CCST Test #3 for cert exam

In cybersecurity, "ethical" refers to practices that follow established moral principles, respecting user privacy, data integrity, and legal boundaries, while "unethical" describes actions that exploit vulnerabilities for personal gain, violate privacy, or intentionally cause harm, often involving unauthorized access and malicious intent; essentially, ethical cybersecurity professionals work to protect data and systems, while unethical actors aim to breach them for personal benefit.

IP address: A unique numerical identifier assigned to a device on a network, allowing data to be routed to that specific device; essentially a "logical address" for a computer on the internet.

Port number: A specific number associated with a service or application running on a device, used to direct incoming data to the correct program on that device.

MAC address: A unique hardware identifier burned into a network interface card (NIC), used to identify a device on a local network at the physical level.

Sequence number: A number assigned to each packet of data in a sequence, used to ensure data is received in the correct order during transmission.

The legal principle of "respondeat superior," which means "let the master answer" - meaning the employer can be held liable for the actions of their employees, especially when those actions are performed within the scope of their employment and while representing the company.

Scope of employment: If an employee commits an illegal act while carrying out their assigned duties or acting on behalf of the company, the organization can be held responsible.

Apparent authority: Even if an employee is not explicitly authorized to perform a specific action, if they appear to be acting as a company representative to a third party, the company may still be liable.

A data breach significantly impacts an organization's reputation because it exposes sensitive customer information, leading to a loss of trust from customers, partners, and the public, resulting in negative media attention and a perception that the company cannot adequately protect sensitive data, potentially damaging their credibility and brand image.

Nmap, which stands for "Network Mapper", is a free and open-source tool used to scan networks and discover active devices, identify open ports on those devices, detect the services running on those ports, and gather information about the operating systems running on them, essentially creating a detailed map of a network to assess its security posture and identify potential vulnerabilities; making it a valuable tool for network administrators and security professionals.

Explanation: A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple, coordinated sources. For example:

• An attacker builds a network (botnet) of infected hosts called zombies, which are controlled by handler systems.

• The zombie computers will constantly scan and infect more hosts, creating more and more zombies.

• When ready, the hacker will instruct the handler systems to make the botnet of zombies carry out a DDoS attack.

*DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic. A DDoS attack overwhelms a system with massive amounts of traffic to disrupt its functionality.

*Zero-day attack exploits a previously unknown vulnerability in software.

*Brute Force attack attempts to gain access by trying numerous password combinations.

*Port scan is a technique to identify open ports on a system to potentially find vulnerabilities.

**DDoS aims to disable a system with traffic overload, Zero-day exploits a hidden weakness, Brute Force tries every possible option, and Port scans are reconnaissance to discover potential access points.

Explanation: Worms are malicious code that replicates by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, worms no longer require user participation. After a worm affects a host, it is able to spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload.

In cybersecurity, "business continuity" refers to the ongoing process of planning and preparing for potential disruptions to operations, ensuring the company can continue essential functions even during a crisis; "risk management" is the systematic identification, assessment, and mitigation of potential threats to an organization; "disaster recovery" is the specific set of actions taken to restore IT systems and data access after a major disruptive event like a cyberattack or natural disaster; and "vulnerability" is a weakness or flaw within a system that can be exploited by attackers to gain unauthorized access or cause damage.