Threats & Attacks
Malware that appears to be legitimate software but harms your system once installed.
What is a Trojan horse?
Encrypts data in a way that only the intended recipient can decrypt it.
What is asymmetric encryption?
A security device that blocks unauthorized traffic based on rules.
What is a firewall?
Ensures that users can access only what they are authorized to use.
What is authorization?
Document that outlines acceptable behavior for users on a network or system.
What is an acceptable use policy (AUP)?
This type of attack floods a system or network with traffic to make it unavailable.
What is a Denial of Service (DoS) attack?
A hash function commonly used to verify data integrity.
What is SHA-256?
Protocol used to encrypt web traffic.
What is HTTPS?
Security model that grants the least permissions necessary for a user to perform their job.
What is least privilege?
Process of identifying and prioritizing risks to minimize their impact.
What is risk management?
Social engineering attack where the attacker pretends to be a trusted source via email.
What is phishing?
A symmetric encryption algorithm widely used to protect data at rest and in transit.
What is AES (Advanced Encryption Standard)?
Wireless security protocol that replaced WEP due to stronger encryption.
What is WPA2?
Single sign-on and multi-factor authentication are examples of this type of security control.
What is access control?
This type of backup protects against data loss by keeping multiple copies over time.
What is redundancy/backups?
Malware that secretly monitors user activity and records keystrokes.
What is a keylogger?
Digital certificates rely on this infrastructure to verify identities and secure communication.
What is PKI (Public Key Infrastructure)?
A network monitoring tool that captures and analyzes packets for security issues.
What is a packet sniffer?
A system that centralizes authentication for multiple applications and services.
What is identity federation?
Legal and regulatory requirements that organizations must follow to protect data.
What is compliance?
Attack where the hacker injects malicious code into a website to manipulate user data.
What is cross-site scripting (XSS)?
This cryptographic attack attempts to deduce the encryption key by analyzing ciphertext only.
What is a ciphertext-only attack?
Attack where a hacker intercepts communications between two parties on a network.
What is a man-in-the-middle attack?
Factor of authentication that uses something you are, like a fingerprint.
What is biometric?
Process of simulating attacks to identify vulnerabilities before attackers do.
What is penetration testing (pen testing)?