Chapter 2: Threat Management and Cybersecurity Resources

Question 1

A type of test that attempts to exploit vulnerabilities just as a threat actor would

Answer 1

Penetration test

Question 2

Why should pen testing be carried out?

Answer 2

Deep vulnerabilities can only be revealed through a simulated attack using the mindset of an actual threat actor

Question 3

What are 3 advantages to using internal security personnel in a pen test?

Answer 3

1. Low cost
2. Fast
3. Enhances training

Question 4

What are 3 disadvantages to using internal security personnel?

Answer 4

1. Insider knowledge
2. Lack of expertise
3. Reluctance to reveal findings

Question 5

What are 4 advantages to using external consultants for pen testing?

Answer 5

1. Expertise
2. Credentials
3. Experience
4. Focus

Question 6

What is the primary disadvantage to using external consultants in a pen test?

Answer 6

Use of discovered information

Question 7

A monetary award for uncovering a software vulnerability

Answer 7

Bug bounty

Question 8

What are three advantages to crowdsourcing pen testing?

Answer 8

1. Fast
2. Flexible
3. Wide scope

Question 9

Scans for vulnerabilities and exploits them in a pen test

Answer 9

Red team

Question 10

Monitors for attackers and shores up defenses as necessary in a pen test

Answer 10

Blue team

Question 11

Enforces the rules in a pen test

Answer 11

White team

Question 12

Provides feedback to defenders and attackers during pen test

Answer 12

Purple team

Question 13

A type of pen test where the attackers have no knowledge of the network nor special privileges

Answer 13

Black box

Question 14

A type of pen test where the attackers are given limited knowledge of the network and some elevated privileges

Answer 14

Gray box

Question 15

A type of pen test where attackers are given full knowledge of the network and the source code of applications

Answer 15

White box

Question 16

Limitations or parameters on the pen test

Answer 16

Rules of engagement

Question 17

What are 7 elements of the rules of engagement?

Answer 17

1. Timing
2. Scope
3. Authorization
4. Exploitation
5. Communication
6. Cleanup
7. Reporting

Question 18

Less technical element of a report aimed at those in charge

Answer 18

Executive summary

Question 19

A process, involving determination, resolve, and perseverance, in which a load balancer crates a link between an endpoint and a specific network server for the duration of a session

Answer 19

Persistence

Question 20

Gathering information from outside the organization

Answer 20

Footprinting

Question 21

Directly probing for vulnerabilities and useful information

Answer 21

Active reconnaissance

Question 22

Searching for wireless signals from an automobile or on foot while using a portable computing device

Answer 22

War driving

Question 23

An efficient means of discovering a WiFi signal using drones

Answer 23

War flying

Question 24

An unmanned aerial vehicle without a human pilot

Answer 24

Drone

Question 25

An aircraft without a human pilot on board to control its flight

Answer 25

Unmanned aerial vehicle (UAV)

Question 26

Searching online for publicly accessible information

Answer 26

Passive surveillance

Question 27

Publicly accessible information

Answer 27

Open source intelligence (OSINT)

Question 28

Moving to more advanced resources that are normally protected from an application or user

Answer 28

Privilege escalation

Question 29

Turning to other systems to be compromised

Answer 29

Pivoting

Question 30

A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress

Answer 30

Vulnerability scanning

Question 31

What are 7 ways that a pen test and vulnerability scan are different?

Answer 31

1. Purpose 2. Procedure 3. Frequency 4. Personnel 5. Process 6. Goal 7. Audience

Question 32

What are 2 issues when conducting a vulnerability scan?

