1
Q
day-to-day security measures and procedures that ensure an organization’s systems, data, and operations are protected and functioning securely
Ex.An organization conducts regular incident response drills to make sure employees know how to react during a cybersecurity breach. This helps minimize damage and ensures a quick recovery when real incidents occur.
A
Operational Controls
2
Q
security measures focused on planning, policy, and oversight to manage and guide an organization’s overall security strategy
Setting security policies and conducting risk assessments are examples of what type of control?
A
Managerial Controls
3
Q
security measures implemented through technology to protect systems and data from unauthorized access or attacks.
ex. Using firewalls and encryption to prevent hackers from accessing sensitive information.
A
Technical Controls
4
Q
measures taken after a security incident to fix issues, restore systems, and prevent the problem from happening again.
Ex. Restoring data from backups after a ransomware attack.
A
Corrective Controls
5
Q
Definition: Long-term risks that affect an organization’s overall goals or direction.
Example: Failing to adapt to new cybersecurity regulations or technologies.
A
Strategic Risk
6
Q
Definition: Risks that arise from day-to-day business activities or processes.
Example: A system outage caused by human error or poor procedures.
A
Operational Risk
7
Q
Definition: Risks that could lead to monetary loss due to breaches, fines, or downtime.
Example: Paying regulatory penalties after a data leak
A
Financial Risk
8
Q
Definition: Risks related to violating laws, regulations, or standards.
Example: Not following GDPR or HIPAA requirements.
A
Compliance Risk
9
Q
Definition: Risks that damage an organization’s public image or trust.
Example: Customers losing trust after a publicized data breach.
A
Reputational Risk Network based
10
Q
monitors and analyzes data in motion — information being sent over a network — to detect and prevent sensitive data from leaving an organization’s network without authorization.
Ex. A DLP system scans outgoing emails and blocks messages that contain Social Security numbers or credit card data.
A
Network-Based DLP
11
Q
runs on individual devices (endpoints) such as computers or servers to monitor and protect data in use or at rest on that system
Ex. A DLP agent on a laptop blocks a user from copying sensitive files to a USB drive.
A
Host-based DLP
12
Q
U.S. federal law that sets standards for the protection and privacy of sensitive patient health information (Protected Health Information, or PHI).
Which law sets standards for protecting patient health information in the U.S.?
A
HIPAA
13
Q
a set of security standards designed to ensure that all organizations that handle credit card information maintain a secure environment.
ex. A retailer encrypts credit card data during transactions and restricts access to only authorized personnel.
A
PCI DSS (Payment Card Industry Data Security Standard)
14
Q
a U.S. federal law that requires financial institutions to protect the privacy and security of customers’ nonpublic personal information (NPI).
ex. A bank implements strict access controls and encryption to protect customer financial records.
A
GLBA (Gramm-Leach-Bliley Act)
15
Q
a U.S. federal law that mandates financial transparency and accountability for publicly traded companies, including requirements for protecting financial data and internal controls.
Example:
A company implements strict audit trails and access controls for its financial systems to comply with __
A
SOX (Sarbanes-Oxley Act)
16
Q
is a process that replaces sensitive data (like credit card numbers) with a non-sensitive placeholder, which has no exploitable value if intercepted.
A
Tokenization
17
Q
is a process that converts data into a fixed-length string of characters using a mathematical algorithm. It is one-way, meaning the original data cannot be easily recovered
ex. Storing passwords like 5f4dcc3b5aa765d61d8327deb882cf99 instead of the actual password password.
A
Hashing
18
Q
formal documents published by the Internet Engineering Task Force (IETF) that define standards, protocols, and best practices for the Internet. They provide guidance on how technologies like TCP/IP, HTTP, and email should work.
Quiz Question:
What are the formal documents that define Internet standards and protocols?
A
Internet RFCs (Request for Comments)
19
Q
a standardized language for sharing cyber threat intelligence. It allows organizations to describe threats, attacks, indicators, and other threat-related information in a structured, machine-readable format.
ex. A cybersecurity team shares a __ report detailing a new malware campaign, including file hashes, IP addresses, and attack techniques, so other organizations can prepare defenses.
A
STIX (Structured Threat Information eXpression)
20
Q
evidence that a system or network has been breached or compromised by malicious activity. It helps security teams detect and respond to attacks.
Example:
Unusual outbound network traffic, a known malware hash, or suspicious login attempts.
A
IOC (Indicator of Compromise)
21
Q
how cyber attackers operate, including their overall goals, methods of attack, and step-by-step actions
Quiz Question:
What term describes the methods, strategies, and actions used by cyber attackers?
A
TTP (Tactics, Techniques, and Procedures)
22
Q
a formal document published by the Internet Engineering Task Force (IETF) that defines standards, protocols, or best practices for the Internet.
Quiz Question:
What type of document defines Internet standards, protocols, or best practices?
A
RFC (Request for Comments)
23
Q
the process of translating a domain name (like example.com) into its corresponding IP address so that devices can locate and communicate with each other over the Internet.
Typing www.example.com in a browser triggers a ____, which returns the IP address 93.184.216.34 so your computer can connect to the website.
A
DNS lookup
24
Q
malicious code that stays dormant until specific conditions are met (date, event, or action), then executes a harmful payload.
Example:
Insider threat plants code that deletes database files if their employee ID is removed from the HR system on a certain date.
A
Logic Bomb
25
Quiz Question:
What type of malware hides itself and maintains privileged access on a system?
Rootkit
26
infrastructure and methods attackers use to remotely communicate with and control compromised systems within a network. It allows them to issue commands, exfiltrate data, or deploy additional malware.
Ex. traffic between a host-based system and a known malicious host on TCP port 6667
Command and Control (C2 or C&C)
27
a social engineering attack where an attacker creates a fake story or identity to trick someone into revealing confidential information or performing an action.
Example:
An attacker pretends to be from the IT department and asks an employee for their login credentials to “fix a system issue.”
