Chapter 2: Cybersecurity Threat Landscape Review Questions Flashcards
1- Which of the following measures is not commonly used to assess threat intelligence?
A. Timeliness
B. Detail
C. Accuracy
D. Relevance
- B. Although higher levels of detail can be useful, they aren’t a common measure used to assess threat intelligence. Instead, the timeliness, accuracy, and relevance of the information are considered critical to determining whether you should use the threat information.
2- What language is STIX based on?
A. PHP
B. HTML
C. XML
D. Python
- C. STIX is an XML-based language, allowing it to be easily extended and modified while also using standard XML-based editors, readers, and other tools.
3- Kolin is a penetration tester who works for a cybersecurity company. His firm was hired to conduct a penetration test against a health-care system, and Kolin is working to gain access to the systems belonging to a hospital in that system. What term best describes Kolin’s work?
A. White hat
B. Gray hat
C. Green hat
D. Black hat
- A. Attacks that are conducted as part of an authorized penetration test are white-hat hacking attacks, regardless of whether they are conducted by internal employees or an external firm. Kolin is, therefore, engaged in white-hat hacking. If he were acting on his own, without authorization, his status would depend on his intent. If he had manicous intent, his activity would be considered black-hat hacking. If he simply intended to report vulnerabilities to the hospital, his attack would be considered gray hat. Green hat is not a commonly used category of attacker.
4- Which one of the following attackers is most likely to be associated with an APT?
A. Nation-state actor
B. Hacktivist
C. Script kiddie
D. Insider
- A. Advanced persistent threats (APTs) are most commonly associated with nation-state actors. It is unlikely that an APT group would leverage the unsophisticated services of a script kiddie. It is also unlikely that a hacktivist would have access to APT resources. Although APTs may take advantage of insider access, they are most commonly associated with nation-state actors.
5- What organizations did the U.S. government create to help share knowledge between organizations in specific verticals?
A. DHS
B. SANS
C. CERTS
D. ISACs
- D. The U.S. government created the Information Sharing and Analysis Centers (ISACs). ISACs help infrastructure owners and operators share threat information, and provide tools and assistance to their members.
6- Which of the following threat actors typically has the greatest access to resources?
A. Nation-state actors
B. Organized crime
C. Hacktivists
D. Insider threats
- A. Nation-state actors are government sponsored, and they typically have the greatest access to resources, including tools, money, and talent.
7- Of the threat vectors listed here, which one is most commonly exploited by attackers who are at a distant location?
A. Email
B. Direct access
C. Wireless
D. Removable media
- A. Email is the most common threat vector exploited by attackers who use phishing and other social engineering tactics to gain access to an organization. The other vectors listed here, direct access, wireless, and removable media, all require physical proximity to an organization and are not easily executed from a remote location.
8- Which one of the following is the best example of a hacktivist group?
A. Chinese military
B. U.S. government
C. Russian mafia
D. Anonymous
- D. The Chinese military and U.S. government are examples of nation-state actors and advanced persistent threats (APTs). The Russian mafia is an example of a criminal syndicate. Anonymous is the world’s most prominent hacktivist group.
9- What type of assessment is particularly useful for identifying insider threats?
A. Behavioral
B. Instinctual
C. Habitual
D. IOCs
- A. Behavioral assessments are very useful when you are attempting to identify insider threats. Since insider threats are often hard to distinguish from normal behavior, the context of the actions performed—such as after-hours logins, misuse of credentials, logins from abnormal locations, or abnormal patterns—and other behavioral indicators are often used.
10- Cindy wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. What should she choose?
A. STIX 1.0
B. OpenIOC
C. STIX 2.0
D. TAXII
- D. TAXII, the Trusted Automated eXchange of Indicator Information protocol, is specifically designed to communicate cyber threat information at the application layer. OpenIOC is a compromise indicator framework, and STIX is a threat description language.
11- Greg believes that an attacker may have installed malicious firmware in a network device before it was provided to his organization by the supplier. What type of threat vector best describes this attack?
A. Supply chain
B. Removable media
C. Cloud
D. Direct access
- A. Tampering with equipment before it reaches the intended user is an example of a supply chain threat. It is also possible to describe this attack as a direct access attack because it involved physical access to the device, but supply chain is a more relevant answer. You should be prepared to select the best possible choice from several possible correct answers when you take the exam. Security+ questions often use this type of misdirection.
12- Ken is conducting threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?
A. Academic journal
B. Internet RFCs
C. Subject matter experts
D. Textbooks
- B. All of these resources might contain information about the technical details of TLS, but Internet Request for Comments (RFC) documents are the definitive technical standards for Internet protocols. Consulting the RFCs would be Ken’s best option.
13- Wendy is scanning cloud-based repositories for sensitive information. Which one of the following should concern her most, if discovered in a public repository?
A. Product manuals
B. Source code
C. API keys
D. Open source data
- C. All of these items could be concerning, depending on the circumstances. However, API keys should never be found in public repositories because they may grant unauthorized individuals access to information and resources.
14- Which one of the following threat research tools is used to visually display information about the location of threat actors?
A. Threat map
B. Predictive analysis
C. Vulnerability feed
D. STIX
- A. Threat maps are graphical tools that display information about the geographic locations of attackers and their targets. These tools are most often used as interesting marketing gimmicks, but they can also help identify possible threat sources.
15- Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?
A. Vulnerability feed
B. IoC
C. TTP
D. RFC
- B. Specific details of attacks that may be used to identify compromises are known as indicators of compromise (IoCs). This data may also be described as an adversary tool, tactic, or procedure (TTP), but the fact that it is a set of file signatures makes it more closely match the definition of an IoC.