Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ Comp TIA > Ch 5 Threat Actors, Vectors, & Intelligence Sources > Flashcards

Ch 5 Threat Actors, Vectors, & Intelligence Sources Flashcards

1
Q

Advanced Persistent Threats (APTs) Attack

A
  • Characterized by using toolkits to achieve a presence on a target network, and instead of just moving to steal information, focusing on the long game by maintaining a persistent presence on the network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Insider Threats

A
  • Insiders may already have all the access they need to perpetrate criminal activity such as fraud.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

State Actors

A
  • Employed by the government to compromise or gain access to the intelligence data of targeted governments.
  • Often carryout APT attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Hacktivists

A

Hackers working together for a collectivists effort, typically on behalf of some cause.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Script Kiddies

A
  • Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hackers

A
  • Anyone who improperly uses computers, including criminals.
  • Current categories of Hackers include authorized, unauthorized, and semi-authorized.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Criminal Syndicates

A
  • Organized crime groups that have more money to spend on accomplishing the criminal activity.
  • These groups usually fall into the structured threat category.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authorized Hackers

A
  • “White Hat” hackers serving as consultants chasing vulnerabilities or performing penetration tests.
  • Uses the same tools as a regular hacker but doing so with permissions so that a firm can learn its weakness and fix them.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Unauthorized Hackers

A
  • Considered to be “Black Hat” hackers act in an unauthorized manner and violate laws causing risk to systems.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Semi-authorized Hackers

A
  • “Gray Hat” hackers may perform the same actions as a “White Hat” hacker and “Black Hat” hacker.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Shadow IT

A
  • Groups perform that perform their own IT functions, when central IT does not respond in a reasonable time frame.
  • Because it is outside the control of central IT, the IT systems are not in the same realm of protection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Competitors

A
  • Other businesses that attack other firms IT processes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Attributes of Actors - Internal/External

A
  • Internal actors have access to the system where as external actors have to take extra steps.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attributes of Actors - Resources/Funding

A
  • Criminal organizations and nation-states have larger budgets, bigger teams, and the ability to pursue campaigns for longer periods of time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attributes of Actors - Level of Sophistication/Capability

A
  • As the skill level goes up, so too does the use of minimal methods.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Attributes of Actors - Intent/Motivation

A
  • A more skilled threat actor is usually pursuing a specific objective.
15
Q

Attributes of Actors - Vectors

A
  • The attacker has direct access to the system.
  • Only give the necessary permissions and blocking all others.
  • All outside input is treated as dangerous until proven otherwise.
16
Q

Wireless

A
  • Through wireless, the attacker no longer needs have direct physical access to the network.
17
Q

Supply Chain

A
  • An attacker finds a means by which they can get their attack code into the supply chain for a product or an update.
  • Cannot be stopped just by policy and contracts.
17
Q

E-Mail

A
  • One of the preferred vectors for social engineering attacks.
  • Users may click on links or open the attachments delivers the payload.
18
Q

Social Media

A
  • Connects an attacker directly to a user.
  • Many of the usual security checks normally used are not present.
19
Q

Removable Media

A
  • Typically in the form of USBs.
  • An attacker takes a USB storage device and puts the attacking module on it so that it can be executed.
20
Q

Cloud

A
  • Cloud servers and storage can be considered attack vectors if your cloud agreement does not include antivirus protections on files.
21
Q

Threat Intelligence Sources

A
  • The gathering of information from a variety of sources which can include open source to proprietary of specialized sources.
22
Q
A

Security+ Comp TIA (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions