What is a denial-of-service (DoS) attack?
A denial-of-service (DoS) attack is a cyberattack that attempts to disrupt the normal functionality of a computer, network, or service, making it unavailable to legitimate users. Attackers achieve this by flooding the target with malicious traffic, overwhelming its resources and preventing it from responding to legitimate requests.
Who should be notified of ePHI breaches?
Department of Health and Human Services
What is a Trojan?
Malicious software that disguises itself as a legitimate program
True or False: A best practice in cryptographic key management is to present keys in clear text
False
What is considered sensitive authentication data when it comes to credit cards?
Full magnetic stripe data
The two approaches to cybersecurity are silo-based and __________.
integrated
ePHI refers to which of the following?
Electronic protected health information
Public key cryptography uses which types of keys
Both a public and a private key
According to the PCI Security Standards Council (PCI SSC), which of the following refers to any entity that accepts American Express, Discover, JCB, MasterCard, or Visa as payment for goods and/or services?
Merchant
A confidentiality agreement for employees, contractors, and outsourcers is also known as which of the following? This is an agreement that says they can't share your company secrets.
Non-disclosure agreement
A weakness that can be exploited to cause harm is:
vulnerability
What type of site is fully operational and ready to move into in the event of an emergency or disaster?
Hot site
Why shouldn’t information about specific systems be included in a job description?
To protect against social engineering and other attacks
A __________ organization is one that has the ability to quickly adapt and recover from known or unknown changes to the environment.
resilient
What is the difference between a virus and a worm?
A virus is malicious software that requires a host file to spread itself, whereas a worm is malicious software that does not require a host file to spread itself.
Someone stealing your iPhone is a failure of which of the security properties?
availability
What type of location is fully redundant with real-time replication from the production site?
Mirrored site
What is the difference between Phishing and Spear phishing?
Phishing and spear phishing are both types of social engineering attacks, but spear phishing is a more targeted and personalized form of phishing. Phishing attacks use deceptive tactics to trick a large number of people into revealing sensitive information, while spear phishing targets specific individuals or groups with tailored messages and information to increase their success rate.
What is Mandatory Access Control?
For a large company, why is physical security important?
For large companies, physical security is vital because it safeguards employees, critical assets, and facilities from various threats like theft, vandalism, and natural disasters. It also plays a crucial role in protecting sensitive data and intellectual property, preventing unauthorized access, and maintaining a safe and secure work environment.
What is wardriving?
Driving around looking for open WiFi connections
What is the difference between a Business Impact Assessment (BIA) and a Business continuity Plan (BCP)? Be specific and exact according to your text book or you will not receive credit. Provide enough words that demonstrates you know what a BIA is and does and what it provides to the BCP. Then make sure you clearly explain what a BCP is and what it does for an organization.
A BIA (Business Impact Analysis) identifies and assesses the potential consequences of disruptions to critical business functions, while a BCP (Business Continuity Plan) outlines the strategies and procedures for maintaining operations during and after a disruption. The BIA provides the foundation for the BCP by identifying critical functions, their dependencies, and potential impacts.
What is Discretionary Access Control?
Discretionary Access Control (DAC) is a type of access control where the owner of a resource (like a file or database) has the authority to decide who can access it and what level of access they can have. This differs from Mandatory Access Control (MAC), where access is determined by a central authority based on predefined security policies. In DAC, users can grant, revoke, or modify permissions to their own data, making it a flexible but potentially less secure option
What is the difference between a black hat hacker and a gray hat hacker?
The key difference between a grey hat hacker and a black hat hacker lies in their intent. While both may operate without permission, grey hat hackers typically aim to report vulnerabilities they discover, often with the intent of helping companies improve their security, whereas black hat hackers aim to cause harm or exploit vulnerabilities for personal gain.
Your company is instituting a new security awareness program. You are responsible for educating end users on a variety of threats, including social engineering. Defines social engineering?
Using people skills to obtain proprietary information