Cybersecurity
-
(想要知道有多少員工經常點選釣魚電子郵件。目標是找出哪五個部門最常點選這些電子郵件。)
- on a daily basis(在日常)
-
- if it was compromised (如果受到入侵/危害)
- Intellectual property (智財)
- They can have a significantly negative impact on an organization if leaked publicly. (嚴重的負面影響;公開洩漏)
- Examples of confidential data include proprietary information such as trade secrets, financial records, and sensitive government data. (專利資訊;商業秘密;財務紀錄)
- Access to confidential data sometimes involves the signing of non-disclosure agreements (NDAs)
- This data classification type is important for an organization’s ongoing business operations (持續營運)
- Unauthorized access to sensitive data can cause significant damage to an organization’s finances and reputation. (未授權存取;重大損害;聲譽)
- personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI)
- Public data, Private data, Sensitive data, Confidential data
- If an individual gains unauthorized access to private data(個人;未經授權存取)
- Private data is information that should be kept from the public. (不可公開)
- threats, risks, and vulnerabilities that are posed by social engineering attacks, such as phishing (由社交工程造成的...)
- such as intellectual property, trade secrets, PII, and even financial information (智慧財產;商業機密;財務資訊)
- helps you prepare for the worst-case scenario, even if it doesn't happen(對...做準備;最糟情況)
- cybersecurity profession(網路安全工作)
- cybersecurity professionals(網路安全專家)
- cybersecurity field(網路安全領域)
- refine your understanding of key security concepts(精進/改進)
- Writing code that assigns security incident tickets to the appropriate cybersecurity team based on its priority level. (寫程式依據優先等級分派資安事故單給合適的資安小組)
- This results in DNS resolvers sending large responses to (導致)
- which can lead to significant issues like unplanned downtime (導致; 重大問題; 意外停機)
- can access restricted information (限制性的)
- Security professionals are often tasked with reviewing log files(被要求/要負責/通常的任務)
- Automate cybersecurity tasks with Python
- removing usernames that match specific criteria from an access list.(特定標準)
- Make sure your browser is up to date with the latest version(確認瀏覽器是最新的版本)
- it might be used to determine whether or not to lock an account. (是否鎖定帳戶)
- checks whether someone is allowed to access a particular file (是否...; 存取特定檔案)
- improve efficiency; allow it to work effectively (提高效率; 有效運作)
- use Python code to reduce the manual effort needed to manage an access control list(人工作業; )
- Throughout this certificate you will use Qwiklabs and Jupyter Notebooks to complete hands-on activities(整個認證課程中;實作)
- Security analysts can access Python through a variety of environments(各種環境)
- The fast.log file is used for basic logging and alerting and is considered a legacy file format(視為...;傳統)
- The Network-based IDS application inspects network traffic from different devices on the network(檢查/審視)
- When suspicious or unusual network activity is detected(可疑的;不尋常的)
- IDS (Intrusion Detection System) is an application that monitors activity and alerts on possible intrusions.(監視活動;可能入侵的告警)
- Detection requires data, and this data can come from various data sources.(各種的)
- It’s important to know how to read and interpret different log formats so that you can uncover the key details surrounding an event and identify unusual or malicious activity.(解讀;發掘;查明;不尋常)
- logs provide key details about activities that occurred across an organization(發生)
- logs record events that happen on a network, or system.(發生)
- intrusion detection systems; intrusion prevent systems (IDS;IPS)
- investigating an alert involving a possible network intrusion(網路入侵)
- When an outage occurs due to a security incident(發生資安事件的停機)
- Business Continuity Plan(BCP 營運持續計畫)
- the three letters in the CIA triad stand for confidentiality, integrity, and availability(資安鐵三角;機密性;完整性;可用性)
- ensure that you complete a thorough analysis so that you have enough information to make an informed decision about your findings.(徹底分析;做出明智的決定;發現)
- you'll receive and assess the alert to determine if it's a false positive(評估;確定/決定;誤警報)
- which prioritizes incidents according to their level of importance or urgency.(重要等級或緊急程度)
- Having previously investigated the file hash, it is confirmed to be a known malicious file.(之前調查過檔案雜湊值,證實這是已知的惡意檔案)
- The email body and subject line contained grammatical errors.(語法錯誤)
- Tedious, error-prone, or time-consuming tasks can be automated, while analysts can prioritize their time with other tasks.(繁瑣,容易出錯或耗時工作;優先處理...)
- It is an example of a non-automated playbook, which requires step-by-step actions performed by an analyst.(非自動的手冊;一步一步動作)
- This depicts the process for detecting a DDoS and begins with determining the indicators of compromise, like unknown incoming traffic.(首先確定入侵指標;)
- Documentation must be regularly reviewed and updated to keep up with the evolving threat landscape. (文件必須定期審閱與更新,以跟上不斷演變的威脅形勢)
- Incident response plans standardize an organization’s response process by outlining procedures in advance of an incident. (事件發生前)
- If a malicious actor compromised a system, evidence must be available to determine their actions so that appropriate legal action can be taken. (採取適當的法律行動)
- You observe a known user successfully authenticate a new device using two-factor (觀察到; 注意到)
- Security terms
- malicious actors (惡意行為者)
- malicious activity (惡意活動)
- attackers (攻擊者)
- security incidents(資安事件;安全事件)
- security analysts(資安分析師; 安全分析師)
- security professionals(資安專家; 安全專家)
- security profession(資安工作)
- security field(資安領域)
- the suspicious IP address (可疑的)
- unusual processes (不尋常的)
- IoCs may be the result of human error, system malfunctions, and other reasons not related to security. (人為錯誤; 系統故障)
- baselines help establish a standard of expected or normal behavior for systems, devices, and networks. (基線)
- A baseline is a reference point that’s used for comparison. (baseline 是...)
