COMPTIA SECURITY + WEEK 1 CHAPTER 1 & 2 Flashcards
What are the three key objectives of cybersecurity?
Confidentiality, Integrity, Availability
These objectives are often referred to as the CIA triad.
What is confidentiality in cybersecurity?
Ensures that unauthorized individuals cannot gain access to sensitive information
Security controls like firewalls, access control lists, and encryption are used to maintain confidentiality.
What is integrity in cybersecurity?
Ensures that there are no unauthorized modifications to information or systems
Integrity controls include hashing and integrity monitoring solutions.
What is availability in cybersecurity?
Ensures that information and systems are ready for legitimate users when needed
Availability controls include fault tolerance, clustering, and backups.
What does the CIA triad stand for?
Confidentiality, Integrity, Availability
This triad is used to characterize risks, attacks, and security controls.
What is nonrepudiation?
The assurance that someone cannot deny having taken an action
Digital signatures are a common example of nonrepudiation.
What are the three key threats to cybersecurity efforts according to the DAD triad?
Disclosure, Alteration, Denial
Each threat maps to one of the CIA triad goals.
What is disclosure in the context of cybersecurity?
The exposure of sensitive information to unauthorized individuals
This is a violation of the principle of confidentiality.
What is alteration in cybersecurity?
The unauthorized modification of information
This is a violation of the principle of integrity.
What is denial in cybersecurity?
The disruption of an authorized user’s legitimate access to information
This violates the principle of availability.
What are the categories of potential impact from a security incident?
- Financial Risk
- Reputational Risk
- Identity Theft
- Strategic Risk
- Operational Risk
- Compliance Risk
Each category describes different consequences an organization may face after a breach.
What is financial risk in the context of a data breach?
The risk of monetary damage to the organization as a result of a breach
This can include direct costs, like rebuilding a datacenter, and indirect costs, like lost business opportunities.
What constitutes reputational risk?
Negative publicity surrounding a security breach that affects goodwill
It is often difficult to quantify this type of damage.
What is identity theft risk?
The risk posed by exposure of personally identifiable information (PII) to malicious individuals
Organizations should protect sensitive identifiers like Social Security numbers and bank account information.
Define strategic risk in the context of cybersecurity.
The risk that an organization will become less effective in meeting its goals due to a breach
For example, losing product development plans may hinder market competitiveness.
What is operational risk?
Risk to the organization’s ability to carry out its day-to-day functions
This may slow down processes or require manual workarounds.
What does compliance risk entail?
Risk of violating legal or regulatory requirements due to a breach
An example is violating HIPAA by losing patient medical records.
True or False: Risks often fit into only one category.
False
Many risks can cross multiple categories, such as reputational and financial risks arising from the same incident.
What is a gap analysis in cybersecurity?
A review to evaluate security controls against control objectives
Gaps identified should be treated as potential risks to be remediated.
List the four categories of security controls.
- Technical Controls
- Operational Controls
- Managerial Controls
- Physical Controls
Each category achieves security objectives through different mechanisms.
What are technical controls?
Controls that enforce confidentiality, integrity, and availability in the digital space
Examples include firewalls, access control lists, and encryption.
What are operational controls?
Processes put in place to manage technology securely
Examples include user access reviews and log monitoring.
What are managerial controls?
Procedural mechanisms focusing on the risk management process
Examples include risk assessments and security planning.
What are physical controls?
Security controls that impact the physical world
Examples include fences, locks, and fire suppression systems.
What is the primary focus of security professionals?
Protecting the confidentiality, integrity, and availability of sensitive data
This is often referred to as the CIA triad.
What are the three states of data?
- Data at rest
- Data in transit
- Data in use
What is the purpose of preventive controls?
To stop a security issue before it occurs
Examples include firewalls and encryption.
What do corrective controls do?
Remediate security issues that have already occurred
An example is restoring backups after a ransomware attack.
What is a compensating control?
A control designed to mitigate the risk associated with exceptions made to a security policy
What criteria must a compensating control meet according to PCI DSS?
- Meet the intent and rigor of the original requirement
- Provide a similar level of defense as the original requirement
- Be above and beyond other PCI DSS requirements
What is data loss prevention (DLP)?
Systems that help organizations enforce information handling policies to prevent data loss and theft
What are the two environments where DLP systems operate?
- Agent-based DLP
- Agentless (network-based) DLP
What is data minimization?
Techniques that seek to reduce risk by decreasing the amount of sensitive information maintained
What is the process of transforming sensitive data into a format where the original information can’t be retrieved called?
Data obfuscation
What are the two common types of access restrictions?
