2 - Cybersecurity Threat Landscape Flashcards

Explain the following: threats actors, vectors, and intel sources; and know security concerns associated with various vulnerabilities

1
Q

What measures are commonly used to assess threat intelligence?

A

Timeliness, Accuracy, and Relevance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What language is STIX based on?

A

XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Kolin is a penetration tester. Kolin is working to gain access to a system that belongs to the hospital. What term best describes Kolin’s work?

A

White Hat (Hacking)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What kind of Attack is most likely to be associated with an APT (advanced persistent threat)?

A

Nation-state Actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?

A

ISACs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which threat actor typically has the greatest access to resources (time, money, skill)?

A

Nation-state Actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which threat vector is most commonly exploited by attackers who are at a distant location?

A

Email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who is a good example of a hacktivist group?

A

Anonymous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of assessment is particularly useful for identifying insider threats?

A

Behavioral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cindy wants to send threat info via a standardized protocol specifically designed to exchange cyber threat info. What should she use?

A

TAXII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Greg believes an attacker installed malicious firmware in a network device before it was provided to his org by the supplier. What type of threat vector best describes this attack?

A

Supply Chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ken is doing threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?

A

Internet RFCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Wendy is scanning cloud-based repositories for sensitive info. What should concern her MOST, if discovered in a public repository?

A

API Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What threat research tool is used to visually display info about the location of threat actors?

A

Threat Map

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their compromised systems. What term best describes this info?

A

IoC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ursula recently discovered that developers are sharing info over a messaging tool provided by a cloud vendor that’s not sanctioned by their org. What term best describes this use of technology?

A

Shadow IT

17
Q

Tom’s org recently learned that a vendor is discontinuing support for their customer relationship management system. What should concern Tom most from a security perspective?

A

Unavailability of Future Patches

18
Q

What information sources are considered OSINT sources?

A

DSN Look-Up Services, Search Engine Research, and WHOIS Queries

19
Q

Edward Snowden was a gov contractor who disclosed sensitive government documents to journalists to uncover what he believe were unethical activities. What terms describe Snowden’s activities from a security perspective?

A

Insider & Hacktivist

20
Q

Renee is a cybersecurity hobbyist. She discovers that the URLs for her son’s school’s grade-viewing website contain ID numbers in the web addresses. She immediately reports this finding to the principle. What term best describe Renee’s good work?

A

Gray-hat (Hacking)