Skip to main content

Cybersecurity

  • on a daily basis(在日常)
  • if it was compromised (如果受到入侵/危害)
  • Intellectual property (智財)
  • They can have a significantly negative impact on an organization if leaked publicly. (嚴重的負面影響;公開洩漏)
  • Examples of confidential data include proprietary information such as trade secrets, financial records, and sensitive government data. (專利資訊;商業秘密;財務紀錄)
  • Access to confidential data sometimes involves the signing of non-disclosure agreements (NDAs)
  • This data classification type is important for an organization’s ongoing business operations (持續營運)
  • Unauthorized access to sensitive data can cause significant damage to an organization’s finances and reputation. (未授權存取;重大損害;聲譽)
  • personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI)
  • Public data, Private data, Sensitive data, Confidential data
  • If an individual gains unauthorized access to private data(個人;未經授權存取)
  • Private data is information that should be kept from the public. (不可公開)
  • threats, risks, and vulnerabilities that are posed by social engineering attacks, such as phishing (由社交工程造成的...)
  • such as intellectual property, trade secrets, PII, and even financial information (智慧財產;商業機密;財務資訊)
  • helps you prepare for the worst-case scenario, even if it doesn't happen(對...做準備;最糟情況)
  • cybersecurity profession(網路安全領域)
  •  cybersecurity professionals(網路安全專家)
  • refine your understanding of key security concepts(精進/改進)
  • Writing code that assigns security incident tickets to the appropriate cybersecurity team based on its priority level. (寫程式依據優先等級分派資安事故單給合適的資安小組)
  • This results in DNS resolvers sending large responses to (導致)
  • which can lead to significant issues like unplanned downtime (導致; 重大問題; 意外停機)
  • can access restricted information (限制性的)
  • Security professionals are often tasked with reviewing log files(被要求/要負責/通常的任務)
  • Automate cybersecurity tasks with Python
  • removing usernames that match specific criteria from an access list.(特定標準)
  • Make sure your browser is up to date with the latest version(確認瀏覽器是最新的版本)
  • it might be used to determine whether or not to lock an account. (是否鎖定帳戶)
  • checks whether someone is allowed to access a particular file (是否...; 存取特定檔案)
  • improve efficiency; allow it to work effectively (提高效率; 有效運作)
  • use Python code to reduce the manual effort needed to manage an access control list(人工作業; )
  • Throughout this certificate you will use Qwiklabs and Jupyter Notebooks to complete hands-on activities(整個認證課程中;實作)
  • Security analysts can access Python through a variety of environments(各種環境)
  • The fast.log file is used for basic logging and alerting and is considered a legacy file format(視為...;傳統)
  • The Network-based IDS application inspects network traffic from different devices on the network(檢查/審視)
  • When suspicious or unusual network activity is detected(可疑的;不尋常的)
  • IDS (Intrusion Detection System) is an application that monitors activity and alerts on possible intrusions.(監視活動;可能入侵的告警)
  • Detection requires data, and this data can come from various data sources.(各種的)
  • It’s important to know how to read and interpret different log formats so that you can uncover the key details surrounding an event and identify unusual or malicious activity.(解讀;發掘;查明;不尋常)
  • logs provide key details about activities that occurred across an organization(發生)
  • logs record events that happen on a network, or system.(發生)
  • intrusion detection systems; intrusion prevent systems (IDS;IPS)
  • investigating an alert involving a possible network intrusion(網路入侵)
  • When an outage occurs due to a security incident(發生資安事件的停機)
  • Business Continuity Plan(BCP 營運持續計畫)
  • the three letters in the CIA triad stand for confidentiality, integrity, and availability(資安鐵三角;機密性;完整性;可用性)
  • ensure that you complete a thorough analysis so that you have enough information to make an informed decision about your findings.(徹底分析;做出明智的決定;發現)
  • you'll receive and assess the alert to determine if it's a false positive(評估;確定/決定;誤警報) 
  • which prioritizes incidents according to their level of importance or urgency.(重要等級或緊急程度)
  • Having previously investigated the file hash, it is confirmed to be a known malicious file.(之前調查過檔案雜湊值,證實這是已知的惡意檔案)
  • The email body and subject line contained grammatical errors.(語法錯誤)
  • Tedious, error-prone, or time-consuming tasks can be automated, while analysts can prioritize their time with other tasks.(繁瑣,容易出錯或耗時工作;優先處理...)
  • It is an example of a non-automated playbook, which requires step-by-step actions performed by an analyst.(非自動的手冊;一步一步動作)
  • This depicts the process for detecting a DDoS and begins with determining the indicators of compromise, like unknown incoming traffic.(首先確定入侵指標;)
  • Documentation must be regularly reviewed and updated to keep up with the evolving threat landscape. (文件必須定期審閱與更新,以跟上不斷演變的威脅形勢)
  • Incident response plans standardize an organization’s response process by outlining procedures in advance of an incident. (事件發生前)
  • If a malicious actor compromised a system, evidence must be available to determine their actions so that appropriate legal action can be taken. (採取適當的法律行動)
  • You observe a known user successfully authenticate a new device using two-factor (觀察到; 注意到)
  • Security terms
    • malicious actors (惡意行為者)
    • malicious activity (惡意活動)
    • attackers (攻擊者)
    • security incidents (資安事件;安全事件)
    • security analysts (資安分析師; 安全分析師)
    • security professionals (資安專家; 安全專家)  
    • security profession (資安專業領域)
    • the suspicious IP address (可疑的)
    • unusual processes (不尋常的)
  • IoCs may be the result of human error, system malfunctions, and other reasons not related to security. (人為錯誤; 系統故障)
  • baselines help establish a standard of expected or normal behavior for systems, devices, and networks. (基線)
  • baseline is a reference point that’s used for comparison. (baseline 是...)
