1
Q
Foundations Deck – Core Principles & Threats
What does CIA stand for in cybersecurity?
A
Confidentiality, Integrity, Availability
2
Q
Define “Confidentiality” in cybersecurity
A
Ensuring information is only accessible to authorized people.
3
Q
Define “Integrity” in cybersecurity.
A
Ensuring information is accurate, complete, and unaltered.
4
Q
Define “Availability” in cybersecurity.
A
Ensuring information is accessible to authorized users when needed.
5
Q
Name 4 main types of cyber threats
A
Malware, Phishing, Insider Threats, DDoS Attacks
6
Q
Give an example of a malware attack.
A
Ransomware encrypting company files and demanding payment
7
Q
What is phishing?
A
Trick emails or messages designed to steal sensitive info like passwords
8
Q
What is an insider threat?
A
When someone inside the organization misuses access to harm systems or data
9
Q
What is a DDoS attack?
A
Overwhelming a system with traffic to make it unavailable
10
Q
What is authentication?
A
Verifying who someone is (e.g., passwords, biometrics)
11
Q
What is authorization?
A
Defining what actions a user is allowed to perform
12
Q
What is the Principle of Least Privilege?
A
Giving users only the access they need to do their job
13
Q
Give an example of a confidentiality breach.
A
An employee accessing client data without permission
14
Q
Why are security policies important?
A
They define rules and procedures to protect information and ensure compliance
15
Q
Name one framework commonly used in cyber compliance.
A
ISO 27001, NIST, or GDPR
16
Q
Deck 2 — Malware & Attack Types
What is malware?
A
Malicious software designed to harm, exploit, or gain unauthorised access to systems.
17
Q
What is a virus?
A
Malware that attaches itself to a file or program and spreads when that program runs.
Key point: Requires user action to spread.
18
Q
What is a worm?
A
Malware that spreads automatically across networks without user interaction.
Key point: Self-replicating.
19
Q
What is ransomware?
A
Malware that encrypts a victim’s files and demands payment to restore access.
Very common in real-world cyber attacks.
20
Q
What is spyware?
A
Malware that secretly collects information about a user’s activity.
Examples:
• Keystrokes • Browsing activity • Passwords
21
Q
What is a trojan?
A
Malware disguised as legitimate software that tricks users into installing it.
Example: Fake software download.
22
Q
What is adware?
A
Software that automatically displays unwanted advertisements.
Sometimes bundled with free software.
23
Q
What is a rootkit?
A
Malware designed to hide its presence and maintain privileged access to a system.
Very difficult to detect.
24
Q
What is a botnet?
A
A network of infected computers controlled by an attacker.
Used for:
• DDoS attacks • Spam campaigns • Cryptocurrency mining
25
What is a logic bomb?
Malicious code that activates when a specific condition is met.
Example: A certain date or event.
26
What is social engineering?
Psychological manipulation used to trick people into revealing confidential information or performing actions.
Key point: The attacker targets people instead of systems.
27
What is phishing?
Fraudulent emails or messages designed to trick users into revealing sensitive information.
Common targets:
• Passwords
• Bank details
• Login credentials
28
What is spear phishing?
A targeted phishing attack aimed at a specific person or organisation.
Example: An email pretending to be from your company’s IT department.
29
What is whaling?
A phishing attack that specifically targets high-level executives.
Examples:
• CEOs
• CFOs
• Directors
30
What is vishing?
Phishing carried out using voice calls (phone scams).
Example: Someone pretending to be from the bank.
31
What is smishing?
Phishing conducted via SMS text messages.
Example: Fake parcel delivery texts.
32
What is pretexting?
When an attacker creates a false scenario or identity to obtain information.
Example: Pretending to be IT support to request login credentials.
33
What is baiting?
An attack that entices victims with something appealing.
Example:
• A free download
• An infected USB drive left in a car park
34
What is tailgating?
When an unauthorised person follows an authorised person into a restricted area.
Also called piggybacking
35
What is shoulder surfing?
Stealing information by watching someone type passwords or sensitive data.
Example: Looking over someone’s shoulder on a train.
36
What is a DoS attack (Denial of Service)?