- Geographic restrictions
- Permission restrictions
What does the CIA triad stand for?
- Confidentiality
- Integrity
- Availability
What is nonrepudiation?
Prevents someone from denying that they took an action
Digital signatures are a common example of nonrepudiation.
What are the categories of security controls based on their mechanism of action?
- Managerial
- Operational
- Physical
- Technical
How do DLP systems detect sensitive information?
- Pattern matching
- Watermarking
What is the risk associated with hashing sensitive data?
Rainbow table attacks can be conducted if an attacker has a list of possible values
What is the function of segmentation in network security?
Places sensitive systems on separate networks with strict communication restrictions
What happens during a data breach?
Organizations suffer both direct and indirect damages, including financial repercussions and reputational damage
What is the goal of data encryption?
To protect information from unauthorized access while it is in transit and at rest
What is the main purpose of directive controls?
To inform employees and others what they should do to achieve security objectives
What is masking in the context of data protection?
Partially redacting sensitive information by replacing some or all sensitive fields with blank characters
Fill in the blank: The three core objectives of cybersecurity are _______.
[confidentiality, integrity, availability]
What has caused the increase in sophistication and diversity of cybersecurity threats?
The involvement of skilled technologists, organized criminal syndicates, and government-sponsored attackers.
What are the three key aspects that cybersecurity professionals must safeguard?
- Confidentiality
- Integrity
- Availability
What is essential for developing appropriate defensive mechanisms against cybersecurity threats?
A strong understanding of the threat environment.
What are the two main categories of threat actors based on their origin?
- Internal
- External
What are the key characteristics that differentiate cybersecurity threat actors?
- Level of Sophistication/Capability
- Resources/Funding
- Intent/Motivation
True or False: All cybersecurity threats come from external sources.
False
What term is used to describe unskilled attackers who rely on automated tools?
Script kiddie
What is the primary motivation of unskilled attackers?
Proving their skill.
What is the defining characteristic of hacktivists?
They use hacking techniques to accomplish activist goals.
Who is considered a notable hacktivist for leaking sensitive government documents?
Edward Snowden
What is the primary motive of organized crime in the context of cybercrime?
Illegal financial gain.
List two types of cybercrime activities organized crime groups are involved in.
- Ransomware
- Online fraud
What does APT stand for in cybersecurity?
Advanced Persistent Threat
What distinguishes APT attacks from other types of attacks?
They use advanced techniques and are persistent over time.
What is a zero-day attack?
An attack that exploits vulnerabilities unknown to product vendors.
What is a common outcome of insider threats?
Disclosing confidential information.
Fill in the blank: A _______ hacker acts with authorization to discover and correct security vulnerabilities.
white-hat
Fill in the blank: A _______ hacker has malicious intent and seeks to compromise systems for unauthorized purposes.
black-hat
Fill in the blank: A _______ hacker acts without proper authorization but intends to inform targets of vulnerabilities.
gray-hat
What is a common trait of the hacktivist group Anonymous?
They collectively decide their agenda and targets.
What do organized crime groups prefer regarding their activities?
To remain in the shadows and draw little attention.
What are the resources like for organized crime compared to other threat actors?
They tend to have more resources in terms of time and money.
What is the primary motivation behind insider attacks?
Insiders may be motivated by various factors, including activist goals, financial gain, or personal grievances.
True or False: Insiders typically work with a team to execute their attacks.
False
What is shadow IT?
Shadow IT refers to the use of technology services by employees that are not approved by the organization.
What risks does shadow IT pose to an organization?
It puts sensitive information in the hands of vendors outside of the organization’s control.
What types of information might competitors seek to steal through corporate espionage?
- Customer information
- Proprietary software
- Confidential product development plans
- Other beneficial information
What is a common source for competitors to obtain insider information?
The dark web
List some primary motivations behind cyberattacks.
- Data exfiltration
- Espionage
- Service disruption
- Blackmail
- Financial gain
- Philosophical/political beliefs
- Ethical hacking
- Revenge
- Disruption/chaos
- War
What is a threat vector?
A threat vector is the means that threat actors use to gain access to an organization’s systems or information.
Fill in the blank: Email is one of the most commonly exploited _______.
[threat vectors]
What type of attack involves tricking a user into opening a file that contains malicious code?
Malware infection
How can attackers use removable devices to spread malware?
By distributing USB drives in public areas, hoping users will plug them into their computers.
What is meant by the term ‘supply chain attack’?
An attack that targets an organization’s vendors and suppliers to indirectly compromise the organization.
What is threat intelligence?