- Once something unusual or suspicious is detected (不尋常或可疑的東西)
- How could the company prevent an incident like this from occurring again?(如何防範這類的事件再發生)
- the stages of incident detection, investigation, analysis, and response(事故偵測;調查;分析;回應)
- analyze the contents of captured packets(擷取的封包)
- The app should be in compliance with PCI-DSS.(符合/遵守)
- developers tend to focus on making their applications work correctly rather than protecting their products from injection.(往往更;讓...正常運作;而不是)
- Malware(惡意軟體)
- Virus(病毒)
- Worm(蠕蟲)
- Trojan(木馬)
- Ransomware(勒索軟體)
- Spyware(間諜軟體)
- analyzing the suspicious message(可疑的)
- the group managed to gain access to the organization’s network and internal tools.(群體;成功取得...的存取)
- Threat actors use many different tactics to carry out their attacks.(威脅行動者;手法;執行)
- unauthorized access to restricted systems.(未經授權存取; 受限系統)
- specific type of attacks that cybercriminals commonly use. (網路犯罪)
- using fictitious emails to evaluate security awareness at the company. (安全意識)
- Keeping software updated requires effort. (軟體保持更新需要付出努力)
- Vulnerability scanners are meant to be non-intrusive. (應該; 非侵入性)
- Examples of remediation steps might include things like enforcing (矯正)
- We'll explore this step in more details (更多細節)
- An employee reports that they cannot log into the payroll system with their access credentials. (無法登入; 存取帳密)
- Symmetric and asymmetric encryption (對稱與非對稱加密)
- keep private; keep safe (保持私密; 保持安全)
- you'll review the controls in place to prevent data leaks. (現有的控制)
- Periodically auditing those accounts is a key part of keeping your company’s systems secure.(定期; 保持...安全)
- Score risks based on their severity (嚴重性)
- So much of the global marketplace has shifted to cloud-based services. (轉移至)
- As the environment continues to transform, (當...時候)
- Don't get discouraged now; Don't let anyone discourage you from cybersecurity. (不要灰心)
- Suppose you wanted to know what department the employee using ...(假設)
- The principle of least privilege is the concept of granting only the minimal access and authorization required to complete a task or function. (最小權限原則)
- we use u to represent the user, g to represent the group(表示; 代表)
- its output indicates that the working directory is logs (顯示; 指示)
- Although it took some practice and time to get used to, it has been one of the biggest tools ...(需要一些練習與時間來習慣)
- you'll become much more familiar with(變得更加熟悉)
- it might happen because we don't have the appropriate permissions to perform a command. (適合的)
- I misspelled the command(拼錯)
- the bash shell is the most commonly used shell in the ...(最常使用的)
- You might examine different types of logs to identify what's going on in the system. (檢查; 查明系統發生了什麼事)
- Almost everyone learned on their own by experimenting (透過實驗自學)
- These individuals will likely already have experience using GUIs (這些人; 可能)
- security analysts commonly use a CLI in their everyday work (通常; 日常工作中)
- using a GUI is more like ordering food from a restaurant. (更像)
- Using virtual machines can also be an efficient and convenient way to perform security tasks. (也可以是有效率且方便的方式)
- One more aspect to consider is that (還有一個考慮的方向是)
- The OS is responsible for ensuring that each program is allocating and de-allocating resources. (負責; 釋放)
- A variety of programs, tasks, and processes are ... (各式各樣)
- The OS handles resource and memory management to ensure the limited capacity of the computer system is used where it's needed most. (電腦系統的有限容量; 最需要的地方)
- make sure all the resources of the computer are used efficiently. (有效地)
- Security analysts should be aware of vulnerabilities that affect operating systems. (應該要了解; 影響)
- They run multiple applications at once (一次)
- will be an essential part of your job as a security analyst. (基本部分工作)
- The shared responsibility model states that the CSP must take responsibility for... (共同職責模式;規定)
- Brute force attacks are a trial-and-error process of guessing passwords. (暴力破解; 反覆試驗)
- up-to-date; out-of-date (最新; 過期)
- security hardening involves minimizing the attack surface or potential vulnerabilities and keeping a network as secure as possible. (安全強化; 涉及/包括; 攻擊表面; 潛在漏洞; 盡可能保持網路安全
- refer to; referred to as (是指...; 這被稱為...)
- Software as a service, refers to software suites operated by the CSP that a company can use remotely without hosting the software.
- it is referred to as a hybrid cloud environment.
- Open-source tools and proprietary tools (專有/私有工具)
- Analyst; Analysis; Analyze
- As a security analyst
- Splunk is a data analysis platform
- Splunk Enterprise is a self-hosted tool used to retain, analyze and search the log data to provide security information and alert in real-time
- From there I managed to get myself into a security vendor and learn security (從那時開始, 我成功進入一家網路安全供應商學習網路安全)