Information Assurance and Security/ Quiz

Name: _____________________________Course/Year_________________ Date __________________________

Identify the following items as Security Controls, Security Operation Center, Risk Assessment, Network Firewall, Email Spam, or
Penetration Testing. Enter your response in the box provided.

1. It is a security test that launches a mock cyberattack to find vulnerabilities in a computer system.
2. A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security,
using the same tools and techniques as an adversary might.
3. Should be viewed as a method for gaining assurance in your organisation's vulnerability assessment and management
processes, not as a primary method for identifying vulnerabilities.
4. Are used to identify the level of technical risk emanating from software and hardware vulnerabilities.
5. This can give confidence that the products and security controls tested have been configured in accordance with good practice
and that there are no common or publicly known vulnerabilities in the tested components, at the time of the test.
6. It is one of the easiest ways to predict how hackers might get into your system. It’s about remediating and changing your
processes to ensure vulnerabilities are addressed on a prioritized basis.
7. Identify possible network security attacks and vulnerable systems on wired or wireless networks. It helps to determine if there
are unknown perimeter points on the network, such as unauthorized remote access servers, or connections to insecure networks
of business partners.
8. It uses automation to identify security weaknesses in computer systems, networks, and applications. By conducting this
regularly, organizations can proactively address vulnerabilities, reducing the risk of cyberattacks and data breaches.
9. It is the process of detecting and evaluating security flaws in IT systems, networks, and software. This cuts across all verticals
of the organization’s IT ecosystem—including networks, endpoints, APIs, dependencies, in-house and third-party apps, and
other areas—and is done to protect against potential cyberattacks.
10. Way of finding security flaws and vulnerabilities, analyzing them and reporting on them. It discovers vulnerabilities during the
SDLC, they also scan hardware, software, networks and other systems.
11. AKA junk email, is an email sent without explicit consent from the recipient. Spam emails usually try to sell questionable
goods or are downright deceitful.
12. Refers to unsolicited messages sent out in bulk to a large list of recipients who didn’t sign up to join that particular mailing list.
13. They often advertise products and services, but they can also contain fraudulent incentives and offers.
14. Communication that can be sent automatically by a botnet or by human senders.
15. Typical method of committing email fraud. Primarily promotional, often harmless, in showcasing products or services to a
broad audience.
16. A network security device that monitors traffic to or from your network. It allows or blocks traffic based on a defined set of
security rules.
17. Security tool that focuses on monitoring, inspecting, and restricting traffic in and out of a network.
18. Built to protect private networks from unauthorized and unverified access through an internet connection.
19. Security tool that blocks illegitimate access to networks connected to the wider internet. The purpose is to create a protective
shield around data centers and critical workloads.
20. Is a security mechanism that tracks incoming data from a network to a computer system and determines whether it's allowed to
enter.
21. Focus on identifying the threats facing your information systems, networks, and data and assessing the potential consequences
you’d face should these adverse events occur.
22. This is done by looking at all the risks that certain applications, technologies, and processes that the company has integrated
into their system. By knowing about these systems, companies are able to assess the risk that goes along with them and use that
to their advantage when seeking information about the security.
23. Is A One-Time Task In Which Potential Risks Are Identified And Dealt With Immediately, Focusing Only On The Company's
Physical Security Measures.
24. Is a vital step in improving your security strategy.
25. An essential step in managing an organization to ensure compliance and avoid those risks from threatening the organization's
overall integrity. It is also the first step in taking proactive measures to improve your operations and maintain risk tolerance.
26. Command center for monitoring the information systems that an enterprise uses for its IT infrastructure.
27. Is a team of experts that proactively monitor an organization’s ability to operate securely.
28. Is a team of IT security professionals that protects the organization by monitoring, detecting, analyzing, and investigating cyber
threats.
29. Is a centralized unit responsible for monitoring and managing an organization's security posture.
30. It is typically staffed by security professionals who are responsible for identifying, responding to and mitigating security
threats.
31. Is a manipulation technique that exploits human error to gain private information, access, or valuables.
32. Uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
33. It is when bad actors gain the trust of their targets, so they lower their guard and give up sensitive information.
34. The art of manipulating, influencing, or deceiving you in order to gain control over your computer system.
35. In a cybersecurity context, social engineering is the set of tactics used to manipulate, influence, or deceive a victim into
divulging sensitive information.
36. Parameters implemented to protect the organization's data and assets.
37. Are measures that help reduce risk, such as breaches, data theft, and unauthorized changes to digital information.
38. List of actions and measurements that allow an organisation to prioritise their efforts in protecting themselves and their
important information against cybersecurity threats and personal data breaches.
39. Are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information,
 computer systems, or other assets.
40. In the field of information security, such controls protect the confidentiality, integrity and availability of information.