CCST Cybersecurity Glossary Game #2 | Baamboozle - Baamboozle

0%

0 0 0

Back Restart

What is preventative control?

Security control that prevents unauthorized action

Collecting infrastructure info about a target environment

Using a binary code segment to identify a malware program

Locking your car doors when in sketchy places

What does syslog do?

Cooks pancakes and bacon on Sunday mornings

Translates a domain name into one or more IP addresses

Changes a process or configuration to avoid risk

Copies log file entries into a server to make them read-only

What is acceptance?

Taking no action to mitigate risk

Translating a domain name into one or more IP addresses

Collecting infrastructure info about a target environment

Removing data from out-of-date computers

What is a DRP?

Protocol used to communicate between browser & server

Binary code segment that uniquely identifies malware program

Event resulting in damage initiated by human action

Plan to restore infrastructure after extensive damage

What does NIST SP-800-61 do?

Translates a domain name into one or more IP addresses

Provides guidelines for computer security incident handling

Repairs damage that results from unauthorized activity

Hubba wha'?

What is MFA?

List of assets connected to a network, with attributes

Authentication requiring multiple types of credentials

None of these

Separating physical/logical network groups from one another

What does MITRE ATT&CK framework do?

Allows users to use a mouse/keyboard to provide input

Reduces opportunity for attackers to exploit vulnerabilities

Restores infrastructure to an operational state after damage

Breaks attacks into tactics and techniques

What does nslookup do?

Copies log file entries to a separate server

Translates a domain name into one or more IP addresses

Separates physical/logical network groups from one another

Absolutely nothing

What is a DMZ?

Rules that govern resource access decisions

Network segment with at least two firewalls blocking access

Path an attacker takes to exploit a threat

Place where dolphins meet zebras

What is tcpdump used for?

Removing data from out-of-date computers

Helping administrators troubleshoot network problems

Transmitting data from one location to another

Monitoring/displaying packets traveling across a network

What does a GUI do?

Creates graphs and charts for administrative reports

Changes a process or configuration to avoid risk

Deploys security controls to secure network infrastructure

Allows users to use a mouse/keyboard to provide input

What is hardening?

Planning an attack to carry out a threat

Collecting information used to support a claim

Deploying security controls to secure network infrastructure

What happens when H2O becomes a solid state.

What does Network Security Architecture do?

Determines how a network is organized to operate efficiently

Supports secure, encrypted, remote communications

Allows users to use a mouse/keyboard to provide input

Helps cities with urban planning

What is best evidence?

Proof that pies taste better than cakes

Original document to support a claim in case of cyber event

Binary code that uniquely identifies a malware program

One-way form of encryption that is not decrypted

What does IP do?

Scrambles data so only intended recipients can unscramble

Performs malicious actions on a device or a network

Collects information used to support a claim

Defines how data packets are routed--source to destination

What is an exploit?

Separating network groups from one another

Planning to carry out a threat against a vulnerability

Jumping out of an airplane without a parachute

Deploying security controls to secure network infrastructure

What is Type 3 authentication?

Involves what one knows (password, passcode, or PIN)

Involves what one has (token, smartcard)

All of these choices

Involves what one does (fingerprint, retina -- biometrics)

What is a VPN?

Wireless security protocol to address WEP's weaknesses

Legacy wireless security protocol that is insecure

Secure, end-to-end, private connection over a public network

Weakness in a system, related to one more more assets

What is a public network?

Network defined by non-routable IP addresses

A private key encryption

Network defined by routable IP addresses

Authentication that involves what one has (token, smartcard)

What are PCI DSS?

Highly skilled hackers who target government servers

Instructions on an onboard chip to control basic operation

Text-based user interfaces for running commands

Industry standards governing processing of payment card data

What does ICMP do?

Deploys security controls to secure network infrastructure

Translates IP addresses into physical MAC addresses

Changes a process or configuration to avoid risk

Helps administrators troubleshoot network problems

What is IoT?

Process giving subjects assurance to change/access objects

Physical objects remotely controlled through the internet

Protocol used to communicate between browsers and servers

Database of malware signatures used for comparison

What is hardware inventory?

List of assets connected to a network, with attributes

Software that performs malicious actions on a device/network

Planned attack to carry out a threat against a vulnerability

A copy of an original document used for evidence

What is network segmentation?

Supporting centralized management of IP addresses

Preventing people from meeting each other

Separating physical/logical network groups from one another

Performing malicious actions on a device or a network

What is avoidance?

Granting permissions on objects to subjects

Classifying and characterizing cyberattacks

Changing a process/configuration to avoid risk

Collecting infrastructure info about a target environment

What does IPsec do?

Plans birthday parties for 18-year olds

Separates network groups from one another

Offers data authentication/integrity/privacy betw 2 entities

Repairs damage that results from unauthorized activity

What is tailgating?

A malicious program masquerading as a useful program

Using voice calls to trick users into giving info or funds

An attacker following an authorized person through a doorway

What some people do during sporting events

What does DHCP do?

Translates a domain name into one or more IP addresses

Supports centralized management of IP addresses in a network

Performs malicious actions on a device or a network

Restores infrastructure to an operational state after damage

What is vulnerability?

Weakness in a system, related to assets within the system

Toasting marshmallows over a campfire while wearing no shoes

Malicious program that masquerades as a useful program

Security control that prevents unauthorized action

What is a trojan horse?

Malicious program that masquerades as a useful program

All of these answers

Network defined by non-routable IP addresses

Wooden horse used by Greek soldiers to trick the Trojans

What is encryption?

Scrambling data so only intended recipients can unscramble

Putting a lock on a freezer to protect ice cream from bears

Detecting activity and generating an alert when it does

Explaining the path an attacker has taken

What is WEP?

Built-in firewall installed with Microsoft Window OS

Changing a process or configuration to avoid risk

Legacy wireless security protocol that is insecure

Plan to restore infrastructure after extensive damage

What is vishing?

Changing a process or configuration to avoid risk

Detecting activity and generating an alert when it does

Using voice calls to trick users into giving info or funds

Fishing from a pier in Venice, Italy

What does NAT do?

Repairs damage that results from unauthorized activity

Separates network groups from one another

Scambles data

Translates private addresses to public addresses

What is firmware?

Instructions on an onboard chip to control basic operation

Software that performs malicious actions on a device/network

Security controls to make network infrastructure more secure

Security that prevents unauthorized action from occurring

What is NAC?

Security controls limiting access to network resources

Separating network groups from one another

Translating private IP address to public addresses

Have absolutely no idea

What are script kiddies?

Countermeasures deployed to reduce exposure to risk

Original documents used for evidence

Hackers who mostly run exploits/scripts written by others

Highly skilled hackers who target government servers

What is a natural disaster?

Artificial intelligence taking the internet offline

What happens when elephants escape from the circus

Disaster involving weather/environment that causes damage

Damage caused by human intervention

What is Type 2 authentication?

None of these choices

Involves what one knows (password, passcode, or PIN)

Involves what one does (fingerprint, retina -- biometrics)

Involves what one has (token, smartcard)

What is Type 1 authentication?

None of these choices

involves what one does (fingerprint, retina -- biometrics)

Involves what one has (token, smartcard)

Involves what one knows (password, passcode, or PIN)

What is evidence?

Damage caused by human intervention

Collection of info used to support a claim of an incident

Centralized standard for establishing trust for remote users

Copy of an original document used for evidence

What is CLI?

None of these

Countermeasure deployed to reduce exposure to risk

Security control that prevents unauthorized action

Text-based user interface for running commands

What do hacktivists do?

Hang glide from the tops of very tall mountains

Carry out cyber attacks to achieve ideological goals

Deploy security controls to secure network infrastructure

Little more than running exploit scrips written by others

What is secondary evidence?

Attack that involves an object that can been seen or touched

Database of malware signatures used for comparison

Original document to support a claim in case of cyber event

Copy of an original document used for evidence

What is a log file?

Common location for apps and OSs to record messages

Protocol used to communicate between browsers and servers

Database of malware signatures used for comparison

Weakness in a system, related to assets within the system

What is patching?

Translating a domain name into one or more IP addresses

Authentication requiring multiple types of credentials

Applying newer software to fix flaws & vulnerabilities

Filling highway potholes with an asphalt patch

What does SSH do?

Copies log file entries to a separate server

Translates IP addresses into physical MAC addresses

Supports secure, encrypted, remote communications

Runs multiple OSs simultaneously on a single computer

What is malware?

Damage caused by human intervention

Countermeasure deployed to reduce exposure to risk

Text-based user interface for running commands

Software that performs malicious actions on a device/network

What is a physical attack?

Attack that involves an object that can be seen or touched

Centralized standard for establishing trust for remote users

Copies log file entries to a server to make them read-only

Attack sending a message asking for information or action

What is GDPR?

Authentication requiring multiple types of credentials

EU regulation to protect the private data of EU citizens

Text-based user interface for running commands

Industry standards governing processing of payment card data

What is a cyber kill chain?

Security control that prevents unauthorized action

Detecting activity and generating an alert when it does

Framework that classifies and characterizes cyberattacks

Using a binary code segment to identify a malware program

What is availability?

Translating a domain name into one or more IP addresses

Damage caused by human intervention

Process giving subjects assurance to change/access object

Database of malware signatures used for comparison