Answer 32

1. Workflow interruptions 2. Technical constraints

Question 33

A list of all significant assets

Answer 33

Asset inventory

Question 34

An examination of the software settings for a vulnerability scan

Answer 34

Configuration review

Question 35

Depth of a vulnerability scan

Answer 35

Sensitivity level

Question 36

4 elements of a configuration review include …

Answer 36

1. Define target devices 2. Ensure scan designed to meet intended goals 3. Sensitivity level 4. Specify data types

Question 37

A scan in which authenticated credentials, such as usernames and passwords, are supplied to the stability scanner to mimic the work of a threat actor who possesses these credentials

Answer 37

Credentialed scan

Question 38

A vulnerability scan that provides no authentication information to the tester

Answer 38

Non-credentialed scan

Question 39

A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would

Answer 39

Intrusive scan

Question 40

A vulnerability scan that does not attempt to exploit the vulnerabilities which it finds, but o Lu records it was discovered

Answer 40

Non-intrusive scan

Question 41

A numeric rating system of the impact of a vulnerability

Answer 41

Common Vulnerability Scoring System (CVSS)

Question 42

A tool that consolidates real-time security monitoring and management of security information with analysis and reporting of security events

Answer 42

Security Information and Event Management (SIEM)

Question 43

Looking at normal behavior of users and how they interact with systems to create a picture of typical activity

Answer 43

User behavior analysis

Question 44

The process of computationally identifying and categorizing opinions, usually expressed in response to textual data, in order to determine the writer’s attitude toward a particular topic

Answer 44

Sentiment analysis

Question 45

A tool designed to help security teams manage and respond to the very high number of security warnings and alarms by combining comprehensive data gathering and analytics in order to automate incident response

Answer 45

Security Orchestration, Automation, and Response (SOAR)

Question 46

Proactively searching for cyber threats that this far have gone undetected in a network

Answer 46

Threat hunting

Question 47

Conducting unusual behavior when threat hunting

Answer 47

Maneuvering

Question 48

Cybersecurity data feeds that provide information on the latest threats

Answer 48

Threat feeds

Question 49

A formal repository of information from enterprises and the government used to share information on the latest attacks

Answer 49

Fusion center

Question 50

A series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment

Answer 50

Framework

Question 51

4 NIST framework elements

Answer 51

1. Functions 2. Categories 3. Subcategories 4. Information sources

Question 52

A guidance document designed to help organizations assess and manage risks to their information and systems

Answer 52

NIST Risk Management Framework

Question 53

A measuring stick against which companies can compare their cybersecurity practices relative to the threats they face

Answer 53

NIST Cybersecurity Framework

Question 54

A ISO standard that provides requirements for an information security management system

Answer 54

ISO 27001

Question 55

An extension of ISO 27001 that is a framework for managing privacy controls to reduce the risk of privacy breaches

Answer 55

ISO 27701

Question 56

An ISO “code of practice” for information security management within an organization and contains 114 different control recommendations

Answer 56

ISO 27002

Question 57

An ISO standard that contains controls for managing and controlling risk

Answer 57

ISO 31000

Question 58

An AICPA System and Organization control standard for reports on internal controls that reviews how a company safeguards consumer data and how well those controls are operating

Answer 58

SSAE SOC 2 Type II

Question 59

An AICPA System and Organization control standard for reports on internal controls that can be freely distributed

Answer 59

SSAE SOC 2 Type III

Question 60

A specialized framework of cloud-specific security controls

Answer 60

Cloud Controls Matrix

Question 61

An authoritative source of information

Answer 61

Reference architecture

Question 62

Standards typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals

Answer 62

Regulations

Question 63

A document approved through consensus by a recognized standardization body

Answer 63

Standards

Question 64

A compliance standard to provide a minimum degree of security for handling customer card information

Answer 64

Payment Card Industry Data Security Standard (PCI DSS)

Question 65

Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers

Answer 65

Benchmark/Secure Configuration Guide

Question 66

Guidelines that only apply to specific products

Answer 66

Platform/vendor-specific guides

Question 67

Documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas

Answer 67

Requests for Comment (RFCs)

Question 68

Cybersecurity information streams which include information on the latest vulnerabilities and threats

Answer 68

1. Vulnerability feeds 2. Threat feeds

Question 69

A database of the behavior of threat actors and how they orchestrate and manage attacks

Answer 69

Adversary tactics, techniques, and procedures (TTP)