An attack that floods a system or network with traffic to make it unavailable to users.
Goal: Disrupt availability.
37
Deck 2 — Network Attacks
What is a DDoS attack (Distributed Denial of Service)?
A DoS attack launched from multiple compromised systems at the same time.
These systems are usually part of a botnet.
38
What is a Man-in-the-Middle (MITM) attack?
When an attacker secretly intercepts communication between two parties.
Example: Intercepting data on public WiFi.
39
What is a replay attack?
When an attacker captures legitimate data transmissions and re-sends them later to gain access.
Example: Replaying a login authentication packet.
40
What is a session hijacking attack?
When an attacker takes control of an active user session after the user has logged in.
Example: Stealing a session cookie.
41
What is DNS poisoning?
When attackers corrupt DNS data to redirect users to malicious websites.
Example: Typing a real website but being redirected to a fake one.
42
What is ARP poisoning?
An attack that links an attacker’s MAC address to a legitimate IP address to intercept network traffic.
Often used in MITM attacks.
43
What is an evil twin attack?
A fake WiFi network that impersonates a legitimate one to steal user data.
Example: Fake “Free Airport WiFi”.
44
What is a brute force attack?
An attack where every possible password combination is tried until the correct one is found.
Key idea: trial and error.
45
What is a dictionary attack?
An attack that tries a list of commonly used passwords or words.
Example passwords:
• password123
• qwerty
• football
46
What is credential stuffing?
When attackers use stolen username and password combinations from previous data breaches to access other accounts.
Reason it works: people reuse passwords.
47
What is password spraying?
An attack where one common password is tried against many accounts.
Example:
Trying “Welcome123” across hundreds of users.
Goal: avoid account lockouts.
48
What is a rainbow table attack?
An attack using precomputed tables of hashed passwords to quickly crack password hashes.
These attacks target weak hashing systems.
49
What is password cracking?
The process of recovering passwords from stored or transmitted data.
Often done using:
• brute force
• dictionary attacks
• rainbow tables
50
What is multifactor authentication (MFA)?
A security method that requires two or more types of authentication.
Examples:
• Password + phone code
• Password + fingerprint
51
Vulnerabilities & Exploits
What is a vulnerability?
A weakness in a system, application, or network that could be exploited by an attacker.
Example: unpatched software or weak passwords.
52
What is a zero-day vulnerability?
A flaw that is unknown to the vendor or developer and has no available patch.
Example: Exploited immediately after discovery.
53
What is an exploit?
A piece of software, data, or command that takes advantage of a vulnerability to cause unintended behavior.
Example: Running malware that uses a zero-day vulnerability.
54
What is patch management?
The process of updating systems and applications to fix vulnerabilities.
Goal: prevent exploitation.
55
What is an insider threat?
A security risk originating from someone within the organization.
Examples:
• Disgruntled employee deleting files
• Accidental exposure of sensitive data
56
What is privilege escalation?
When an attacker gains higher access rights than intended.
Example: a normal user gains admin privileges.
57
What is social engineering combined with technical exploits called?
Hybrid attacks, e.g., phishing email delivering ransomware.
58
What is vulnerability scanning?
Automated process to identify weaknesses in systems or networks.
Tools: Nessus, OpenVAS.
59
What is penetration testing?
A controlled attempt to exploit vulnerabilities to test system security.
Also called “ethical hacking.”
60
Deck 3: Security Architecture, which is the first technical domain in Security+.
What is defense-in-depth?
A security strategy that uses multiple layers of protection to defend systems.
Example: Firewall → IDS → Antivirus → MFA → Encryption
61
What is a secure network zone?
A segment of the network separated based on trust levels.
Example:
• DMZ (demilitarized zone) → for public-facing servers
• Internal network → for sensitive data
62
What is network segmentation?
Dividing a network into smaller segments to limit access and reduce attack impact.
Benefit: Containment of attacks within one segment.
63
What is a firewall?
A device or software that filters network traffic based on security rules.
Types:
• Packet-filtering
• Stateful
• Next-generation (NGFW)
64
What is an IDS (Intrusion Detection System)?