Threat intelligence encompasses activities and resources that help cybersecurity professionals learn about changes in the threat environment.
What are indicators of compromise (IoCs)?
Signs that an attack has taken place, such as file signatures and log patterns.
True or False: Open source threat intelligence is acquired from publicly available sources.
True
What is the significance of vulnerability databases in threat intelligence?
They direct defensive efforts and provide insights into the types of exploits being discovered.
List some examples of open source threat intelligence sources.
- Senki.org
- Open Threat Exchange
- MISP Threat Sharing project
- Threatfeeds.io
What role does the Cybersecurity & Infrastructure Security Agency (CISA) play in threat intelligence?
CISA provides alerts and resources related to cybersecurity threats.
What can organizations do to reduce their attack surface?
Implement effective security measures and risk mitigation strategies.
Fill in the blank: Attackers may gain access to hardware devices at the _______ or while the devices are in transit.
[manufacturer]
What is the website for the U.S. Cybersecurity & Infrastructure Security Agency (CISA)?
www.cisa.gov
What does CISA’s Automated Indicator Sharing (AIS) program focus on?
Information sharing regarding cyber threats
Name one Australian cybersecurity resource.
Australian Signals Directorate’s Cyber Security Centre: www.cyber.gov.au
What is the purpose of the Spamhaus Project?
Focuses on blocklists including spam and compromised computers
True or False: The dark web uses standard Internet connections without encryption.
False
What is the primary use of dark web marketplaces by hackers?
To share information and sell stolen credentials and data
What is proprietary threat intelligence?
Intelligence created by organizations that is not publicly available
What are the potential reasons for using proprietary threat intelligence?
- Keep data secret
- Sell or license the data
- Protect methods and sources
What is a confidence score in threat intelligence?
A measure to filter and assess the trustworthiness of threat information
What does STIX stand for?
Structured Threat Information eXpression
Fill in the blank: STIX is an _______ language originally sponsored by the U.S. Department of Homeland Security.
XML
What is the purpose of the Trusted Automated eXchange of Intelligence Information (TAXII) protocol?
To communicate cyber-threat information at the application layer via HTTPS
What is the role of Information Sharing and Analysis Centers (ISACs)?
Facilitate sharing of threat information among infrastructure owners
What year was the ISAC concept introduced?
1998
Name a source for conducting your own cybersecurity research.
- Vendor security information websites
- Academic journals
- Social media accounts of security professionals
What are common motivations for cyberattacks?
- Data exfiltration
- Espionage
- Financial gain
- Political beliefs
How can attackers gain initial access to an organization?
- Remotely over the Internet
- Wireless connection
- Direct physical access
What is a common vector for cyberattacks?
Email and social media
What is the significance of threat maps in cybersecurity?
Provide a geographic view of threat intelligence
True or False: Geographic attribution in threat maps is always reliable.
False
What is the potential issue when a threat feed fails?
It can lead to delayed detection and exposure of systems
What is the purpose of threat indicator management?
To standardize and automate processing of threat information
What is the confidence rating scale used for threat intelligence?
- Confirmed (90–100)
- Probable (70–89)
- Possible (50–69)
- Doubtful (30–49)
- Improbable (2–29)
- Discredited (1)
What does the term ‘threat actor’ refer to?
An individual or group that conducts a cyberattack
What are advanced persistent threats (APTs)?
Sophisticated attacks typically associated with nation-state actors
Fill in the blank: Cybersecurity threats may be classified based on their internal or _______ status.
external
What are common methods attackers use to gain initial access to an organization?
Attackers may gain access through:
* Remote access over the Internet
* Wireless connections
* Direct physical access
* Email or social media interactions
* Removable media tricks
* Cloud services exploits
What is the purpose of threat intelligence for organizations?
Threat intelligence provides valuable insight into the threat landscape.
How do security teams utilize threat intelligence?
Security teams leverage threat intelligence from:
* Public sources
* Private sources
* Their own research
What are indicators of compromise?
Indicators of compromise are detailed signs that help identify current threats and vulnerabilities.
What is the role of predictive analytics in threat intelligence?
Predictive analytics helps security teams analyze their own data for potential threats.
Why must security teams monitor for supply chain risks?
Modern enterprises depend on vendors for IT services, making them vulnerable to external attacks.
What vendor management techniques protect the supply chain?
Vendor management techniques protect against attackers targeting:
* Outsourced code development
* Cloud data storage
* Integration between external and internal systems
True or False: Attackers only use direct physical access to compromise networks.
False
Fill in the blank: Security professionals should pay particular attention to risks posed by _______.
[outsourced code development, cloud data storage, integration between external and internal systems]