  • Once something unusual or suspicious is detected (不尋常或可疑的東西)
  • How could the company prevent an incident like this from occurring again?(如何防範這類的事件再發生)
  • the stages of incident detection, investigation, analysis, and response(事故偵測;調查;分析;回應)
  • analyze the contents of captured packets(擷取的封包)
  • The app should be in compliance with PCI-DSS.(符合/遵守)
  • developers tend to focus on making their applications work correctly rather than protecting their products from injection.(往往更;讓...正常運作;而不是)
  •  Malware(惡意軟體)
    • Virus(病毒)
    • Worm(蠕蟲)
    • Trojan(木馬)
    • Ransomware(勒索軟體)
    • Spyware(間諜軟體)
  • analyzing the suspicious message(可疑的)
  • the group managed to gain access to the organization’s network and internal tools.(群體;成功取得...的存取)
  • Threat actors use many different tactics to carry out their attacks.(威脅行動者;手法;執行)
  • unauthorized access to restricted systems.(未經授權存取; 受限系統)
  • specific type of attacks that cybercriminals commonly use. (網路犯罪)
  • using fictitious emails to evaluate security awareness at the company. (安全意識)
  • Keeping software updated requires effort. (軟體保持更新需要付出努力)
  • Vulnerability scanners are meant to be non-intrusive. (應該; 非侵入性)
  • Examples of remediation steps might include things like enforcing (矯正)
  • We'll explore this step in more details (更多細節)
  • An employee reports that they cannot log into the payroll system with their access credentials. (無法登入; 存取帳密)
  • Symmetric and asymmetric encryption (對稱與非對稱加密)
  • keep private; keep safe (保持私密; 保持安全)
  • you'll review the controls in place to prevent data leaks. (現有的控制)
  • Periodically auditing those accounts is a key part of keeping your company’s systems secure.(定期; 保持...安全)
  • Score risks based on their severity (嚴重性)
  • So much of the global marketplace has shifted to cloud-based services. (轉移至)
  • As the environment continues to transform, (當...時候)
  • Don't get discouraged now; Don't let anyone discourage you from cybersecurity. (不要灰心)
  • Suppose you wanted to know what department the employee using ...(假設)
  • The principle of least privilege is the concept of granting only the minimal access and authorization required to complete a task or function. (最小權限原則)
  • we use u to represent the user, g to represent the group(表示; 代表)
  • its output indicates that the working directory is logs (顯示; 指示)
  • Although it took some practice and time to get used to, it has been one of the biggest tools ...(需要一些練習與時間來習慣)
  • you'll become much more familiar with(變得更加熟悉)
  • it might happen because we don't have the appropriate permissions to perform a command. (適合的)
  • misspelled the command(拼錯)
  • the bash shell is the most commonly used shell in the ...(最常使用的)
  • You might examine different types of logs to identify what's going on in the system. (檢查; 查明系統發生了什麼事)
  • Almost everyone learned on their own by experimenting (透過實驗自學)
  • These individuals will likely already have experience using GUIs (這些人; 可能)
  • security analysts commonly use a CLI in their everyday work (通常; 日常工作中)
  • using a GUI is more like ordering food from a restaurant. (更像)
  • Using virtual machines can also be an efficient and convenient way to perform security tasks. (也可以是有效率且方便的方式)
  • One more aspect to consider is that (還有一個考慮的方向是)
  • The OS is responsible for ensuring that each program is allocating and de-allocating resources. (負責; 釋放)
  • A variety of programs, tasks, and processes are ... (各式各樣)
  • The OS handles resource and memory management to ensure the limited capacity of the computer system is used where it's needed most. (電腦系統的有限容量; 最需要的地方)
  • make sure all the resources of the computer are used efficiently. (有效地)
  • Security analysts should be aware of vulnerabilities that affect operating systems. (應該要了解; 影響)
  • They run multiple applications at once (一次)
  • will be an essential part of your job as a security analyst. (基本部分工作)
  • The shared responsibility model states that the CSP must take responsibility for... (共同職責模式;規定) 
  • Brute force attacks are a trial-and-error process of guessing passwords. (暴力破解; 反覆試驗)
  • up-to-date; out-of-date (最新; 過期)
  • security hardening involves minimizing the attack surface or potential vulnerabilities and keeping a network as secure as possible. (安全強化; 涉及/包括; 攻擊表面; 潛在漏洞; 盡可能保持網路安全
  • refer to; referred to as (是指...; 這被稱為...)
    • Software as a service, refers to software suites operated by the CSP that a company can use remotely without hosting the software. 
    • it is referred to as a hybrid cloud environment.
  • Open-source tools and proprietary tools (專有/私有工具)
  • Analyst; Analysis; Analyze
    • As a security analyst
    • Splunk is a data analysis platform
    • Splunk Enterprise is a self-hosted tool used to retain, analyze and search the log data to provide security information and alert in real-time 
  • From there I managed to get myself into a security vendor and learn security (從那時開始, 我成功進入一家網路安全供應商學習網路安全)