Cyber basics

Question 1

What does CIA stand for?

Answer 1

Confidentiality , integrity, availability

Question 2

What does confidentiality in CIA refer to?

Answer 2

the act of sharing or revealing information only with authorized personal

Question 3

What does integrity in CIA refer to?

Answer 3

the ability to ensure that information or data remains unchanged and accurate

Question 4

What does availability in CIA refer to?

Answer 4

ensuring timely and reliable access to and use of information

Question 5

What does the red team do?

Answer 5

Test defenses, search for weaknesses, provide assesments

Question 6

What does the blue team do?

Answer 6

Maintain security, Prevent breaches, Monitor for threats, Respond to incidents, Research technologies

Question 7

What is an HVA?

Answer 7

High Value Asset

Question 8

What are the primary roles of Cybersecurity in a business?

Answer 8

protect assests or HVA, protect data, protect functions and processes, protect ALL org assets.

Question 9

True or False: The cost of treating risk should never meet or exceed the potential loss?

Answer 9

True

Question 10

What does NIST stand for?

Answer 10

National institute of Standards and Technology

Question 11

Is NIST framework required or voluntarily implemented?

Answer 11

A voluntary framework

Question 12

What is risk?

Answer 12

Risk is the level of organizational assets, organizational operations, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occuring.

Question 13

What is risk more simply?

Answer 13

Risk is if you have an asset with a vulnerability that has a threat of being exploited.

Question 14

What does PII (pii) refer to?

Answer 14

Personally identifiable information

Question 15

What are the security risk factors?

Answer 15

Threat, Vulnerability, Likelihood, Impact

Question 16

What does CONTROL refer to when associated with the word RISK?

Answer 16

Managing risk, including policies, procedures, guidelines, practices, or org structures

Question 17

What does VULNERABILITY refer to when associated with the word RISK?

Answer 17

Weakness in a system, system security procedures, internal controls, or implementation

Question 18

What does CYBERRISK refer to when associated with the word RISK?

Answer 18

risk to a business due to the failure of a business function dependent on digital technologies

Question 18

What does LIKELIHOOD refer to when associated with the word RISK?

Answer 18

A weighted factor based on subjective analysis if the probability that a given threat is capable of exploiting a given vulnerability.

Question 19

What does RMF mean?

Answer 19

Risk Management Framework - a flexible risk based approach

Question 20

In order what are the 7 phases of the RMF?

Answer 20

1. Prepare 2. Categorize information systems. 3. Select security controls. 4. implement security controls. 5. Assess security controls. 6. authorize information systems. 7. monitor security controls.

Question 21

What is an asset?

Answer 21

Assets can be hardware, software, or information.

Question 22

What is a threat?

Answer 22

A potentially negative action or event often caused by taking advantage of a vulnerability

Question 23

What is a risk?

Answer 23

probability of exposure or loss resulting from a cyber attack.

Question 24

What is a vulnerability?

Answer 24

errors/flaws that weaken the overall security of the device/system.

Question 25

What is an exploit?

Answer 25

taking advantage of a program/system to produce an unintended consequence/result

Question 26

What are examples of threats and attacks?

Answer 26

Global threat (pandemic), regional threat (weather conditions), Industry specific (microchip shortage), cybersecurity (randsomeware, DDoS, etc)

Question 27

What are some common threat vectors? (methods people use to exploit a system)

Answer 27

Unpatched vulnerabilities, security misconfiguration, weak, leaked, or stolen credentials, social engineering, and insider threats

Question 28

What are some common attacks? (type of attack)

Answer 28

Malware, on path (man in the middle {MiTM}), DoS, DDoS, Phishing, SQL injection, Zero Day, DNS tunneling, ARP poisoning.

Question 29

What is Malware?

Answer 29

Malware stands for malicious software. A program or code that can harm a computer or network

Question 30

What is an on path or man in the middle attack?

Answer 30

An attack places themselves between two devices and modifies communications between the two

Question 31

What is a DoS attack?

Answer 31

DoS stands for denial of service when a computer aims to make a computer or network unavailable to it’s users.

Question 32

What is a DDoS attack?

Answer 32

DDoS stands for distributed denial of service when an attacker aims to flood a server with traffic using multiple comprised computers AKA a “Botnet”.

Question 33

What is phishing?

Answer 33

A method used where someone pretends to be legitimate in order to trick individuals into providing sensitive information data.

Question 34

What is DNS tunneling?