Pretexting
28
For __ the scanner uses valid login credentials to safely check system settings and software versions without making changes.
Quiz Question:
What type of account should be used for credentialed vulnerability scans to avoid altering system settings?
Read only account
29
a high-level account in a Windows Active Directory environment with full administrative control over all computers, users, and resources in the domain. It can manage group policies, user permissions, and system configurations.
Example:
A __ can reset user passwords, join computers to the domain, and deploy software updates across all systems.
Domain Admin
30
an account with full control over a single computer or device, allowing the user to install software, change settings, and manage user accounts on that specific system.
Example:
A technician logs in with a __ account to install software and update settings on an employee’s workstation.
local admin
31
Explanation:
A SQL injection vulnerability that lets students alter their grades affects the __ of the system — meaning the accuracy and trustworthiness of the data.
Integrity
31
Example:
A system administrator uses the ___ to install software updates or modify system configurations on a Linux server.
Quiz Question:
What is the name of the highest-level administrative account on Unix or Linux systems?
root account
32
a network scanning tool used to discover hosts, open ports, and services on a network and to fingerprint OS and applications.
Example:
A security tester runs ___ -sS -p 1-65535 192.168.1.0/24 to find which hosts are up and which TCP ports are open on the subnet.
Quiz Question:
What tool is commonly used to discover hosts, open ports, and services on a network?
Nmap
33
is a vulnerability scanning tool that identifies security weaknesses, misconfigurations, and missing patches on systems, networks, and applications.
Example:
A security analyst runs __ against a corporate network to detect unpatched software and vulnerable services before attackers can exploit them.
Nessus
34
is a penetration testing framework used to develop, test, and execute exploits and payloads against target systems. It helps security professionals validate vulnerabilities and demonstrate impact.
Quiz Question:
What framework is commonly used to develop and run exploits and payloads during penetration tests?.
Metasploit
35
a command-line tool used to query the Domain Name System (DNS) to find IP addresses, domain names, or other DNS records.
Example:
Running __ example.com returns the IP address associated with the domain example.com.
Quiz Question:
What tool is used to query DNS records and resolve domain names to IP addresses?
Nslookup
36
Definition:
A __ is any technique or software that maintains an attacker’s access to a system across reboots, logouts, or other interruptions — often by installing survivors like services, scheduled tasks, or startup entries.
Ex. Backdoor
Persistence tool
37
Definition:
is a query to a public database that provides information about the ownership, registration, and contact details of a domain name.
Quiz Question:
What type of lookup provides registration and ownership details for a domain name?
WHOIS lookup
38
a framework of standards used to automate the assessment, measurement, and reporting of security compliance on systems. It helps organizations ensure systems meet security benchmarks.
Example:
A company uses __ tools to automatically check if all servers meet NIST security configuration baselines.
SCAP (Security Content Automation Protocol)
39
a public database of known cybersecurity vulnerabilities, each assigned a unique identifier to standardize tracking and reporting across organizations and tools.
Quiz Question:
What database provides unique identifiers for publicly known cybersecurity vulnerabilities?
CVE (Common Vulnerabilities and Exposures)
40
a standardized framework used to assess and score the severity of cybersecurity vulnerabilities. Scores range from 0 to 10, helping prioritize remediation efforts.
CVSS (Common Vulnerability Scoring System)
41
a standardized identifier system for security configuration settings. It helps organizations track and manage system configurations to ensure compliance and reduce misconfigurations.
Example:
A Windows server setting for password complexity might have a CCE identifier like CCE-12345-6, allowing auditors and tools to reference it consistently.
CCE (Common Configuration Enumeration)
42
a standardized naming scheme for identifying hardware, operating systems, and applications in a consistent format. It is often used in vulnerability management and security compliance.
A specific version of Windows Server might have a __ like cpe:2.3:o:microsoft:windows_server:2019:*:*:*:*:*:*:*, which helps tools match vulnerabilities to that
CPE (Common Platform Enumeration)0
43
The process of gathering information about a target system, network, or organization to identify potential attack vectors before conducting an attack or penetration test.
Example:
A tester collects information such as domain names, IP addresses, Operating System, and technology stack to understand the target environment.
Footprinting
44
the process of testing and evaluating a program while it is running to identify security flaws, memory leaks, and runtime errors. It observes how the application behaves in real-time.
Example:
A security tester runs an application in a sandbox to detect buffer overflows or input validation issues as the code executes.
Dynamic Code analysis
45
the process of examining source code without executing it to find security vulnerabilities, coding errors, or policy violations.
Example:
A developer uses a __ tool to scan the codebase and detect issues like hardcoded passwords or missing input validation before deployment.
Static code analysis
46
an automated testing technique that sends random, malformed, or unexpected inputs to a program to find crashes, logic errors, or security vulnerabilities.
Example:
A tester uses a ___ tool to feed malformed network packets to a server application and discovers an input that causes the server to crash.
Fuzzing
47
a cryptographic protocol that provides secure communication over a network by encrypting data and ensuring authentication and integrity between connected systems.
Example:
When you visit a website using HTTPS, ___ encrypts the connection between your browser and the web server to protect sensitive information like passwords or credit card data.
TLS (Transport Layer Security)
48
a secure coding technique where user input is treated as data, not as part of a SQL command, preventing SQL injection attacks.
Example:
Instead of building a query with string concatenation, a developer writes: SELECT * FROM users WHERE username = ?;
The ? is replaced safely with the user’s input at runtime.
Parameterized queries
49
What security issue occurs when a web app displays SQL errors or system details to users?
Answer:
Improper error handling / Information disclosure
Explanation:
Revealing SQL code or error details can help attackers craft SQL injection or enumeration attacks. The report should recommend implementing generic error messages and proper exception handling to prevent information disclosure
50
software development practice where code changes are automatically tested and prepared for release to production, ensuring the software can be deployed at any time.
Example:
After developers push new code, it automatically goes through build, test, and staging steps. Once approved, it’s ready to be deployed to production with a single click.
