Managing Security Risks: Quiz 2

Old systems that might not be accounted for or updated, but can still impact assets, such as workstations or old mainframe systems. For example, an organization might have an old vending machine that takes credit card payments or a workstation that is still connected to the le______ accounting sy______.

le____________ sy____________

(a)  

Outsourcing work to third-party vendors can give them access to intellectual property, such as trade secrets, software designs, and inventions

mul__________________ ri_______________

(a)  

A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.

pro____________ lo___________

(a)  

A vulnerability in Microsoft’s Netlogon authentication protocol. An authentication protocol is a way to verify a person's identity. Netlogon is a service that ensures a user’s identity before allowing access to a website's location.

ze__________ lo___________

(a)  

Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

lo___4sh___

(a)  

Affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.

peti____________ pota___________

(a)  

Allows attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.

server-side req_________ forg________

(a)  

The (a)   triad is a model that helps inform how organizations consider risk when setting up systems and security policies. It is made up of three elements that cybersecurity analysts and organizations work toward upholding: confidentiality, integrity, and availability

con_____________________ is the idea that only authorized users can access specific assets or data. In an organization, this can be enhanced through the implementation of design principles, such as the principle of least privilege. The principle of least privilege limits users' access to only the information they need to complete work-related tasks. Limiting access is one way of maintaining the con______________________ and security of private data.

(a)  

in________________ is the idea that the data is verifiably correct, authentic, and reliable. Having protocols in place to verify the authenticity of data is essential. One way to verify data in____________ is through cryptography, which is used to transform data so unauthorized parties cannot read or tamper with it (NIST, 2022). Another example of how an organization might implement in__________ is by enabling encryption, which is the process of converting data from a readable format to an encoded format. Encryption can be used to prevent access and ensure data, such as messages on an organization's internal chat platform, cannot be tampered with.

(a)