Core Security & Access
OSINT & Reconnaissance
Threats, Malware & Social Engineering
Cryptography & PKI
Defense, Firewalls & SIEM
100

In information security, these three core principles make up the CIA triad acronym.

What is Confidentiality, Integrity and Availability?

100

This Linux command displays the current network interface configurations.

What is ifconfig?

100

Combing through physical trash to find useful documents or credentials.

What is dumpster diving?

100

This random data is added to a password hash to defeat pre-computed rainbow table attacks.

What is salt?

100

This basic firewall rule blocks all traffic that does not explicitly match an allowed rule.

What is implicit deny?

200

This security property ensures that a sender cannot deny having sent a specific message.

What is Non-repudiation?

200

An open-source graphical tool used globally for packet capture and deep-packet analysis.

What is Wireshark?

200

Tailgating with an employee's explicit permission is known by this term.

What is piggybacking?

200

This digital document acts as a secure "wrapper" for a subject's public key.

What is a digital certificate?

200

A specialized firewall built to protect backend databases from code injection and DoS.

What is a Web Application Firewall (WAF)?

300

This access control model is strictly based on security clearance levels.

What is Mandatory Access Control (MAC)?

300

This command is used to perform hop-by-hop route discovery from a Linux host using UDP probes.

What is traceroute?

300

A voice-based phishing attack designed to steal credentials over the phone.

What is vishing?

300

A single hash function, symmetric cipher, or asymmetric cipher is known by this term.

What is a cryptographic primitive?

300

This HIDS feature audits critical system files to ensure they have not been modified.

What is File Integrity Monitoring (FIM)?

400

The administrative policy designed to protect an organization by defining rules for equipment use.

What is an Acceptable Use Policy (AUP)?

400

An OSINT aggregation tool used to gather emails, subdomains, and hostnames for a target domain.

What is theHarvester?

400

A targeted spear-phishing attack aimed specifically at high-level executives.

What is whaling?

400

This brute-force attack exploits mathematical collisions in cryptographic hash functions.

What is a birthday attack?

400

This Linux utility writes diagnostic input directly to local or remote syslog servers.

What is the logger command?

500

This multi-admin control requires "M" out of "N" administrators to be present for access.

What is an M-of-N control?

500

The practice of mapping wireless networks from outside a physical facility, sometimes via vehicle.

What is war driving?

500

A security alert or pop-up warning of a non-existent virus, pushing fake "fix" software.

What is a hoax?

500

A secure CA hierarchy design requires taking this specific CA server completely offline.

A secure CA hierarchy design requires taking this specific CA server completely offline.

500

This utility is used to search text files for matching strings or regular expressions.

What is grep?