Enter Title

Permissions

Compliance

Threats

AAA

Cyber Vocab

100

The 3 share permissions

What is Read, Change, Full Control?

100

A merchant using credit cards must abide by this.

What is PCI DSS?

100

A threat actor motivated by their own morals and feelings.

What is a hactivist?

100

The control that covers what someone can do or not do.

What is authorization?

100

Locating information through open, free, public access

What is OSINT?

200

Joe has Full Control Share, and Read, Write, Execute and List NTFS permissions. What are his effective permissions?

What is Read, Write, List and Execute

200

A company that offers financing on their services uses this.

What is GLBA (Grahm, Leach Bliley Act)

200

Malware typically embedded in executable files

What is a trojan?

200

Authentication based on the way you walk.

What is Gait analysis (part of Biometrics)

200

Your team will attempt to penetrate the network.

What is red team?

300

A hidden share called Payroll is created like this

Payroll$

300

Illegally reading someone's email violates this

What is the ECPA (Electronic Communication Privacy Act)

300

A threat located in an excel spreadsheet.

What is a macro virus?

300

When you restrict a user from using the network after 6pm and on weekends.

What is Rule based Access Control.

300

Vulnerabilities are ranked with this

What is a CVE?

400

Net result of permissions

What are effective permissions?

400

Federal government agencies must file incident reports annually under this act?

What is FISMA (Federal Information Security Management Act)

400

Type of threat that secretly lingers without detection.

What is an APT? (Advanced Persistent Threat)

400

No personal feelings or decisions in controlling who has access to documents with this model.

What is MAC - Mandatory Access Control?

400

Local Windows login uses this authentication method

What is NTLM?

500

The 2 specific permissions you get with Full Control

What is take ownership and Give others permissions.

500

The specific HIPAA rule that covers electronic health records

Privacy Rule

500

This attack exploits the concept of Intimidation

What is Social Engineering?

500

Term that describes the point of false acceptances and false rejections in biometric systems.

What is crossover error rate (CER)?

500

In SIEM event log data is automated from the hosts. This process is known as:

What is log aggregation?