Chapter 02: Cyber Security Landscape

Question 1

These are the hackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them.

Answer 1

White-hat hackers

Question 2

These are the hackers who act with malicious intent. They seek to defeat security controls and compromise the confidentiality, availability, and integrity of information and systems for their own, unauthorized purposes.

Answer 2

Black hat hackers

Question 3

These are the hackers who act without proper authorization, but they do so with intent of informing their targets of any security vulnerabilities.

Answer 3

Grey-hat hackers

Question 4

______ are often such attackers who rely almost entirely on automated tools they download from the internet. These type of attackers often have little knowledge of how their attacks actually work.

Answer 4

Script Kiddies

Question 5

______ use hacking techniques to accomplish some activist goal.

Answer 5

Hacktivists

Question 6

What type of threat actor fits under this category:
“They might deface the website of a company whose policies they disagree with.”

Answer 6

Hacktivists

Question 7

What type of threat actor is anonymous.

Answer 7

Hacktivists

Question 8

What type of threat actor is a teenager, who has no knowledge of hacking, attempting to hack the school network?

Answer 8

Script Kiddie

Question 9

What is the motive for Crime Syndicates?

Answer 9

Illegal financial gain

Question 10

__________, including ransomware, data compromise, distributed denial of service attacks, website defacement, and attacks against critical infrastructure. This is also a cyber crime category.

Answer 10

Cyber-dependent crime

Question 11

_____, including child pornography, abuse and solicitation. This is also a cybercrime category.

Answer 11

Child Sexual exploitation

Question 12

_____, includes credit card fraud and business email compromise. This is also a cybercrime category.

Answer 12

Payment Fraud

Question 13

_______ includes the sale of illegal goods and services. This is also a cybercrime category.

Answer 13

Dark web activity

Question 14

_______ support, includes facilitating the actions of terrorist groups online. This is also a cybercrime category.

Answer 14

Terrorism

Question 15

______, includes social engineering, money mules, and the criminal abuse of cryptocurrencies. This is also a cybercrime category.

Answer 15

Cross-cutting crime factors

Question 16

Organized crime tends to have attackers who range from ____ skilled to highly skilled.

Answer 16

moderately

Question 17

______ use advanced techniques, are persistent, and are often emblematic of nation-state attacks.

Answer 17

APT

Question 18

Stuxnet is an example of a(n) ______ attack.

Answer 18

APT

Question 19

______ occur when an employee, contractor, vendor, or other individual with authorized access to information and systems that access to wage an attack against the organization.

Answer 19

Insider Attacks

Question 20

Which is an effective tool for helping to mitigate insider attacks?

Answer 20

Behavioral assessments

Question 21

A phenomenon where individuals and groups seek out their own technology solutions is known as _________.

Answer 21

Shadow IT

Question 22

What dangers do competitors encompass?

Answer 22

• Competitors may engage in corporate espionage designed to steal sensitive information from the organization.
• Competitors may attempt to use a disgruntled insider to get information.
• Competitors may purchase information from dark web.

Question 23

What type of threat assessment should be conducted periodically to determine what types of threat actors are most likely to target your organization and why.

Answer 23

Organizational Threat Assessments

Question 24

Which type of threat vector is commonly exploited with with phishing messages and spam messages.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 24

a.) Email and Social Media

Question 25

Which type of threat vector is exploited by attackers walking into public areas such as lobby’s, customer store, or other locations and accessing the network through the wall jacks.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 25

b.) Direct Access

Question 26

Which type of threat vector is exploited by attackers gaining physical access to unsecured computer terminal, network device, or other system.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 26

b.) Direct Access

Question 27

Which threat vector is exploited through sitting out in the parking lot and the attacker accessing the network without any hardwire connections.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 27

c.) Wireless Networks

Question 28

Which threat vector is exploited by attackers using USB drives to spread their malware.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 28

d.) Removable Media

Question 29

Which type of threat vector is where attackers routinely scan popular services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 29

e.) Cloud

Question 30

Which type of threat vector is where an attacker may interfere with an organization’s IT supply chain. For example, gaining access to devices at the manufacturer.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

Answer 30

f.) Third Party Risks

Question 31

________ is the set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment.

Answer 31

Threat Intelligence

Question 32

Threat intelligence info can also be used for ______ to identify likely risks to the organization.

Answer 32

Predictive Analysis

Question 33

______ often include info about threats, such as IP addresses, hostnames, domains, email addresses, URLs, file hashes, file paths, CVE numbers, and other details about a threat.

Answer 33

Threat Feeds

Question 34

Threat intelligence sources may provide, ________. These are the telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.

Answer 34

Indicators of compromise (IoC)

Question 35

________ is threat intelligence that is acquired from publicly available sources.

Answer 35

Open Source Intelligence

Question 36

Commercial security vendors, government organizations, and other security-centric organizations also create and make use of ________. They do their own information gathering and research, and they may use custom tools, analysis models, or other methods to gather, curate, and maintain their threat feeds.

Answer 36

Closed Source intelligence

Question 37

_____ provide a geographic view of threat intelligence.

Answer 37

Threat maps

Question 38

Name a motivation for not choosing closed-source intelligence over open-source intelligence?

Answer 38

• Organizations may want to keep their threat data secret.
• Organizations may want to sell or license their threat data.
• Organizations may not want to take the chance of threat actors knowing about the data they are gathering.

Question 39

________ allow organizations to filter and use threat intelligence based on how much trust they can give it.

Answer 39

Confidence Scores

Question 40

_____ is an XML language originally sponsored by the US Department of Homeland Security. It is a language and serialization format used for exchange cyber threat intelligence.

Answer 40

Structured Threat Information eXpression (STIX)

Question 41

Since STIX creation, what party maintains it.

Answer 41

Organization for the Advancement of Structured Information Standards (OASIS), which is an international nonprofit consortium that maintains other projects related to information formatting, including XML and HTML.

Question 42

____ is intended to allow cyber threat information to be communicated at the application layer via HTTPS.

Answer 42

TAXII (Trusted Automated eXchange of Indicator Information protocol)

Question 43

True or False: TAXII is specifically designed to support STIX.

Answer 43

True

Question 44

Like STIX, _____ is an XML-based framework. It was developed by Mandiant and uses Mandiant’s indicators for its base framework.

Answer 44

OpenIOC

Question 45

OpenIOC stands for

Answer 45

Open Indicators of Compromise

Question 46

TAXII is short for.

Answer 46

Trusted Automated eXchange of Indicator Information.

Question 47

In the United States, organizations known as _______ help infrastructure owners and operators share threat information and provide tools and assistance to their members.

Answer 47

ISACs

Question 48

ISACs is short for.

Answer 48

Information Sharing and Analysis Centers