Cyber Defense Services

Basics

Threats & Attacks

Authentication & Access Control

Tools & Technologies

Frameworks & Compliance

100

Confidentiality, Integrity, Availability

What does the acronym "CIA" stand for in cybersecurity?

100

DDoS

What is Distributed Denial of Service

100

MFA

What is Multi-Factor Authentication

100

This can monitor and control incoming and outgoing network traffic

What is a firewall

100

GDPR

What is the General Data Protection Regulation

200

Antivirus

What is a term for software designed to detect and remove malicious programs

200

A flaw in software that is unknown to the vendor and has no patch

What is a zero-day [vulnerability]

200

The most secure form of authentication

What is biometric authentication (e.g., fingerprint, retina scan)

200

This collects and analyzes security data.

What is a SIEM / Security Information and Event Management Tool

200

An information security *standard* used to handle most major credit card brands

What is PCI-DSS

300

A fraudulent attempt, over email, to obtain sensitive information by pretending to be a trustworthy entity; Not targeted

What is phishing

300

Malware that locks users out of their systems until a payment is made, often in BTC.

What is Ransomware

300

Users should have the minimum level of access necessary to perform their job.

What is the principle of least privilege

300

This is designed to lure attackers and study their behavior

What is a honeypot

300

A layered approach to security using multiple controls across different areas

What is defense in depth

400

HTTPS

What protocol is used to securely browse websites / What is Hyper Text Transfer Protocol Secure

400

This type of attack happens when an attacker secretly intercepts and possibly alters communication between two parties

What is a man-in-the-middle attack

400

A list that defines permissions attached to an object

What is an access control list (ACL)

400

While an Intrusion Detection System is desined to monitor and alert, this is designed to actively block threats

What is an IPS / Intrustion Prevention System

400

Undergoing this type of audit helps a service organization examine and report on its internal controls relevant to the security, availability, processing integrity, confidentiality and privacy over customer data

What is SOC 2 / Service Organization Control 2

--
* https://www.wipfli.com/insights/articles/ra-soc-1-vs-soc-2-whats-the-difference

500

Encryption where the same key is utilized for both encrypting and decrypting

What is symmetric encryption

500

This category of malware disguises itself as legitimate software

What is a Trojan

500

Role-Based Access Control assigns permissions based on roles, as oppossed to this control whic uses attributes like department, location, or time.

What is ABAC / Attribute-Based Access Control

500

This isolates programs to safely analyze behavior without affecting the system

What is a sandbox

500

ISO 27002 provides best practices while this ISO provides the standards for ISMS.

What is ISO 27001