CIA
In the CIA Triad, this element, represented by the letter "C", ensures that sensitive information is only accessible to authorized users.
Confidentiality
Name 1 cybersecurity attack?
Board decides
What are 2 assets in a coffee shop?
Wifi
Coffee/Food
Empoyees
Reputation
POS Systems/Card info
What is port 22?
SSH - Secure Shell
n cybersecurity, this pair of terms refers to teams where one simulates attacks to test defenses, and the other defends against those attacks to improve security.
Red Team
Blue Team
In the CIA Triad, this element, represented by the letter ‘I,’ ensures that data is accurate, trustworthy, and hasn’t been tampered with
Integrity
What does IoC stand for?
Indicators of Compromise
Open ports, web application login pages, API endpoints, IoT devices, cloud storage, and employee email accounts are all examples of this part of a system that an attacker could potentially exploit.
Attack Surface
What is port 80?
HTTP - Hypertext Transfer Protocol
Name 3 roles in cybersecurity
Cybersecurity Analyst, Cybersecurity Architect, Cybersecurity Engineer, Cloud Security, Threat Intel, Threat Hunter, Digital Forensics
Penetration Tester, Network Security, Web Security, IoT Security
By requiring multi-factor authentication (MFA) for login, a company is primarily protecting this element of the CIA Triad.
Confidentiality
This type of attack makes a system unavailable by overwhelming it with traffic from a single computer, and when multiple computers are used simultaneously to do the same thing, it is called this more powerful version.
DDoS (Distributed Denial of Service)
List 3 threat actors
Cybercriminals, Competitors, Employees, Hacktivist, Script Kiddies
What is a port?
What service you are trying to invoke on your computer
A user logs into their work computer using a password and then verifies their identity with a fingerprint scan. What 2 type of authentication is this MFA using?
Something you know and Something you Are
This element of the CIA Triad is directly affected when a DDoS attack floods a network or server, making services unavailable to legitimate users
Availability
Unlike a regular hacker who is often opportunistic, this type of threat actor is highly skilled, well funded, and conducts long term, targeted attacks to steal sensitive information or disrupt systems
An APT (Advanced Persistent Threat)
An employee clicked a malicious link in an email, giving attackers access to the company’s internal network. This mitigation technique could have helped prevent the breach.
Employee Awareness Training
Unlike Telnet, which sends data in plain text, this network protocol encrypts all communications between a client and a server, making it the preferred choice for secure remote access.
SSH (Secure Shell)
This acronym, CVE, is used to identify and catalog publicly known cybersecurity vulnerabilities in software and hardware.
Common Vulnerabilities and Exposure?
The hospital’s systems went offline briefly, but looking deeper what was found was that someone tampered with the patient files, impacting this core principle of the CIA Triad.
Integrity
This type of web attack, abbreviated as ____, tricks a user’s browser into performing unwanted actions on a site where they are authenticated, like changing a password or making a transaction without their knowledge.
Cross Site Request Forgery
This type of threat actor often engages in covert operations like reverse engineering products, analyzing internal communications, or exploiting vendor relationships to acquire proprietary information from rival companies
Competitor
Unlike HTTP, this type of encryption is used in HTTPS to secure data transmitted between a user’s browser and a web server, typically involving a combination of asymmetric encryption for key exchange and symmetric encryption for data transfer.
TLS or SSL
“SIEM collects and analyzes security logs, SOAR automates responses to threats, and an EDR's main point is what
To monitor and protect endpoints (computers, phones, tablets)