

Uses multiple computers to interrupt services to a  targeted network or server as an attack (The definition of the acronym for this)

What is a distributed denial of service attack?

300

The example describes this: The Chief Financial Officer of a company receives an email and opens it, clicks on a link, then deletes the email thinking nothing of it. A week later, he is contacted with newly taken compromising pictures in an attempt to extort him. He discovered a virus on the computer he opened the email on that has opened his webcam and microphone and is sending the stream to a remote website.

What is Whaling?

300

Sometimes standalone, sometimes part of otherwise legitimate applications, records users activities to report for many purposes, but often not for advertising anymore.

What is spyware?

300

An attack that was unknown until the day it was detected the first time

What is a Zero Day?

300

Consists of two doors that are never to be opened at the same time, controls entry to a location

What is an Access Control Vestibule? (mantrap but learn the current term)

400

Lists known vulnerabilities and exposures in software, publicly available (Definition of the acronym)

What is Common Vulnerabilities and Exposures?

400

This is the reason you shred all materials that may contain any personal/company/private data before disposal

What is dumpster diving?

400

Malware that operates at elevated privilege levels, sometimes undetectable besides the use of resources, often operates at the kernal level. The creators of Playstation included one on music CDs for a short time in the late 2000's.

What is a Rootkit?

400

Attacks passwords in a methodical way, can be defeated with methods that limits number of incorrect inputs by rate or number

What is a Brute Force attack?

400

Attack that uses a list of passwords and hashes to guess a password

What is a rainbow table attack?

500

Uses phrases, images, and timing tests to determine if an interaction was likely performed by a human instead of a bot (the acronym only)

What is Captcha?

500

Ray fell victim to this at an airport when he wasn't careful about where his screen could be seen in public.

What is shoulder surfing?

500

Malware that encrypts data until a condition is met or the key is obtained through other means.

What is Ransomware?

500

Uses known words to guess passwords, can be customized to the target based on information gathered

What is a Dictionary Attack?

500

You're using this when you get a notification on your phone to authenticate a login on your PC

What is multifactor/two factor authentication?