COMPTIA SECURITY + WEEK 1 CHAPTER 1 & 2

Question 1

What are the three key objectives of cybersecurity?

Answer 1

Confidentiality, Integrity, Availability

These objectives are often referred to as the CIA triad.

Question 2

What is confidentiality in cybersecurity?

Answer 2

Ensures that unauthorized individuals cannot gain access to sensitive information

Security controls like firewalls, access control lists, and encryption are used to maintain confidentiality.

Question 3

What is integrity in cybersecurity?

Answer 3

Ensures that there are no unauthorized modifications to information or systems

Integrity controls include hashing and integrity monitoring solutions.

Question 4

What is availability in cybersecurity?

Answer 4

Ensures that information and systems are ready for legitimate users when needed

Availability controls include fault tolerance, clustering, and backups.

Question 5

What does the CIA triad stand for?

Answer 5

Confidentiality, Integrity, Availability

This triad is used to characterize risks, attacks, and security controls.

Question 6

What is nonrepudiation?

Answer 6

The assurance that someone cannot deny having taken an action

Digital signatures are a common example of nonrepudiation.

Question 7

What are the three key threats to cybersecurity efforts according to the DAD triad?

Answer 7

Disclosure, Alteration, Denial

Each threat maps to one of the CIA triad goals.

Question 8

What is disclosure in the context of cybersecurity?

Answer 8

The exposure of sensitive information to unauthorized individuals

This is a violation of the principle of confidentiality.

Question 9

What is alteration in cybersecurity?

Answer 9

The unauthorized modification of information

This is a violation of the principle of integrity.

Question 10

What is denial in cybersecurity?

Answer 10

The disruption of an authorized user’s legitimate access to information

This violates the principle of availability.

Question 11

What are the categories of potential impact from a security incident?

Answer 11

• Financial Risk
• Reputational Risk
• Identity Theft
• Strategic Risk
• Operational Risk
• Compliance Risk

Each category describes different consequences an organization may face after a breach.

Question 12

What is financial risk in the context of a data breach?

Answer 12

The risk of monetary damage to the organization as a result of a breach

This can include direct costs, like rebuilding a datacenter, and indirect costs, like lost business opportunities.

Question 13

What constitutes reputational risk?

Answer 13

Negative publicity surrounding a security breach that affects goodwill

It is often difficult to quantify this type of damage.

Question 14

What is identity theft risk?

Answer 14

The risk posed by exposure of personally identifiable information (PII) to malicious individuals

Organizations should protect sensitive identifiers like Social Security numbers and bank account information.

Question 15

Define strategic risk in the context of cybersecurity.

Answer 15

The risk that an organization will become less effective in meeting its goals due to a breach

For example, losing product development plans may hinder market competitiveness.

Question 16

What is operational risk?

Answer 16

Risk to the organization’s ability to carry out its day-to-day functions

This may slow down processes or require manual workarounds.

Question 17

What does compliance risk entail?

Answer 17

Risk of violating legal or regulatory requirements due to a breach

An example is violating HIPAA by losing patient medical records.

Question 18

True or False: Risks often fit into only one category.

Answer 18

False

Many risks can cross multiple categories, such as reputational and financial risks arising from the same incident.

Question 19

What is a gap analysis in cybersecurity?

Answer 19

A review to evaluate security controls against control objectives

Gaps identified should be treated as potential risks to be remediated.

Question 20

List the four categories of security controls.

Answer 20

• Technical Controls
• Operational Controls
• Managerial Controls
• Physical Controls

Each category achieves security objectives through different mechanisms.

Question 21

What are technical controls?

Answer 21

Controls that enforce confidentiality, integrity, and availability in the digital space

Examples include firewalls, access control lists, and encryption.

Question 22

What are operational controls?

Answer 22

Processes put in place to manage technology securely

Examples include user access reviews and log monitoring.

Question 23

What are managerial controls?

Answer 23

Procedural mechanisms focusing on the risk management process

Examples include risk assessments and security planning.

Question 24

What are physical controls?

Answer 24

Security controls that impact the physical world

Examples include fences, locks, and fire suppression systems.

Question 25

What is the primary focus of security professionals?

Answer 25

Protecting the confidentiality, integrity, and availability of sensitive data ## Footnote This is often referred to as the CIA triad.

