Security Threats and Vulnerabilities Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Adware | Software that automatically displays or downloads advertisements, sometimes malicious |
| Botnet | A network of compromised devices controlled remotely to launch attacks like DDoS |
| Brute Force Attack | Attempting to guess passwords or encryption keys through repeated trials |
| Cross-Site Scripting (XSS) | An attack where malicious scripts are injected into trusted websites to target users |
| DDoS Attack | Distributed Denial of Service attack that overwhelms a server or network with traffic to disrupt operations |
| Insider Threat | A security threat originating from within an organization, like careless or malicious employees |
| Malware | Malicious software such as viruses, worms, trojans, or ransomware designed to harm or exploit systems |
| MitM Attack (Man-in-the-Middle) | An attack where attackers intercept and alter communication between two parties |
| Phishing | A social engineering attack where attackers trick users into revealing sensitive information or credentials |
| Privilege Escalation | Exploiting a vulnerability to gain unauthorized access to higher system privileges |
| Rainbow Table Attack | Using precomputed hash values to crack passwords quickly |
| Ransomware | Malware that encrypts data and demands payment for its decryption |
| Shoulder Surfing | Physically observing personal information like passwords or PINs while the victim types |
| Social Engineering | Manipulating individuals to reveal confidential or sensitive information |
| Spyware | Malware that secretly monitors and collects user activity and information |
| SQL Injection | An attack where an attacker inserts malicious SQL queries into input fields to manipulate databases |
| Trojan Horse | A type of malware disguised as legitimate software to gain access to systems |
| Unpatched Software | Software vulnerabilities left unaddressed due to missing updates or patches |
| Weak Passwords | Easily guessable passwords that can expose systems to unauthorized access |
| Zero-Day Vulnerability | A software vulnerability unknown to the vendor, making it exploitable before detection or patching |
About the Flashcards
Flashcards for the ISC2 Certified in Cybersecurity (CC) exam provide a quick way to recall essential cybersecurity threats and attack vectors tested on the assessment. The deck defines phishing, malware variations like ransomware and spyware, and exploits such as SQL injection, cross-site scripting, and zero-day vulnerabilities, ensuring you recognize how attackers compromise systems and data.
Study cards also highlight distributed denial-of-service attacks, man-in-the-middle interceptions, botnets, brute-force and rainbow-table password cracking, privilege escalation, and the risks of weak passwords, unpatched software, and insider threats. Reviewing these concise definitions helps you quickly connect terminology to real-world scenarios and reinforce the key ideas likely to appear on exam questions.
Topics covered in this flashcard deck:
- Malware types
- Web application attacks
- Social engineering
- Password security
- Network denial-of-service
- Insider & privilege risks