Matching Quiz #2

A code, sequence of commands, or piece of software designed to take advantage of weakness in the system.

A potential danger or harmful event that could negatively affect the CIA of the network or data

A weakness or flaw in a system, application, or network that could be taken advantage of by an attacker

a specific method or pathway used by an attacker to gain unauthorized access to a computer system

The likelihood and potential impact of a harmful event happening to the network or data.

Employing multiple layers of security controls, each designed to detect and prevent attacks at different stages

The process of reducing the attack surface of devices, systems or networks.

Every access must be authenticated and authorized before being granted access to resources

users should only have access to the minimum resources necessary to perform their intended tasks

Assigning different jobs to different servers.

Ensures that no party in a communication can later deny their participation or the authenticity of their actions

Enables organizations to administer and maintain portable devices and drives and even wipe them, if stolen.

Physical security measure that prevents unauthorized access by using an enclosed space with two interlocking doors

The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them.

A physical security device designed to prevent theft or unauthorized removal of electronic devices like laptops, desktops

Records user activity and resource usage. Part of the AAA framework

Determines which resources a user can access after successfully authentication. Part of the AAA framework

Ensuring that authorized users can access data and systems when they need them. Part of the CIA triad.

Maintaining the accuracy and trustworthiness of data. Part of the CIA triad

The protection from unauthorized access. Part of the CIA triad.

Physical device or software app, that generate unique codes for "what you have" factor of authentication

Unique biological or behavioral characteristics based on the "what you are" authentication factor

A numeric code used for "what you know" factor of authentication and access control

A physical card with an embedded chip that can be used for "what you have" factor of authentication

Requires users to prove their identity using two or more distinct authentication factors before gaining access

Type of ransomware that prevents access to files.

Uses specific database language statements run for the purpose of getting or changing information in a

database

An injection of a bogus destination for an IP address

The overloading of a reserved space for data that can overwrite other parts of memory or grant unauthorized access

An on-path attack where a Trojan horse installed on a victim's computer can modify web transactions.

Copies all changes made since the last full backup

isolates a computer or network from other networks, particularly the internet, to protect sensitive data

having backup systems and processes in place to ensure continued operation and data integrity in the event of a failure or cyberattack.

only backs up changes made since the previous backup

creates a complete copy of all data, including files, folders, and evvven the operating system, to a different location

an unauthorized individual following an authorized person through a secured door or area, often by holding the door open

an unauthorized person gains entry into a restricted area by following an authorized individual without their knowledge

an attack where a person observes someone else's device (like a smartphone, laptop, or ATM) to steal sensitive information

attackers fabricate believable scenarios to gain a victim's trust and induce them to reveal sensitive information or perform actions that compromise security

the act of retrieving sensitive or valuable information from discarded physical or digital materials

A type of malware that can change its code and appearance to avoid detection

Self-replicating malicious code that affects system functionality

An imposter program that appears helpful but contains malicious code

A type of malware that must have a carrier to attach to before it can cause

damage.

A difficult to detect type of malicious code that is often written into the CPU or other hardware

Old technology and not recommended

Uses HTTPS over TCP port 443

doesn't provide its own encryption, so it's often paired with IPsec (Internet Protocol Security) for encryption and authentication

a modern protocol that uses IPsec for its core encryption and authentication, and is often considered more secure and stable, especially for mobile users

a way to transport packets of one protocol over another, much like a VPN, but without encryption