Question 26

What are the three states of data?

Answer 26

* Data at rest * Data in transit * Data in use

Question 27

What is the purpose of preventive controls?

Answer 27

To stop a security issue before it occurs ## Footnote Examples include firewalls and encryption.

Question 28

What do corrective controls do?

Answer 28

Remediate security issues that have already occurred ## Footnote An example is restoring backups after a ransomware attack.

Question 29

What is a compensating control?

Answer 29

A control designed to mitigate the risk associated with exceptions made to a security policy

Question 30

What criteria must a compensating control meet according to PCI DSS?

Answer 30

* Meet the intent and rigor of the original requirement * Provide a similar level of defense as the original requirement * Be above and beyond other PCI DSS requirements

Question 31

What is data loss prevention (DLP)?

Answer 31

Systems that help organizations enforce information handling policies to prevent data loss and theft

Question 32

What are the two environments where DLP systems operate?

Answer 32

* Agent-based DLP * Agentless (network-based) DLP

Question 33

What is data minimization?

Answer 33

Techniques that seek to reduce risk by decreasing the amount of sensitive information maintained

Question 34

What is the process of transforming sensitive data into a format where the original information can't be retrieved called?

Answer 34

Data obfuscation

Question 35

What are the two common types of access restrictions?

Answer 35

* Geographic restrictions * Permission restrictions

Question 36

What does the CIA triad stand for?

Answer 36

* Confidentiality * Integrity * Availability

Question 37

What is nonrepudiation?

Answer 37

Prevents someone from denying that they took an action ## Footnote Digital signatures are a common example of nonrepudiation.

Question 38

What are the categories of security controls based on their mechanism of action?

Answer 38

* Managerial * Operational * Physical * Technical

Question 39

How do DLP systems detect sensitive information?

Answer 39

* Pattern matching * Watermarking

Question 40

What is the risk associated with hashing sensitive data?

Answer 40

Rainbow table attacks can be conducted if an attacker has a list of possible values

Question 41

What is the function of segmentation in network security?

Answer 41

Places sensitive systems on separate networks with strict communication restrictions

Question 42

What happens during a data breach?

Answer 42

Organizations suffer both direct and indirect damages, including financial repercussions and reputational damage

Question 43

What is the goal of data encryption?

Answer 43

To protect information from unauthorized access while it is in transit and at rest

Question 44

What is the main purpose of directive controls?

Answer 44

To inform employees and others what they should do to achieve security objectives

Question 45

What is masking in the context of data protection?

Answer 45

Partially redacting sensitive information by replacing some or all sensitive fields with blank characters

Question 46

Fill in the blank: The three core objectives of cybersecurity are _______.

Answer 46

[confidentiality, integrity, availability]

Question 47

What has caused the increase in sophistication and diversity of cybersecurity threats?

Answer 47

The involvement of skilled technologists, organized criminal syndicates, and government-sponsored attackers.

Question 48

What are the three key aspects that cybersecurity professionals must safeguard?

Answer 48

* Confidentiality * Integrity * Availability

Question 49

What is essential for developing appropriate defensive mechanisms against cybersecurity threats?

Answer 49

A strong understanding of the threat environment.

Question 50

What are the two main categories of threat actors based on their origin?

Answer 50

* Internal * External

Question 51

What are the key characteristics that differentiate cybersecurity threat actors?

Answer 51

* Level of Sophistication/Capability * Resources/Funding * Intent/Motivation

Question 52

True or False: All cybersecurity threats come from external sources.

Answer 52

False

Question 53

What term is used to describe unskilled attackers who rely on automated tools?

Answer 53

Script kiddie

Question 54

What is the primary motivation of unskilled attackers?

Answer 54

Proving their skill.

Question 55

What is the defining characteristic of hacktivists?

Answer 55

They use hacking techniques to accomplish activist goals.

Question 56

Who is considered a notable hacktivist for leaking sensitive government documents?

Answer 56

Edward Snowden

Question 57

What is the primary motive of organized crime in the context of cybercrime?

Answer 57

Illegal financial gain.

Question 58

List two types of cybercrime activities organized crime groups are involved in.

Answer 58

* Ransomware * Online fraud

Question 59

What does APT stand for in cybersecurity?