Continuous Delivery (CD)
51
is a development practice where developers frequently merge their code changes into a shared repository, triggering automated builds and tests to detect errors early.
Example:
Each time a developer commits code to GitHub, an automated system builds the project and runs unit tests to ensure nothing breaks.
Continuous Integration (CI)
52
the practice of tracking and analyzing software dependencies or third-party packages for updates, vulnerabilities, or malicious changes to maintain application security.
Example:
A development team uses a tool like Dependabot or Snyk to alert them when a library in their project has a known vulnerability.
Package Monitoring
53
automated security or policy controls that help developers and users stay within approved boundaries while still allowing flexibility and speed. They prevent mistakes without completely blocking actions.
Example:
A cloud platform automatically blocks the creation of public storage buckets unless approved settings are applied.
Guard rails
54
the process of creating, managing, and disabling user accounts and access rights across systems, applications, and networks. It ensures users have appropriate permissions based on their role.
Example:
When a new employee joins, IT automatically creates their email account, grants access to required applications, and assigns role-based permissions.
User provisioning
55
a web security vulnerability where an attacker tricks a user into performing unintended actions on a web application in which they are authenticated.
Example:
A user is logged into their banking website. The attacker sends them a malicious link that, when clicked, transfers money without the user’s knowledge.
CSRF (Cross-Site Request Forgery)
56
a web security vulnerability where an attacker tricks a server into making unauthorized requests to internal or external systems, potentially exposing sensitive data.
Example:
An attacker submits a URL parameter that causes a web server to fetch data from an internal admin interface, exposing confidential information.
SSRF (Server-Side Request Forgery)
57
a vulnerability where an application accepts unsanitized input and passes it to the operating system, allowing an attacker to execute arbitrary OS-level commands on the host.
Example:
A web form takes a filename and the server runs " cat " . An attacker submits ; " rm -rf /tmp/uploads" and the server executes the destructive command.
Quiz Question:
What vulnerability allows an attacker to execute arbitrary operating system commands by supplying crafted input to an application?
Command Injection
58
A type of XSS where malicious script is sent in a request (often via a URL or form) and immediately reflected in the server’s response without proper input validation or output encoding, causing the victim’s browser to execute the script.
Example:
An attacker sends a link like https://site.com/search?q=. If the site echoes q back into the HTML unsafely, the script runs in the victim’s browser when they click the link.
Quiz Question:
What type of XSS occurs when a malicious script is delivered via a URL or form and executed immediately from the server’s response?
Reflected Cross‑Site Scripting (Reflected XSS)
59
when client-side scripts in the browser process untrusted input and modify the DOM in an unsafe way, causing malicious code to execute in the user’s browser. No server-side processing is required.
Quiz Question:
Which XSS type executes entirely in the browser by manipulating the DOM without involving the server?
DOM-Based XSS
60
occurs when an attacker sends multiple HTTP parameters with the same name (or manipulates parameter delimiters) to cause an application to behave unexpectedly — e.g., using the wrong value, concatenating values, or bypassing input validation.
Example:
A request like GET /search?sort=asc&sort=desc causes the app to process both sort values in an unexpected way, allowing an attacker to override or confuse server-side logic, or id=1&id=2 might make the app use an array and bypass an authorization check.
Parameter Pollution (HTTP Parameter Pollution)
61
Example:
A web app lets users view invoices at /invoices/view?id=102. By changing the id to 103, an attacker can view another user’s invoice because the app doesn't check ownership.
Quiz Question:
What vulnerability lets an attacker access objects by tampering with identifiers because the app fails to check authorization?
Insecure Direct Object Reference (IDOR)
62
Example:
An attacker captures a user’s session cookie on an open Wi‑Fi network and uses it to log into the user’s webmail without needing their password.
Quiz Question:
What attack involves taking over an active authenticated session to impersonate a user?
Session Hijacking
63
a type of symmetric encryption algorithm that encrypts data in fixed-size blocks (e.g., 64 or 128 bits) rather than one bit or byte at a time.
Example:
AES (Advanced Encryption Standard) encrypts 128-bit blocks of data using a symmetric key. If you encrypt the message "HELLO WORLD!!!" with AES, the plaintext is split into 128-bit blocks, each block is encrypted separately, and then the ciphertext blocks are combined.
Quiz Question:
What type of encryption algorithm encrypts data in fixed-size blocks using a symmetric key?
Block Cipher
64
a type of symmetric encryption algorithm that encrypts data one bit or byte at a time, often by combining the plaintext with a pseudorandom keystream using an XOR operation
Example:
RC4 is a well-known __. If you encrypt the message "HELLO" with RC4, each character is combined with a byte from the keystream to produce ciphertext, and the same keystream is used to decrypt it back to plaintext.
Stream cipher
65
1. Encrypts data one bit at a time. It is a very granular form of encryption, often using XOR with a key stream.
2. Encrypts data one byte or bit at a time using a pseudorandom keystream. It is designed for fast, real-time encryption of streaming data.
1. Bit
2. Stream
66
Example:
If you encrypt the message "HELLO WORLD" with ___, the plaintext is divided into 64-bit blocks, and each block is transformed into ciphertext using the 56-bit key. The same key is required to decrypt the message back to plaintext.
Quiz Question:
What symmetric-key block cipher encrypts data in 64-bit blocks and was widely used but is now considered insecure due to its short key length?
DES (Data Encryption Standard)
67
a symmetric-key block cipher that applies the DES (Data Encryption Standard) algorithm three times to each 64-bit block of data, typically using either two or three different keys.
3DES (Triple Data Encryption Standard
68
Example:
If Alice wants to send a secure message to Bob:
Bob shares his public key.
Alice encrypts her message using Bob’s public key.
Bob decrypts the message using his private key.
Quiz Question:
Which asymmetric-key encryption algorithm uses a public key for encryption and a private key for decryption, relying on the difficulty of factoring large primes?
