1: 6 Understanding Vulnerability Types

Question 1

What is the cybersecurity CIA Triad?

Answer 1

Confidentiality, Integrity, Availability

Question 2

Confidentiality

Answer 2

Protects information from unsecure eyes

Question 3

Integrity

Answer 3

Protects information from unauthorized modification

Question 4

Availability

Answer 4

Ensures information available when needed

Question 5

What are the different types of risks an organization might face due to cybersecurity threats?

Answer 5

Financial, Reputational, Strategic, Operational, Compliance

Question 6

Financial Risk

Answer 6

Monetary loss to the organization

Question 7

Reputational Risk

Answer 7

Loss of goodwill due to loss of reputation regarding an organization

Question 8

Strategic Risk

Answer 8

Jeopardizes the ability to meet our major goals and objectives

Question 9

Operational Risk

Answer 9

Threatens ability to carry out day-to-day activities

Question 10

Compliance Risk

Answer 10

Running afoul of regulatory or legal requirements

Question 11

End of Sale

Answer 11

Vendor will still support the product

Question 12

End of Support

Answer 12

Vendor will discontinue some/all support

Question 13

End of Life

Answer 13

Vendor will no longer release updates

Question 14

What are 2 risks associated with vendors?

Answer 14

Understaffed- Inadequate support for existing products

Embedded Systems not being disclosed

Question 15

Default Configurations

Answer 15

Using misconfigured firewalls, open permissions, default passwords, unsecured root accounts leading to vulnerabilities

Question 16

What is the best way to avoid default configuration vulnerabilities?

Answer 16

Follow documented security standards and baselines when configuring systems and applications

Question 17

Cryptographic Vulnerabilities

Answer 17

Weak cipher suites/weak cryptographic protocol implementations lead to vulnerable communications

Question 18

Patch Management

Answer 18

Ensures all systems get patches to avoid vulnerabilities

Question 19

Account Management

Answer 19

People can knowingly/accidentally cause damage with too much access

Question 20

Principle of least Privilege

Answer 20

Limiting the access of people to the minimum needed to complete their duties

Question 21

Architectural Vulnerabilities

Answer 21

Complex systems improperly designed

Question 22

What is the best way to protect against Architectural Vulnerabilities

Answer 22

Incorporate security requirements early

Question 23

System Sprawl

Answer 23

When devices not being disconnected after their use, leading to vulnerabilities. System sprawl is most dangerous when assets are undocumented .

Question 24

Which triad component does Disclosure Attacks target?

Answer 24

Confidentiality

Question 25

Which triad component does Alteration Attacks target?

Answer 25

Integrity

Question 26

Which triad component does Denial Attacks target?

Answer 26

Availability