701 - Chapter 6

Question 1

What is a threat actor?

Answer 1

Anyone who launches a cyber attack on others

Question 2

Who are attackers who are directly employed by or sponsored by a government called?

Answer 2

Nation state attackers

Question 3

Who is a threat actor type that is motivated by money?

Answer 3

Organized crime

Question 4

What is an organized and sophisticated group of threat actors called?

Answer 4

In advanced persistent threat APT

Question 5

This attacker uses existing computer scripts or code to launch attacks, they typically have very little expertise or sophistication and very little funding?

Answer 5

Unskilled attacker

Question 6

This attacker launches attacks as part of an activist movement or to further cause and raise awareness for that cause?

Answer 6

Hactivist

Question 7

This attacker has legitimate access to an organizations, internal resources, such as an employee of a company? What tool would be useful in combining an insider threat?

Answer 7

Insider threat… DLP tools by preventing these attackers from writing data to external media

Question 8

What are the three attacker attributes?

Answer 8

Internal versus external… resources and funding… level of sophistication and capability

Question 9

What are the ten threat actor motivations?

Answer 9

DATA exfiltration, disruption and chaos, financial gain, blackmail, service disruption, philosophical or political beliefs, ethical, revenge, espionage, war

Question 10

What are the paths that attackers use to gain access to computers and networks called?

Answer 10

Threat vectors

Question 11

This threat vector is frequently sent out as spam with malicious links or attachments?

Answer 11

Message based

Question 12

This threat vector occurs by embedding, malicious code within image files or using Steganography to hide data within an image?

Answer 12

Image based

Question 13

This threat vector involves malicious code hidden in Files such as documents or spreadsheets?

Answer 13

File based

Question 14

This threat vector includes phone based social engineering attacks where attackers impersonate trusted individuals or organizations into revealing sensitive information or granting access to secure systems?

Answer 14

Voice call

Question 15

This threat vector occurs when an attacker loads a virus or malware on an external device?

Answer 15

Removable device

Question 16

This threat vector targets vulnerabilities in software applications? What types of these are especially vulnerable?

Answer 16

Software based… unsupported applications

Question 17

This threat vector targets vulnerabilities in computer systems, such as operating systems, vulnerable applications, hardware issues, open service, ports, or default credentials?

Answer 17

System-based

Question 18

This threat vector exploits weaknesses Through unsecured wired or wireless networks or vulnerable Bluetooth connections or even eavesdropping on traffic?

Answer 18

Network based

Question 19

This threat vector targets the relationships between organizations and their managed service providers, vendors or suppliers?

Answer 19

Supply chain

Question 20

What is the term for all of the threat vectors that an organization is exposed to other words all the way that attacker might come after them?

Answer 20

The attack surface

Question 21

What refers to any unauthorized system or application within an organization, including cloud services? And why does this increase risk for an organization?

Answer 21

Shadow IT… because these systems aren’t always well managed

Question 22

What is the term for a wide range of software that has malicious intent called?

Answer 22

Malware

Question 23

What are some symptoms that your system is infected with malware?

Answer 23

It is running slower, starting unknown processes, sending out email without user action, rebooting randomly

Question 24

True or false virus and malware are the same thing?

Answer 24

False a virus is a specific type of malware, and there are many other types of malware

Question 25

This malware type is malicious code that attaches itself to a host application and executes when the host application executes?

Answer 25

A virus

Question 26

This malware type is self replicating and travels through a network without assistance of a host application or user interaction? What is one of the significant problems caused by this malware type?

Answer 26

A worm… they consume network bandwidth which can negatively impact the performance of the network

Question 27

This malware type is a string of code embedded into an application or script that will execute in response to an event or date and time?

Answer 27

Logic bomb

Question 28

The malware type appears is something beneficial, but actually it’s something malicious? What are the typical ways that this malware gets onto a system?

Answer 28

A Trojan horse… drive-by downloads, fake antivirus software, pirated software, browser extensions

Question 29

This is a type of malware that allows attackers to control systems from remote locations and is often delivered via drive-by, downloads or malicious attachments and emails?

Answer 29

A remote access Trojan RAT

Question 30

This type of malware will capture a users key strokes? What is one method that can stop it?

Answer 30

Key loggers… two factor authentication

Question 31

This type of malware is installed on user systems without their awareness or consent , and it’s purpose is often to monitor the users, computer and their activity?

Answer 31

Spyware

Question 32

This type of malware gains administrative access on the system to provide the attacker with admin privileges, and can be difficult to find because it hides its running processes to avoid detection?

Answer 32

Rootkit

Question 33

What makes root kits so dangerous?

Answer 33

They have system level or kernel access and can modify system files and system access

Question 34

With a root kit, what technique is used to intercept calls to the operating system, It’s events or messages, and uses these to control the systems behavior?

Answer 34

Hooking

Question 35

What kind of tool can help find a rootkits hidden hooked processes?

Answer 35

Tools that can inspect RAM

Question 36

This is a type of malware that allows the attacker to take control of a computer and data, locking out its users until the user pays the fee to unlock it? More and more, attackers are increasingly targeting who with this?