RSA (Rivest–Shamir–Adleman)
69
a symmetric-key block cipher that encrypts data in fixed-size 128-bit blocks using keys of 128, 192, or 256 bits. It is widely used for secure data encryption due to its efficiency and strong security, and it has largely replaced DES and 3DES in modern applications.
Example: plaintext is divided into 128-bit blocks, and each block is encrypted using a 256-bit key. The same key is used to decrypt the ciphertext back to the original message.
AES (Advanced Encryption Standard)
70
Example:
When a user visits a secure website, the browser may send an __ request to the certificate authority’s __ responder to confirm that the site’s SSL/TLS certificate has not been revoked before establishing a secure connection.
Quiz Question:
Which protocol allows clients to check the revocation status of a digital certificate in real-time without downloading the full CRL?
OCSP (Online Certificate Status Protocol)
71
a method to improve SSL/TLS performance and security by allowing a server to staple a time-stamped OCSP (Online Certificate Status Protocol) response to its certificate during the TLS handshake
Quiz Question:
What technique allows a server to attach a time-stamped OCSP response to its certificate to improve TLS handshake efficiency and security?
Certificate Stapling (OCSP Stapling)
72
Example:
A mobile banking app may pin its server’s SSL certificate. If an attacker tries to intercept traffic using a fake certificate, the app will detect it and block the connection.
Quiz Question:
What security technique involves an application only trusting specific certificates or public keys to prevent man-in-the-middle attacks?
Certificate Pinning
73
Example:
When a user visits a banking website with an __, the browser may display the organization’s name in the address bar (often in green), indicating that the site has passed rigorous identity verification by the Certificate Authority (CA).
Quiz Question:
Which type of digital certificate provides the highest level of assurance by verifying the organization’s legal identity, physical existence, and domain ownership?
Extended Validation (EV) Certificate
74
Quiz Question:
Which type of digital certificate only verifies domain ownership or control and provides encryption without validating the organization’s identity?
Example:
A website owner can obtain a __ certificate by proving control of the domain via email or DNS record. Once issued, the site can use HTTPS to encrypt traffic, but the browser does not display the organization’s name in the address bar.
DV (Domain Validated) Certificate
75
Quiz Question:
Which type of digital certificate verifies both domain ownership and the organization’s legitimacy, offering more trust than a DV certificate?
OV (Organization Validated) Certificate
76
Example:
A company may have an offline __ stored in a secure, air-gapped server. All day-to-day certificate issuance is handled by online intermediate CAs, while the __ is only used occasionally to sign or renew intermediate CA certificates.
Quiz Question:
In a large PKI deployment, which CA is typically kept offline to reduce the risk of compromise?
top of the trust hierarchy in a Public Key Infrastructure (PKI)
Root CA
77
Example:
A web server administrator exports a website’s SSL/TLS certificate and private key as a __ file to install it on another server. The __ file is usually password-protected to secure the private key.
Quiz Question:
What file format stores a digital certificate, its private key, and optionally intermediate certificates for secure import/export?
.pfx (Personal Information Exchange)
78
a service or system that authenticates users and provides identity information to other applications or services, usually through protocols like SAML, OAuth, or OpenID Connect. __ enable Single Sign-On (SSO) by verifying user credentials and issuing authentication tokens.
Example:
When a user logs into a company portal using their Google account, Google acts as the __, authenticating the user and providing identity information to the portal so the user can access resources without creating a separate account.
IdP (Identity Provider)
79
Example:
A corporate network may use Microsoft Active Directory as an __. When a user logs in, Active Directory verifies the username and password (and possibly a second factor) before granting access to network resources.
Quiz Question:
What service verifies user credentials to confirm identity and grant access to resources?
authentication provider
80
The least effective means of preventing shared accounts is:
Password complexity
Password complexity improves the strength of passwords but does not prevent users from sharing their credentials.
81
Quiz Question:
What major difference exists between on-premises and cloud-based identity services in terms of account and identity management?
The cloud service provider (CSP) provides account and identity management services.
On-premises identity services don’t automatically provide account and ID management as a service because the organization itself is responsible for managing all aspects of identity.
82
Quiz Question:
Which password policy setting requires users to change their passwords after a set period, indirectly preventing immediate reuse of old passwords?
Answer:
Maximum password age
83
Example:
A hardware token or mobile app uses ___ to generate a 6-digit code. Each time the user logs in, the server verifies the OTP against its own counter. After a successful login, the counter increments, and the OTP cannot be reused.
Quiz Question:
Which OTP algorithm generates passwords based on a shared secret key and a counter using HMAC, with each password valid for only one use?
HOTP (HMAC-Based One-Time Password)
84
Example:
A mobile authenticator app (like Google Authenticator) generates a 6-digit TOTP code every 30 seconds. When a user logs in, the server checks the code against the expected value for that time window. Codes automatically expire after the time window, so they cannot be reused.
Quiz Question:
Which OTP algorithm generates passwords based on a shared secret key and the current time, with each password valid only for a short time window?
TOTP (Time-Based One-Time Password)
85
Linux File Permissions
r = read permission
w = write permission
- = no execute permission
Linux, file permissions define what owners, groups, and others can do with a file (In that order)
86
a security practice where user credentials, passwords, and secrets are stored in a secure, centralized repository
Password Vaulting
87
Example:
When a user logs into a third-party app using their Google account, __ allows the app to access certain Google account data (like email or contacts) without the app ever seeing the user’s Google password.
Quiz Question:
Which open standard allows a user to grant a third-party application limited access to their resources without sharing credentials?
OAuth (Open Authorization)
88
a protocol used to access and manage directory services over a network. It provides a way to query, modify, and authenticate information about users, groups, devices, and other resources in a centralized directory
Ex. Active Directory
LDAP (Lightweight Directory Access Protocol)
89
Quiz Question:
Which type of access control scheme, where the owner of a file or resource determines access permissions, describes the Linux filesystem?
Discretionary Access Control (DAC)
90
Definition:
saves all files that have changed since the last full backup. It keeps growing until the next full backup is done.