Answer 34

a method where cybercriminals exploit the DNS protocol to create a covert communication channel.

Question 35

What is SQL injection?

Answer 35

SQL injection is when someone tricks a website into running harmful commands

Question 36

What is a Zero Day attack?

Answer 36

Exploits a software flaw that the software’s creator doesn’t know about yet.

Question 37

What is ARP poisoning?

Answer 37

sends fake ARP (Address Resolution Protocol) messages to a network

Question 38

What is an IOC?

Answer 38

Indicator of compromise - present after an attack

Question 39

What is an IOA?

Answer 39

Indicator of attack - early warning or clues that reveal suspicious activity. Present before an attack

Question 40

What are some common malware types?

Answer 40

Worm, rootkit, keylogger, bot(s), mobile malware.

Question 41

What is a worm and which part of CIA is impacted?

Answer 41

Worms spread through a network by replicating itself and not needing interaction. This impacts Integrity.

Question 42

What is a rootkit and what part of CIA is impacted?

Answer 42

Gives remote access to devices. This impacts confidentiality and integrety.

Question 43

What is a keylogger and what part of CIA is impacted?

Answer 43

A keylogger can monitor keystrokes. This impacts confidentiality.

Question 44

What are bots and what part of CIA is impacted?

Answer 44

Can launch a broad flood of attacks. This impacts availability.

Question 45

What is mobile malware and what part of CIA is impacted?

Answer 45

This infects mobile devices and impacts confidentiality and integrity.

Question 46

What are the phases of incident response?

Answer 46

1. Prepare. 2. Detection and analysis. 3. Containment, eradication, and recovery. 4. Post incident activity.

Question 47

What are 3 types of AI?

Answer 47

Artificial narrow intelligence , artificial general intelligence, artificial super intelligence.

Question 48

What is a network?

Answer 48

two or more devices that can interact over links or connections.

Question 49

What are the 4 types of network?

Answer 49

PAN, LAN, MAN, WAN

Question 50

What is PAN and what does it stand for?

Answer 50

PAN is personal area network. A network connected by only two computers

Question 51

What is LAN and what does it stand for?

Answer 51

LAN is local area network. A network where there is a group of connected computers in a specific place. (like a home or office)

Question 52

What is MAN and what does it stand for?

Answer 52

MAN is metropolitan area network. A smart city for example

Question 53

What is WAN and what does it stand for?

Answer 53

WAN is wide area network. This extends over large geographical distances, like the internet.

Question 54

What are servers/clients?

Answer 54

A server is a computer or program that provides services to other computers. Clients are devices or applications that request and use the services provided by servers.

Question 55

What is a router?

Answer 55

interconnecting LAN

Question 56

What is a switch?

Answer 56

Used to interconnect devices on a LAN. It has ports.

Question 57

What is a transmission medium?

Answer 57

The method in which network information is delivered. (satellite, copper wires, radio waves, fiber)

Question 58

What is a transmission protocol?

Answer 58

Set of rules that dictate the proper communication between two or more computing devices.

Question 59

What are some common network commands?

Answer 59

Ipconfig, ping, route, tracert, nslookup, netstat,arp

Question 60

What is a passive attack?

Answer 60

Can monitor or copy data, doesnt impact the system. Threatens confidentiality

Question 61

What is an active attack?

Answer 61

Modify or alter contact and impact the system, can threaten the availability and integrity of data.

Question 62

True or false: Attacks can ONLY be passive or active

Answer 62

False: attacks can be either or both

Question 63

What are some tools and controls for data?

Answer 63

Segmentation, segregation, firewalls

Question 64

What is segmentation referring to?

Answer 64

Dividing networks into multiple segments or zones (wifi vs guest wifi)

Question 65

What is segregation referring to?

Answer 65

Implementing rules to control communication between specific hosts, services, or subnets.

Question 66

What is a firewall used for?

Answer 66

Hardware or software designed to protect one network from another. Bidirectionally monitoring network traffic which is then permitted or blocked based on rules. Secures traffic between trusted internal networks and untrusted external networks
Used to filter specific traffic. Can also filter traffic between individual hosts

Question 67

What are the 3 states of data?

Answer 67

Rest, in use, transit

Question 68

What does data at rest mean?

Answer 68

Stored or archived data

Question 69

What is data in use?

Answer 69

Data actively being processed (on a screen)

Question 70

What is data in transit?

Answer 70

Data that is moving

Question 71

What is physical segmentation?