Answer 36

Ransomware… hospitals, cities, and other large organizations

Question 37

This type of malware describes programs a user may not want even if they consented to downloading them?

Answer 37

Bloatware

Question 38

What are five potential indicators of a malware attack?

Answer 38

Extra traffic, #DATA exfiltration, encrypted traffic, traffic to specific IPs, outgoing spam

Question 39

What is the practice of using social tactics to gain information called?

Answer 39

Social engineering

Question 40

What are the four ways that social engineering attacks can occur?

Answer 40

In person, over the phone, while surfing the Internet, via email

Question 41

What can help prevent shoulder surfing and how do they work?

Answer 41

Screen filters by obscuring peoples view, unless they are directly in front of the monitor

Question 42

What is the social engineering attack where the attacker attempts to act as somebody else? And what is a good way to prevent this attack?

Answer 42

Impersonation… identity verification

Question 43

What is the social engineering attack where the attacker looks over the Persians shoulder to gain information?

Answer 43

Shoulder surfing

Question 44

What is the social engineering attack where the attacker provides false information to their Target in order to influence them to take an action or disclose information? What is an example of this?

Answer 44

Disinformation… hoaxes

Question 45

What is the social engineering attack where the attacker follows closely behind another person without showing credentials? What is used to prevent this attack?

Answer 45

Tailgating and piggybacking … an access control vestibule/mantrap or a turnstile

Question 46

What is the social engineering attack where the attacker searches through trash or recycling containers to gain information from discarded documents? What prevents this?

Answer 46

Dumpster diving… shredding or burning papers instead of throwing them away

Question 47

What is the social engineering attack where the attacker attempts to discover which websites a group of people are likely to visit and then will infect those websites with malware that can then infect the visitors?

Answer 47

A watering hole attack

Question 48

What is the social engineering attack where the attacker seeks to exploit the trust and authority of high-level executives or other key personnel within an organization?

Answer 48

Business email compromise BEC

Question 49

What are some ways to defend against a BEC attack?

Answer 49

Implement strong email security measures, provide employee training on how to recognize and respond to suspicious emails, establish clear procedures for verifying and authorizing sensitive request

Question 50

What is the social engineering attack where the attacker buys a domain name that is similar name to a legitimate domain name?

Answer 50

Typosquatting

Question 51

What are three reasons why an attacker may attempt typosquatting?

Answer 51

Hosting a malicious website for drive-by malware, earning ad revenue, reselling the domain name for a large profit

Question 52

What is the social engineering attack where the attacker pose as a well-known and trusted company or brand to deceive their targets? What is an example of this?

Answer 52

Brand impersonation… a fake website or email that closely resembles a popular retailer bank or technology company

Question 53

What is the social engineering attack where the attacker gathers information without asking for it directly? How did they do this?

Answer 53

Elicitation… they start by gaining trust and building rapport and then use techniques to gather information

Question 54

What is the social engineering attack where the attacker makes up a convincing story or scenario to manipulate a Target into providing sensitive information or granting access to restricted systems or areas? How do you defend against this attack?

Answer 54

Pre-texting… educate employees about the risks and tactics associated with social engineering, Verifying the identity of an individual requesting information, implementing strict policies and procedures for handling sensitive information and access request

Question 55

What is unwanted or unsolicited email called?

Answer 55

Spam

Question 56

What is unwanted messages over instant messaging IM channels? What is one challenge with it?

Answer 56

Spam over instant messaging SPIM… it bypasses typical antivirus and spam filters

Question 57

What is the practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link?

Answer 57

Phishing

Question 58

What is a more targeted form of fishing that targets specific groups of users or even a single user? What can deter it?

Answer 58

Spearfishing… using digital signatures for email signing

Question 59

What is a form of spearfishing that attempts to Target high-level executives?

Answer 59

Whaling

Question 60

What is an attack that uses the phone system to trick users into giving up personal and financial information? What technology is often used for this type of attack?

Answer 60

Vishing …VOIP…

Question 61

What is the form of fishing that uses text instead of email?

Answer 61

Smishing

Question 62

What is the form of fishing that uses text instead of email?

Answer 62

Smishing

Question 63

What kind of software detect and removes malware such as viruses Trojans and worms?

Answer 63

Antivirus software

Question 64

What are the two methods that antivirus software uses to detect malware?

Answer 64

Signature based to detect known malware and heuristic based to detect previously unknown malware

Question 65

What can identify changes to system files? And how do they work and what kind of infection can they detect?

Answer 65

File integrity monitors… They calculate hashes on the system files as a baseline, and then periodically recheck the hashed values of those files to see if they are different… root kit infections

Question 66

What makes social engineering so effective?

Answer 66

Because they use psychology, base techniques to overcome user objections

Question 67

What techniques do social engineers use?

Answer 67

Authority figure, intimidation, faking, scarcity, creating a sense of urgency, establishing familiarity, creating a sense of trust

Question 68

What is the evidence called that a cyber attack is happening or has happened?

Answer 68

Indicators of compromise

Question 69

What is OSINT? And how is it used?

Answer 69

Open source intelligence… it is used by cyber security professionals and attackers to learn about vulnerabilities, how attackers exploit them, and how organizations can protect against the threats