Chapter 1 Defending Against Cybersecurity Threats

Question 1

Weakness in a device, system, application or process that might allow an attack to take place.

Answer 1

Vulnerability

Question 2

• A force outside an organization that may exploit a vulnerability.
• Malicious i.e. hacker
• Non-malicious i.e. earthquake

Answer 2

Threat

Question 3

• The relationship between threats and vulnerabilities

- If one of these don’t exist then this definition doesn’t either

Answer 3

Risk

Question 4

Framework that outlines the risk assessment process that suggests an organization should identify threats and vulnerabilities and use this info to determine the level of risk posed by the combination or of these threats and vulnerabilities.

Answer 4

NIST SP 800-30

Question 5

• NAC solution that use dedicated appliances that sit in between devices and the resources they wish to access.
• Solution typical in hotels

Answer 5

In-Band NAC

Question 6

• NAC solution that leverages existing network infrastructure
• i.e. 802.1X

Answer 6

Out-of-Band NAC

Question 7

Checks the characteristics of each packet against firewall rules without additional intelligence

Answer 7

Packet filtering firewalls

Question 8

Maintains info about each state of each connection passing through the firewall

Answer 8

Stateful Inspection firewalls

Question 9

• Ensures that there are not unauthorized modifications to info or systems, either internationally or unintentionally
• i.e. hashing and integrity monitoring solutions

Answer 9

Integrity

Question 10

• Ensures that info and systems are ready to meet the needs of legitimate users at the time those users request them.
• i.e. fault tolerance, clustering and backups

Answer 10

Availability

Question 11

• Under step 2: Conduct Assessment task Identify Threats NIST SP 800-300
• Represents individuals, groups, and organizations that are attempting to undermine security of organization

Answer 11

Adversarial Threats

Question 12

• Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
• Represents individuals doing their routine work and mistakenly performs an action that undermines security

Answer 12

Accidental Threats

Question 13

• Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
• Represents equipment, software, or environmental controls that fail due to exhaustion of resources, exceeding operational capacity, or failing due to age.

Answer 13

Structural Threats

Question 14

• Under step 2: Conduct Assessments task Identify Threats NIST SP 800-30
• Represents natural to man-made disasters occurring

Answer 14

Environmental Threats

Question 15

Controls put into place for systems, devices, software, and settings that work to enforce CIA.

Answer 15

Technical Threats

Question 16

Controls put into place that use practices and procedures to bolster security

Answer 16

Operational Controls

Question 17

Firewalls designed to protect against web attacks

Answer 17

Web App Firewalls (WAF)

Question 18

• In 802.1x this device cannot validate the user itself, it instead passes requests along to authentication server using RADIUS.
• Runs on WAP or switch

Answer 18

Authentication

Question 19

In 802.1x refers to endpoint device

Answer 19

Supplicant

Question 20

In 802.1x server that validates user access on a network

Answer 20

Authentication Server

Question 21

Attacker sends a suspicious request to the DNS server. Server in turns feeds false DNS info to the attacker

Answer 21

DNS Sinkholes

Question 22

Firewall that incorporates more info into their decision-making process, i.e. users, apps, business processes.

Answer 22

Next-gen Firewalls

Question 23

NIST divides a pen test into what phases?

Answer 23

1. Planning
2. Discovery
3. Attack
4. Reporting

Question 24

According to the NIST in the Planning phase. What are some rules of engagement?

Answer 24

Timing - When will test the take place?
Scope - What is on and off-limits?
Authorization - Who is authorizing the pen-test at the org?

Question 25

• Ensures that unauthorized individuals are are not able to gain access to sensitive info.
• i.e. firewalls , ACLs, and encryption

Answer 25

Confidentiality

Question 26

What are the 4 steps of a risk assessment per NIST SP 800-30

Answer 26

Step 1: Prepare for Assessment
Step 2: Conduct Assessment
Step 3: Communicate Results
Step 4: Maintain Assessment

Question 27

According to Step 2: Conduct Assessment list some tasks included in this section

Answer 27

• Identify Threat sources and events
• Identify Vulnerabilities and predisposing conditions
• Determine Likelihood of occurrence
• Determine Magnitude of impact
• Determine Risk