Example:
If a full backup is made on Sunday, the Wednesday __ backup includes everything changed since Sunday.
differential backup
91
copies all data in a system or selected set of files, regardless of whether the data has changed. It creates a complete copy that can be used for full restoration.
Example:
A company performs a __ backup every Sunday, capturing all files and folders on the server so it can restore everything if needed.
full backup
92
checks whether backup systems—such as a warm site, server cluster, or redundant component—can successfully take over operations after a failure or outage. It ensures business continuity by verifying that the transition happens smoothly and systems remain available.
Example:
Ben temporarily shuts down the primary data center to confirm that the warm site activates correctly and users can still access necessary applications.
Quiz Question:
What type of testing verifies that a backup system or site can successfully take over operations after a failure?
Failover Testing
93
Definition: is the simultaneous execution of multiple tasks or operations by dividing them among multiple processors or cores. It improves performance and speeds up data processing by handling parts of a job at the same time.
Example:
A cybersecurity tool analyzes large log files faster by splitting the work across several CPU cores, each processing a portion of the data simultaneously.
Parallel processing
94
lists the sequence in which systems, applications, and data should be restored after an outage. It ensures critical services are brought back online first to support business operations efficiently.
Example:
After a server failure, the IT team follows the ___, restoring the authentication server before dependent applications to avoid login issues.
restoration order documentation
95
the process of determining the resources—such as hardware, bandwidth, storage, and personnel—needed to meet current and future system demands. It helps prevent performance issues and ensures scalability.
Example:
An organization reviews user growth trends and upgrades its servers and storage capacity to handle increased traffic during peak business hours.
Capacity Planning
96
detects __ (heat) emitted by objects or people. In security systems, it’s often used for motion detection, triggering alarms or cameras when movement is sensed.
Example:
A building’s motion detector uses an__ to detect body heat and movement after hours, activating an alarm if someone enters restricted areas
infrared sensor
97
What is type of testing scenario is least disruptive to a company?
Tabletop exercise
98
is the process of adding more machines or nodes to a system to handle increased load, rather than upgrading a single machine’s resources. It improves performance and redundancy.
Example:
A web application adds multiple servers behind a load balancer to handle more user traffic, instead of upgrading a single server with more CPU or memory.
Horizontal Scaling
99
is the process of increasing the resources of a single machine—such as CPU, memory, or storage—to handle higher workloads.
Example:
A database server is upgraded with more RAM and a faster CPU to support increased transactions, rather than adding additional servers.
Vertical Scaling (Scale Up)
100
runs directly on the physical hardware of a host machine, without needing an underlying operating system. It manages virtual machines efficiently and is commonly used in enterprise environments for server virtualization.
Example:
VMware ESXi is a __ that runs directly on servers in a data center, hosting multiple virtual machines for different applications.
Type 1 hypervisor
101
A company uses Amazon Web Services (AWS) to rent virtual servers and storage for hosting its applications, without buying or maintaining physical hardware.
Quiz Question:
Which cloud service model provides virtualized computing resources like servers and storage, while users manage applications and data?
IaaS
102
A company uses Microsoft 365 to access Word, Excel, and Teams online. The provider handles updates, maintenance, and security.
Quiz Question:
Which cloud service model delivers applications over the internet, managed by a provider, and accessed by users through a web browser?
SaaS
103
A developer uses Google App Engine to deploy a web application. The platform handles the server, database, and runtime environment, while the developer focuses on coding.
Quiz Question:
Which cloud service model provides a platform for developing and deploying applications without managing the underlying infrastructure?
PaaS
104
a framework of security controls specifically designed for cloud computing. It helps organizations assess the security risk of cloud providers and ensure compliance with industry best practices.
Example:
A company evaluating a cloud storage provider uses the ___ to review controls related to data protection, identity and access management, and incident response before signing a contract.
CSA CCM (Cloud Security Alliance Cloud Controls Matrix)
105
U.S. federal agency that develops standards, guidelines, and best practices for technology, cybersecurity, and measurement. In cybersecurity, it provides widely used frameworks and publications to help organizations manage risk and secure systems.
Example:
A company follows the to assess risks, implement security controls, and improve its overall cybersecurity posture.
NIST Cybersecurity Framework (CSF)
106
an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a systematic approach to managing sensitive information, ensuring confidentiality, integrity, and availability.
Example:
A financial company implements ISO 27001 controls, including risk assessments, access management, and incident response, to protect customer data and comply with regulations.
ISO 27001 (International Organization for Standardization 27001)
107
processes data near where it is created instead of sending it all to a central server, reducing delays and saving bandwidth.
Example:
A smart factory uses __ on its machinery to process sensor data locally, allowing immediate adjustments to production equipment without waiting for cloud analysis.
edge computing
108
is a security tool that sits between users and cloud services to enforce security policies, monitor activity, and protect data in cloud environments.
Example:
A company uses a __ to detect unauthorized file sharing on cloud storage and enforce encryption for sensitive data.
CASB (Cloud Access Security Broker)
109
connects directly to cloud services using their APIs to monitor activity, enforce security policies, and protect data
Example:
A company integrates an with its Office 365 environment to automatically detect sensitive files in OneDrive and enforce encryption and access restrictions.
API-based CASB
110
a set of rules that defines who can access certain things, what actions they can perform, and under what conditions. It is used to control permissions and enforce security for systems, applications, or cloud resources.
Example:
An organization creates a in AWS that allows only the finance team to access certain S3 buckets and grants read-only access to auditors.
resource policy
111
a private, isolated section of a public cloud where an organization can launch resources, control network settings, and manage security, as if it were a traditional on-premises network.
Example:
A company sets up a __ in AWS to host its web servers and databases, configuring subnets, routing tables, and security groups to control traffic between resources.
VPC (Virtual Private Cloud)
112
a network hub that connects multiple virtual private clouds (VPCs) and on-premises networks, simplifying communication and routing between them.
