Chapter 1 Cybersecurity Fundamentals Definitions Flashcards

1
Q

Threat

A

A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited—or, more importantly, it is not yet publicly known—the threat is latent and not yet realized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. A specific vulnerability might manifest as anything from a weakness in system design to the implementation of an operational procedure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerabilities can be found in:

A
  1. Applications
  2. Operating systems
  3. Hardware
  4. Misconfiguration:
  5. Shrinkwrap software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Exploit

A

An exploit refers to a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

White hat hackers

A

These individuals perform ethical hacking to help secure companies and organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Black hat hackers

A

These individuals perform illegal activities, such as organized crime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Gray hat hackers

A

These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name five threat actors

A

Script kiddies: People who use existing “scripts” or tools to hack into computers and networks. They lack the expertise to write their own scripts.

Organized crime groups: Their main purpose is to steal information, scam people, and make money.

State sponsors and governments: These agents are interested in stealing data, including intellectual property and research-and-development data from major manufacturers, government agencies, and defense contractors.

Hacktivists: People who carry out cybersecurity attacks aimed at promoting a social or political cause.

Terrorist groups: These groups are motivated by political or religious beliefs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat intelligence

A

Threat intelligence is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems. Threat intelligence includes context, mechanisms, indicators of compromise (IoCs), implications, and actionable advice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Structured Threat Information eXpression (STIX)

A

An express language designed for sharing of cyber-attack information. STIX details can contain data such as the IP addresses or domain names of command-and-control servers (often referred to C2 or CnC), malware hashes, and so on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Trusted Automated eXchange of Indicator Information (TAXII)

A

Trusted Automated eXchange of Indicator Information (TAXII): An open transport mechanism that standardizes the automated exchange of cyber-threat information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cyber Observable eXpression (CybOX)

A

Cyber Observable eXpression (CybOX): A free standardized schema for specification, capture, characterization, and communication of events of stateful properties that are observable in the operational domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Open Indicators of Compromise (OpenIOC)

A

Open Indicators of Compromise (OpenIOC): An open framework for sharing threat intelligence in a machine-digestible format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Open Command and Control (OpenC2)

A

Open Command and Control (OpenC2): A language for the command and control of cyber-defense technologies. OpenC2 Forum was a community of cybersecurity stakeholders that was facilitated by the U.S. National Security Agency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name six ways viruses are transmitted.

A

Master boot record infection: This is the original method of attack. It works by attacking the master boot record of the hard drive.

BIOS infection: This could completely make the system inoperable or the device could hang before passing Power On Self-Test (POST).

File infection: This includes malware that relies on the user to execute the file. Extensions such as .com and .exe are usually used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to mask the .exe extension and make it appear as a graphic (.jpg, .bmp, .png, .svg, and the like).

Macro infection: Macro viruses exploit scripting services installed on your computer. Manipulating and using macros in Microsoft Excel, Microsoft Word, and Microsoft PowerPoint documents have been very popular in the past.

Cluster: This type of virus can modify directory table entries so that it points a user or system process to the malware and not the actual program.

Multipartite: This style of virus can use more than one propagation method and targets both the boot sector and program files. One example is the NATAS (Satan spelled backward) virus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

wrapper

A

A wrapper is a program used to combine two or more executables into a single packaged program. Wrappers are also referred to as binders, packagers, and EXE binders because they are the functional equivalent of binders for Windows Portable Executable files.

17
Q

Packers

A

Packers are similar to programs such as WinZip, Rar, and Tar because they compress files. However, whereas compression programs compress files to save space, packers do this to obfuscate the activity of the malware. The idea is to prevent anyone from viewing the malware’s code until it is placed in memory.

18
Q

Droppers

A

Droppers are software designed to install malware payloads on the victim’s system. Droppers try to avoid detection and evade security controls by using several methods to spread and install the malware payload.

19
Q

Crypters

A

Crypters function to encrypt or obscure the code. Some crypters obscure the contents of the Trojan by applying an encryption algorithm. Crypters can use anything from AES, RSA, to even Blowfish, or might use more basic obfuscation techniques such as XOR, Base64 encoding, or even ROT13.

20
Q

Name 11 Ransomeware Progrmas

A
  1. WannaCry
  2. Pyeta
  3. Nyeta
  4. Sodinokibi
  5. Bad Rabbit
  6. Grandcrab
  7. SamSam
  8. CryptoLocker
  9. CryptoDefense
  10. CryptoWall
  11. Spora
21
Q

Ransomware

A

Ransomware can propagate like a worm or a virus but is designed to encrypt personal files on the victim’s hard drive until a ransom is paid to the attacker.

22
Q

PaaS

A

Platform as a Service (PaaS): PaaS provides everything except applications. Services provided by this model include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software.

23
Q

SaaS

A

Software as a Service (SaaS): SaaS is designed to provide a complete packaged solution. The software is rented out to the user.

24
Q

IaaS

A

Infrastructure as a Service (IaaS): IaaS describes a cloud solution where you are renting infrastructure. You purchase virtual power to execute your software as needed. This is much like running a virtual server on your own equipment, except you are now running a virtual server on a virtual disk.

25
Q

Public cloud

A

Public cloud: Open for public use

26
Q

Private cloud

A

Private cloud: Used just by the client organization on the premises (on-prem) or at a dedicated area in a cloud provider

27
Q

Community cloud

A

Community cloud: Shared between several organizations

28
Q

Hybrid cloud

A

Hybrid cloud: Composed of two or more clouds (including on-prem services)