Chapter 1- Overview

Question 1

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

Answer 1

Information Security

Question 2

Act of protecting the systems that hold and process our critical data.

Answer 2

Information Systems Security

Question 3

What does CIA Triad stand for?

Answer 3

• Confidentiality
• Integrity
• Availability

Question 4

Information has not been disclosed to unauthorized people.

Answer 4

Confidentiality

Question 5

Information has not been modified or altered without proper authorization.

Answer 5

Integrity

Question 6

Information is able to be stored, accessed, or protected at all times.

Answer 6

Availability

Question 7

What does AAA of Security stand for?

Answer 7

• Authentication
• Authorization
• Accounting

Question 8

When a person’s identity is established with proof and confirmed by a system.

Answer 8

Authentication

Question 9

Occurs when a user is given access to a certain piece of data or certain areas of a building

Answer 9

Authorization

Question 10

▪ Tracking of data, computer usage, and network resources ▪ Non-repudiation occurs when you have proof that someone has taken an action

Answer 10

Accounting

Question 11

What are the Security Threats?

Answer 11

• Malware
• Unauthorized Access
• System Failure
• Social Engineering

Question 12

Short-hand term for malicious software (More in Chapter 2)

Answer 12

Malware

Question 13

Occurs when access to computer resources and data occurs without the consent of the owner

Answer 13

Unauthorized Access

Question 14

Occurs when a computer crashes or an individual application fails

Answer 14

System Failures

Question 15

Act of manipulating users into revealing confidential information or performing other detrimental actions

Answer 15

Social Engineering

Question 16

What are the Mitigating Threats

Answer 16

• Physical Controls
• Technical Controls
• Administrative Controls

Question 17

Alarm systems, locks, surveillance cameras, identification cards, and security guards are all examples of?

Answer 17

Physical Controls

Question 18

Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication

Answer 18

Technical Controls

Question 19

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans

Answer 19

Administrative Controls

Question 20

What are the different Hackers?

Answer 20

• White Hats
• Black Hats
• Gray Hats
• Blue Hats
• Elite

Question 21

Non-malicious hackers who attempt to break into a company’s systems at their request

Answer 21

White Hats

Question 22

Malicious hackers who break into computer systems and networks without authorization or permission

Answer 22

Black Hats

Question 23

Hackers without any affiliation to a company who attempt to break into a company’s network but risk the law by doing so

Answer 23

Gray Hats

Question 24

Hackers who attempt to hack into a network with permission of the company but are not employed by the company

Answer 24

Blue Hats

Question 25

Hackers who find and exploit vulnerabilities before anyone else does

Answer 25

Elite

Question 26

What are the different Threat Actors

Answer 26

* Script Kiddies * Hacktivists * Organized Crime * Advanced Persistent Threats (APTs)

Question 27

Hackers with little to no skill who only use the tools and exploits written by others

Answer 27

Script Kiddies

Question 28

Hackers who are driven by a cause like social change, political agendas, or terrorism

Answer 28

Hacktivists

Question 29

Hackers who are part of a crime group that is well-funded and highly sophisticated

Answer 29

Organized Crime

Question 30

Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal

Answer 30

Advanced Persistent Threats (APTs)

Question 31

What are the different types of intelligence?

Answer 31

* Proprietary * Closed-Source * Open-Source * Open-Source Intelligence (OSINT)

Question 32

Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee

Answer 32

Proprietary

Question 33

Data that is derived from the provider's own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers' systems, suitably anonymized

Answer 33

Closed-Source

Question 34

Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and may contain reputation lists and malware signature databases

Answer 34

Open-Source

Question 35

Methods of obtaining information about a person or organization through public records, websites, and social media

Answer 35

Open-Source Intelligence (OSINT)

Question 36

A cyber security technique designed to detect presence of threat that have not been discovered by a normal security monitoring

Answer 36

Threat Hunting

Question 37

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

Answer 37

Kill Chain

Question 38

What are the different stages of the Kill Chain?

Answer 38

* Reconnaissance * Weaponization * Delivery * Exploitation * Installation * Command & Control (C2) * Actions on Objectives * MITRE ATT%CK Framework * Diamond Model of Intrusion Analysis

Question 39

The attacker determines what methods to use to complete the phases of the attack.

Answer 39

Reconnaissance

Question 40

The attacker couples payload code that will enable access with exploit code that will use a vulnerability to execute on the target system.

Answer 40

Weaponization

Question 41

The attacker identifies a vector by which to transmit the weaponized code to the target environment.

Answer 41

Delivery

Question 42

The weaponized code is executed on the target system by this mechanism

Answer 42

Exploitation

Question 43

This mechanism enables the weaponized code to run a remote access tool and achieve persistence on the target system

Answer 43

Installation

Question 44

The weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack

Answer 44

Command & Control (C2)

Question 45

The attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration) or achieve other goals and motives

Answer 45

Actions on Objectives

Question 46

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)

Answer 46

MITRE ATT%CK Framework

Question 47

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim

Answer 47

Diamond Model of Intrusion Analysis