Example:
An organization uses an AWS ___ to link several VPCs across regions and connect them to its corporate data center, eliminating the need for multiple point-to-point connections.
Transit Gateway
113
a security solution that monitors and controls web traffic to protect users from threats, enforce policies, and prevent access to malicious or unauthorized websites.
Example:
A company uses an __ to block employees from accessing risky websites and to scan web traffic for malware before it reaches the corporate network.
SWG (Secure Web Gateway)
114
A company deploys a __ at the network perimeter to block traffic from suspicious IP addresses while allowing employees to access approved websites and services.
Quiz Question:
What network security device monitors and controls traffic to block unauthorized access while permitting legitimate communication?
Firewall
115
a third-party company that provides outsourced monitoring, management, and maintenance of an organization’s security systems and processes.
Example:
A small business hires an __ to manage its firewalls, intrusion detection systems, and security alerts 24/7 because it lacks an in-house security team.
MSSP (Managed Security Service Provider)
116
___ uses TCP port 80 for web traffic.
___ uses TCP port 443 for secure web traffic.
___ uses TCP port 25 for sending emai
HTTP
HTTPS
SMTP
117
used by the File Transfer Protocol (FTP) for control commands. It establishes the connection between the client and server for managing file transfers, while data is transferred over a separate port (typically port 20).
TCP Port 21
118
A network administrator connects to a legacy router using __ on port 23 to configure settings, though it is recommended to use SSH for secure access.
Quiz Question:
Which protocol uses TCP port 23 for remote command-line access but sends data in plaintext?
Telnet
119
Ex. A company classifies its information as Public, Internal, Confidential, or Restricted. Confidential financial reports receive stricter access controls than public marketing materials.
Quiz Question:
What system categorizes data by sensitivity and value to determine appropriate security controls?
Data Classification Scheme
120
Example:
Modern smartphones use __ to store fingerprint or facial recognition data, keeping it isolated from apps and the main operating system.
Quiz Question:
What is the protected area within a processor that isolates sensitive data and operations from the main system?
secure enclave
121
a system or cloud service that creates, stores, manages, and controls encryption keys used to protect data.
KMS (Key Management Service)
122
___ focuses on endpoints only, whereas __ collects and correlates data across multiple layers (endpoints, network, cloud) for broader threat detection and response.
EDR (Endpoint Detection and Response)
XDR (Extended Detection and Response)
123
Quiz Question:
What security system is installed on individual devices to monitor and prevent malicious activity directly on the host?
HIPS (Host-based Intrusion Prevention System)
124
Quiz Question:
What network technology logically segments devices to improve security and traffic management, and can be used to isolate IoT devices from corporate systems?
VLANs (Virtual Local Area Networks)
125
a modern firmware interface for computers that initializes hardware and starts the operating system. It replaces the older BIOS system and provides enhanced security features, faster boot times, and support for large drives.
Example:
A company configures __ with Secure Boot enabled on all laptops. This ensures only trusted operating systems and bootloaders can run, protecting devices from boot-level malware.
UEFI (Unified Extensible Firmware Interface)
126
a protocol used to monitor and manage network devices such as routers, switches, servers, and printers. It collects information about device status and performance and can send alerts when issues occur.
Example:
A network administrator uses an __ tool to track bandwidth usage on switches and receive alerts if a device goes offline.
SNMP (Simple Network Management Protocol)
127
An administrator connects to a remote Windows server using RDP over port __ to manage system settings and perform maintenance tasks.
Quiz Question:
Which TCP port is used by the Remote Desktop Protocol (RDP) for remote desktop connections?
3389
128
a security tool that evaluates and categorizes IP addresses, domains, URLs, or files based on their history and behavior to determine if they are trustworthy or malicious. It helps block or filter traffic from known bad sources.
Example:
A firewall uses a __ to automatically block connections from IP addresses that have been linked to phishing or malware distribution.
Reputation Service
129
involves reviewing and tracking Access Control Lists to ensure that permissions on network devices, systems, or files are correctly configured and not allowing unauthorized access
Quiz Question:
What type of monitoring ensures that access permissions on systems or network devices follow security policies and prevent unauthorized access?
ACL Monitoring (Access Control List Monitoring)
130
a secure, controlled computer that administrators use to connect to and manage devices in a separate or restricted network. It acts as a gateway, reducing the need to expose internal systems directly to external access.
Example:
An organization requires administrators to first connect to a __ before accessing production servers in a secure data center, helping protect sensitive systems from direct internet exposure.
Jump Server
131
Example:
A company uses a __ to filter web traffic, blocking access to unauthorized websites and logging employee browsing activity for security monitoring.
Quiz Question:
What type of server acts as an intermediary between users and the internet to provide anonymity, caching, and content filtering?
proxy server
132
Example:
An e-commerce site deploys a __ to block malicious requests that attempt to exploit vulnerabilities in its checkout application, preventing data theft or site defacement.
Quiz Question:
What type of firewall protects web applications by filtering and monitoring HTTP/HTTPS traffic to block attacks like SQL injection and XSS?
WAF (Web Application Firewall)
133
a suite of security extensions for the Domain Name System (DNS) that adds cryptographic signatures to DNS records. It ensures the authenticity and integrity of DNS responses, preventing attackers from redirecting users to malicious sites.
Example:
A website implements __ so that when users try to access its domain, their DNS resolver can verify that the response truly comes from the legitimate DNS server, protecting against cache poisoning attacks.
DNSSEC (Domain Name System Security Extensions)
134
Example:
A company adopts __ to allow remote employees to securely access cloud applications and internal resources without connecting through a traditional VPN, enforcing security policies in the cloud.
Quiz Question:
What cloud-based architecture combines WAN and network security services to provide secure access for users and devices anywhere?
SASE (Secure Access Service Edge)
135
Example:
A company with multiple branch offices uses __ to automatically route critical application traffic over the fastest available connection, while less important traffic uses lower-cost internet links.