Answer 71

having devices in a separate physical location

Question 72

What is logical segmentation?

Answer 72

Involves using a virtual local area network (VLAN) to group devices regardless of location

Question 73

What is a DMZ?

Answer 73

part of a network that faces the public - where web servers, email and other services reside. Separated from the local area network so hackers cannot get access to internal resources.

Question 74

What are Security controls

Answer 74

Safeguards or counter measures to avoid, detect, counteract, and minimize security risks.

Question 75

What are the 3 security control categories?

Answer 75

Administrative, technical, physical.

Question 76

What are administrative security controls?

Answer 76

guidance, rules, and implementation procedures.

Question 77

What are technical security controls?

Answer 77

hardware or software that is implemented. (firewall)

Question 78

What are physical security controls?

Answer 78

protection from physical threats (someone looking over your shoulder, locking doors, etc)

Question 79

Types of AI

Answer 79

Artificial Narrow Intelligence - specific topicArtificial General Intelligence - broad contentArtificial Super Intelligence

Question 80

What is AI

Answer 80

intelligent machines that can mimic human cognitive abilities

Question 81

What is LLM

Answer 81

Large Language Model - neural networks execute searches on vast amounts of stored information

Question 82

What is a network

Answer 82

Two or more machines connected for communications

Question 83

Ipconfig

Answer 83

used to display the status of the currently active interfaces and details

Question 84

Ping

Answer 84

Can test connectivity either by IP address or DNS name

Question 85

Route

Answer 85

Can display routing table and manipulate the entries within it

Question 86

Tracert

Answer 86

can be used to determine the route to a remote host

Question 87

Nslookup

Answer 87

used to find the IP that corresponds to a DNS record and vice versa

Question 88

Netstat

Answer 88

can be used to display and filter all incoming and outgoing network connections

Question 89

Arp - Address Resolution Protocol

Answer 89

can be used to update, display, or manipulate ARP table entries

Question 90

Network commands

Answer 90

Ipconfig - used to display the status of the currently active interfaces and details
Ping - Can test connectivity either by IP address or DNS name
Route - Can display routing table and manipulate the entries within it
Tracert - can be used to determine the route to a remote host
Nslookup - used to find the IP that corresponds to a DNS record and vice versa
Netstat - can be used to display and filter all incoming and outgoing network connections
Arp - can be used to update, display, or manipulate ARP table entries

Question 91

What is Linux

Answer 91

OS kernel created by Linus Torvalds - a version of GNU

Question 92

What is GNU

Answer 92

GNU’s Not Unix - an open source operating system that is the basis for Linux

Question 93

What is a Distribution

Answer 93

An OS made from a collection of software including the Linux kernel, GNU tools, additional software, and a package manager

Question 94

How many distributions are there? And which are popular

Answer 94

600. Red Hat Enterprise Linux (RHEL), Kali Linux

Question 95

What is Kali Linux

Answer 95

Distribution with powerful security tools - over 600 tools for security professionals

Question 96

What are the primary components of an OS?

Answer 96

Kernel mode (core OS functions) and User mode (applications)

Question 97

What functions does Kernel Mode provide?

Answer 97

Bootloader - a program written into the computer that loads the OS. the first software to start up
Drivers - Kernel modules can communicate with hardware devices without knowing intricate details. Essential to the system
File system - the structure that the OS uses to organize and store files and data
Network stack - allows applications to access a network through a physical networking device. A set of processes that controls how, where, and when data is stored or retrieved from a storage device.
Sudo - super user do - run command with elevated privileges than a regular user

Question 98

What functions does User Mode provide?

Answer 98

Processes - Running instances of programs
Sessions - groups of processes from the same shell (shell = command box, same shell = commands that are typed in the same command box)
services/daemons - background processes that start at boot time and perform specific functions without intervention from a user
Application - a program that could be as simple as a command line tool or complex graphical program

Question 99

What is a Linux CLI

Answer 99

Command Line Interface - runs on Linux startup - CLI is very powerful and requires knowledge to be used properly Servers run command lines - don’t need need a GUI

Question 100

What does the Linux GUI do

Answer 100

X server will start GUI interface Offers familiar windows and point and click functionality
GUI is easier to use than CLI but not as powerful for automation

Question 101

GUI Core utilities

Answer 101

Certain commands work in any distribution of linuxAKA coreutils Works across linux distributions

