CIS Midterm 2024- 2025 GRADE A 100% VERIFIED
Cyber Security - ANS>>> the prevention of damage to, protection of, and restoration of electronic
systems to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation
CIA Triad - ANS>>> Confidentiality, Integrity, Availability
Malware - ANS>>> malicious software, could be a virus or a Trojan horse
DNS - ANS>>> domain name system
Types of Threats - ANS>>> malware
intrusions
DoS
Security Breaches
Web Attacks
Session Hijacking
DNS poisoning
Insider Threats
Virus - ANS>>> a small program that replicates itself and hides itself inside other programs, usually
without your knowledge
Trojan Horse - ANS>>> A malicious program disguised as something desirable or harmless that captures
your information and returns it to the intruder
Spyware - ANS>>> the fastest growing category of malware used to spy on people
Logic Bomb - ANS>>> a type of spyware lays dormant until a condition is met (usually a date)
Key Logger - ANS>>> keeps track of keys hit- stores combinations of keys
,Cookies - ANS>>> used to spy on users whose original purpose was to help users surf the web
White Hat/Hacker - ANS>>> Hackers who break into systems for non-malicious reasons, not to steal or
wreak havoc, or those who hack with permission from a specific entity
Black Hat/Cracker - ANS>>> hackers with malicious intent
Gray Hat Hackers - ANS>>> refers to hackers who operate outside the law on occasion, hacks without
bad intent and permission
Social Engineering - ANS>>> intruding into a system using human nature, not technology
War driving - ANS>>> driving around looking for unprotected wireless networks
DOS/DDOS Attacks - ANS>>> Denial of service attack which attempt to deny authorized users access to
the system
Script Kiddies - ANS>>> inexperienced hacker
Ethical Hackers - ANS>>> consultants who are hired to do vulnerability assessments on company
systems
Firewall - ANS>>> filters ingress and egress network traffic
Proxy Server - ANS>>> acts as the host on your network disguising the IP dress of your internal host
Intrusion Detection System - ANS>>> monitors traffic, looking for attempted attacks
Least Privileges - ANS>>> The principle that any user or service will be given only enough access
privileges to do its job and no more
, nonrepudiation - ANS>>> A contractual stipulation to ensure that ebusiness participants do not deny
their online actions
critical infrastructure - ANS>>> Systems whose incapacity or destruction would have a debilitating
impact on the economic security of an organization, community, nation, etc
data at rest - ANS>>> stored data
data in transit - ANS>>> data transmitted from one location to another
data in use - ANS>>> data located in computer memory for processing
personally identifiable information (PII) - ANS>>> the name, postal address, or any other information
that allows tracking down the specific person who owns a device
protected health information (PHI) - ANS>>> Any information about health status, provision of health
care, or payment for health care that can be linked to an individual. This is interpreted rather broadly
and includes any part of a patient's medical record or payment history.
security as a service (SaaS) - ANS>>> The next generation of managed security services dedicated to the
delivery, over the Internet, of specialized information-security services.
cryptojacking - ANS>>> the secret use of your computing device to mine cryptocurrency
DNS poisoning - ANS>>> An attack that substitutes DNS addresses so that the computer is automatically
redirected to an attacker's device.
Phreaking - ANS>>> a subspecialty of hacking, breaking into telephone systems
Auditing - ANS>>> process of reviewing logs, records, and procedures to ensure established standards
are being met
Cyber Security Principles (the hand) - ANS>>> -Think like an adversary
Cyber Security - ANS>>> the prevention of damage to, protection of, and restoration of electronic
systems to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation
CIA Triad - ANS>>> Confidentiality, Integrity, Availability
Malware - ANS>>> malicious software, could be a virus or a Trojan horse
DNS - ANS>>> domain name system
Types of Threats - ANS>>> malware
intrusions
DoS
Security Breaches
Web Attacks
Session Hijacking
DNS poisoning
Insider Threats
Virus - ANS>>> a small program that replicates itself and hides itself inside other programs, usually
without your knowledge
Trojan Horse - ANS>>> A malicious program disguised as something desirable or harmless that captures
your information and returns it to the intruder
Spyware - ANS>>> the fastest growing category of malware used to spy on people
Logic Bomb - ANS>>> a type of spyware lays dormant until a condition is met (usually a date)
Key Logger - ANS>>> keeps track of keys hit- stores combinations of keys
,Cookies - ANS>>> used to spy on users whose original purpose was to help users surf the web
White Hat/Hacker - ANS>>> Hackers who break into systems for non-malicious reasons, not to steal or
wreak havoc, or those who hack with permission from a specific entity
Black Hat/Cracker - ANS>>> hackers with malicious intent
Gray Hat Hackers - ANS>>> refers to hackers who operate outside the law on occasion, hacks without
bad intent and permission
Social Engineering - ANS>>> intruding into a system using human nature, not technology
War driving - ANS>>> driving around looking for unprotected wireless networks
DOS/DDOS Attacks - ANS>>> Denial of service attack which attempt to deny authorized users access to
the system
Script Kiddies - ANS>>> inexperienced hacker
Ethical Hackers - ANS>>> consultants who are hired to do vulnerability assessments on company
systems
Firewall - ANS>>> filters ingress and egress network traffic
Proxy Server - ANS>>> acts as the host on your network disguising the IP dress of your internal host
Intrusion Detection System - ANS>>> monitors traffic, looking for attempted attacks
Least Privileges - ANS>>> The principle that any user or service will be given only enough access
privileges to do its job and no more
, nonrepudiation - ANS>>> A contractual stipulation to ensure that ebusiness participants do not deny
their online actions
critical infrastructure - ANS>>> Systems whose incapacity or destruction would have a debilitating
impact on the economic security of an organization, community, nation, etc
data at rest - ANS>>> stored data
data in transit - ANS>>> data transmitted from one location to another
data in use - ANS>>> data located in computer memory for processing
personally identifiable information (PII) - ANS>>> the name, postal address, or any other information
that allows tracking down the specific person who owns a device
protected health information (PHI) - ANS>>> Any information about health status, provision of health
care, or payment for health care that can be linked to an individual. This is interpreted rather broadly
and includes any part of a patient's medical record or payment history.
security as a service (SaaS) - ANS>>> The next generation of managed security services dedicated to the
delivery, over the Internet, of specialized information-security services.
cryptojacking - ANS>>> the secret use of your computing device to mine cryptocurrency
DNS poisoning - ANS>>> An attack that substitutes DNS addresses so that the computer is automatically
redirected to an attacker's device.
Phreaking - ANS>>> a subspecialty of hacking, breaking into telephone systems
Auditing - ANS>>> process of reviewing logs, records, and procedures to ensure established standards
are being met
Cyber Security Principles (the hand) - ANS>>> -Think like an adversary