Quiz Question:
Which technology can replace MPLS-based WAN connections with commodity internet links while providing centralized management and traffic optimization?
SD-WAN (Software-Defined Wide Area Network)
136
a cryptographic protocol that provides secure communication over a network by encrypting data transmitted between a client and a server. It ensures confidentiality, integrity, and authentication of the transmitted information.
Example:
A user accesses a banking website via https://, which uses SSL/TLS to encrypt the connection so that login credentials and financial data cannot be intercepted.
Quiz Question:
Which protocol encrypts data between a client and server to provide secure network communication?
SSL (Secure Sockets Layer)
137
Example:
When a user tries to access a cloud application, the __ checks the access request against the organization’s policies. If the user has the required permissions, access is granted; otherwise, it is denied.
Quiz Question:
What component enforces access control decisions by allowing or denying requests to protected resources?
PEP (Policy Enforcement Point)
138
a protocol used by email clients to retrieve messages from a mail server. It downloads emails to the client’s device and typically removes them from the server, making messages accessible offline.
Example:
A user configures their email client (like Outlook or Thunderbird) to access their email via __. The client downloads new messages from the mail server to the local computer for offline reading.
POP / POP3 (Post Office Protocol version 3)
139
Example:
A user configures their email client to access Gmail using ___ . Emails stay on the server, so the user can read, delete, or organize messages from their phone, laptop, or tablet, all synchronized securely.
Quiz Question:
Which secure email protocol allows clients to access and manage messages on a server while keeping them synchronized across multiple devices?
IMAPS (Internet Message Access Protocol Secure)
140
an email authentication protocol that helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send emails on their behalf.
Example:
A company publishes an ___ record in its DNS specifying that only its mail server can send emails for its domain. If a spammer tries to send email pretending to be from that domain, recipient servers can detect the unauthorized sender and mark the email as suspicious.
SPF (Sender Policy Framework)
141
Example:
A company sets up a VPN between its headquarters and a remote office using __ All data sent over the connection is encrypted and authenticated, protecting sensitive corporate information from interception.
Quiz Question:
Which protocol suite provides encryption and authentication for IP communications, commonly used to secure VPN connections?
IPSec (Internet Protocol Security)
142
Example:
An office connects five monitors in a __ configuration using DisplayPort, where the first monitor connects to the computer and each subsequent monitor connects to the previous one.
Quiz Question:
What is the term for connecting multiple devices in series, where each device is linked to the next?
daisy chain
142
a high-availability configuration where two or more systems, servers, or data centers run simultaneously and share the load. If one system fails, the others continue processing without downtime.
Example:
A website uses two active web servers in an setup behind a load balancer. Both servers handle traffic simultaneously, so if one server fails, the other continues serving users without interruption.
Active/Active
143
Example:
A database cluster uses an __ setup: the primary database server handles all queries, while the secondary server remains idle. If the primary fails, the secondary becomes active to maintain service.
Quiz Question:
What high-availability setup uses one active system for processing and a secondary standby system that only takes over if the primary fails?
Active/Passive
144
Quiz Question:
Which artifact might indicate an on-path attack by intercepting or modifying web traffic through a user’s browser?
Browser Plugin
145
example:
A company uses _ to ensure that only devices with up-to-date antivirus and patches can connect to the corporate Wi-Fi. Non-compliant devices are placed in a restricted network until they meet the requirements.
Quiz Question:
What security solution verifies device identity and compliance before allowing access to a network?
NAC (Network Access Control)
146
A company follows __ to configure its Windows servers securely, ensuring default accounts are disabled, unnecessary services are turned off, and proper logging is enabled.
Quiz Question:
Which nonprofit organization provides security best practices and benchmarks to help organizations secure IT systems and reduce cyber risk?
CIS Benchmarks
147
A web development team consults the ___ Top Ten to ensure their new e-commerce site is protected against common vulnerabilities like SQL injection, cross-site scripting (XSS), and broken authentication.
Quiz Question:
Which nonprofit organization provides guidelines, tools, and resources to improve web application security, including the __ Top Ten?
OWASP (Open Web Application Security Project)
148
cryptographic handshake used in WPA3 Wi-Fi networks to replace the traditional WPA2 pre-shared key (PSK) authentication. It provides resistance to offline brute-force attacks by using a secure key exchange that doesn’t expose the password to attackers.
Example:
A home Wi-Fi network upgraded to WPA3 uses __. Even if an attacker captures the handshake, they cannot perform an offline brute-force attack on the network password because the password is never directly transmitted.
SAE (Simultaneous Authentication of Equals)
149
Example:
A user presses the WPS button on their router and then on a smart printer to quickly connect it to the Wi-Fi network without typing the password.
Quiz Question:
Which Wi-Fi feature allows devices to connect using a PIN or push-button but has vulnerabilities to brute-force attacks?
WPS (Wi-Fi Protected Setup)
150
a secure authentication protocol that encapsulates EAP (Extensible Authentication Protocol) within a TLS (Transport Layer Security) tunnel. It protects credentials from eavesdropping during authentication, commonly used in enterprise Wi-Fi networks.
Quiz Question:
Which authentication protocol encapsulates EAP within a TLS tunnel to protect credentials during Wi-Fi authentication?
PEAP (Protected Extensible Authentication Protocol)
151
A company stores financial records on a separate encrypted volume from general employee files. Only the finance team has access to the encrypted volume, reducing the risk of unauthorized access.
Quiz Question:
What practice involves separating and isolating different types of data within storage to improve security and access control?
Storage Segmentation
152
a decentralized wireless network where devices communicate directly with each other without relying on a central access point or infrastructure.
Example:
During a disaster response, first responders set up an __ network using their laptops and mobile devices to share information when the main network is unavailable.
ad-hoc
153
A user downloads an APK file from a third-party website to install an app on their Android phone instead of using the Google Play Store, potentially exposing the device to malware.
Quiz Question:
What is the term for installing apps from sources outside the official app store, often posing security risks?
