問題一覧
1
is a broader concept that encompasses not only the security aspects
information assurance
2
key aspects of it information assurance
security management risk management business continuity compliance incident response
3
The planning, implementation, and monitoring of security measures to protect information assets.
security management
4
Identifying, assessing, and managing risks to ensure the continuity and reliability of information.
risk management
5
Ensuring that information security practices align with relevant laws, regulations, and industry standards.
compliance
6
Planning and implementing strategies to maintain critical business functions during and after disruptions.
business continuity
7
Developing and implementing procedures to respond to and recover from security incidents.
incident response
8
information security are built 3 objectives
confidentiality integrity availability
9
means information is not disclosed to unauthorized individuals, entities, and processes.
confidentiality
10
means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way
integrity
11
Ensuring that information is available and accessible to authorized users when need
availability
12
referred to as cybersecurity, is the practice of protecting information from unauthorized access, disclosure, disruption, modification, or destruction.
information security
13
2 principles that governs information security programs
non-repudiation authenticity
14
means one party cannot deny receiving a message
non-repudiation
15
means verifying that users are who they say they are and that each input arriving at the destination is from a trusted source
authenticity
16
Types of Cyber Attacks to Know
1. DoS and DDoS 2. Social Engineering Attacks 3. DNS Spoofing 4. Man in the Middle Attack 5. Password Cracking 6. SQL Injection 7. Insider Threats 8. IoT Based Attacks 9. Malware
17
originates from a single source and aims to overwhelm a network or server.
DoS attack
18
is a more intricate form of a DoS attack.
DDoS attack
19
groups of computers all acting together
botnets
20
means that the client is unable to process the request
408 request timeout
21
This refers to a general server-side error.
500 Internal Server Error
22
This error means that there’s something wrong with the server connection
502 bad gateway
23
tells us that the server is currently offline
503 service unavailable
24
refers to servers side error
504 gateway timeout
25
, persuasion and observation to deceive and manipulate people so they reveal personal information about themselves, which can be used for fraudulent purposes.
engineering attacks
26
essentially an online deception
social engineering attacks
27
social engineering examples
baiting diversion theft honeytrap phishing pretexting AI and deepfakes
28
involves luring potential targets
baiting
29
targets are conned into rerouting the destination
diversion theft
30
attackers seduce their targets
honeytrap
31
typically the sending of fraudulent
phishing
32
also know as voice phishing
vishing
33
pose as someone’s friends or colleagues t
spear phishing
34
type of cyber attack exploits mobile devices
smishing