Matching Quiz #2

The likelihood and potential impact of a harmful event happening to the network or data.

A code, sequence of commands, or piece of software designed to take advantage of weakness in the system.

a specific method or pathway used by an attacker to gain unauthorized access to a computer system

A potential danger or harmful event that could negatively affect the CIA of the network or data

A weakness or flaw in a system, application, or network that could be taken advantage of by an attacker

users should only have access to the minimum resources necessary to perform their intended tasks

Employing multiple layers of security controls, each designed to detect and prevent attacks at different stages

Assigning different jobs to different servers.

Every access must be authenticated and authorized before being granted access to resources

The process of reducing the attack surface of devices, systems or networks.

Ensures that no party in a communication can later deny their participation or the authenticity of their actions

A physical security device designed to prevent theft or unauthorized removal of electronic devices like laptops, desktops

The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them.

Physical security measure that prevents unauthorized access by using an enclosed space with two interlocking doors

Enables organizations to administer and maintain portable devices and drives and even wipe them, if stolen.

Determines which resources a user can access after successfully authentication. Part of the AAA framework

Maintaining the accuracy and trustworthiness of data. Part of the CIA triad

Records user activity and resource usage. Part of the AAA framework

The protection from unauthorized access. Part of the CIA triad.

Ensuring that authorized users can access data and systems when they need them. Part of the CIA triad.

A numeric code used for "what you know" factor of authentication and access control

Requires users to prove their identity using two or more distinct authentication factors before gaining access

Physical device or software app, that generate unique codes for "what you have" factor of authentication

A physical card with an embedded chip that can be used for "what you have" factor of authentication

Unique biological or behavioral characteristics based on the "what you are" authentication factor

The overloading of a reserved space for data that can overwrite other parts of memory or grant unauthorized access

An injection of a bogus destination for an IP address

Uses specific database language statements run for the purpose of getting or changing information in a

database

Type of ransomware that prevents access to files.

An on-path attack where a Trojan horse installed on a victim's computer can modify web transactions.

isolates a computer or network from other networks, particularly the internet, to protect sensitive data

Copies all changes made since the last full backup

having backup systems and processes in place to ensure continued operation and data integrity in the event of a failure or cyberattack.

creates a complete copy of all data, including files, folders, and evvven the operating system, to a different location

only backs up changes made since the previous backup

an unauthorized person gains entry into a restricted area by following an authorized individual without their knowledge

attackers fabricate believable scenarios to gain a victim's trust and induce them to reveal sensitive information or perform actions that compromise security

the act of retrieving sensitive or valuable information from discarded physical or digital materials

an unauthorized individual following an authorized person through a secured door or area, often by holding the door open

an attack where a person observes someone else's device (like a smartphone, laptop, or ATM) to steal sensitive information

Self-replicating malicious code that affects system functionality

An imposter program that appears helpful but contains malicious code

A type of malware that can change its code and appearance to avoid detection

A difficult to detect type of malicious code that is often written into the CPU or other hardware

A type of malware that must have a carrier to attach to before it can cause

damage.

a modern protocol that uses IPsec for its core encryption and authentication, and is often considered more secure and stable, especially for mobile users

Old technology and not recommended

a way to transport packets of one protocol over another, much like a VPN, but without encryption

doesn't provide its own encryption, so it's often paired with IPsec (Internet Protocol Security) for encryption and authentication

Uses HTTPS over TCP port 443