Side loading
154
What network feature redirects users to a web page for authentication or acceptance of terms before granting internet access?
Ex. Signing into guest wifi
Captive Portal
155
a network authentication protocol that uses secret-key cryptography and tickets to allow nodes to securely prove their identity over an insecure network. It helps prevent eavesdropping and replay attacks.
Example:
In a Windows Active Directory environment, when a user logs in, __ issues a ticket that allows the user to access file shares and applications without re-entering their password for each service.
Kerberos
156
is an attack that uses Bluetooth vulnerabilities to gain unauthorized access to a device and steal data (contacts, messages, calendars, files) without the owner’s permission.
Example:
At a crowded cafe, an attacker uses a laptop with specialized tools to connect to an older smartphone’s Bluetooth interface without pairing and copies the phonebook and text messages.
Bluesnarfing
157
Example:
A network administrator uses __ on a router to monitor which devices are consuming the most bandwidth, identifying a server generating unusually high traffic that may indicate a misconfiguration or potential security issue.
Quiz Question:
Which network protocol is used to collect and analyze IP traffic flows to monitor network usage and detect anomalies?
NetFlow
158
Quiz Question:
What type of cybersecurity solution collects and analyzes log data from multiple sources to provide real-time monitoring, threat detection, and incident response?
SIEM (Security Information and Event Management)
159
is the process of intercepting and logging network traffic data for analysis.
Ex. Wireshark
Packet Capture (PCAP)
160
a network monitoring protocol that provides traffic visibility by sampling packets and interface counters from network devices. Unlike NetFlow, which tracks every flow, sFlow uses statistical sampling to efficiently monitor high-speed networks and provide real-time performance and usage data.
Example:
A network administrator deploys ___ on a data center switch to monitor traffic trends across multiple VLANs. The sampled data helps identify which servers are generating the most traffic without overwhelming the monitoring system.
sFlow (Sampled Flow)
161
Example:
A Linux administrator runs __ -u sshd to review all log entries related to the SSH service, helping identify failed login attempts or configuration issues.
Quiz Question:
Which Linux command-line utility allows administrators to query and view system, service, and kernel logs managed by systemd?
journalctl
162
standardized sets of criteria or best practices used to measure, evaluate, and compare the performance, security, or compliance of systems, applications, or processes
Quiz Question:
What term describes standardized criteria or best practices used to evaluate and guide the performance, security, or compliance of systems?
Benchmarks
163
is a component of the Windows Event Log that records security-related events, such as user logins, account changes, privilege use, and system access attempts
Windows Security Log
164
Linux commands:
dd -
ln -
df -
cp -
dd - "data duplicator.”
It copies and converts data byte by byte.
ln - creates link
df - Displays information about the amount of available disk space on filesystems.
cp - duplicates files or folders. 'Copy'
165
When documenting forensic tools in a forensic report, what should an investigator include in addition to the tool name and version to ensure transparency and accuracy?
Answer:
Any known limitations or issues with the tools.
166
Quiz Question:
What document is used in digital forensics to record every transfer, handling, and storage action taken with evidence to maintain its integrity and admissibility in court?
Chain of Custody Document
167
While __ can help establish a timeline, they are not strictly required for the evidence to be considered admissible for forensic analysis.
time stamps
168
Quiz Question:
What is the documented process used to track the collection, handling, and transfer of evidence to ensure it remains authentic and legally admissible?
Chain of Custody
169
Quiz Question:
What process involves capturing a computer’s volatile memory to preserve running processes, network connections, and other temporary data for forensic analysis?
Forensic Memory Acquisition
170
Quiz Question:
Which Windows feature provides a centralized system for recording events from the operating system, applications, and security subsystems for monitoring and troubleshooting?
Windows Event Log
171
Quiz Question:
What type of log records a chronological sequence of actions or events within a system or application to monitor activity and ensure accountability?
Audit Log
172
Quiz Question:
What method is commonly used in digital forensics to verify that a forensic copy of a drive is identical to the original?
Answer:
Creating and comparing cryptographic hashes of the original drive and the forensic copy.
173
Quiz Question:
After a flash media device is quick formatted, what happens to the files and file indexes on the device?
Answer:
The files remain, but the file indexes are removed.
174
a high-level statement that defines an organization’s rules, objectives, and expectations. __ set the direction and requirements but are not detailed instructions.
Example:
“Employees must use strong passwords to access company systems.”
Policy
175
a specific, mandatory rule or benchmark that supports policies. It ensures consistency and compliance across the organization.
Example:
“All passwords must be at least 12 characters long, include uppercase, lowercase, numbers, and symbols.”
Standard
176
is a step-by-step set of instructions for performing a task or process. __ ensure policies and standards are implemented consistently.
Example:
“Steps to reset a password: 1) Verify user identity, 2) Access password management system, 3) Generate temporary password, 4) Inform user securely.”
Procedures
177
a recommended practice that provides advice or best practices. Unlike procedures or standards, __ are not mandatory.
Example:
“Use a password manager to securely store your passwords.”
guidelines
178
Quiz Question:
What are the five core functions of the NIST Cybersecurity Framework used to manage and reduce cybersecurity risk?
Identify, Protect, Detect, Respond, Recover
179
Quiz Question:
What European regulation governs the collection, storage, and processing of personal data and gives individuals greater control over their personal information?
GDPR (General Data Protection Regulation)
180
Quiz Question:
What type of contract sets the general terms and conditions (umbrella) between parties to govern multiple future transactions or services without renegotiating for each one?
MSA (Master Service Agreement)
181
Quiz Question:
What company is a leading provider of networking hardware, software, and cybersecurity solutions, including routers, switches, and enterprise security products?
Cisco
182
Quiz Question:
What nonprofit organization provides security best practices, benchmarks, and controls to help organizations protect their IT systems and data?
183
If you're doing a risk assessment on an as needed bases such as when hardware or software is updated for an application instance, what might this be?
Ad Hoc
CompTia Sec+
flashcards
Decks in class (7)
# Cards