Question 102

Basic Linux commands

Answer 102

Ls - lists whatever files are there
CD - change directory - changes current working directory to parent directory or down
Touch - creates an empty file Pwd - what directory you are in, correct complete path, route
Cat - Concatenate (to link together), modify or create new files, dump files
Cp - copy
Mkdir - make directory Rm - removes empty or non empty directories
rmdir - removes EMPTY directories
Mv - move file

Question 103

Linux Security Issues

Answer 103

Access control - Weak passwords, users with superuser access
Permissions -unauthorized users with access to sensitive files
Vulnerability -Unintended weaknesses or flaws that could be exploited or triggered through a variety of means

Question 104

Threats and attacks

Answer 104

Ransomware - code that encrypts or deletes files - unencrypt key provided after payment
Worms - Self-replicating
Trojans

Question 105

Security Control Categories

Answer 105

Administrative - guidance, rules, and implementation procedures
Technical - hardware or software that are implemented (firewall)
Physical - protect from physical threats (someone looking over your shoulder, lock doors, etc)

Question 106

What is CLAMAV

Answer 106

Open source anti virus toolkit and engineNot a full featured endpoint security Scans files quickly
Detects millions of viruses, worms, trojans and other malware

Question 107

What are IPTables

Answer 107

Used for linux implementation of an endpoint firewall
Used to protect linux systems from network access

Question 108

What is server hardening

Answer 108

Determine the servers purpose and requirements
Disable or remove unneeded apps and services/daemons
Perform os updates and continue to do so

Question 109

What is client hardening

Answer 109

Baseline is crucial for clients
To ensure usability client hardening is less stringent than server hardening
Controls include
Endpoint security
Host firewall
Patching
Configuration

Question 110

What services does Windows Server provide

Answer 110

Web servers
File, print, and db servers
Active Directory - user management
Cloud access
Mobile device management

Question 111

What is Active Directory

Answer 111

centralizes user management
Oversees all users, groups, and devices in a windows environment
Enables system admins to control permissions and access
Runs on windows server softwareObjects: single

Question 112

What is the difference between Active Directory and Azure Active Directory

Answer 112

Not simply active directory in the cloud
Leverages several other cloud capabilities to exponentially grow security and control
Example: ai enhanced password protection and automatic credential creation
Seemlessly integrates with Mobile Device Management (MDM)

Question 113

What is MDM

Answer 113

Cloud based mobile device management
Natively integrates with Azure AD for enhanced security controls particularly in BYOD environments

Question 114

What is Zero Trust

Answer 114

continuously verifies every transaction, asserts least privilege, relies on intelligence, advanced detection, Identity and access management

Question 115

What is OWASP?

Answer 115

open web application security project - non-profit community
ranks the biggest cybersecurity threats

Question 116

Main differences between Windows and Linux

Answer 116

Windows is proprietary, users don’t have kernel access
Linux is open source and a user can have root access (kernel)
Windows - frequently patched by Microsoft
Linux - patched by the open source community - more secure by design

Question 117

Ipconfig - used to display the status of the currently active interfaces and details
Ping - Can test connectivity either by IP address or DNS name
Route - Can display routing table and manipulate the entries within it
Tracert - can be used to determine the route to a remote host
Nslookup - used to find the IP that corresponds to a DNS record and vice versa
Netstat - can be used to display and filter all incoming and outgoing network connections
Arp - can be used to update, display, or manipulate ARP table entries

Answer 117

Network commands

Question 118

What is patching?

Answer 118

Updating existing software or OS files to eliminate new vulnerabilities

Question 119

Ipconfig

Answer 119

• used to display the status of the currently active interfaces and details

Question 120

Ping -

Answer 120

Can test connectivity either by IP address or DNS name

Question 121

Route

Answer 121

Can display routing table and manipulate the entries within it

Question 122

Tracert

Answer 122

can be used to determine the route to a remote host

Question 123

Nslookup

Answer 123

used to find the IP that corresponds to a DNS record and vice versa

Question 124

Netstat

Answer 124

• can be used to display and filter all incoming and outgoing network connections

Question 125

Arp -

Answer 125

can be used to update, display, or manipulate ARP table entries

Question 126

Rootkit

Answer 126

Foundation in Unix/Linux, but they can be found on any OS

Common characteristic: instead of modifying files in OS, it modifies files in kernel (foundational building blocks of OS) everything that runs in OS runs on top of Kernel

B/c malware becomes part of OS itself, it becomes invisivble to anti virus / malware

Identifying and removing from rootkit is very difficult