Answer 59

Advanced Persistent Threat

Question 60

What distinguishes APT attacks from other types of attacks?

Answer 60

They use advanced techniques and are persistent over time.

Question 61

What is a zero-day attack?

Answer 61

An attack that exploits vulnerabilities unknown to product vendors.

Question 62

What is a common outcome of insider threats?

Answer 62

Disclosing confidential information.

Question 63

Fill in the blank: A _______ hacker acts with authorization to discover and correct security vulnerabilities.

Answer 63

white-hat

Question 64

Fill in the blank: A _______ hacker has malicious intent and seeks to compromise systems for unauthorized purposes.

Answer 64

black-hat

Question 65

Fill in the blank: A _______ hacker acts without proper authorization but intends to inform targets of vulnerabilities.

Answer 65

gray-hat

Question 66

What is a common trait of the hacktivist group Anonymous?

Answer 66

They collectively decide their agenda and targets.

Question 67

What do organized crime groups prefer regarding their activities?

Answer 67

To remain in the shadows and draw little attention.

Question 68

What are the resources like for organized crime compared to other threat actors?

Answer 68

They tend to have more resources in terms of time and money.

Question 69

What is the primary motivation behind insider attacks?

Answer 69

Insiders may be motivated by various factors, including activist goals, financial gain, or personal grievances.

Question 70

True or False: Insiders typically work with a team to execute their attacks.

Answer 70

False

Question 71

What is shadow IT?

Answer 71

Shadow IT refers to the use of technology services by employees that are not approved by the organization.

Question 72

What risks does shadow IT pose to an organization?

Answer 72

It puts sensitive information in the hands of vendors outside of the organization's control.

Question 73

What types of information might competitors seek to steal through corporate espionage?

Answer 73

* Customer information * Proprietary software * Confidential product development plans * Other beneficial information

Question 74

What is a common source for competitors to obtain insider information?

Answer 74

The dark web

Question 75

List some primary motivations behind cyberattacks.

Answer 75

* Data exfiltration * Espionage * Service disruption * Blackmail * Financial gain * Philosophical/political beliefs * Ethical hacking * Revenge * Disruption/chaos * War

Question 76

What is a threat vector?

Answer 76

A threat vector is the means that threat actors use to gain access to an organization's systems or information.

Question 77

Fill in the blank: Email is one of the most commonly exploited _______.

Answer 77

[threat vectors]

Question 78

What type of attack involves tricking a user into opening a file that contains malicious code?

Answer 78

Malware infection

Question 79

How can attackers use removable devices to spread malware?

Answer 79

By distributing USB drives in public areas, hoping users will plug them into their computers.

Question 80

What is meant by the term 'supply chain attack'?

Answer 80

An attack that targets an organization's vendors and suppliers to indirectly compromise the organization.

Question 81

What is threat intelligence?

Answer 81

Threat intelligence encompasses activities and resources that help cybersecurity professionals learn about changes in the threat environment.

Question 82

What are indicators of compromise (IoCs)?

Answer 82

Signs that an attack has taken place, such as file signatures and log patterns.

Question 83

True or False: Open source threat intelligence is acquired from publicly available sources.

Answer 83

True

Question 84

What is the significance of vulnerability databases in threat intelligence?

Answer 84

They direct defensive efforts and provide insights into the types of exploits being discovered.

Question 85

List some examples of open source threat intelligence sources.

Answer 85

* Senki.org * Open Threat Exchange * MISP Threat Sharing project * Threatfeeds.io

Question 86

What role does the Cybersecurity & Infrastructure Security Agency (CISA) play in threat intelligence?

Answer 86

CISA provides alerts and resources related to cybersecurity threats.

Question 87

What can organizations do to reduce their attack surface?

Answer 87

Implement effective security measures and risk mitigation strategies.

Question 88

Fill in the blank: Attackers may gain access to hardware devices at the _______ or while the devices are in transit.

Answer 88

[manufacturer]

Question 89

What is the website for the U.S. Cybersecurity & Infrastructure Security Agency (CISA)?

Answer 89

www.cisa.gov

Question 90

What does CISA's Automated Indicator Sharing (AIS) program focus on?

Answer 90

Information sharing regarding cyber threats

Question 91

Name one Australian cybersecurity resource.

