Chapter 02: Cyber Security Landscape Flashcards

1
Q

These are the hackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them.

A

White-hat hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

These are the hackers who act with malicious intent. They seek to defeat security controls and compromise the confidentiality, availability, and integrity of information and systems for their own, unauthorized purposes.

A

Black hat hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

These are the hackers who act without proper authorization, but they do so with intent of informing their targets of any security vulnerabilities.

A

Grey-hat hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

______ are often such attackers who rely almost entirely on automated tools they download from the internet. These type of attackers often have little knowledge of how their attacks actually work.

A

Script Kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

______ use hacking techniques to accomplish some activist goal.

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of threat actor fits under this category:
“They might deface the website of a company whose policies they disagree with.”

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of threat actor is anonymous.

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of threat actor is a teenager, who has no knowledge of hacking, attempting to hack the school network?

A

Script Kiddie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the motive for Crime Syndicates?

A

Illegal financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

__________, including ransomware, data compromise, distributed denial of service attacks, website defacement, and attacks against critical infrastructure. This is also a cyber crime category.

A

Cyber-dependent crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_____, including child pornography, abuse and solicitation. This is also a cybercrime category.

A

Child Sexual exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_____, includes credit card fraud and business email compromise. This is also a cybercrime category.

A

Payment Fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_______ includes the sale of illegal goods and services. This is also a cybercrime category.

A

Dark web activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_______ support, includes facilitating the actions of terrorist groups online. This is also a cybercrime category.

A

Terrorism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

______, includes social engineering, money mules, and the criminal abuse of cryptocurrencies. This is also a cybercrime category.

A

Cross-cutting crime factors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Organized crime tends to have attackers who range from ____ skilled to highly skilled.

A

moderately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

______ use advanced techniques, are persistent, and are often emblematic of nation-state attacks.

A

APT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Stuxnet is an example of a(n) ______ attack.

A

APT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

______ occur when an employee, contractor, vendor, or other individual with authorized access to information and systems that access to wage an attack against the organization.

A

Insider Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which is an effective tool for helping to mitigate insider attacks?

A

Behavioral assessments

21
Q

A phenomenon where individuals and groups seek out their own technology solutions is known as _________.

A

Shadow IT

22
Q

What dangers do competitors encompass?

A
  • Competitors may engage in corporate espionage designed to steal sensitive information from the organization.
  • Competitors may attempt to use a disgruntled insider to get information.
  • Competitors may purchase information from dark web.
23
Q

What type of threat assessment should be conducted periodically to determine what types of threat actors are most likely to target your organization and why.

A

Organizational Threat Assessments

24
Q

Which type of threat vector is commonly exploited with with phishing messages and spam messages.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

a.) Email and Social Media

25
Q

Which type of threat vector is exploited by attackers walking into public areas such as lobby’s, customer store, or other locations and accessing the network through the wall jacks.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

b.) Direct Access

26
Q

Which type of threat vector is exploited by attackers gaining physical access to unsecured computer terminal, network device, or other system.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

b.) Direct Access

27
Q

Which threat vector is exploited through sitting out in the parking lot and the attacker accessing the network without any hardwire connections.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

c.) Wireless Networks

28
Q

Which threat vector is exploited by attackers using USB drives to spread their malware.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

d.) Removable Media

29
Q

Which type of threat vector is where attackers routinely scan popular services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

e.) Cloud

30
Q

Which type of threat vector is where an attacker may interfere with an organization’s IT supply chain. For example, gaining access to devices at the manufacturer.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks

A

f.) Third Party Risks

31
Q

________ is the set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment.

A

Threat Intelligence

32
Q

Threat intelligence info can also be used for ______ to identify likely risks to the organization.

A

Predictive Analysis

33
Q

______ often include info about threats, such as IP addresses, hostnames, domains, email addresses, URLs, file hashes, file paths, CVE numbers, and other details about a threat.

A

Threat Feeds

34
Q

Threat intelligence sources may provide, ________. These are the telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.

A

Indicators of compromise (IoC)

35
Q

________ is threat intelligence that is acquired from publicly available sources.

A

Open Source Intelligence

36
Q

Commercial security vendors, government organizations, and other security-centric organizations also create and make use of ________. They do their own information gathering and research, and they may use custom tools, analysis models, or other methods to gather, curate, and maintain their threat feeds.

A

Closed Source intelligence

37
Q

_____ provide a geographic view of threat intelligence.

A

Threat maps

38
Q

Name a motivation for not choosing closed-source intelligence over open-source intelligence?

A
  • Organizations may want to keep their threat data secret.
  • Organizations may want to sell or license their threat data.
  • Organizations may not want to take the chance of threat actors knowing about the data they are gathering.
39
Q

________ allow organizations to filter and use threat intelligence based on how much trust they can give it.

A

Confidence Scores

40
Q

_____ is an XML language originally sponsored by the US Department of Homeland Security. It is a language and serialization format used for exchange cyber threat intelligence.

A

Structured Threat Information eXpression (STIX)

41
Q

Since STIX creation, what party maintains it.

A

Organization for the Advancement of Structured Information Standards (OASIS), which is an international nonprofit consortium that maintains other projects related to information formatting, including XML and HTML.

42
Q

____ is intended to allow cyber threat information to be communicated at the application layer via HTTPS.

A

TAXII (Trusted Automated eXchange of Indicator Information protocol)

43
Q

True or False: TAXII is specifically designed to support STIX.

A

True

44
Q

Like STIX, _____ is an XML-based framework. It was developed by Mandiant and uses Mandiant’s indicators for its base framework.

A

OpenIOC

45
Q

OpenIOC stands for

A

Open Indicators of Compromise

46
Q

TAXII is short for.

A

Trusted Automated eXchange of Indicator Information.

47
Q

In the United States, organizations known as _______ help infrastructure owners and operators share threat information and provide tools and assistance to their members.

A

ISACs

48
Q

ISACs is short for.

A

Information Sharing and Analysis Centers