Chap 2

Question 1

What is involved in a security assessment?

Answer 1

• Vulnerability
• Threat
• Risk

Question 2

What is a Vulnerability?

Answer 2

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach

Question 3

What is a Threat?

Answer 3

The Potential for someone or something to exploit a vulnerability and breach security.

Question 4

A security threat can be intentional and unintentional. T/F

Answer 4

True

Question 5

What is a threat actor/agent?

Answer 5

A person or thing that poses a threat

Question 6

What is an attack vector?

Answer 6

A path or tool used by a malicious threat actor/agent

Question 7

What is a Risk?

Answer 7

The likelihood and impact (or consequence) of a threat actor exploiting a vulnerability.

Question 8

What is involved when analyzing Cyber Security threats?

Answer 8

Identifying the attributes of threat actors in terms of location, intent and capability.

Question 9

What is classified as an external threat actor?

Answer 9

The threat actor has no account or authorized access to the target system.

Question 10

What is classified as an internal threat actor?

Answer 10

Threat actor that has been granted permissions on the system.

Question 11

What is classified as intent?

Answer 11

Intent is what an attacked hopes to achieve from the attack

Question 12

What is classified as motivation?

Answer 12

Motivation is the attacker’s reason for perpetrating the attack.

Question 13

How can a threat be characterized?

Answer 13

structured/ unstructured (targeted vs opportunistic)

Question 14

Where do the most capable threat actors receive funding from?

Answer 14

Nation states and criminal syndicates.

Question 15

What is a hacker?

Answer 15

Individual who has the skill to gain access to computer systems through unauthorized or unapproved means.

Question 16

What is a black hat hacker?

Answer 16

An unauthorized hacker.

Question 17

What is a white hat hacker?

Answer 17

An authorized hacker.

Question 18

What is a grey hat hacker?

Answer 18

Semi-authorized in the sense they will look for vulnerabilities without authorization but will not exploit them.

Question 19

What is a script kiddie?

Answer 19

Someone who uses hacker tools without necessarily understanding how they work or having the ability to craft new attacks.

Question 20

What is a hacktivist?

Answer 20

A person or group that might attempt to obtain and release confidential information to the public domain, perform DOS attacks, or deface websites.

Question 21

What is an APT?

Answer 21

Advance Persistent Threat is the ongoing ability of an adversary to compromise network security.

Question 22

What APT influenced the shaping of the language for modern cyber-attack life cycles?

Answer 22

Mandiant’s APT1

Question 23

What is the goal of a state actor?

Answer 23

The goal of state actors are primarily espionage and strategic advantage but it is not unknown for countries to target companies for commercial gain

Question 24

What is a criminal syndicate?

Answer 24

a group of threat actors that can operate across the internet from different jurisdictions than its victim.

Question 25

An unintentional or inadvertent insider threat is a vector for an external actor or separate internal actor to exploit. T/F?

Answer 25

True

Question 26

What is shadow IT?

Answer 26

When a user purchases or introduces computer hardware or software to the workplace without the sanction of the IT department or procurement.

Question 27

What is an attack surface?

Answer 27

All points at which a malicious threat actor could try to exploit a vulnerability

Question 28

What is minimizing the attack surface?

Answer 28

restricting access so that only a few known endpoints, protocols/ports, and services/methods are permitted.

Question 29

What attack vector using a supply chain?

Answer 29

Instead of attacking directly a threat actor may seek ways to infiltrate it via companies in its supply chain. ($TGT)

Question 30

What is the deep/dark web?

Answer 30

any part of the World Wide Web that is not indexed by a search engine.

Question 31

What is the Dark net?

Answer 31

A network established as an overlay to Internet infrastructure by software, such as The Onion Router (TOR), Freenet, or I2P to anonymize usage and prevent third parties from knowing of its existence

Question 32

What are the main forms of research sources?

Answer 32

• Behavioral threat research
• Reputational threat intelligence
• Threat data

Question 33

What is Reputational threat intelligence?

Answer 33

List of IP addresses and domains associated with malicious behavior, plus signatures of known file-based malware.

Question 34

What is CTI?

Answer 34

Cyber threat intelligence is feeds of threat data that is pushed through a SIEM.

Question 35

What are the threat intel platform commercial models?

Answer 35

• Closed/proprietary
• Public/private information-sharing centers
• Open Source Intelligence (OSINT)

Question 36

What is an ISAC?

Answer 36

Information Sharing and Analysis Centers are set up to share threat intelligence for companies and agencies in critical industries.

Question 37

What is OSINT?

Answer 37

Open Source Intelligence is an Open Source threat intelligence service that involves earning income from consultancy.
Also services as a common recon technique for harvesting domains, ip ranges, employees, and other data to id an attack vector.

Question 38

What are other threat intel research sources?

Answer 38

Academic Journals, conferences, request for comments (RFC) and Social media.

Question 39

What is TTP?

Answer 39

A tactic, technique, or procedure is a generalized statement of adversary behavior derived from US military doctrine.

Question 40

What is a IoC?

Answer 40

An indicator of compromise is a residual sign that an asset or network has been successfully attacked or is continuing to be attacked.

Question 41

TTP vs IoC

Answer 41

TTP describes what and how an adversary acts while indicators describe how to recognize what those actions might look like.

Question 42

IoC’s are slow to diagnose. T/F

Answer 42

True

Question 43

What is a threat data feed?

Answer 43

Constant information on cyber threat intelligence from a given source.

Question 44

What is STIX?

Answer 44

Structured Threat Information eXpression describes the standard terminology for IoCs and ways of indicating relationships between them.

Question 45

What is TAXII?

Answer 45

The Trusted Automated eXchange of Indicator Information provides a means for transmitting CTI data between servers and clients.

Question 46

What is AIS?

Answer 46

Automated Indicator Sharing is a service offered by the Department of Homeland Security (DHS) for companies to participate in threat intel sharing.

Question 47

What is a threat map?

Answer 47

It is an animated graphic showing the source, target, and type of attacks that have been detected by a CTI platform.

Question 48

What is a file/repository?

Answer 48

It holds signatures of known malware code

Question 49

What is a CVE

Answer 49

The Common Vulnerabilities and Exposures (CVE) is a list of vulnerabilities database.

Question 50

What is knowledge base in reference to AI?

Answer 50

if then rules from a limited data set.

Question 51

What is Machine learning?

Answer 51

The use of algorithms to parse input data and then develop strategies for using that data and make gradual improvements in the decision-making process.

Question 52

What is predictive Analysis?

Answer 52

A system that can anticipate a particular type of attack and possibly the identity of the threat actor before the attack is fully realized.