DoD Cyber Awareness Quiz & Flashcards

A firewall is designed to prevent unauthorized access to or from a private network.

Two-factor authentication adds an extra layer of security by requiring two distinct forms of verification.

Social engineering tricks individuals into revealing confidential information; phishing is a common method.

Encryption secures data by converting it into a format that is unreadable without a decryption key.

Unexpected email attachments are a common tactic used in phishing to deliver malware or gather information.

Complex passwords are harder to crack, which helps prevent unauthorized access to accounts.

A VPN creates a secure and encrypted connection over the internet, protecting data privacy.

Security patches are updates that fix vulnerabilities in software to prevent exploitation.

The principle of least privilege means giving users the minimum level of access necessary for their work.

An insider threat originates from within the organization, often by someone with legitimate access to systems.

An intrusion detection system monitors network traffic for suspicious activity and alerts administrators.

Worms can self-replicate and spread across networks without user action, unlike viruses.

User education empowers individuals to identify and avoid potential cyber threats effectively.

Ransomware is malicious software that encrypts files and demands a ransom for the decryption key.

Social media can reveal personal information that attackers can use for social engineering or identity theft.

A DoS attack floods a system with traffic, making it unavailable to users.

Network segmentation divides a network into parts to limit access and help contain potential breaches.

Public Wi-Fi networks can allow attackers to intercept data, leading to potential security breaches.

Encryption protects email content by ensuring that only intended recipients can decrypt and read it.

Zero-day vulnerabilities are unpatched security flaws that attackers can exploit before a fix is available.

Cybersecurity frameworks offer structured guidelines to help organizations manage and improve security practices.

Backups ensure that data can be recovered after incidents like ransomware attacks or hardware failures.

MFA enhances security by requiring multiple methods of verification before access is granted.

Cyber hygiene involves regular practices and steps taken to maintain system health and improve security.

Unpatched software can have vulnerabilities that attackers exploit to compromise systems.

Cybersecurity audits assess the effectiveness of security policies and practices within an organization.

Access control systems limit access to resources based on permissions and user roles.

A brute force attack tries many combinations to guess passwords and gain unauthorized access.

Regular security assessments help identify vulnerabilities and ensure that security measures remain effective.

APTs are stealthy and focus on maintaining a long-term presence within a target's network.

A cybersecurity policy outlines an organization's strategies, objectives, and procedures for security management.

Training helps users recognize and react appropriately to potential cyber threats, reducing risk.

A security token is a physical device used to authenticate a user before granting access to a system.

A security incident is any event that compromises integrity, while a breach is the confirmed exposure or theft of data.

SSL encrypts data transferred between a web server and a browser, ensuring privacy and security.

Data breaches can lead to reputational damage, financial loss, and legal consequences for organizations.

A keylogger is malicious software that records keystrokes to capture sensitive information like passwords.

Incident response plans offer a structured approach to handling and mitigating security incidents effectively.

Penetration testing involves simulating attacks to identify and address vulnerabilities in a system.

Encryption protects data integrity by ensuring it remains unchanged during transmission.

A strong security culture encourages awareness and proactive behavior towards identifying and preventing cyber threats.

Authentication verifies who you are, while authorization determines what you can access.

Remote work can increase cybersecurity risks if secure connections and protocols are not properly implemented.

Advanced persistent threats are stealthy and focus on maintaining a long-term presence within the target's network.

An intrusion detection system monitors network traffic for suspicious activity and alerts administrators to potential threats.

The primary goal of DoD cyber awareness training is to protect sensitive information and systems from unauthorized access or attacks.

Security patches fix vulnerabilities in software to prevent exploitation and enhance system security.

A phishing email is a common example of a social engineering attack, tricking users into revealing sensitive information.