CH01 Overview of Security Flashcards
You are at the doctor’s office and waiting for the physician to enter the room to examine you. You look across the room and see a pile of patient records on the physician’s desk. There is no one in the room and your curiosity has gotten the better of you, so you walk across the room and start reading through the other patient records on the desk. Which tenent of security have you just violated?
a. Authentication
b. Confidentiality
c. Integrity
d. Availability
b. Confidentiality.
Confidentiality ensures that data or information has not been disclosed to unauthorized people. In this case, you are not the doctor or the patient whose records you looked at, therefore, confidentiality has been breached.
You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123 (your account). The teller asks for your name and driver’s license before conducting this transaction. After she looks at your driver’s license, she thanks you for your business, pulls out $100 from the cash drawer, and hands you back the license and the $100 bill. What category best describes what the bank teller just did?
a. Accounting
b. Authorization
c. Authentication
d. Availability
c. Authentication
Authentication occurs when a person’s identity is established with proof and confirmed by a system. In this case, the bank teller verified you were the account holder by verifying your name and looking over your photo identification (driver’s license) prior to giving you the cash being withdrawn.
You are in the kitchen cooking dinner while your spouse is in the other room watching the news on the television. The top story is about how hackers have been able to gain access to one of the state’s election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but your spouse knows that you have been learning about hackers in your Security+ course and asks you, “Which type of hacker do you think would be able to do this?”
a. Hacktivists
b. Organized crime groups
c. APTs
d. Script Kiddies
c. APTs
APTs (Advanced Persistent Threats) are highly organized, well-funded, and often part of a nation state’s larger foreign policy and influence campaigns.
Hacktivists are usually political, but they are disorganized and don’t have the level of sophistication needed to hack into a well-defended government computer network like the election system.
While organized crime groups may have the sophistication to conduct the hack, they are usually more interested in conducting criminal actions to make money instead of getting involved in politics.
Script kiddies are low skilled hackers who can only use other people’s tools.
After analyzing and correlating activity from the firewall logs, server logs, and the intrusion detection system logs, a cybersecurity analyst has determined that a sophisticated breach of the company’s network security may have occurred from a group of specialized attackers in a foreign country over the past five months. Up until now, these cyberattacks against the company network had gone unnoticed by the company’s information security team. How would you best classify this threat?
a. Insider Threat
b. Spear phishing
c. Privilege escalation
d. Advanced persistent threat (APT)
d. Advanced persistent threat (APT)
OBJ-1.5: An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. An APT attack intends to steal data rather than to cause damage to the network or organization. An APT refers to an adversary’s ongoing ability to compromise network security, obtain and maintain access, and use various tools and techniques. They are often supported and funded by nation-states or work directly for a nation-states’ government. Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information. An insider threat is a malicious threat to an organization from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems. Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. While an APT may use spear phishing, privilege escalation, or an insider threat to gain access to the system, the scenario presented in this question doesn’t specify what method was used. Therefore, APT is the best answer to select.
A security analyst conducts a Nmap scan of a server and found that port 25 is open. What risk might this server be exposed to?
a. Web portal data leak
b. Open mail relay
c. Open file/print sharing
d. Clear text authentication
b. Open mail relay
OBJ-1.5: Port 25 is the default port for SMTP (Simple Message Transfer Protocol), which is used for sending an email. An active mail relay occurs when an SMTP server is configured in such a way that it allows anyone on the Internet to send email through it, not just mail originating from your known and trusted users. Spammers can exploit this type of vulnerability to use your email server for their benefit. File/print sharing usually operates over ports 135, 139, and 445 on a Windows server. Web portals run on ports 80 and 443. Clear text authentication could occur using an unencrypted service, such as telnet (23), FTP (20/21), or the web (80).
Which analysis framework provides a graphical depiction of the attacker’s approach relative to a kill chain?
a. OpenIC
b. MITRE ATT@CK framework
c. Diamond Model of Intrusion Analysis
d. Lockheed Martin cyber kill chain
c. Diamond Model of Intrusion Analysis
OBJ-4.2: The Diamond Model provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. The Diamond Model is constructed around a graphical representation of an attacker’s behavior. The MITRE ATT&CK framework provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors. The Lockheed Martin cyber kill chain provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate them. OpenIOC contains a depth of research on APTs but does not integrate the detection and mitigation strategy.