Monitors network traffic for suspicious activity and alerts admins.
65
What is an IPS (Intrusion Prevention System)?
Similar to IDS, but it can block or prevent malicious activity automatically.
66
What is a VPN (Virtual Private Network)?
A secure connection that encrypts data over public networks.
Example: Remote employees accessing company systems securely.
67
What is zero trust architecture?
Security model where no user or device is trusted by default, even inside the network.
Key principle: “Verify explicitly, least privilege access, assume breach.”
68
What is hardening?
Securing systems by removing unnecessary services, patching vulnerabilities, and configuring securely.
Example: Turning off unused ports, enforcing strong passwords.
69
What is virtualization security?
Protecting virtual machines (VMs) and hypervisors from attacks.
Examples:
• Isolating VMs
• Using secure snapshots
• Patch hypervisors
70
What is cloud security?
Securing data, applications, and services in the cloud.
Key controls:
• Identity & access management (IAM)
• Encryption at rest & in transit
• Logging & monitoring
71
What is redundancy?
Using duplicate systems or components to ensure availability if one fails.
Example: Multiple servers, power supplies, or network paths.
72
What is high availability?
Designing systems to remain operational with minimal downtime.
Often uses: load balancers, clustering, failover systems.
73
What is fault tolerance?
Designing systems to continue operating even if a component fails.
Example: RAID 1 or RAID 5 storage configurations.
74
Deck 4: Security Operations for CompTIA Security+ (SY0-701).
What is logging?
Recording system and network activity to track events and detect security issues.
Example: Server logs, firewall logs.
75
Deck 4: Security Operations for CompTIA Security+ (SY0-701).
What is logging?
Recording system and network activity to track events and detect security issues.
Example: Server logs, firewall logs.
76
What is monitoring?
Continuously observing systems or networks to identify abnormal or suspicious activity.
Tools: SIEM (Security Information and Event Management).
77
What is a SIEM?
A platform that collects, analyses, and correlates log data to detect security incidents.
Example: Splunk, QRadar.
78
What is an incident response plan?
A documented procedure for responding to security incidents quickly and effectively.
Steps: Identify → Contain → Eradicate → Recover → Lessons learned.
79
What is disaster recovery (DR)?
Procedures to restore IT systems and data after a major disruption.
Goal: Minimise downtime.
80
What is business continuity (BC)?
Ensuring critical business functions continue during or after a disaster.
Example: Switching to backup systems or remote operations.
81
What is a backup?
A copy of data stored separately to recover from loss or corruption.
Types:
• Full
• Incremental
• Differential
82
What is chain of custody?
Documenting who handled evidence to preserve its integrity in investigations.
Important for forensics and audits.
83
What is digital forensics?
The process of collecting, analysing, and preserving digital evidence for investigations.
Example: Investigating a compromised server or workstation.
84
What is vulnerability management?
The process of identifying, assessing, and remediating vulnerabilities in systems or networks.
Steps: Scan → Evaluate → Remediate → Report.
85
What is patch management?
Updating systems or applications to fix security vulnerabilities.
Example: Installing OS or software updates.
86
What is change management?
Controlling changes to systems or processes to avoid introducing new vulnerabilities.
Important for audits and compliance
87
What is a hot site?
A fully operational backup facility ready to take over immediately after a disaster.
88
What is a warm site?
A backup facility with hardware and connectivity but may require data restoration.
89
What is a cold site?
A backup location without hardware or data, used as a last-resort recovery option.
90
Deck 5: Governance, Risk & Compliance.
Policies & Procedures
What is a security policy?
A formal document that defines rules and expectations for protecting information and systems.
Example: Acceptable use policy, password policy.
91
What is a standard?
A mandatory control or rule that supports policies and ensures consistency.
Example: Encryption must use AES-256.
92
What is a guideline?
A recommended best practice that is not mandatory but helps achieve security goals.
Example: Suggesting strong password complexity.
93
What is a procedure?
Step-by-step instructions for carrying out tasks in accordance with a policy.
Example: Steps to onboard a new employee securely.
94
What is an incident response plan (IRP)?
A documented process for responding to security incidents effectively and consistently.
Steps: Identify → Contain → Eradicate → Recover → Lessons Learned
95
Deck 5 — Risk Management
What is risk?
The likelihood that a threat will exploit a vulnerability, causing harm to assets.
Formula often used: Risk = Threat × Vulnerability × Impact
96
What is a threat?
Any potential danger that could exploit a vulnerability and cause harm.
Examples: Hackers, malware, natural disasters.
97
What is a vulnerability?
A weakness in a system, application, or process that could be exploited.
Example: Unpatched software, weak passwords.
98
What is quantitative risk assessment?
Evaluating risk using numerical values, like potential financial loss or probability percentages.
Example: “A breach could cost $50,000 with 10% probability → $5,000 expected loss.”
99
What is quantitative risk assessment?
Evaluating risk using numerical values, like potential financial loss or probability percentages.
A breach could cost £50,000 with 10% probability → £5,000 expected loss.
100
What is a vulnerability?
A weakness in a system, application, or process that could be exploited.
Example: Unpatched software, weak passwords.
101
What is qualitative risk assessment?
Evaluating risk based on descriptive levels (high, medium, low) instead of numbers.
Example: “High risk if unpatched, medium if partially patched.”
102
What is NIST?
National Institute of Standards and Technology — provides cybersecurity frameworks and guidelines to manage risk.
Example: NIST Cybersecurity Framework (CSF) for identifying and protecting assets.
103
What is ISO 27001?
International standard for information security management systems (ISMS).
Focus: Protecting confidentiality, integrity, and availability of information.
104
What are CIS Controls?
Center for Internet Security’s 20 critical security controls to defend against the most common cyber attacks.
Example: Inventory of authorized devices, secure configurations, continuous vulnerability management.
105
What is COBIT?
Control Objectives for Information and Related Technologies — framework for IT governance and management.
Used to align IT processes with business goals.
106
What is PCI DSS?
Payment Card Industry Data Security Standard — ensures secure handling of credit card data.
Important for companies handling payments.
107
What is GDPR?
General Data Protection Regulation — EU/UK law regulating personal data.
Key points: Consent, data protection, right to be forgotten, breach notifications.
108
What is HIPAA?
Health Insurance Portability and Accountability Act — US law protecting health information.
For Security+: know it as an example of industry-specific data protection regulations.
109
What is SOX (Sarbanes-Oxley Act)?
US law focused on financial reporting and internal controls.
For Security+: highlights the importance of auditable controls.
110
What is the Data Protection Act (DPA) 2018?
UK law that complements GDPR, governing personal data handling in the UK.
Example: Employee data, customer records, data breach notification rules.
111
What is a regulatory audit?
A formal review to ensure an organization complies with laws, policies, and standards.
Example: Auditing IT systems to ensure GDPR compliance.
112
What is an audit trail?
A record of system and user activity that can be reviewed to detect issues or confirm compliance.
Example: Logs of who accessed sensitive data and when.
113
What is continuous monitoring?
Ongoing observation of systems, networks, and processes to detect anomalies or policy violations in real time.
114
What is a security log?
A file or record that tracks events on a system or network, such as logins, configuration changes, or access to files.
115
What is reporting in a security context?
Communicating audit results, incidents, and compliance status to management or regulators.
116
What is a gap analysis?
Comparing current security practices to required standards or policies to identify deficiencies.
Example: Checking GDPR compliance and noting missing controls.
117
What is a security log?
A file or record that tracks events on a system or network, such as logins, configuration changes, or access to files.
MY DECKS
flashcards
Decks in class (25)
# Cards
-
Cyber Compliance Foundation60
-
Islam45
-
Science44
-
Finance6
-
Law18
-
Pregnancy3
-
History3
-
Animals8
-
Famous People2
-
Qu’ran Journaling - Surah Yasin15
-
Politics/News9
-
Conversational59
-
ATT PTX 20265
-
England9
-
First Aid28
-
AI2
-
Capitals, Currencies & World Map7
-
Other Religions3
-
Excel1
-
Home DIY/Plumbing1
-
Grammar34
-
Driving1
-
Duas15
-
CompTIA Security +117
-
Mindset17
