1 Overview of Security

Question 1

What is confidentiality

Answer 1

Information has not been disclosed to unauthorized people

Question 2

What is integrity

Answer 2

Information has not been modified or altered without proper authorization

Question 3

What is availability

Answer 3

Information is able to be stored, accessed, or protected at all times

Question 4

What is the AAA of security

Answer 4

Authentication, Authorization, and Accounting

Question 5

What is Authentication

Answer 5

When a person’s identity is established with proof and confirmed by a system

Question 6

What is an example of something you know

Answer 6

A password or pin

Question 7

What is an example of something you are

Answer 7

A fingerprint, retina scan, or voice

Question 8

What is an example of something you have

Answer 8

when you get a one-time passcode from your phone

Question 9

What is an example of something you do

Answer 9

Check in sheet

Question 10

What is an example of somewhere you are

Answer 10

log in through a vpn

Question 11

What is Authorization

Answer 11

Occurs when a user is given access to a certain piece of data or certain areas of a building

Question 12

What is Accounting

Answer 12

Tracking of data, computer usage, and network resources. Non-repudiation occurs when you have proof that someone has taken an action

Question 13

What are the different ways to mitigate threats

Answer 13

Physical Controls, Technical Controls, and Administrative Controls

Question 14

What are some examples of Physical Controls

Answer 14

Alarm systems, locks, surveillance cameras, identification cards, and security guards

Question 15

What are some examples of Technical Controls

Answer 15

Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication

Question 16

What are some examples of Administrative Controls

Answer 16

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans. User training is the most cost-effective security control to use

Question 17

What are the seven sections of the killchain

Answer 17

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control (C2), and Actions on Objectives

Question 18

What is Reconnaissance

Answer 18

The attacker determines what methods to use to complete the phases of the attack

Question 19

What is Weaponization

Answer 19

The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system

Question 20

What is Delivery

Answer 20

The attacker identifies a vector by which to transmit the weaponized code to the target environment

Question 21

What is Exploitation

Answer 21

The weaponized code is executed on the target system by this mechanism

Question 22

What is Installation

Answer 22

This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system

Question 23

What is Command & Control (C2)

Answer 23

The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack

Question 24

What are Actions on Objectives

Answer 24

The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives

Question 25

What is the MITRE ATT&CK framework

Answer 25

lists and explains specific adversary tactics, techniques, and common knowledge or procedures

Question 26

What is the Diamond Model of Intrusion Analysis

Answer 26

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim

Question 27

What are the different types of intelligence

Answer 27

Proprietary, Closed-source, and Open source

Question 28

What is the difference between proprietary and closed source intelligence

Answer 28

Proprietary intelligence is provided as a commercial service offering, often requiring a subscription. While Closed Source intelligence is mainly derived from the provider’s own research and analysis and is anonymized.

Question 29

What is threat hunting

Answer 29

a technique designed to detect presence of threat that have not been discovered by a normal security monitoring

Question 30

True or False: Is Threat hunting less disruptive than pen testing

Answer 30

True

Question 31

What are the steps to threat hunting

Answer 31

establishing a hypothesis, profiling threat actors and activities, use of tools

Question 32

What are the benefits of threat hunting

Answer 32

improve detection capabilities, integrate intelligence, reduces attack surface, block attack vectors, and identify critical assets