Answer 91

Australian Signals Directorate's Cyber Security Centre: www.cyber.gov.au

Question 92

What is the purpose of the Spamhaus Project?

Answer 92

Focuses on blocklists including spam and compromised computers

Question 93

True or False: The dark web uses standard Internet connections without encryption.

Answer 93

False

Question 94

What is the primary use of dark web marketplaces by hackers?

Answer 94

To share information and sell stolen credentials and data

Question 95

What is proprietary threat intelligence?

Answer 95

Intelligence created by organizations that is not publicly available

Question 96

What are the potential reasons for using proprietary threat intelligence?

Answer 96

* Keep data secret * Sell or license the data * Protect methods and sources

Question 97

What is a confidence score in threat intelligence?

Answer 97

A measure to filter and assess the trustworthiness of threat information

Question 98

What does STIX stand for?

Answer 98

Structured Threat Information eXpression

Question 99

Fill in the blank: STIX is an _______ language originally sponsored by the U.S. Department of Homeland Security.

Answer 99

XML

Question 100

What is the purpose of the Trusted Automated eXchange of Intelligence Information (TAXII) protocol?

Answer 100

To communicate cyber-threat information at the application layer via HTTPS

Question 101

What is the role of Information Sharing and Analysis Centers (ISACs)?

Answer 101

Facilitate sharing of threat information among infrastructure owners

Question 102

What year was the ISAC concept introduced?

Answer 102

1998

Question 103

Name a source for conducting your own cybersecurity research.

Answer 103

* Vendor security information websites * Academic journals * Social media accounts of security professionals

Question 104

What are common motivations for cyberattacks?

Answer 104

* Data exfiltration * Espionage * Financial gain * Political beliefs

Question 105

How can attackers gain initial access to an organization?

Answer 105

* Remotely over the Internet * Wireless connection * Direct physical access

Question 106

What is a common vector for cyberattacks?

Answer 106

Email and social media

Question 107

What is the significance of threat maps in cybersecurity?

Answer 107

Provide a geographic view of threat intelligence

Question 108

True or False: Geographic attribution in threat maps is always reliable.

Answer 108

False

Question 109

What is the potential issue when a threat feed fails?

Answer 109

It can lead to delayed detection and exposure of systems

Question 110

What is the purpose of threat indicator management?

Answer 110

To standardize and automate processing of threat information

Question 111

What is the confidence rating scale used for threat intelligence?

Answer 111

* Confirmed (90–100) * Probable (70–89) * Possible (50–69) * Doubtful (30–49) * Improbable (2–29) * Discredited (1)

Question 112

What does the term 'threat actor' refer to?

Answer 112

An individual or group that conducts a cyberattack

Question 113

What are advanced persistent threats (APTs)?

Answer 113

Sophisticated attacks typically associated with nation-state actors

Question 114

Fill in the blank: Cybersecurity threats may be classified based on their internal or _______ status.

Answer 114

external

Question 115

What are common methods attackers use to gain initial access to an organization?

Answer 115

Attackers may gain access through: * Remote access over the Internet * Wireless connections * Direct physical access * Email or social media interactions * Removable media tricks * Cloud services exploits

Question 116

What is the purpose of threat intelligence for organizations?

Answer 116

Threat intelligence provides valuable insight into the threat landscape.

Question 117

How do security teams utilize threat intelligence?

Answer 117

Security teams leverage threat intelligence from: * Public sources * Private sources * Their own research

Question 118

What are indicators of compromise?

Answer 118

Indicators of compromise are detailed signs that help identify current threats and vulnerabilities.

Question 119

What is the role of predictive analytics in threat intelligence?

Answer 119

Predictive analytics helps security teams analyze their own data for potential threats.

Question 120

Why must security teams monitor for supply chain risks?

Answer 120

Modern enterprises depend on vendors for IT services, making them vulnerable to external attacks.

Question 121

What vendor management techniques protect the supply chain?

Answer 121

Vendor management techniques protect against attackers targeting: * Outsourced code development * Cloud data storage * Integration between external and internal systems

Question 122

True or False: Attackers only use direct physical access to compromise networks.

Answer 122

False

Question 123

Fill in the blank: Security professionals should pay particular attention to risks posed by _______.

Answer 123

[outsourced code development, cloud data storage, integration between external and internal systems]