CYB 505 Cybersecurity Review 1-2

Principles

Social Engineering

Malware

Risk Management

Disaster Recovery

100

The third leg of the cybersecurity triad: confidentiality, integrity and ____

What is availability

100

The first step in the social engineering lifecycle.

What is information gathering.

100

A type of malware that self-replicates and spreads within an infected device.

What is a virus.

100

Acronym for Personally Identifiable Information.

What is PII.

100

A disaster type involving wildfires.

What is environmental disaster.

200

This can damage a system negatively.

What is a threat.

200

The act of searching garbage for valuable information.

What is dumpster diving

200

A type of malware that denies access to computer files.

What is ransomware.

200

Hospitals work to secure this type of information.

What is PHI.

200

The average, or mean, time to repiar a business resource.

What is MTTR.

300

A non-malicious hacker who attempts to find system vulnerabilities without the knowledge of the system owner

What is a gray hat hacker.

300

The act of following an authorized person through a security checkpoint.

What is tailgating.

300

A type of malware that does not require a host.

What is a fileless virus.

300

An encryption technique that cannot be reversed.

What is hashing.

300

An examination of the negative impacts caused by the inability to conduct a business activity.

What is BIA (Business Impact Analysis)

400

A threat actor who gains unauathorized access to a high-value target for an extended period of time.

What is an APT (Advanced Persistest Threat)

400

www.foogle.com is an example of which type of social engineering attack.

What is Typosquatting.

400

A type of malware that self-replicates and spreads to others devices over a network.

What is a worm.

400

The risk that remains after an organization implements controls.

What is residual risk.

400

The desired recovery time from a resource unavailability

What is RTO.

500

The four types of security controls are: technical, managerial, operational control and _________.

What is Physical Control.

500

Phishing via phone

What is Vishing.

500

A device infected with malware that enables an aattacker to remotelyh control the device.

What is a bot.

500

The Risk Severity can be calculated from Risk = Likelihood * ?.

What is Impact.

500

The acceptable data loss amount, measured in time, following an incident.

What is RPO.